Slashdot Mirror

← Back to Domains

Domain: github.com

Stories and comments across the archive that link to github.com.

Comments · 4,419

  1. perhaps correlated with RHEL 8? by nimbius · · Score: 4, Interesting · on Fedora 28 Beta Linux Distro is Finally Here (betanews.com)

    Heres the RHEL 8 alpha branch for anaconda
    https://github.com/rhinstaller...
    As well as the commit activity...
    https://github.com/rhinstaller...

    What are the chances of a Redhat Enterprise Linux 8 release this year?

  2. There are alternatives by jarle.aase · · Score: 1 · on Tor Winds Down Its Encrypted Messenger App 3 Years After Launch (venturebeat.com)
    Unlike the open Internet, Tor makes it easy to create real peer to peer messaging clients. All Tor nodes can create hidden services that are instantly accessible to anyone. Using a true peer to peer architecture, without hub's, there are no meta-data laying around, except on the peers themselves.

    Tor Chat (which now seems dead) pioneered this approach. Ricochet is an alternative that is actively maintained.

    I am working on a project to bring another peer to peer instant messenger to the onion party. I believe it matters to be able to communicate privately. I believe that it matters a lot.

  3. There are alternatives by jarle.aase · · Score: 1 · on Tor Winds Down Its Encrypted Messenger App 3 Years After Launch (venturebeat.com)
    Unlike the open Internet, Tor makes it easy to create real peer to peer messaging clients. All Tor nodes can create hidden services that are instantly accessible to anyone. Using a true peer to peer architecture, without hub's, there are no meta-data laying around, except on the peers themselves.

    Tor Chat (which now seems dead) pioneered this approach. Ricochet is an alternative that is actively maintained.

    I am working on a project to bring another peer to peer instant messenger to the onion party. I believe it matters to be able to communicate privately. I believe that it matters a lot.

  4. Re:Chromium, too? by Anonymous Coward · · Score: 0 · on Chrome Is Scanning Files on Your Computer, and People Are Freaking Out (vice.com)

    An entire weekend? WTF? https://github.com/chromium/chromium/search?utf8=%E2%9C%93&q=scorecard&type=, moran.

  5. Re:Chromium, too? by Anonymous Coward · · Score: -1 · on Chrome Is Scanning Files on Your Computer, and People Are Freaking Out (vice.com)

    You could find out yourself here: https://github.com/chromium/chromium

  6. Re:Chromium, too? by Anonymous Coward · · Score: -1 · on Chrome Is Scanning Files on Your Computer, and People Are Freaking Out (vice.com)

    Lemme check with my buddy koavf. He can download the source code from GitHub and look through it himself.

  7. Re:What's so wrong about ARM? by Antique+Geekmeister · · Score: 1 · on Open Source RISC V Processor Gets Support From Google, Samsung, Qualcomm, and Tesla (seekingalpha.com)

    I do see some tools, such as https://github.com/rv8-io/rv8 , that seem to run x86_64 code in a simulation mode for RISC-V. Has anyone here tested this tool, or seen anything equivalent for ARM ? I've not had or made the opportunity to do so myself: my personal hardware budget is much smaller than it was at earlier times in my career.

  8. Re:DIY by Anonymous Coward · · Score: 0 · on Open Source RISC V Processor Gets Support From Google, Samsung, Qualcomm, and Tesla (seekingalpha.com)

    The complete source code for the "Rocket Chip" core is on github: https://github.com/freechipsproject/rocket-chip. Other RISC-V cores are also available (see list here).

    You can synthesize a RISC-V core right now and run it on a $99 FPGA board. Of course building an ASIC or fully custom chip is a much greater technical and financial (!!!) undertaking. That's the way the world works, and can't be blamed on RISC-V.

  9. Re:Teaching kids to be coders is a stupid fad by Bing+Tsher+E · · Score: 1 · on Apple Trains Chicago Teachers To Put Coding In More Classrooms (engadget.com)

    Whoops. I stand corrected. The source code for Swift is here. Looks like it sits on top of Java.

  10. Re:Finally a use for an Amazon Echo by brunes69 · · Score: 1 · on Google Home Can Now Control Your Bluetooth Speakers (theverge.com)

    You may be more interested in this

    http://alexamods.com/guide-ins...

