黑基网 首页 IT教程 信息安全 查看内容

如何入侵一台已关机的电脑

2018-1-30 15:32| 投稿: xiaotiger |来自: 互联网

摘要: 写在前面的话在近期的欧洲黑帽黑客大会上,来自Positive Technologies公司的研究人员Mark Ermolov和Maxim Goryachy跟大家介绍了英特尔管理引擎(Intel Management Engine 11)中存在的安全漏洞,而这个漏洞将允许攻 ...

写在前面的话

在近期的欧洲黑帽黑客大会上,来自Positive Technologies公司的研究人员Mark Ermolov和Maxim Goryachy跟大家介绍了英特尔管理引擎(Intel Management Engine 11)中存在的安全漏洞,而这个漏洞将允许攻击者访问目标主机中的绝大部分数据和进程。而更加重要的是,在这个漏洞的帮助下,一旦攻击者绕过了传统的基于软件的保护机制之后,他们将能够对已关机的电脑进行攻击。

一、 介绍

英特尔管理引擎(Intel ME)是英特尔公司的专利技术,它由一个整合了平台控制器中心(PCH)和一系列内置周边设备的微控制器组成,PCH负责传输处理器和外部设备之间几乎所有的通信流量。因此,Intel ME几乎能够访问计算机中所有的数据。如果攻击者能够在Intel ME上运行第三方代码的话,那么他们就能够完全入侵目标计算机。

我们可以看到,全世界现在有越来越多的研究人员开始关注Intel ME的安全问题了。其中一个原因就是这个子系统正在向新的硬件架构(x86)以及软件平台(修改后的MINIX[1])过度,而x86平台将允许研究人员利用二进制代码分析工具的全部功能。在此之前,固件分析相对来说是比较难的,因为Intel ME早期的版本是基于一种ARCompact微控制器实现的,而这种控制器所提供的一系列指令相对来说也比较陌生。

在此之前,我们几乎是不可能对Intel ME 11进行分析的,因为可执行模块采用了Huffman代码(未知表)进行压缩。但是我们的研究团队成功地恢复了这些表,并且创建了一个专门用于解包镜像的实用工具[2]。

在对可执行模块进行解包之后,我们就可以对Intel ME的软件以及硬件内部结构进行研究了。而通过分析后我们发现,其实Intel ME并不像我们想象中的复杂。

1.1 Intel ME 11概述

关于Intel ME内部结构以及组件的内容可以从参考资料中[1]、[3]、[4]这三篇论文获取。

实际上从2015年开始,LMT处理器核心(x86指令集)就已经被整合到PCH之中了,而这种核心正用于Quark SOC之中:

英特尔所采用的很多现代技术都是围绕Intel ME开发的,比如说英特尔主动管理技术(Intel Active Management Technology)、英特尔平台可信技术(Intel Platform Trust Technology)和英特尔软件保护扩展(Intel Software Guard Extensions)等等。Intel ME同样也是Intel启动防护功能信任机制的核心,而这个功能可以防止攻击者向UEFI注入恶意代码。Intel ME基本上可以丝毫不受限制地访问计算机中的数据,而且还可以拦截并修改显卡的图像信息。这种功能也意味着,如果攻击者能够在Intel ME中执行任意代码,那么他们就能够开发出一种全新的恶意软件,而这种恶意软件是无法被目前的安全检测工具所检测到的。幸运的是,在这项技术诞生至今的十七年里,只出现了三个公开的相关安全漏洞。

1.2 Intel ME公布的三个安全漏洞

1.2.1 Ring-3 rootkits

第一个Intel ME安全漏洞公布于2009年,在当年的黑帽黑客大会上,Alexander Tereshkin以及Rafal Wojtczuk曾进行了一次主题为”介绍Ring-3 Rootkits”的演讲,这种攻击需要向UMA内存的特定区域中注入代码。

研究被公布之后,英特尔引入了UMA保护机制。现在这块内存区域已经采用了AES加密,而且Intel ME会在每一个内存页面中存储相应的校验和。当页面返回到Intel ME的主内存区域时,这个校验和将对这些页面进行检测。

