Facebook's Security Struggles, Vulnerability Found in Intel Management Engine
Infosec News
INFORMATION SECURITY NEWS
For The Week of 10/17 - 10/24 2017
The Information Security News Service is a project of LARS (Laboratory for Advanced Research in Systems) in the CS Department at the University of Minnesota Duluth. We send out top stories in information security every Tuesday (except during some academic breaks). If you have stories you’d like to see featured, please email them to infosec...@d.umn.edu.
CURRENT NEWS
Facebook’s Security Struggles
According to Chief Security Officer Alex Stamos, Facebook’s networks are run more like a college campus than a corporate network that is regularly subject to a ton of attacks. Decisions are made that enable engineers to work quickly, without much regard for security. In a nutshell, Stamos means to say that there is a tradeoff between giving developers the freedom to experiment with new stuff and locking everything down, and Facebook is doing its best to toe that line.
Russian Researchers Discover Vulnerability in Intel Management Engine that Allows Unsigned Code Execution
The Intel Management Engine is a separate, “black box” CPU that is included on all new Intel CPU’s. The management engine is meant for corporations to be able to control computers in their networks, but has been controversial because of its potential to contain a backdoor. The management engine runs independently of the user’s system, so any vulnerability in it is catastrophic. Exploits would be immune to a BIOS update and OS reinstall. The researchers plan to release their results during the Black Hat conference in December. Intel processors of the “Skylake” family and above are vulnerable.
(use google translate)
https://habrahabr.ru/company/pt/blog/339292/