Hacker News new | ask | show | jobs
by jrabone 4471 days ago
And yet the Intel product pages say

"Prevent attacks below the operating system

Intel vPro technology protects against difficult-to-detect, penetrating rootkits and malware that threaten users working in cloud or virtual environments. It combines several hardware-based features, including Intel® Trusted Execution Technology (Intel® TXT)3 and Intel® Virtualization Technology (Intel® VT)4 for centralized image management and administration, secure network storage, and out-of-band protection—all beyond the firewall."

Irony? Or hopefully the current version of vPro as built-in to some Xeon processors is a bit more hardened...
2 comments
ChuckMcM 4471 days ago
Kind of like buying a gun for self protection and then having an intruder get hold of it and kill you with it. In a talk I gave to some Swiss banks about security a looooong time ago I talked briefly about security measures as vulnerabilities which are analogous to data protection bits being the source of data corruption errors. You have to evaluate whether the system as a whole with is more or less (or the same!) level of secure with the code you've added for security.
link
sitkack 4471 days ago
I hadn't really thought about ECC bits getting errors and thus corrupting the thing they were supposed to protect.

Do you know if hardware uses http://en.wikipedia.org/wiki/Reed-Muller_Code for the ECC bits?

link
userbinator 4470 days ago
At least which schemes like Reed-Solomon, the "ECC bits" conceptually are not a separate piece of data that is computed and then added to the data to be protected, despite that being how it is usually implemented. The algorithm really "expands" the data, so the redundancy is spread out across all the bits. Thus any bit errors anywhere in the whole encoded "codeword" can be corrected, up to the limits of the code.
link
ChuckMcM 4471 days ago
I believe they use Reed-Solomon encoding but as it is up to the memory controller to implement it can change. The memory just provides the extra bits for the software to use. In our fictional gun ownership example it would be like the owner hiding multiple guns around the house so that if one was compromised by an intruder they could still defend themselves. :-)
link
Spooky23 4471 days ago
I don't buy it. We thought that vPro would be a home run technology for a few of our high security environments. As far as I can tell, nobody uses the capability. The Intel people didn't know about key, glaring bugs that affected mainstream HP devices. High-level support/consultant type people at the OEMs claimed to have never been asked about it.

IMO, it's some sort of NSA thing.

link