1.2.2 Zero-Touch

在2010年,Vassilios Ververis演示了一种针对Intel ME的攻击技术[10],这种技术使用的是Zero-Touch模式(ZTC),而这项技术将能够绕过AMT认证。

1.2.3 Silent Bob

在2017年5月,研究人员公布了一个存在于AMT认证系统中的安全漏洞(CVE-2017-5689)[11],该漏洞将允许未经授权的用户获取目标系统(支持vPro技术)的完整访问权。

因此,总的来说目前只出现了一个允许攻击者在Intel ME内部执行任意代码的安全漏洞。

二、 潜在的攻击向量

Intel基本上都会对Intel ME所使用的数据进行签名,但Intel ME仍需要与用户进行一些交互:

-本地通信接口 (HECI)

-网络(vPro only)

-主机内存 (UMA)

-固件SPI布局

-内部文件系统

2.1 HECI

HECI是一种独立的PCI设备,它可以作为主系统与Intel ME之间数据交换的循环缓冲器。Intel ME中的应用程序可以注册它们自己的HECI处理器,这样将会提升安全漏洞(CVE-2017-5711)的危险系数。在苹果电脑中,默认已禁用了HECI。

2.2 网络(vPro only)

AMT是一种大型模块,其中涉及到多种不同的网络协议。这个模块中包含了大量的遗留代码,并且现在有很多商业系统都在使用它。

2.3 针对SPI接口的硬件攻击

在研究Intel ME的过程中,我突然想起也许可以使用SPI闪存模拟器来绕过签名验证机制。这种特殊的设备跟普通的SPI闪存看起来很像,但是它可以在每次访问时发送不同的数据。这也就意味着,如果一开始进行了签名检测然后再读写数据的话,攻击者就可以尝试向Intel ME中注入代码了。

2.4 内部文件系统

Intel ME使用了SPI闪存来作为主文件存储,这种文件系统的结构比较复杂[6],而且很多特权进程都会将配置文件存储在这里。因此,文件系统肯定会是攻击者的主要目标之一。那么接下来,我们就要选择一个代码模块来寻找安全漏洞了。

2.5 选择模块进行分析

Intel ME操作系统实现了类Unix的访问控制模块,user-id、group-id、可访问硬件列表以及允许使用的系统调用都会根据每一个进程来进行静态规则设置:

分析后发现,只有少数系统进程可以加载并运行这些模块。其中一个就是能够生成子进程的BUP(BringUP),在对其进行了逆向分析之后,我们在负责进行设备初始化的函数中发现了一个堆缓冲区溢出漏洞。文件/home/bup/ct并没有被签名,因此我们就可以直接修改Intel ME固件的版本信息了。现在,我们可以让BUP进程发生缓冲区溢出,但是在利用这个漏洞之前,还需要绕过堆缓冲区溢出保护机制。

2.6 绕过堆缓冲区溢出保护机制

Intel ME用于保护栈缓冲区溢出的实现如下:

  1. 当进程被创建之后,一个32位值将会从硬件随机数生成器拷贝到一个特定区域(只读);

  2. 在函数开头,这个值会在返回地址之前拷贝到栈中(实现保护);

在函数结尾,存储的值会跟已知的正确值进行对比,如果不匹配,则软件发生崩溃,并终止进程;

我们在研究过程中,发现bup_dfs_read_file函数会间接调用memcpy,并返回TLS结构的目的地址。需要注意的是,BUP的读/写函数会使用系统服务来访问共享内容。换句话来说,读取和写入功能可以通过共享内存机制来获取并记录数据。

调用memcpy函数:

从TLS获取地址:

在缓冲区溢出的场景下,这部分TLS区域是可以通过文件读取函数来重写的,而攻击者将能够通过这种方式来绕过缓冲区溢出保护。

2.7 线程本地存储

TLS的访问跟gs段寄存器有关,该结构如下所示:

