|
|
|
|
|
|
by luckydude
3085 days ago
|
|
|
What adtac said. If I let someone have physical access to any computer I own I fully expect to be compromised. And here the issue is, as I understand it, I would have had to have left that AMT part in place with a default password. I get that it is geeky and maybe there should be a process where when you buy a new laptop they set the password to some unique thing and give you a sticky note with the password on it. I get that a lot of people won't know to change the management password, but that's an educational issue, just like people had to be taught to not use "1234" or "admin" as their login password. Still seems like an over hyped issue but I guess that is part of the educational process. I don't feel like this rises to the level of Meltdown or Spectre. |
|
|
Leaving AMT enabled with a default local password when it hasn't been explicitly provisioned is an oversight by the system manufacturers. Expecting users (particularly outside the enterprise environment) to discover the necessary security precautions (without any notable cues) is a problem.
Education may be a short-term solution, but it's no substitute for repairing the user experience, e.g., by disabling unused AMT features (and preventing them from being reenabled without authenticated access to a pre-boot or other system management environment). Save AMT security for the subset of system owners that need to take advantage of the feature.