    If you follow that step by step tutorial, you can access the Google Assistant from Alexa and have the best of both worlds.

    Also see GeeMusic to access Google Music from Alexa:

    https://github.com/stevenleeg/...

  11. Re:just run the 2nd OS in a VM and call it a day by houghi · · Score: 1 · on Ask Slashdot: Why Are There No True Dual-System Laptops Or Tablet Computers?

    I have a Chromebook and run Debian.
    https://github.com/dnschneid/c...

    If I where to travel, all I need to do is tab 'space' instead of 'ctrl d' and that partition is gone.

    So secure stuff goes via Debian, non-secure stuff goes via Chrome. Yes, I am aware that they could hack the Chrome side of thing. If that is the case, I am sure they are able to do the same with Debian.

    No, I do not really use the Chrome part besides starting up Debian.

  12. Apache License != proprietary by tepples · · Score: 2 · on Apple Trains Chicago Teachers To Put Coding In More Classrooms (engadget.com)

    I thought all the articles making the "tailor Swift" pun mentioned that Apple distributes the reference implementation of Swift under the Apache License 2.0. If a work is distributed as free software under that license, it isn't "proprietary software" by the FSF's definition. What definition of "proprietary" are you using?

  13. Re:WSL isn't very good by Per+Bothner · · Score: 1 · on Microsoft Releases New Tool To Get More Distros on Windows (zdnet.com)

    FWIW: when I ported the DomTerm terminal emulator (see separate response below) to WSL, it went surprisingly smoothly. The domterm command is a split front-end/back-end application: The back-end is a WSL command-line program written in C. It handles argument parsing, ptys, forking, http and wesocket serving, daemoniation, unix-domain sockets, and more Linux idioms. Very little had to be changed for WSL - mainly changing some file paths. The front-end handles the UI and is a Windows application: You can either use your regular Windows desktop browser (Firefox and Chrome both work), or you can use an Electron wrapper, which is somewhat nicer. (The Electron wrapper is basically a small amount of JavaScript code that requires an Electron binary that you can download from GitHub.)

  14. terminal emulator for Windows/WSL (DomTerm) by Per+Bothner · · Score: 1 · on Microsoft Releases New Tool To Get More Distros on Windows (zdnet.com)
    windows has a terrible terminal emulator

    Can I suggest you check out DomTerm? It has the functionality of gnome-terminal (and then some) but does not require an X-server. Instead, it uses Electron, which (in my biased opinion) makes for a very nice interface. This article focuses on DomTerm on WSL. The release page includes pre-compiled WSL binaries.

  15. Re:OR... by svanheulen · · Score: 4, Interesting · on Mozilla Launches Facebook Container Add-on To Isolate Your Web Browsing Activity From Facebook (venturebeat.com)

    That's what uMatrix does: https://github.com/gorhill/uMa... https://addons.mozilla.org/en-... It would be impossible to have that on by default for normal users though. Too many sites are broken by not allowing 3rd party requests, and the average user would just switch to Chrome rather then deal with making whitelists.

  16. Public Suffix List limits LE issuance on DDNS by tepples · · Score: 1 · on IETF Approves TLS 1.3 As Internet Standard (bleepingcomputer.com)

    You can use several DDNS providers with letsencrypt

    And there are several that you can't use because the provider hasn't completed the process to add itself to the Public Suffix List. If a DDNS provider is not on the PSL, whether by the provider's ignorance of the PSL, by the provider's choice to remain off the PSL, or by the PSL's own backlog, then all users of that provider put together are limited to 20 certificates per week, and other users are likely to have already obtained those certificates before you.

    Here's directions for the one I use, duckdns.

    I see that Duck DNS is on the PSL. Do you project that Duck DNS will remain in operation for the foreseeable future?

    Another problem is DDNS providers that go behind a paywall. Dyn started charging for all services once it became popular, making it no better than registering a domain.

  17. Re:App permissions by Anonymous Coward · · Score: 0 · on Facebook Scraped Call, Text Message Data For Years From Android Phones (arstechnica.com)

    You're describing XPrivacy / XPrivacyLua. Basically, if a flashlight app wants your GPS coordinates, you can deny it and give it fake coordinates. Same with contact info, sms, call history, etc.

    This really should be built into Android but it won't since Google's business model is also based around collecting as much information on it's users as possible.