其中,gs段是不可写入的,而且TLS结构本身位于栈底。因此,为了实现缓冲区溢出,我们需要重写TLS中的指针(指向SYSLIB_CTX),并生成新的结构。根据bup_dfs_read_file函数的工作机制,这将允许我们写入任意数据。

2.8 使用读取函数来获取任意写入原语

bup_dfs_read_file函数不仅可以从SPI闪存中读取数据,而且还可以在迭代过程中修改指针数据(指向SYSLIB_CTX)。而在下一次迭代过程中,sys_write_shared_mem函数将会提取出我们所创建的地址,并将其作为目的地址传递给memcpy。这样一来,我们就能够获取任意写入原语了。

bup_dfs_read_file的部分代码如下:

2.9 可能的漏洞利用向量

为了成功利用该漏洞,我们需要通过特殊的HMR-FPO消息向Intel ME的特定区域写入访问数据[9]。攻击者可以利用BIOS漏洞来发送这种消息,或者直接利用操作系统来发送(Intel ME处于制造模式下),或者通过DMA攻击。

如果下列条件叛族的话,攻击者甚至还可以远程利用该漏洞:

目标平台激活了AMT;

攻击者知道AMT管理员密码,或利用漏洞绕过了验证机制;

BIOS没有设置密码保护(或者攻击者知道密码);

BIOS开启了ME区域的写入权限;

如果上述条件均满足,那攻击者将能够远程利用该漏洞并访问Intel ME中的数据。

2.10 CVE-2017-5705,6,7概述

这个漏洞分配到的编号为INTEL-SA-00086 (CVE-2017-5705, CVE-2017-5706, CVE-2017-5707),相关描述信息如下:

CVSSv3向量

8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

受影响的产品[12]

6th, 7th & 8th Generation Intel�0�3 Core�6�4 Processor Family

Intel�0�3 Xeon�0�3 Processor E3-1200 v5 & v6 Product Family

Intel�0�3 Xeon�0�3 Processor Scalable Family

Intel�0�3 Xeon�0�3 Processor W Family

Intel�0�3 Atom�0�3 C3000 Processor Family

Apollo Lake Intel�0�3 Atom Processor E3900 series

Apollo Lake Intel�0�3 Pentium�6�4

Celeron�6�4 N and J series Processors

总结

本文所介绍的漏洞将允许攻击者在Intel ME中运行任意代码,这种漏洞将会危及到多种英特尔技术的安全性。

我们希望本文的研究成果能够帮助更多感兴趣的研究人员了解Intel ME的安全现状。

参考资料

Dmitry Sklyarov, “Intel ME: The Way of the Static Analysis”, Troopers, 2017.

Intel ME 11.x Firmware Images Unpacker, github.com/ptresearch/unME11.

Xiaoyu Ruan, Platform Embedded Security Technology Revealed. Safeguarding the Future of Computing with Intel Embedded Security and Management Engine, Apress, ISBN 978-1-4302-6572-6, 2014.

Igor Skochinsky, “Intel ME Secrets. Hidden code in your chipset and how to discover what exactly it does”, RECON, 2014.

Alexander Tereshkin, Rafal Wojtczuk, “Introducing Ring-3 Rootkits”, Black Hat USA, 2009.

Dmitry Sklyarov, “Intel ME: flash file system explained”, Black Hat Europe, 2017.

Alex Matrosov, “Who Watch BIOS Watchers?”, 2017, medium.com/@matrosov/bypass-intel-boot-guard-cc05edfca3a9.

Mark Ermolov, Maxim Goryachy, “How to Become the Sole Owner of Your PC”, PHDays VI, 2016, 2016.phdays.com/program/51879.

Vassilios Ververis, “Security Evaluation of Intel’s Active Management Technology”, Sweden, TRITA-ICT-EX-2010:37, 2010.

Dmitriy Evdokimov, Alexander Ermolov, Maksim Malyutin, “Intel AMT Stealth Breakthrough”, Black Hat USA, 2017.

