Hacker News new | ask | show | jobs
by vbitz 1687 days ago
One of the researchers (@_markel___) put out a tweet with more information

> After a year of the coordinated disclosure process, we (+ @h0t_max and @_Dmit ) can finally share: we found a reliable, not damaging way to extract the security fuses (Chipset + EPID root keys) from the Intel platforms.

https://twitter.com/_markel___/status/1458147735270481926
1 comments
userbinator 1687 days ago
coordinated disclosure

I wonder if these people really think they are heroes for effectively helping Intel further its user-hostile actions.

link
throwawaylinux 1686 days ago
These kind of disclosures are the accepted practice in this security space. People and organizations more-or-less help each other out, help users, and play by the rules.

There are some who disagree the process is good, works well, or actually achieves its goals. However most (not all) go along with it and don't moralize about corporate strategy or try to hold their vulnerability discoveries over a company as some kind of activism.

I think it's pretty safe to say they don't think they are heroes for working with the vendor, they are probably quite rightly proud of their discovery and work though.

You comment seems unnecessarily hostile toward them.

link
userbinator 1686 days ago
People and organizations more-or-less help each other out, help users, and play by the rules.

In other words, they're mostly bootlickers.

You comment seems unnecessarily hostile toward them.

Intel is unnecessarily hostile towards us! Those who help the enemy, should also be considered enemies.

link
throwawaylinux 1686 days ago
> In other words, they're mostly bootlickers.

No that is not what bootlicker means.

> Intel is unnecessarily hostile towards us!

An organization like Intel has extremely complicated strategies and estimations of what they deem "necessary". Whether you personally like it or not, a company has some leeway to do their own thing with the products they sell.

> Those who help the enemy, should also be considered enemies.

And you have purchased no products that contain any parts or other companies that license Intel's IP because that benefits Intel in the form of revenue in any way. What computers, phones, etc do you use, then, that come from companies which don't act in any user hostile ways?

link
walterbell 1687 days ago
Is there any team that has done more public work on ME transparency than Positive Technologies? Unlike others that withhold all information for embargoed announcements, they continually publish updates on their research.
link