Slashdot Mirror

> You mean sites that already have full control over everything on the page?
> They are relatively tame, highly restrictive and can only affect the site they belong to.

Is what they said about JavaScript. There aren't any vulnerabilities associated with JavaScript, right?

The same origin policy is a good idea, but browsers and web developers keep screwing it up, over and over again. Cross site request vulnerabilities and the most common type of vulnerability there is, according to HackerOne.
( https://www.zdnet.com/article/... )

Cross site request forgery is another huge issue.

Regarding "can only afford the site they belong to", the docs for service workers should be read as "we wish service workers only affected the same site, and they'll be CVEs issued for many of the thousands of different flaws which allow sites to install service workers affecting other sites".

From the parent comment: Why did they go out of their way to call this one "free"?

Microsoft has, apparently deliberately, been releasing Windows 10 updates that cause problems.

Apparently, if you pay a monthly fee, in the future Microsoft will remove the problems. Three of the articles:

Microsoft's got a new plan for managing Windows 10 devices for a monthly fee. (July 27, 2018)

Windows 10 Leak Exposes Microsoft's New Monthly Charge. (Aug. 4, 2018) Quote: "Ever since its creation, Microsoft has described Windows 10 as a service. The fear has always been that this meant Microsoft would start charging users a monthly fee to maintain the operating system, and now a new leak has confirmed this is exactly what will happenâ¦"

Windows 10 SHOCK: Is Microsoft about to start CHARGING a monthly fee? Stunning claims made. (Aug. 6, 2018)

Some of the many articles about Windows 10 update problems:

Windows 10 Essential Updates Have Serious Problems (Jan. 10, 2018)

Windows 10 April 2018 Update could break a ton of critical features on your PC (May 3, 2018)

Microsoft Admits July 10 Patches Caused Skype and Exchange Server Problems. (July 18, 2018)

Windows 10 April 2018 Update problems: how to fix them. (Aug. 23, 2018)

This article says that Microsoft should pay users:

Windows 10 update 'fail' -- Microsoft MUST pay out as users still 'plagued with problems' (June 13, 2018) Quote: "Windows 10 users should be compensated after Microsoftâ(TM)s updates have caused havoc with PC owners 'plagued with problems' and some facing huge bills to fix software issues."

Windows 10 is Spyware:

Windows 10 is possibly the worst spyware ever made. "Buried in the service agreement is permission to poke through everything on your PC." (August 4, 2015) Microsoft and Microsoft employees have full access to everything on every computer? I don't know of anyone or any company that should allow that.

2 issues, IMO:

A huge social problem: Conflict of interest. People who do Windows OS support make more money if there are many problems.

Microsoft employees and managers seem to me to lack social ability.

Microsoft didn't say No.

complete cooperation with LEOs

Complete cooperation with warrants/court orders/etc like any other company that doesn't consider itself too big to care about such things would be enough. Going to open war with law enforcement might sell a lot of phones, but long term it's not going to be a positive thing for society one way or another. Either it forces governments' hands and they slap down Apple et. al. the only way they can, or tech corporations really are *that* powerful that they can intentionally and seriously hamper law enforcement in order to boost phone sales and get away with it.

and voluntary backdoors?

Just saying, governments seem to be taking the idea a lot more serious nowadays than it did before tech companies decided to lock all electronic human communication behind encryption, beyond the reach of law enforcement. And the push to encrypt every-damn-thing for no pressing reason shows no signs of slowing down.

SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else. Both Ramu and an anonymous reader have suggested this" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

SANS (lists using hosts blocks) https://isc.sans.edu/forums/diary/Botnet+malware+defense/4138/

BLOCKING (What hosts do) BEFORE SCANNING @ SANS https://isc.sans.edu/forums/di...

Aryeh Goretsky/ESET/NOD32: hosts = good security http://it.slashdot.org/comments.pl?sid=7442373&cid=49747129/

ZD NET http://www.zdnet.com/article/how-to-use-a-hosts-file-to-improve-your-internet-experience/ "Hosts files really shine by letting you block ads, spyware sites, malware sites, & tracking sites"

Steve Gibson on hosts https://www.grc.com/sn/sn-045.htm/

* MORE COMING IN PART #2...

APK

P.S.=> Sorry, but hosts DO do port filtering as I showed stupid... apk

It's pushed towards education at a higher price class than most of the competitors.

Microsoft owns a sizable chunk of that market, especially outside USA:

Windows PCs gain share in K-12 in the US, but Chromebooks still dominate

Interesting point is how thoroughly Google and Microsoft have killed off Apple in the education space. Fact is, this market is price sensitive and Apple just can't deliver. Remember how Apple use to regard educational sales as a priority, because kids then grow up with built in brand loyalty? I sense a disturbance in that force.