Intel Management Engine Critical Firmware Update (Intel-SA-00086), intel.com/sa-00086-support.

登录安全客 - 有思想的安全新媒体www.anquanke.com/,或下载安全客APP来获取更多最新资讯吧~

, groupId: 6516702583074062855, itemId: 6516702583074062855, type: 2, subInfo: { isOriginal: true, source: 安全客, time: 2018-01-30 12:54:17 }, tagInfo: { tags: [{"name":"网络安全"},{"name":"英特尔"},{"name":"信息安全"},{"name":"软件"},{"name":"黑客"}], groupId: 6516702583074062855, itemId: 6516702583074062855, repin: 0, }, has_extern_link: 0 }, commentInfo: { groupId: 6516702583074062855, itemId: 6516702583074062855, comments_count: 7, ban_comment: 0 }, mediaInfo: { uid: 50495492338, name: 安全客, avatar: //p1.pstatp.com/large/d2a00072bcd890a587c, openUrl: /c/user/50495492338/, follow: false }, pgcInfo: {"media_info":{"open_url":"/c/user/50495492338/","avatar_url":"https://p1.pstatp.com/large/d2a00072bcd890a587c","media_id":50499453036,"name":"安全客","user_verified":false},"articles":[{"item_id":"6516702583074062855","url":"/item/6516702583074062855","title":"如何入侵一台已关机的电脑"},{"item_id":"6516701491745522179","url":"/item/6516701491745522179","title":"全球军事基地的位置竟被一款健身APP曝光?!"},{"item_id":"6516418740672791047","url":"/item/6516418740672791047","title":"史上规模最大的密币交易所攻击,谁为被盗的5亿美元买单"},{"item_id":"6514919636268483075","url":"/item/6514919636268483075","title":"Electron JS框架存在严重RCE漏洞 Github等App受影响"}]}, feedInfo: { url: /api/pc/feed/, category: __all__, initList: [{"comments_count":287,"media_avatar_url":"//p6.pstatp.com/large/5b400004d934e91dd378","is_feed_ad":false,"is_diversion_page":false,"title":"小偷最怕偷这款手机,因为有这个功能?苹果和三星手机都自愧不如","single_mode":true,"gallary_image_count":4,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6516434067515245060/","source":"老罗看点","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":561,"image_url":"//p9.pstatp.com/list/190x124/5b5c00051c69d75efcad","group_id":"6516434067515245060","is_related":true,"media_url":"/c/user/6362212297/"},{"comments_count":6,"media_avatar_url":"//p3.pstatp.com/large/5b4b000533ec765e5aeb","is_feed_ad":false,"is_diversion_page":false,"title":"蓝牙掌击是手机拒绝服务攻击的典型,很多手机都容易受到蓝牙掌击","single_mode":true,"gallary_image_count":3,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6515193541877039624/","source":"数码界面","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p1.pstatp.com/list/190x124/5b540000fc53d95beda0","group_id":"6515193541877039624","is_related":true,"media_url":"/c/user/86632056524/"},{"comments_count":8,"media_avatar_url":"//p7.pstatp.com/large/5b510001050b17e7ab6b","is_feed_ad":false,"is_diversion_page":false,"title":"不论你的手机型号是什么,这些事都将使邮件威胁随处可见","single_mode":true,"gallary_image_count":3,"middle_mode":true,"has_video":false,"video_duration_str":null,"source_url":"/group/6516281437723820552/","source":"科技新作品","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p1.pstatp.com/list/190x124/5e710001b55a8c63ea9c","group_id":"6516281437723820552","is_related":true,"media_url":"/c/user/84838288111/"},{"comments_count":405,"media_avatar_url":"//p3.pstatp.com/large/12330013573aaa4c18b1","is_feed_ad":false,"is_diversion_page":false,"title":"支付宝这两个地方打死也要关闭,否则钱被盗刷没商量","single_mode":true,"gallary_image_count":6,"middle_mode":true,"has_video":false,"video_duration_str":null,"source_url":"/group/6513671301788336648/","source":"狮子夜光杯","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":576,"image_url":"//p3.pstatp.com/list/190x124/594b0004111290e677e5","group_id":"6513671301788336648","is_related":true,"media_url":"/c/user/53397416061/"},{"comments_count":107,"is_related":true,"is_feed_ad":false,"is_diversion_page":false,"title":"怎么可以做到不充各种会员,就能免费下载各视频软件的独播电视剧资源?","single_mode":true,"gallary_image_count":5,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6516397451480400135/","source":"悟空问答","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p3.pstatp.com/list/190x124/55180009d85523914311","group_id":"6516397451480400135"},{"comments_count":37,"media_avatar_url":"//p3.pstatp.com/large/150e00013ac4fcfea656","is_feed_ad":false,"is_diversion_page":false,"title":"一个月能入门Python吗?