Originally posted by skeevy420
View Post
Announcement
Collapse
No announcement yet.
Thunderspy Is A New Vulnerability Affecting Thunderbolt Security
Collapse
X
-
Originally posted by andyprough View PostTheir website is a little weird. On the one hand, they want us all to download their random python script and give it root privileges to check and see if our machines are vulnerable. On the other hand, they "strongly recommend" that we turn off the thunderbolt ports in bios/uefi, as if there's a spy around every corner with a malicious device they are going to try to plug in the moment we turn our backs.
- Likes 1
Comment
-
Originally posted by skeevy420 View PostAnd yet another thing to add to the list of reasons of why I'm building an AMD 3300X based system.
Way too many people respond to stress in ways that aren't useful to get any info from them, especially if they believe you will kill them anyway (which torture strongly hints at).
- Likes 2
Comment
-
More info: THUNDERSPY
Interesting quote:In our first email we asked Intel to promptly notify affected parties, in coordination with us. However, Intel did not take any action and finally, after several email exchanges, listed only 5 parties whom they would inform. We then sent them a list of other parties we had identified as affected, including 11 OEMs/ODMs and the Linux kernel security team. Eventually they notified us that they informed some parties on 25 March about the vulnerabilities and upcoming disclosure, without giving us details of what this information consisted of and whom exactly they contacted. We reached out to several more parties after realizing that they had been skipped by Intel.
IOW, it seems it was meant as a "feature" and not a bug, that's why they were dragging their feet so long.
BTW: Thunderbolt protocol specs are closed - they are known only to narrow circle of members. All which have primary interest in implementation, not searching for vulnerabilites ( it runs rather counter their interests).
BTW: This means that they had you pay premium for HW with Thunderbolt in order for give anyone open doors to your stuff.
Ferengi rule: Make customer must pay for his poison.
And the kicker is - everyone MUST UPGRADE TO NEW HARDWARE ( not just chip, for laptops that means whole laptop), just to get their backdoor moved somewhere else.
God knows how many such "bugs" are sprinkled everywhere...
Last edited by Brane215; 12 May 2020, 01:16 AM.
- Likes 4
Comment
-
So Intel supressing thunderbolt Support on AMD Laptops can bee seen as a generous act of protecting the competitor.....I m already fearing Intels Marketing bsLast edited by CochainComplex; 12 May 2020, 01:36 AM.
- Likes 3
Comment
-
Originally posted by kcrudup View PostIf they're in my device's guts, there's a lot worse things they could do than this, probably with more effect.
Comment
-
Yeah, I was thinking of upgrading to a i7-7700K which is the fastest thing my motherboard supports, but it's tough to find at reasonable prices, and even the 3300X seems on par or slightly faster.
- Likes 1
Comment
-
-
I am using a Thunderbolt 3 dock at work, what is pretty comfortable. Sadly the work laptop is windows 10, cause my employer wants it so (yes I know,I should switch the emloyer ). This vulnerability got me thinking, if you could rig the dock and then gain easy access to the laptop. But as others said, I think there are a lot more and easier ways to do so, if you wanted to.
Comment
Comment