Go to ZDNet's hotfiles site...
ON the download page for the file, APK WindowsÃÂÃÂÃÂÃÂ Tools 2000++, there is a section of it that allows you to view the download's contents!

http://www.zdnet.com/downloads/topcat/otherutilities.html

(Look at #10 of top 50)

There is a COMPLETE readme listing the programs in it and what they do!

* There you are!

APK

"They aren't targeting corporate users they are targeting the mass market idiot consumer"

ahem, the article linked with in TFA:

https://www.zdnet.com/article/...

This is specifically about enterprise users and how Microsoft is going to provision and deal with service management for windows devices in an enterprise environment. RTFA helps with critical thinking skills rather than being taken in by the click bate hype and fear mongering that is sold to you for a profit.

Essentially all of this hullabaloo is over Microsoft offering IT services to enterprise users so that the companies can hire a smaller IT team. In the end this is even scarier as microsoft will assume zero liability but yet still have control over and access to corporate networks, but please do not conflate this with the general public paying Microsoft rent for their operating system, Microsoft knows that this will kill the rest of their home desktop users, sending them to tablets, chrome pcs or to apple. If anything I see Microsoft giving away Windows for free in the future to home users in order to keep some market share.

Microsoft is getting ready to replace Windows 10 with the Microsoft Managed Desktop. This will be a "desktop-as-a-service" (DaaS) offering. Instead of owning Windows, you'll "rent" it by the month.

It seems to me that Microsoft managers don't have a reasonable vision of the eventual results of their recent ideas for the future.

If Microsoft tries to charge a monthly fee for an operating system, eventually 1) Nations will all gather together and try to buy Windows from Microsoft. That would be cheaper than paying monthly. Or, 2) Nations will gather together and contribute to ReactOS, a free operating system that runs Windows programs.

Windows 10 is possibly the worst spyware ever made. "Buried in the service agreement is permission to poke through everything on your PC." (August 4, 2015)

We no longer have a usable Windows operating system. We can't go to customers and tell them their computers are not secure from outside access.

Because of the Windows 10 spyware, customers have been delaying buying new equipment.

Most of Amazon's profit is coming from their cloud services division. I mention this because some people have been pointing to Amazon as an example of how people who foresaw that ecommerce would become a big thing might have invested in Amazon long ago, and are now being rewarded for it. That's not the case at all. Anyone who invested in Amazon because they thought ecommerce would become big ended up picking a winner by sheer blind luck.

In 2017 Amazon's ecommerce division actually lost money globally. The bulk of their profit (net income) has been coming from their cloud services. Basically Bezos started with an online bookstore, expanded it to ecommerce, and along the way just happened to stumble upon the cloud services market which turned out to be the real golden goose. He succeeded by blind luck too, though to be fair his ecommerce operations gave him the financial scale to qualify for loans needed to buy all that AWS hardware.. (If you don't know what AWS is, they provide the hardware and storage that a lot of online companies rely on to function. e.g. Dropbox stored all your files on AWS up until a few years ago. And if a company needs computer hardware for a temporary project, rather than buy it they'll just rent CPU time on AWS.)

I was just this morning taking a security course required by my employer where they were stressing the importance of securing the supply chain.

Microsoft is an arrogant bunch, and take no notice of a situation not theirs.

This exact thing happened two years ago to Linux Mint https://www.zdnet.com/article/...
And the time my Email address became public domain.

You, DO you realize that 33% of Azure is running Linux, right?
* http://www.zdnet.com/article/l...

And they even support Linux hosting!
* https://azure.microsoft.com/en...

"sic" isn't used in the summary, so I assume you are referring to the use in the actual article, https://www.zdnet.com/article/...

the quote is: "I don't ever want to have to fight so hard for a PEP ... and find that so many people despise (sic) my decisions."

The word "despise" seems to be correctly spelled, so it's not clear why it should marked sic. Technically, that's just Latin meaning "thus," (implying correct as written verbatim from the original)-- but since it is correct, there's no particular reason to point that out-- it's not a misspelling.

So, I don't know why the "sic" either.

Maybe not for long. HPE announced work on ARM based supercomputer: https://www.zdnet.com/article/...

Apparently Bill Gates is an outlying point in their data:
https://www.zdnet.com/article/...

Amazon releases an update, on average, every second.

Google updates its search algorithm about twice a day.

Do you have a Windows computer? Microsoft updates the OS and many of its desktop applications on a weekly schedule through Windows updates.

Release frequency is not related to desktop vs. Web. It's related to the budget a company has for software development.