月薪25K的大佬给我整理了函数和模块资料","single_mode":true,"gallary_image_count":31,"middle_mode":true,"has_video":false,"video_duration_str":null,"source_url":"/group/6515240810475160068/","source":"python学院","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":25,"image_url":"//p9.pstatp.com/list/190x124/5b5000056f27d5720d52","group_id":"6515240810475160068","is_related":true,"media_url":"/c/user/54009688093/"},{"comments_count":209,"media_avatar_url":"//p10.pstatp.com/large/3e800003b803c38d7ef7","is_feed_ad":false,"is_diversion_page":false,"title":"魅族工程师:Note6这高通625真难打磨!","single_mode":true,"gallary_image_count":4,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6516463348446396942/","source":"网易云音乐小故事","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":290,"image_url":"//p9.pstatp.com/list/190x124/5e6f0003c812f4331f4d","group_id":"6516463348446396942","is_related":true,"media_url":"/c/user/3619839490/"},{"comments_count":103,"media_avatar_url":"//p1.pstatp.com/large/3e5b0003e8b7bba867b3","is_feed_ad":false,"is_diversion_page":false,"title":"台湾黑客发现一张动图能宕掉一台服务器,运维这个腊月又要忙了","single_mode":true,"gallary_image_count":5,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6514551846428738055/","source":"海阳顶端","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":236,"image_url":"//p1.pstatp.com/list/190x124/5b4900057373594447ef","group_id":"6514551846428738055","is_related":true,"media_url":"/c/user/3668637589/"},{"comments_count":33,"is_related":true,"is_feed_ad":false,"is_diversion_page":false,"title":"历史上,AMD超越过Intel吗?","single_mode":true,"gallary_image_count":1,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6515205991913488648/","source":"悟空问答","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p3.pstatp.com/list/190x124/5b02000243f53e3b72ef","group_id":"6515205991913488648"},{"comments_count":109,"is_related":true,"is_feed_ad":false,"is_diversion_page":false,"title":"目前世界主要国家的垄断技术有哪些呢?","single_mode":true,"gallary_image_count":2,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6515684308550680835/","source":"悟空问答","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p1.pstatp.com/list/190x124/5b020002ca7047bba7d1","group_id":"6515684308550680835"},{"comments_count":84,"media_avatar_url":"//p1.pstatp.com/large/ef7000855490972fd7a","is_feed_ad":false,"is_diversion_page":false,"title":"绝地求生国服推荐配置出炉,笔记本“吃鸡”的童鞋看这里!","single_mode":true,"gallary_image_count":4,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6516427528289124872/","source":"环球科技世界","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":87996,"image_url":"//p3.pstatp.com/list/190x124/5e70000365a22313f13e","group_id":"6516427528289124872","is_related":true,"media_url":"/c/user/6318895646/"},{"comments_count":0,"is_related":true,"is_feed_ad":false,"is_diversion_page":false,"title":"百度网盘的作用是什么?","single_mode":true,"gallary_image_count":4,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6512571678478827784/","source":"悟空问答","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p1.pstatp.com/list/190x124/55180005e3b2bc5771f7","group_id":"6512571678478827784"},{"comments_count":34,"media_avatar_url":"//p1.pstatp.com/large/5694000171df5c4cf6b3","is_feed_ad":false,"is_diversion_page":false,"title":"教你做这一步,你的电脑一辈子不会中毒!","single_mode":true,"gallary_image_count":1,"middle_mode":true,"has_video":false,"video_duration_str":null,"source_url":"/group/6514207712761348611/","source":"熊小进","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":11,"image_url":"//p3.pstatp.com/list/190x124/5b490002118ddcd35a0a","group_id":"6514207712761348