  18. Re:Windows 10 Support? by dmitrygr · · Score: 1 · on Google Unveils Acer's Chromebook Tab 10 Ahead of Apple's Education-Focused Event Tomorrow (cnet.com)

    https://github.com/dnschneid/c... should work

  19. No, but it can cause it by thegarbz · · Score: 1 · on Ask Slashdot: Can FOSS Help In the Fight Against Climate Change?

    https://github.com/bitcoin/bit...

  20. Re:I2C still broken ? by Anonymous Coward · · Score: 1 · on Raspberry Pi 3 Model B+ Benchmarks Show Significantly Improved Performance (phoronix.com)

    Is the I2C still broken ? can it now communicate with AVRs and other slower peripherials ??
    https://github.com/raspberrypi...

    You can do software bit-banged I2C on Raspberry Pi, complete with full clock stretching support, no problem, see pigpio. it's CPU intensive, but you've got four cores to work with.

  21. I2C still broken ? by stooo · · Score: 2 · on Raspberry Pi 3 Model B+ Benchmarks Show Significantly Improved Performance (phoronix.com)

    Is the I2C still broken ? can it now communicate with AVRs and other slower peripherials ??
    https://github.com/raspberrypi...

  22. Re: Predecated on deception by Anonymous Coward · · Score: 0 · on Ask Slashdot: Is There a Good Alternative to Facebook? (washingtonpost.com)

    I use Face Slim and have converted most of my family.

  23. Re:I like this guy by wolfheart111 · · Score: 1 · on KeepVid Site No Longer Allows Users To 'Keep' Videos (torrentfreak.com)

    Here is a good author. :) Interesting reads indeed. https://github.com/jeckman/

  24. Re:The least they can do by Meneth · · Score: 2 · on KeepVid Site No Longer Allows Users To 'Keep' Videos (torrentfreak.com)

    https://github.com/rg3/youtube-dl

    It's not KeepVid, but it's pretty darn good if you like command line interfaces.

  25. Open by DrYak · · Score: 1 · on WhatsApp Co-Founder Tells Everyone To Delete Facebook, Further Fueling the #DeleteFacebook Movement (theverge.com)

    Billionaire wants you to use his new app.

    Except that the app is not his (OpenWhisperSystems, by Moxie Malinspike),
    and it is not exactly new either (4 years old).

    In fact, given that Signal uses an open documented protocol,
    you're free to use any other compatible software (e.g.: running on Jolla's Sailfish OS).

    Unlike with WhatsApp which also have switched to the same encryption protocol, but actively tries to detect and kickban 3rd party apps.
    (So you *have* to run a proprietary blob and hope that they have implemented encryption protocol properly and didn't leave a giant backdoor)

    ---

    And Signal protocol is also usable on Facebook's Messenger and Google Allo when these are switched into private or incognito mode.
    But those aren't open source so there's no way to test that they don't do things behind your back.

    At least facebook isn't actively hunting 3rd party apps, giving rise to stuff as purple-facebook plugin that taps into the same proprietary JSON interface as the Android app - but currently, this plugin lacks the manpower to maintain signal protocol.
    And even if purple-facebook starts supporting encryption, you would need *both end-points* to be secure (thus both of them running opensource auditable apps).

    There isn't a 3rd party implementation of Google Allo, for now you need to stick with the official blob (and are dependent on their honest and correct implementation of encryption).

  26. Open by DrYak · · Score: 1 · on WhatsApp Co-Founder Tells Everyone To Delete Facebook, Further Fueling the #DeleteFacebook Movement (theverge.com)

    Billionaire wants you to use his new app.

    Except that the app is not his (OpenWhisperSystems, by Moxie Malinspike),
    and it is not exactly new either (4 years old).

    In fact, given that Signal uses an open documented protocol,
    you're free to use any other compatible software (e.g.: running on Jolla's Sailfish OS).

    Unlike with WhatsApp which also have switched to the same encryption protocol, but actively tries to detect and kickban 3rd party apps.
    (So you *have* to run a proprietary blob and hope that they have implemented encryption protocol properly and didn't leave a giant backdoor)

    ---

    And Signal protocol is also usable on Facebook's Messenger and Google Allo when these are switched into private or incognito mode.
    But those aren't open source so there's no way to test that they don't do things behind your back.

