Dear Jann, * Jann KRUSE [2017-11-28 21:23:54 +0000]:
Update: Have been exploited... (And you wouldn't even realize it!) https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
as you correctly pointed out below, the real problem is not unintentional occurrence of exploitable bugs: this is normal on all OSs and can be addressed (with various level of difficulty, **very** hardly in this case) «To root, or not to root, that is the question:» who have root access to the hyper-hyper-visor? this soon leads to the following questions: 1 is root access documented anywhere on earth? 2 how can I manage the root password in order to be compliant with national mandatory security regulations? [1] mumble, mumble... [...]
In short: We are essentially being forced, without even being told, to run buggy proprietary code in a very powerful and very capable hyper-hyper-visori
very nice executive ultra-summary thanks! :-) Ciao Giovanni [1] https://en.m.wikipedia.org/wiki/Cyber-security_regulation there are a **lot** of mandatory regulations considering password management _vital_ to the security of IT infrastructure -- Giovanni Biscuolo Xelera - IT infrastructures http://xelera.eu/contact-us/ **per favore** Quota Bene: http://wiki.news.nic.it/QuotarBene **please** use Inline Reply: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
signature.asc
Description: PGP signature
_______________________________________________ Discussion mailing list Discussion@lists.fsfe.org https://lists.fsfe.org/mailman/listinfo/discussion