611","is_related":true,"media_url":"/c/user/82224069330/"},{"comments_count":7,"media_avatar_url":"//p1.pstatp.com/large/16ab0015ac854237311b","is_feed_ad":false,"is_diversion_page":false,"title":"Python操作MySQL数据库的三种方法","single_mode":true,"gallary_image_count":16,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6516473434988347912/","source":"python空白","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":1,"image_url":"//p3.pstatp.com/list/190x124/5e730000133113590266","group_id":"6516473434988347912","is_related":true,"media_url":"/c/user/56929627307/"},{"comments_count":39,"media_avatar_url":"//p3.pstatp.com/large/593b00063b76d2e3ec94","is_feed_ad":false,"is_diversion_page":false,"title":"excel密码破解,亲测可用,全都是干货,赶紧学习起来吧","single_mode":true,"gallary_image_count":12,"middle_mode":true,"has_video":false,"video_duration_str":null,"source_url":"/group/6515598462556307976/","source":"Mickeyworks逗拍","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":6,"image_url":"//p1.pstatp.com/list/190x124/5b5700022047d6d9b611","group_id":"6515598462556307976","is_related":true,"media_url":"/c/user/78769953259/"},{"comments_count":5,"media_avatar_url":"//p7.pstatp.com/large/5b510001050b17e7ab6b","is_feed_ad":false,"is_diversion_page":false,"title":"选择适合自己的智能手机,需要从这些方面考虑","single_mode":true,"gallary_image_count":4,"middle_mode":true,"has_video":false,"video_duration_str":null,"source_url":"/group/6516285128606482952/","source":"科技新作品","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p9.pstatp.com/list/190x124/5e700000fb016b327aa4","group_id":"6516285128606482952","is_related":true,"media_url":"/c/user/84838288111/"},{"comments_count":11,"media_avatar_url":"//p1.pstatp.com/large/509f0004adfc8780e10c","is_feed_ad":false,"is_diversion_page":false,"title":"再谈TCP报文中seq和ack,借助wireshark绘制流程图","single_mode":true,"gallary_image_count":5,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6516480197775065614/","source":"生先生谈IT","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":3,"image_url":"//p9.pstatp.com/list/190x124/5b5b0005f5dfb0b8ed99","group_id":"6516480197775065614","is_related":true,"media_url":"/c/user/82477572975/"},{"comments_count":3,"media_avatar_url":"//p1.pstatp.com/large/4e7b000191d1dcd4ea2a","is_feed_ad":false,"is_diversion_page":false,"title":"Google架构师推出应用开发架构指南","single_mode":true,"gallary_image_count":3,"middle_mode":true,"has_video":false,"video_duration_str":null,"source_url":"/group/6516437808771498504/","source":"JAVA高级分享","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p3.pstatp.com/list/190x124/5b590005a2590fb87768","group_id":"6516437808771498504","is_related":true,"media_url":"/c/user/81456863481/"},{"comments_count":5,"is_related":true,"is_feed_ad":false,"is_diversion_page":false,"title":"为什么打了intel漏洞补丁后会频繁重启?","single_mode":true,"gallary_image_count":1,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6514132929206026503/","source":"悟空问答","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p3.pstatp.com/list/190x124/5518000752e1d6c3df41","group_id":"6514132929206026503"},{"comments_count":4,"media_avatar_url":"//p1.pstatp.com/large/50980002254e4105333b","is_feed_ad":false,"is_diversion_page":false,"title":"敏感数据加密脱敏管理技术分享","single_mode":true,"gallary_image_count":6,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6514860035321889293/","source":"铬家数据","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p3.pstatp.com/list/190x124/5b4f0003730d5b8b0fae","group_id":"6514860035321889293","is_related":true,"media_url":"/c/user/81559914758/"}] }, shareInfo: { shareUrl: https://m.toutiao.com/item/6516702583074062855/, abstract: 来自PositiveTechnologies公司的研究人员MarkErmolov和MaximGoryachy跟大家介绍了英特尔管理引擎中存在的安全漏洞。
小编推荐:欲学习电脑技术、系统维护、网络管理、编程开发和安全攻防等高端IT技术,请 点击这里 注册黑基账号,公开课频道价值万元IT培训教程免费学,让您少走弯路、事半功倍,好工作升职加薪!