    At least facebook isn't actively hunting 3rd party apps, giving rise to stuff as purple-facebook plugin that taps into the same proprietary JSON interface as the Android app - but currently, this plugin lacks the manpower to maintain signal protocol.
    And even if purple-facebook starts supporting encryption, you would need *both end-points* to be secure (thus both of them running opensource auditable apps).

    There isn't a 3rd party implementation of Google Allo, for now you need to stick with the official blob (and are dependent on their honest and correct implementation of encryption).

  27. Distributed messengers is the way to go by jdoeii · · Score: 4, Insightful · on Telegram Loses Supreme Court Appeal In Russia, Must Hand Over Encryption Keys (bloomberg.com)

    Most (all?) commercial messengers have a problem of being centralized. Block a few servers and the messenger is dead. Compare Telegram or Whatapp to generic email. A dictator can easily block messengers, but can't block email in general. It can block can block say Gmail or Yahoo mail but blocking individual email servers is much harder. Messengers need to move to the same model. We need something like https://github.com/tinode/chat to run our own servers. We need 1000s of telegrams and whatsapps running a distributed federated messaging network.

  28. Re:The problem: by Anonymous Coward · · Score: 0 · on Linux Mint 19 'Tara' Cinnamon Will Be Faster (betanews.com)

    Read the actual commits.

    https://github.com/linuxmint/Cinnamon/pull/7251/commits/59424ac791d51a6b92efc5989f7cb0d9562621af

    https://github.com/linuxmint/Cinnamon/pull/7251/commits/bc2bf1c7d5129918d90b805f33f20f99c155802a

    https://github.com/linuxmint/Cinnamon/pull/7251/commits/2cf573246db0466df99da9d0c3c05c7288c5c35e

    All JavaScript, all crap.

  29. Re:The problem: by Anonymous Coward · · Score: 0 · on Linux Mint 19 'Tara' Cinnamon Will Be Faster (betanews.com)

    Read the actual commits.

    https://github.com/linuxmint/Cinnamon/pull/7251/commits/59424ac791d51a6b92efc5989f7cb0d9562621af

    https://github.com/linuxmint/Cinnamon/pull/7251/commits/bc2bf1c7d5129918d90b805f33f20f99c155802a

    https://github.com/linuxmint/Cinnamon/pull/7251/commits/2cf573246db0466df99da9d0c3c05c7288c5c35e

    All JavaScript, all crap.

  30. Re:The problem: by Anonymous Coward · · Score: 0 · on Linux Mint 19 'Tara' Cinnamon Will Be Faster (betanews.com)

    Read the actual commits.

    https://github.com/linuxmint/Cinnamon/pull/7251/commits/59424ac791d51a6b92efc5989f7cb0d9562621af

    https://github.com/linuxmint/Cinnamon/pull/7251/commits/bc2bf1c7d5129918d90b805f33f20f99c155802a

    https://github.com/linuxmint/Cinnamon/pull/7251/commits/2cf573246db0466df99da9d0c3c05c7288c5c35e

    All JavaScript, all crap.

  31. The problem: by Anonymous Coward · · Score: 1 · on Linux Mint 19 'Tara' Cinnamon Will Be Faster (betanews.com)

    The window manager is written in fucking JavaScript:

    https://github.com/linuxmint/Cinnamon/pull/7251

  32. Re:Prioritizing speed test servers a NN violation by pnutjam · · Score: 1 · on Ask Slashdot: How Can I Prove My ISP Slows Certain Traffic?

    If you have access to a server elsewhere, you can use iperf. That's usually my gold standard for testing links.

  33. Re:To paraphrase... by K.+S.+Kyosuke · · Score: 1 · on Vim Beats Emacs in 'Linux Journal' Reader Survey (linuxjournal.com)

    All that's required for evil to triumph is for good men to do nothing.

    Actually, it would appear that all that's required for evil to triump is to start convincing Vim users to switch to Emacs.

  34. Re: Oh really? by jrumney · · Score: 1 · on Vim Beats Emacs in 'Linux Journal' Reader Survey (linuxjournal.com)

    Even better is that Emacs gives you a consistent interface whether you are managing systemd, sysvinit or brew. No longer does the Poettering tendency to redefine command-line argument ordering to "improve" on long standing Posix convention need to be an unnecessary burden to the sysadmin.