Consider the Stasi from the 1950-60's. How they stopped to look at all publication, movement, communications.
The Stasi could not trust their own workers politically and any existing law enforcement in the wider East Germany.
When East Germany was more confident in its ability to keep watch over people it allowed more select people more visits and trips from the West.
Why? The Stasi then had enough informants and their own new trusted surveillance in place to allow such meetings and visits.
Bait and as a trap under constant watch.

Before that the Stasi had to act quickly on any information. Just like the German police doing "raids" in 2018.
The German police are at point with new telco technology that they don't like and don't understand.
The work of the NSA, GCHQ, BND is well understood. Total collection, junk encryption used by computers in Germany.

The difficulty for the German police is they have too many internal domestic and very German political problems.
They cant trust their own staff as too many politically correct staff got hired on demographics have now entered the German police without any consideration for German security.
That has totally weakened decades of once West German and now German internal security inside the German police force. Nothing stays a secret within the German police as its own new workers walk information out.
The German police have to act too quickly using very limited legal telco support services.
The tools allowed for the German police to work on domestic telco networks legally are not useful in 2018. Reports that end in a phone number and an ip range.
A modern pen register https://en.wikipedia.org/wiki/... so the German police never get too powerful, smart or political again.
German police need BND tools to enter computer networks in real time and see content not just get an ip range from a telco/ISP.
Nobody would detect such remote access and no raid would show any police work was done.
The result is German police can respond to an ip range legally. They know its not what they need but its all they can legally get.
When all the German law allows is to find an ip range, the police go back to look into every ip. Quickly before the information walks back to new staff who have filled the lower ranks of the German police.
What german police need is something like a new GCHQ "Spy Smurfs" for todays phone networks.
https://www.zdnet.com/article/... (Jan 27 2014)
Tracker Smurf for location.
Nosey Smurf for that live mic.
Dreamy Smurf to get power on when the user has selected "power" off.
With such modern tools the German police would never need to show anything ongoing by doing such raids.

See subject & "... waiting to take YOU, away! Climb in the back, w/ your HEAD in the CLOUDS & you're gone..." ZD NET "How to use a Hosts file to improve your internet experience" http://www.zdnet.com/article/how-to-use-a-hosts-file-to-improve-your-internet-experience/ (where Steven Vaughan Nichols says "Where Hosts files really shine is by letting you block ads, spyware sites, malware sites, and tracking sites" )

(He missed DNS bennies vs. tracking logs, avoiding DNS security issues (redirect poisoning) & slowup BUT it's STARTING (as I knew it would)).

"NO fate but what we make" & I make it possible: 'I'm NOT a 'product of my environment - MY environment's a PRODUCT of ME' (finest product).

APK

P.S.=> Lucy in the Sky w/ DIAMONDS = APK Hosts File Engine 2.0++ for Linux 64-bit https://tech.slashdot.org/comm... + my MOOD today per the tune about (THANKS 2U actually) & other tunes https://yro.slashdot.org/comme... I used to express my thanks to you, lol... apk

See subject & "... waiting to take YOU, away! Climb in the back, w/ your HEAD in the CLOUDS & you're gone..." ZD NET "How to use a Hosts file to improve your internet experience" http://www.zdnet.com/article/how-to-use-a-hosts-file-to-improve-your-internet-experience/ (where Steven Vaughan Nichols says "Where Hosts files really shine is by letting you block ads, spyware sites, malware sites, and tracking sites" )

(He missed DNS bennies vs. tracking logs, avoiding DNS security issues (redirect poisoning) & slowup BUT it's STARTING (as I knew it would)).

"NO fate but what we make" & I make it possible: I'm NOT a 'product of my environment - MY environment's a PRODUCT of ME" (finest product).

APK

P.S.=> Lucy in the Sky w/ DIAMONDS = APK Hosts File Engine 2.0++ for Linux 64-bit https://tech.slashdot.org/comm... + my MOOD today per the tune about (THANKS 2U actually) & other tunes https://yro.slashdot.org/comme... I used to express my thanks to you, lol... apk

See subject & "... waiting to take YOU, away - climb in the back, w/ your HEAD in the CLOUDS & you're gone..." ZD NET "How to use a Hosts file to improve your internet experience" http://www.zdnet.com/article/how-to-use-a-hosts-file-to-improve-your-internet-experience/ (where Steven Vaughan Nichols says "Where Hosts files really shine is by letting you block ads, spyware sites, malware sites, and tracking sites" )

(He missed DNS bennies vs. tracking logs, avoiding DNS security issues (redirect poisoning) & slowup BUT it's STARTING (as I knew it would)).

