Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
By the looks of it this would be undetectable by rkhunter though there is a hint that the OS could, perhaps, be patched to make it detectable. http://www.theregister.co.uk/2015/08...el_processors/
Since it's baked into the CPU though I wouldn't think there's much can be done in software.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by Habitual
"with a special operating system driver, he managed to install a rootkit into the SMM." is too vague.
Is it me, or is this ironic to any one else?
16 year old hole, 5 years after the fact, and this is news?
Seems more like click-bait.
Is there a previous source?
If not, then I would say it's news. If a new fatal flaw were suddenly found in a rare classic car I'd still call it news for people who are into cars.
Distribution: Mainly Devuan, antiX, & Void, with Tiny Core, Fatdog, & BSD thrown in.
Posts: 5,492
Rep:
You would need to get root priviledges to use it, so why bother going the extra mile, when you already have the system. I think it is more theoretical than practical.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by fatmac
You would need to get root priviledges to use it, so why bother going the extra mile, when you already have the system. I think it is more theoretical than practical.
As somebody commented when The Register ran this: Privilege escalation bugs and server compromises happen all the time -- and the last resort is often to wipe and start again. With this method you can't wipe and start again (well, not without using the exploit yourself) as the malware is in your motherboard's firmware. So, no matter how this gets there (in second hand equipment even?) you couldn't find it or remove it at that time as you would have had no knowledge of its existence.
Oddly enough it reminds me of this: http://www.theregister.co.uk/2015/08...irmware_nasty/
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