  35. Re:Vim broken in OSX? by Anonymice · · Score: 3, Interesting · on Vim Beats Emacs in 'Linux Journal' Reader Survey (linuxjournal.com)

    Odd, have you actually checked there aren't any other default schemes available? On all of the OSX, Linux, BSD & Cygwin Vims I've used, it's always included a standard pack to choose from.

    http://vimcolors.com/

    https://github.com/flazz/vim-c...

  36. Primary Sources by psnyder · · Score: 1 · on Sierra Leone Records World's First Blockchain-Powered Election (techcrunch.com)

    Agora's Whitepaper
    Agora's Github Repo

  37. Re:Not invented here by swillden · · Score: 1 · on Google's New 'Plus Codes' Are An Open Source, Global Alternative To Street Addresses (9to5google.com)

    Okay, but if you're going to make a new system that meets your requirements better, would it kill you to include at least some semblance of the advantages of previous systems in the new one? For example, what3words codes are easy to remember - they are simply 3 words. A typical Open Location Code is 7FG49QCJ+2V. So... yeah.

    Because what3words suck, for many reasons.

    1. They're proprietary, and kind of inherently so. Their design approach requires a big table providing all of the mappings, rather than a simple, easily open-sourced algorithm. Google could have tried to reproduce their approach, but likely would have run afoul of their patents.

    2. Their approach also doesn't scale up and down like OLC does; in what3words you can't specify a region larger than 3m^2, or a smaller one. With OLC each additional pair of digits allows specification of a sub-region 1/400th the size of the "parent" region.

    3. The approach provides no indication of proximity. Given two locations you have no idea how far apart they are without first translating them to some other system.

    4. They're language-dependent. A triplet of English words is no more sensible to a Tamil-speaker than an OLC code. A Tamil-language version could be constructed, but the entire mapping would need to be built for every language. And not every language has as many words as English. what3words has not included the oceans in either of the other two languages they support for this reason.

    In any case, it would be trivial to layer a mechanical word mapping on top of OLC if you wanted. OLC values are fundamentally numeric (base 20), and it's trivial to pick an appropriately-sized dictionary and map onto a different base. To preserve the area/local distinction in OLC (note that typical OLC codes are not " 7FG49QCJ+2V" they're " ". In your example it would be "Tinzaouten 9QCJ+2V") I'd probably choose an 800-word dictionary so that one word corresponds to two "digits". A full 10-digit location would require five words, not three, but normally it would be city name plus three words.

    If you'd like to fiddle with this, I have some code I put together to do something very similar. https://github.com/divegeek/me...

  38. Obligatory: Intel CPU Backdoor Report (Jan 1 2018) by Anonymous Coward · · Score: -1 · on Intel Says 'Partitions' in New Chips Will Correct the Design Flaw that Created Spectre and Meltdown (geekwire.com)

    Intel PR: I warned you about -1, this is now being posted on multiple threads

    Change log:
    2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

    Intel CPU Backdoor Report
    The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

    What we know about Intel CPU backdoors so far:

    TL;DR version

    Your Intel CPU and Chipset is running a backdoor as we speak.

    The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

    30C3 Intel ME live hack:
    [Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
    @21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

    [Quotes] Vortrag:
    "the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

    "We can permanently monitor the keyboard buffer on both operating system targets."

    Decoding Intel backdoors:
    The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

    If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

    Backdoor removal:
    The backdoor firmware can be removed by following this guide using the me_cleaner script.
    Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

    2017 Dec Update:
    Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

    Useful links (Added 2018 Jan 1):
    Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
    me_cleaner: Set HAP AltMeDisable bit with -S option
    Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
    EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
    Sakaki's EFI Install Guide/Disabling the Intel Management Engine
    Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

  39. Obligatory: Intel CPU Backdoor Report (Jan 1 2018) by Anonymous Coward · · Score: -1 · on Intel Says 'Partitions' in New Chips Will Correct the Design Flaw that Created Spectre and Meltdown (geekwire.com)

    Intel PR: I warned you about -1, this is now being posted on multiple threads

    Change log:
    2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

    Intel CPU Backdoor Report
    The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

    What we know about Intel CPU backdoors so far:

    TL;DR version

    Your Intel CPU and Chipset is running a backdoor as we speak.

    The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

    30C3 Intel ME live hack:
    [Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
    @21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

    [Quotes] Vortrag:
    "the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

    "We can permanently monitor the keyboard buffer on both operating system targets."

    Decoding Intel backdoors:
    The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

    If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

    Backdoor removal:
    The backdoor firmware can be removed by following this guide using the me_cleaner script.
    Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

    2017 Dec Update:
    Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

    Useful links (Added 2018 Jan 1):
    Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
    me_cleaner: Set HAP AltMeDisable bit with -S option
    Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
    EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
    Sakaki's EFI Install Guide/Disabling the Intel Management Engine
    Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

  40. Obligatory: Intel CPU Backdoor Report (Jan 1 2018) by Anonymous Coward · · Score: -1 · on Intel Says 'Partitions' in New Chips Will Correct the Design Flaw that Created Spectre and Meltdown (geekwire.com)

    Intel PR: I warned you about -1, this is now being posted on multiple threads

    Change log:
    2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

    Intel CPU Backdoor Report
    The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

    What we know about Intel CPU backdoors so far:

    TL;DR version

    Your Intel CPU and Chipset is running a backdoor as we speak.

    The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

    30C3 Intel ME live hack:
    [Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
    @21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

    [Quotes] Vortrag:
    "the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

    "We can permanently monitor the keyboard buffer on both operating system targets."

    Decoding Intel backdoors:
    The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

    If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

    Backdoor removal:
    The backdoor firmware can be removed by following this guide using the me_cleaner script.
    Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

    2017 Dec Update:
    Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

    Useful links (Added 2018 Jan 1):
    Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
    me_cleaner: Set HAP AltMeDisable bit with -S option
    Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
    EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
    Sakaki's EFI Install Guide/Disabling the Intel Management Engine
    Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

  41. Obligatory: Intel CPU Backdoor Report (Jan 1 2018) by Anonymous Coward · · Score: -1 · on Intel Says 'Partitions' in New Chips Will Correct the Design Flaw that Created Spectre and Meltdown (geekwire.com)

    Intel PR: I warned you about -1, this is now being posted on multiple threads

    Change log:
    2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

    Intel CPU Backdoor Report
    The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

    What we know about Intel CPU backdoors so far:

    TL;DR version

    Your Intel CPU and Chipset is running a backdoor as we speak.

    The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

    30C3 Intel ME live hack:
    [Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
    @21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

    [Quotes] Vortrag:
    "the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

    "We can permanently monitor the keyboard buffer on both operating system targets."

    Decoding Intel backdoors:
    The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

    If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

    Backdoor removal:
    The backdoor firmware can be removed by following this guide using the me_cleaner script.
    Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

    2017 Dec Update:
    Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

    Useful links (Added 2018 Jan 1):
    Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
    me_cleaner: Set HAP AltMeDisable bit with -S option
    Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
    EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
    Sakaki's EFI Install Guide/Disabling the Intel Management Engine
    Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

  42. Obligatory: Intel CPU Backdoor Report (Jan 1 2018) by Anonymous Coward · · Score: -1 · on Intel Says 'Partitions' in New Chips Will Correct the Design Flaw that Created Spectre and Meltdown (geekwire.com)

    Intel PR: I warned you about -1, this is now being posted on multiple threads

    Change log:
    2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

    Intel CPU Backdoor Report
    The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

    What we know about Intel CPU backdoors so far:

    TL;DR version

    Your Intel CPU and Chipset is running a backdoor as we speak.

    The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

    30C3 Intel ME live hack:
    [Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
    @21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

    [Quotes] Vortrag:
    "the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

    "We can permanently monitor the keyboard buffer on both operating system targets."

    Decoding Intel backdoors:
    The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

    If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

    Backdoor removal:
    The backdoor firmware can be removed by following this guide using the me_cleaner script.
    Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

    2017 Dec Update:
    Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

    Useful links (Added 2018 Jan 1):
    Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
    me_cleaner: Set HAP AltMeDisable bit with -S option
    Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
    EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
    Sakaki's EFI Install Guide/Disabling the Intel Management Engine
    Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

  43. Obligatory: Intel CPU Backdoor Report (Jan 1 2018) by Anonymous Coward · · Score: -1 · on Intel Says 'Partitions' in New Chips Will Correct the Design Flaw that Created Spectre and Meltdown (geekwire.com)

    Intel PR: I warned you about -1, this is now being posted on multiple threads

    Change log:
    2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

    Intel CPU Backdoor Report
    The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

    What we know about Intel CPU backdoors so far:

    TL;DR version

    Your Intel CPU and Chipset is running a backdoor as we speak.

