Announcement

**andyprough** · 11 May 2020, 01:47 PM

Their website is a little weird. On the one hand, they want us all to download their random python script and give it root privileges to check and see if our machines are vulnerable. On the other hand, they "strongly recommend" that we turn off the thunderbolt ports in bios/uefi, as if there's a spy around every corner with a malicious device they are going to try to plug in the moment we turn our backs.

**Veto** · 11 May 2020, 03:16 PM

Indeed!

All the attacker needs is 5 minutes alone with the computer, a screwdriver, and some easily portable hardware.

If this is the criteria, there are many attack vectors.

**Volta** · 11 May 2020, 03:26 PM

I'm sure we can trust them and their hardware profiling mechanism will be secure and won't be spying on us. They're trustworthy for sure. They gave our money back for stealing half of our CPUs performance. Oh, wait.. it's a different fairy tale.

**skeevy420** · 11 May 2020, 04:26 PM

And yet another thing to add to the list of reasons of why I'm building an AMD 3300X based system.

Veto So we're changing from a wrench to a screwdriver?

**reavertm** · 11 May 2020, 06:05 PM

I have a feeling this is only humble beginning of firmware-ridden Intel Thunderbolt fiasco.

**angrypie** · 11 May 2020, 06:33 PM

Ah, so this is why they made it royalty-free.

**kcrudup** · 11 May 2020, 06:57 PM

Some of you guys are funny, going on about "Intel" and "bugs"- yet save one poster, nobody's batting an eye at "'All' you need is 5 minutes alone with the laptop"? Get real, if someone's got 5 mins alone with your laptop and has malicious intent, you're far more likely to just have the damn thing stolen- and if you're the target of an entity that wants to get at your data that badly and have you not notice, 1- they'd probably go for something more insidious, like a BIOS/EFI hack and 2- you've got FAR bigger problems than the contents of your laptop.

**angrypie** · 11 May 2020, 08:47 PM

Originally posted by kcrudup View Post

Some of you guys are funny, going on about "Intel" and "bugs"- yet save one poster, nobody's batting an eye at "'All' you need is 5 minutes alone with the laptop"? Get real, if someone's got 5 mins alone with your laptop and has malicious intent, you're far more likely to just have the damn thing stolen- and if you're the target of an entity that wants to get at your data that badly and have you not notice, 1- they'd probably go for something more insidious, like a BIOS/EFI hack and 2- you've got FAR bigger problems than the contents of your laptop.

Sure, but Intel is making it easier to exploit other vulnerabilities, and one could use this one as a gateway. Ever heard about layered security?

**kcrudup** · 11 May 2020, 08:52 PM

Originally posted by angrypie View Post

Ever heard about layered security?

If they're in my device's guts, there's a lot worse things they could do than this, probably with more effect.

Announcement

Thunderspy Is A New Vulnerability Affecting Thunderbolt Security

Thunderspy Is A New Vulnerability Affecting Thunderbolt Security

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment