Enlarge (credit: Intel ) A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined, because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password. This is according to technical analyses published Friday. As Ars reported Monday , the authentication bypass vulnerability resides in a feature known as Active Management Technology. AMT, as it’s usually called, allows system administrators to perform a variety of powerful tasks over a remote connection. Among the capabilities: changing the code that boots up computers, accessing the computer’s mouse, keyboard, and monitor, loading and executing programs, and remotely powering on computers that are turned off. In short, AMT makes it possible to log into a computer and exercise the same control enjoyed by administrators with physical access. AMT, which is available with many vPro processors, was set up to require a password before it could be remotely accessed over a Web browser interface. But, remarkably, that authentication mechanism can be bypassed by entering any text string—or no text at all. According to a blog post published Friday by Tenable Network Security, the cryptographic hash that the interface’s digest access authentication requires to verify someone is authorized to log in can be anything at all, including no string at all. Read 5 remaining paragraphs | Comments
See the article here:
The hijacking flaw that lurked in Intel chips is worse than anyone thought
An anonymous reader writes: A recently released draft of the National Institute of Standards and Technology’s digital identity guidelines has met with approval by vendors. The draft guidelines revise password security recommendations and altering many of the standards and best practices security professionals use when forming policies for their companies. The new framework recommends, among other things: “Remove periodic password change requirements.” There have been multiple studies that have shown requiring frequent password changes to actually be counterproductive to good password security, said Mike Wilson, founder of PasswordPing. NIST said this guideline was suggested because passwords should be changed when a user wants to change it or if there is indication of breach. Read more of this story at Slashdot. 
Conventional wisdom: If you eat a lot of salt, you will get thirsty to dilute the sodium level in your blood. The excess salt will be excreted in your urine. But a new study of Russian cosmonauts is challenging this long-held belief. When the cosmonauts ate more salt, the became less thirsty. And their appetite increased – they had to eat 25 percent more to maintain their weight. From the New York Times : The crew members were increasing production of glucocorticoid hormones, which influence both metabolism and immune function. To get further insight, [Dr. Jens Titze, now a kidney specialist at Vanderbilt University Medical Center and the Interdisciplinary Center for Clinical Research in Erlangen, Germany] began a study of mice in the laboratory. Sure enough, the more salt he added to the animals’ diet, the less water they drank. And he saw why. The animals were getting water — but not by drinking it. The increased levels of glucocorticoid hormones broke down fat and muscle in their own bodies. This freed up water for the body to use. But that process requires energy, Dr. Titze also found, which is why the mice ate 25 percent more food on a high-salt diet. The hormones also may be a cause of the strange long-term fluctuations in urine volume. Scientists knew that a starving body will burn its own fat and muscle for sustenance. But the realization that something similar happens on a salty diet has come as a revelation. https://youtu.be/aJEzl31zL-I