[Freedombox-discuss] Without software collusion
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 28 Jun 2012, Tim Schmidt wrote:
> On Thu, Jun 28, 2012 at 3:46 PM, Rick Hodgin <foxmuldrster at yahoo.com> wrote:
>> It begs the question: ?If Intel can use vPro to access a dead, non-response system (the OS has crashed, which was their big sales pitch during its initial introduction) and manage a reboot or capture a debug image of memory and hard disk data, what's to keep them from doing the same while the system hasn't crashed?
> Any $25 wireless router. Best practice is to default-deny incoming
> connection attempts. I've never seen a wireless router default to a
> less sensible policy.
Indeed, vPro can only work if the adversary is on the same network
segment and send packets that the NIC can hear. We're all professionals
here, we know that security works in layers. If you stick a $25 router
in front of your box then there's no way for those vPro control packets
to reach your NIC, so there's no way for vPro to get activated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
-----END PGP SIGNATURE-----