Hacker News new | past | comments | ask | show | jobs | submit login

> "This vulnerability does not exist on Intel-based consumer PCs."

How does Intel define an Intel-based consumer PC?

vPro is Intel's marketing term for a bundle of stuff including AMT, so "business" PCs have a vPro sticker and "consumer" PCs don't. It may be hard to tell if you already peeled the sticker off, though.

For those who know your CPU model(s), ARK gives you this information under "Advanced Technologies", label "Intel® vPro™ Technology".

In Windows, you can see your CPU model under "System", label "Processor". (Shortcut key "Windows-Pause".)


For Mac, I did this. Please anybody out there, confirm whether this is a legit approach. From a console I put:

    sysctl -a | grep -i intel
There should be a bunch of noise, but in there was a rather specific model number (not just "core i7"). I googled for that and found a page on ARK. Look for "vpro" and it should say whether you have it. (I didn't)

I can't confirm whether your approach is legit (though vPro does seem to be relevant), but I find my work machine (2015 15" rMBP) has it, and my personal (2013 13" rMBP) doesn't.

Specifically, the string you want to `grep` for is "machdep\.cpu\.brand_string".

Or you can save yourself the trouble of grepping and just type:

   sysctl machdep.cpu.brand_string

> http://ark.intel.com/

It doesn't seem like you have the HTTPS Everywhere extension enabled, here's the correct link: https://ark.intel.com/

For example, would a Thinkpad qualify as consumer?

Cheap ones: probably yes, business grade ones: probably not.

Nice list here:


I have a Thinkpad X1 Carbon; it's not on this list, but it did have AMT enabled in the BIOS when I checked. I wouldn't take that list as definitive.

Ugh. Someone should set up a github page of affected systems.

Starting to believe me now that far more systems are affected?

We had a little subthread a few hours ago where you still claimed most consumer and server systems would be unaffected.

> Starting to believe me now that far more systems are affected?

No, that system still falls under Intel's advisory, it's just the Lenovo page that doesn't help to distinguish. It was already known that laptops could be affected.

Your claims were about 'All systems running VPro' and 'All Xeons'. Neither of those claims has - so far - being substantiated, the only Xeons affected are the ones - though there may still be more - that I dug up earlier.

Really, you should let this go or come up with actual proof for your claims it is getting annoying. You pollute this whole thread with a bunch of unsubstantiated claims presented as fact. It's almost as if you would love for it to be true that all those other systems would be affected too.

Don't get me wrong, I'm very much against ME and any non-free software on my machine starting with the BIOS but I'm also not going to wish for just about every server on the planet to be remotely hacked just to prove my point.

> I'm also not going to wish for just about every server on the planet to be remotely hacked just to prove my point.

Well, it's not about proving a point.

It's about what comes after that.

And I wish that we don't waste centuries of programmer-years of work onto systems that we'll end up having to get rid of anyway. I don't want to see society build on top of something that ends up with such a destructive potential.

At some point it will be broken, every system using it will be hacked. We'll see something like Mirai, but on far larger scale.

The only question is if we've migrated the critical infrastructure by then, or not.

Yes, but you're actually working against this. By claiming something absolutely HUGE is happening when it isn't you are aiding the opposition who can then say 'see, you were wrong all along'.

What really did happen is already bad enough and deserves all the attention it gets without people muddying the waters claiming the issue is larger than it really is. That's dumb propaganda and easily dismissed. It also takes the attention of the real problem.

So if you're serious about this then you should concentrate your advocacy on those things that you are sure about and that you can prove. That will move the needle. Speculation is only so much noise on the wire, easily drowning out the real, facts based conversation.

I've found this file on my consumer notebook:


Many low-end servers people use as workstations have it. Some come with it enabled from the factory.

From how i understand it, does it advertise "vPro" functionality, if so, it is vulnerable.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact