nda – Gea-Suan Lin's BLOG

已經有不少新聞都有報導提到最近被丟出來的 Intel 程式碼：

Intel exconfidential Lake Platform Release ;)

This is the first 20gb release in a series of large Intel leaks.

Most of the things here have NOT been published ANYWHERE before and are classified as confidential, under NDA or Intel Restricted Secret. pic.twitter.com/KE708HCIqu

— Tillie 1312 Kottmann #BLM ???? (@deletescape) August 6, 2020

這些程式碼都是需要簽 NDA 或類似的合約才能拿到，這次被丟出來可以看到不少東西... 發佈的人有提到可以搜尋一些「關鍵字」，像是 backdoor 這個：

not a lot I guess, but searching for "backdoor" in the bios/fw sources DOES turn up results

— Tillie 1312 Kottmann #BLM ???? (@deletescape) August 6, 2020

然後結果還蠻有趣的，看起來這包 20GB 的檔案可以讓不少人研究一陣子...

以往要取得 AWS 的稽核報告都必須簽署 NDA 並透過 support ticket 取得 (或是找窗口拿)，現在 AWS 把這件事情做成一個服務：「Introducing AWS Artifact: Speeding Access to Compliance Reports」。

服務叫做 AWS Artifact，還是要簽保密協議，不過電子化了：

You can start downloading the audit reports in the AWS Management Console today. Many of the documents are confidential and require you to accept Amazon’s confidentiality terms and conditions, but after you review and agree to those terms, you will be granted instant access to review documents.

這樣取得資料就可以透過系統直接拉出來了：

To document the current and historical compliance of the AWS infrastructure and services, many AWS customers provide compliance reports—including those for ISO, SOC, and PCI—to their auditors or regulators.

Tag: nda

最近洩漏出來的 Intel 程式碼...