undefined | Better HN

0 pointsajdlinux8y ago0 comments

It does seem suspicious to me that this hugely critical flaw deep in the firmware stack has been discovered by the writing staff of a tech news website rather than an infosec research team...

0 comments

tyingq8y ago

The article sort of reads like he has thought (not known) there was an issue for a long time.

Then, he saw that Intel released a patch related to the management engine, and took that as confirmation? Maybe he has access to the release notes via a source at an OEM?

Natanael_L8y ago

He got the affected version numbers exactly right, but according to Intel he got the affected hardware wrong (consumer hardware unaffected).

That tells me he got the information from an unmentioned source. If he had the details himself he would be able to confirm what hardware it is present on by testing it.

The explanation for that error code be that the source have been vague about it or not tested it on a lot of hardware, or isn't even a firsthand source, or that the journalist misunderstood it.

https://security-center.intel.com/advisory.aspx?intelid=INTE...

tyingq8y ago

Ah. To be fair, that intel.com link is confusing, because it sends you off to see if you have "Intel® vPro", which is certainly on consumer hardware, like various i5 and i7 systems. Which does not jive with the earlier line "This vulnerability does not exist on Intel-based consumer PCs". It sort of depends on your definition of consumer hardware.

Overall, though, it does seem to validate the sequence was something like "he had a suspicion" then "intel released an update".

j / k navigate · click thread line to collapse

0 comments

tyingq8y ago

The article sort of reads like he has thought (not known) there was an issue for a long time.

Then, he saw that Intel released a patch related to the management engine, and took that as confirmation? Maybe he has access to the release notes via a source at an OEM?

Natanael_L8y ago

He got the affected version numbers exactly right, but according to Intel he got the affected hardware wrong (consumer hardware unaffected).

That tells me he got the information from an unmentioned source. If he had the details himself he would be able to confirm what hardware it is present on by testing it.

The explanation for that error code be that the source have been vague about it or not tested it on a lot of hardware, or isn't even a firsthand source, or that the journalist misunderstood it.

https://security-center.intel.com/advisory.aspx?intelid=INTE...

tyingq8y ago

Overall, though, it does seem to validate the sequence was something like "he had a suspicion" then "intel released an update".

j / k navigate · click thread line to collapse