    The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

    30C3 Intel ME live hack:
    [Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
    @21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

    [Quotes] Vortrag:
    "the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

    "We can permanently monitor the keyboard buffer on both operating system targets."

    Decoding Intel backdoors:
    The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

    If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

    Backdoor removal:
    The backdoor firmware can be removed by following this guide using the me_cleaner script.
    Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

    2017 Dec Update:
    Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

    Useful links (Added 2018 Jan 1):
    Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
    me_cleaner: Set HAP AltMeDisable bit with -S option
    Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
    EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
    Sakaki's EFI Install Guide/Disabling the Intel Management Engine
    Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

  44. Obligatory: Intel CPU Backdoor Report (Jan 1 2018) by Anonymous Coward · · Score: -1 · on Intel Says 'Partitions' in New Chips Will Correct the Design Flaw that Created Spectre and Meltdown (geekwire.com)

    Intel PR: I warned you about -1, this is now being posted on multiple threads

    Change log:
    2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

    Intel CPU Backdoor Report
    The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

    What we know about Intel CPU backdoors so far:

    TL;DR version

    Your Intel CPU and Chipset is running a backdoor as we speak.

    The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

    30C3 Intel ME live hack:
    [Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
    @21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

    [Quotes] Vortrag:
    "the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

    "We can permanently monitor the keyboard buffer on both operating system targets."

    Decoding Intel backdoors:
    The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

    If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

    Backdoor removal:
    The backdoor firmware can be removed by following this guide using the me_cleaner script.
    Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

    2017 Dec Update:
    Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

    Useful links (Added 2018 Jan 1):
    Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
    me_cleaner: Set HAP AltMeDisable bit with -S option
    Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
    EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
    Sakaki's EFI Install Guide/Disabling the Intel Management Engine
    Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

  45. Obligatory: Intel CPU Backdoor Report (Jan 1 2018) by Anonymous Coward · · Score: -1 · on Intel Says 'Partitions' in New Chips Will Correct the Design Flaw that Created Spectre and Meltdown (geekwire.com)

    Intel PR: I warned you about -1, this is now being posted on multiple threads

    Change log:
    2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

    Intel CPU Backdoor Report
    The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

    What we know about Intel CPU backdoors so far:

    TL;DR version

    Your Intel CPU and Chipset is running a backdoor as we speak.

    The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

    30C3 Intel ME live hack:
    [Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
    @21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

    [Quotes] Vortrag:
    "the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

    "We can permanently monitor the keyboard buffer on both operating system targets."

    Decoding Intel backdoors:
    The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

    If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

    Backdoor removal:
    The backdoor firmware can be removed by following this guide using the me_cleaner script.
    Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

    2017 Dec Update:
    Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

    Useful links (Added 2018 Jan 1):
    Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
    me_cleaner: Set HAP AltMeDisable bit with -S option
    Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
    EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
    Sakaki's EFI Install Guide/Disabling the Intel Management Engine
    Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

  46. Obligatory: Intel CPU Backdoor Report (Jan 1 2018) by Anonymous Coward · · Score: -1 · on Linus Torvalds Slams CTS Labs Over AMD Vulnerability Report (zdnet.com)

    Intel PR: I warned you about -1, this is now being posted on multiple threads

    Change log:
    2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

    Intel CPU Backdoor Report
    The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

    What we know about Intel CPU backdoors so far:

    TL;DR version

    Your Intel CPU and Chipset is running a backdoor as we speak.

    The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

    30C3 Intel ME live hack:
    [Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
    @21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

    [Quotes] Vortrag:
    "the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

    "We can permanently monitor the keyboard buffer on both operating system targets."

    Decoding Intel backdoors:
    The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

    If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

    Backdoor removal:
    The backdoor firmware can be removed by following this guide using the me_cleaner script.
    Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

    2017 Dec Update:
    Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

    Useful links (Added 2018 Jan 1):
    Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
    me_cleaner: Set HAP AltMeDisable bit with -S option
    Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
    EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
    Sakaki's EFI Install Guide/Disabling the Intel Management Engine
    Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

  47. Obligatory: Intel CPU Backdoor Report (Jan 1 2018) by Anonymous Coward · · Score: -1 · on Linus Torvalds Slams CTS Labs Over AMD Vulnerability Report (zdnet.com)

    Intel PR: I warned you about -1, this is now being posted on multiple threads

    Change log:
    2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

    Intel CPU Backdoor Report
    The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

    What we know about Intel CPU backdoors so far:

    TL;DR version

    Your Intel CPU and Chipset is running a backdoor as we speak.