免责声明:本文由投稿者转载自互联网,版权归原作者所有,文中所述不代表本站观点,若有侵权或转载等不当之处请联系我们处理,让我们一起为维护良好的互联网秩序而努力!联系方式见网站首页右下角。


鲜花

握手

雷人

路过

鸡蛋

相关阅读

发表评论

最新评论

引用 游客 2018-3-19 04:16
The next time I learn a blog, I hope that it doesnt disappoint me as much as this one. I imply, I do know it was my option to learn, but I really thought youd have one thing fascinating to say. All I hear is a bunch of whining about something that you would fix for those who werent too busy on the lookout for attention.
adidas ultra boost http://chilp.it/e146b6c
引用 游客 2018-3-19 03:57
Thank you for each of your hard work on this web page. Ellie takes pleasure in engaging in investigation and it's really easy to understand why. Most people notice all concerning the powerful means you deliver rewarding tricks by means of the web blog and therefore recommend response from others on this point so my daughter is actually starting to learn so much. Have fun with the remaining portion of the year. You have been doing a splendid job.
Adidas NMD Women Mesh Su**ce White Rose http://w ...
引用 游客 2018-3-18 02:15
I抦 impressed, I need to say. Actually hardly ever do I encounter a blog that抯 both educative and entertaining, and let me let you know, you have hit the nail on the head. Your concept is excellent; the issue is one thing that not sufficient people are talking intelligently about. I am very completely satisfied that I stumbled across this in my seek for something referring to this.
yeezy boost 350 http://lovebyt.es/yzyboost
引用 游客 2018-3-16 22:20
After study just a few of the blog posts on your web site now, and I truly like your means of blogging. I bookmarked it to my bookmark web site record and shall be checking again soon. Pls check out my website online as well and let me know what you think.
adidas yeezy boost http://clickand.co/8dmbn
引用 游客 2018-3-15 13:18
I抦 impressed, I need to say. Really hardly ever do I encounter a weblog that抯 each educative and entertaining, and let me tell you, you've got hit the nail on the head. Your thought is outstanding; the difficulty is one thing that not enough people are talking intelligently about. I am very completely happy that I stumbled throughout this in my seek for one thing referring to this.
yeezy shoes http://u.to/PDX_Dw
引用 游客 2018-3-14 08:24
My spouse and i felt really ecstatic when Chris managed to conclude his investigation via the ideas he grabbed through your weblog. It is now and again perplexing to just find yourself offering thoughts that many some others may have been ** money from. And we all fully understand we have you to appreciate for that. Those explanations you have made, the ** site menu, the friendships you can make it easier to instill - it's most overwhelming, and it's helping our son and us consider that  ...
引用 游客 2018-3-14 05:52
Your place is valueble for me. Thanks!?
adidas yeezy http://bit.ly/2rg5ngO
引用 游客 2018-3-13 19:46
My wife and i felt quite joyous that Peter managed to finish off his basic research through the entire precious recommendations he was given in your weblog. It's not at all simplistic just to happen to be releasing steps which often the others might have been ** money from. And we discover we have got the blog owner to give thanks to for that. All the illustrations you've made, the straightforward blog menu, the relationships you can assist to promote - it is all awesome, and it's helping ou ...
引用 游客 2018-3-12 20:17
I used to be very pleased to find this internet-site.I wished to thanks for your time for this excellent learn!! I positively having fun with each little little bit of it and I have you bookmarked to check out new stuff you blog post.
adidas yeezy http://clickand.co/8f4xg
引用 游客 2018-3-11 12:49
I discovered your weblog website on google and verify just a few of your early posts. Proceed to maintain up the excellent operate. I just additional up your RSS feed to my MSN News Reader. Searching for forward to studying extra from you in a while!?
yeezys http://gtiny.me/yzyorg