    The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

    30C3 Intel ME live hack:
    [Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
    @21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

    [Quotes] Vortrag:
    "the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

    "We can permanently monitor the keyboard buffer on both operating system targets."

    Decoding Intel backdoors:
    The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

    If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

    Backdoor removal:
    The backdoor firmware can be removed by following this guide using the me_cleaner script.
    Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

    2017 Dec Update:
    Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

    Useful links (Added 2018 Jan 1):
    Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
    me_cleaner: Set HAP AltMeDisable bit with -S option
    Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
    EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
    Sakaki's EFI Install Guide/Disabling the Intel Management Engine
    Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

  48. Obligatory: Intel CPU Backdoor Report (Jan 1 2018) by Anonymous Coward · · Score: -1 · on Linus Torvalds Slams CTS Labs Over AMD Vulnerability Report (zdnet.com)

    Intel PR: I warned you about -1, this is now being posted on multiple threads

    Change log:
    2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

    Intel CPU Backdoor Report
    The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

    What we know about Intel CPU backdoors so far:

    TL;DR version

    Your Intel CPU and Chipset is running a backdoor as we speak.

    The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

    30C3 Intel ME live hack:
    [Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
    @21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

    [Quotes] Vortrag:
    "the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

    "We can permanently monitor the keyboard buffer on both operating system targets."

    Decoding Intel backdoors:
    The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

    If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

    Backdoor removal:
    The backdoor firmware can be removed by following this guide using the me_cleaner script.
    Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

    2017 Dec Update:
    Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

    Useful links (Added 2018 Jan 1):
    Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
    me_cleaner: Set HAP AltMeDisable bit with -S option
    Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
    EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
    Sakaki's EFI Install Guide/Disabling the Intel Management Engine
    Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

  49. Obligatory: Intel CPU Backdoor Report (Jan 1 2018) by Anonymous Coward · · Score: -1 · on Linus Torvalds Slams CTS Labs Over AMD Vulnerability Report (zdnet.com)

    Intel PR: I warned you about -1, this is now being posted on multiple threads

    Change log:
    2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

    Intel CPU Backdoor Report
    The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

    What we know about Intel CPU backdoors so far:

    TL;DR version

    Your Intel CPU and Chipset is running a backdoor as we speak.

    The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

    30C3 Intel ME live hack:
    [Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
    @21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

    [Quotes] Vortrag:
    "the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

    "We can permanently monitor the keyboard buffer on both operating system targets."

    Decoding Intel backdoors:
    The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

    If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

    Backdoor removal:
    The backdoor firmware can be removed by following this guide using the me_cleaner script.
    Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

    2017 Dec Update:
    Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

    Useful links (Added 2018 Jan 1):
    Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
    me_cleaner: Set HAP AltMeDisable bit with -S option
    Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
    EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
    Sakaki's EFI Install Guide/Disabling the Intel Management Engine
    Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

  50. Obligatory: Intel CPU Backdoor Report (Jan 1 2018) by Anonymous Coward · · Score: -1 · on Walmart Whistleblower Claims Cheating In Race With Amazon (bloomberg.com)

    Intel PR: I warned you about -1, this is now being posted on multiple threads

    Change log:
    2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

    Intel CPU Backdoor Report
    The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

    What we know about Intel CPU backdoors so far:

    TL;DR version

    Your Intel CPU and Chipset is running a backdoor as we speak.

    The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

    30C3 Intel ME live hack:
    [Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
    @21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

    [Quotes] Vortrag:
    "the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

    "We can permanently monitor the keyboard buffer on both operating system targets."

    Decoding Intel backdoors:
    The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

    If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

    Backdoor removal:
    The backdoor firmware can be removed by following this guide using the me_cleaner script.
    Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

    2017 Dec Update:
    Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

    Useful links (Added 2018 Jan 1):
    Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
    me_cleaner: Set HAP AltMeDisable bit with -S option
    Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
    EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
    Sakaki's EFI Install Guide/Disabling the Intel Management Engine
    Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.