引用 游客 2018-3-10 08:55
There is noticeably a bundle to find out about this. I assume you made sure good factors in features also.
yeezy boost http://gul.ly/f51sx
引用 游客 2018-3-9 09:48
An impressive share, I just given this onto a colleague who was doing somewhat evaluation on this. And he actually bought me breakfast as a result of I discovered it for him.. smile. So let me reword that: Thnx for the treat! But yeah Thnkx for spending the time to discuss this, I really feel strongly about it and love studying more on this topic. If potential, as you become experience, would you mind updating your blog with more particulars? It is extremely helpful for me. Big thumb up for this ...
引用 游客 2018-3-8 17:21
I would like to express my passion for your kind-heartedness giving support to those individuals that really need assistance with your topic. Your real commitment to passing the solution throughout ended up being surprisingly effective and has always made those much like me to realize their dreams. The interesting key points denotes this much to me and far more to my fellow workers. Regards; from each one of us.
Adidas NMD XR1 Rose red http://www.adidas-nmds.us.com/adidas-nmd-xr1-rose-red-p-521 ...
引用 游客 2018-3-8 10:30
I抎 must check with you here. Which is not something I normally do! I take pleasure in studying a submit that will make folks think. Additionally, thanks for allowing me to remark!
adidas ultra boost http://youl.ink/ultrausc
引用 游客 2018-3-7 12:51
I simply desired to appreciate you all over again. I'm not certain what I might have worked on without the actual points contributed by you concerning such a question. It has been a real frustrating situation in my position, however , finding out a specialised strategy you handled that took me to cry over fulfillment. I'm happy for this support and even hope you recognize what a powerful job you have been undertaking instructing people today via your web site. Most probably you haven't come acro ...
引用 游客 2018-3-7 09:36
I found your weblog website on google and examine a few of your early posts. Proceed to keep up the excellent operate. I simply further up your RSS feed to my MSN News Reader. Seeking ahead to studying more from you later on!?
adidas nmd http://cbi.as/8ifrc
引用 游客 2018-3-6 06:46
This actually answered my downside, thanks!
nike air zoom http://www.nikezoom.us.com
引用 游客 2018-3-6 01:28
My spouse and i have been now thrilled when Ervin could deal with his investigations out of the ideas he had from your very own weblog. It's not at all simplistic to just happen to be giving out helpful tips which often men and women may have been ** money from. We consider we have got the blog owner to thank for that. The main illustrations you've made, the straightforward site menu, the relationships your site make it easier to create - it is everything exceptional, and it is aiding our so ...
引用 游客 2018-3-5 04:03
A formidable share, I simply given this onto a colleague who was doing a bit analysis on this. And he the truth is bought me breakfast as a result of I discovered it for him.. smile. So let me reword that: Thnx for the treat! However yeah Thnkx for spending the time to discuss this, I really feel strongly about it and love reading more on this topic. If doable, as you turn out to be expertise, would you thoughts updating your weblog with more particulars? It's extremely useful for me. Massive th ...
引用 游客 2018-3-4 01:54
I in addition to my guys were looking at the good hints on your web blog while quickly I got a horrible suspicion I had not expressed respect to the website owner for those secrets. All the ladies are actually so happy to read through all of them and already have truly been using these things. Many thanks for turning out to be so accommodating as well as for opting for these kinds of amazing issues millions of individuals are really eager to learn about. My honest regret for not expressing appre ...

查看全部评论(58)


新出炉

返回顶部