APK

P.S.=> Lucy in the Sky w/ DIAMONDS = APK Hosts File Engine 2.0++ for Linux 64-bit https://tech.slashdot.org/comm... + my MOOD today per the tune about (THANKS 2U actually) & other tunes https://yro.slashdot.org/comme... I used to express my thanks to you, lol... apk

Google... developed cert pinning (HPKP) and only after bad operational experience removed it:

https://www.zdnet.com/article/...

Yeah or maybe just read the article.

Meanwhile, Linux users rest easy assuming no harm can penetrate Fortress Europe.

I dual boot; going to https://haveibeenpwned.com/ says my Email address is public domain because of Linux Mint, I thought damn...
How this happened: https://www.zdnet.com/article/...

Aryeh Goretsky/ESET/NOD32: hosts = good security http://it.slashdot.org/comments.pl?sid=7442373&cid=49747129/

ZD NET http://www.zdnet.com/article/how-to-use-a-hosts-file-to-improve-your-internet-experience/ "Hosts files really shine by letting you block ads, spyware sites, malware sites, & tracking sites"

Steve Gibson on hosts https://www.grc.com/sn/sn-045.htm/

Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.com/columnists/491/ "Host file browsing the Web - is actually faster

Spybot S&D add a layer of defense against trojans & other forms of malware to hosts

"classic Windows hosts trick to block the Coinhive or Crypto-Loot domains" - https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ - BLEEPING COMPUTER

Malwarebytes hpHosts hosts & RECOMMENDS my program.

APK

P.S.=> + SANS too https://news.slashdot.org/comments.pl?sid=12279772&cid=56850524/ ... apk

Microsoft's solution to insecure code was to graft on a layer of insecure security code.

That's right.

No, Mr. Nadella. I don't trust your company, and as a corollary, I don't trust you.

I've been for longer in this business than I care for. I've been watching your company from the Dr DOS nonsense through the Spyglass thing and several decommoditizing protocol stunts (LDAP/Active Directory et al), on to stuffing international bodies' ballots (OO XML) and building telemetry into tools *to let the applications built with those phone home* (Visual C++, pretty recent).

And the Linux Foundation? This is an industry lobby and Microsoft one of its sponsors [1], it hasn't much to do with free software these days.

Mr. Nadella, I'll "fucking trust you" when hell "fucking freezes over", no sooner.

[1] Among its sugar daddies are AT&T, Cisco, Fujitsu, Hitachi, Huawei, IBM, Intel, Microsoft, NEC, Oracle, Qualcomm, Samsung, and VMware.
Yes, that VMware which has ben caught infringing the GPL and is now stretching out the case as far as its lawyers can [2] [3]

[2] https://www.zdnet.com/article/...

[3] https://sfconservancy.org/copy...

Aryeh Goretsky/ESET/NOD32: hosts = good security http://it.slashdot.org/comments.pl?sid=7442373&cid=49747129/

ZD NET http://www.zdnet.com/article/how-to-use-a-hosts-file-to-improve-your-internet-experience/ "Hosts files really shine by letting you block ads, spyware sites, malware sites, & tracking sites"

Steve Gibson on hosts https://www.grc.com/sn/sn-045.htm/

"classic Windows hosts trick to block the Coinhive or Crypto-Loot domains" - https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ - BLEEPING COMPUTER

Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.com/columnists/491/ "Host file browsing the Web - is actually faster

Spybot S&D add a layer of defense against trojans & other forms of malware to hosts

Malwarebytes hpHosts hosts & RECOMMENDS my program.

Want MORE from SANS?

APK

P.S.=> See subject "talker" (vs. me the doer)... apk

According to ARM, Cortex A75 does suffer from Meltdown (unlike any other non-Intel ones that got tested),

False.

IBM seems to be the only other vendor susceptible to MELTDOWN

You forget that Apple was on the verge of bankruptcy some years ago and only survived because M$ bailed them out?

How long will this meme kick around the internet?

It is ENTIRELY incorrect.

Here's the REAL story:

https://www.zdnet.com/article/...

TL:DR; Cross Licensing

Intel cross licensed the x86 stuff (32-bit) to AMD.
AMD cross licensed the AMD64 stuff (64-bit) to Intel.

The longer version:

Intel and AMD got tired of suing each other over patents. They have a LONG history of cross licensing agreements. They renewed it in 2001 and again in 2009.; AMD clarifyied the deal in 2015

It is only natural AMD would use Intel's docs as part of the verification process for the 32-bit stuff.

You can search intel amd cross license agreement for more info. but the agreement are (usually?) confidential.

To clarify this: when a user logs in, they have to provide their password. Most likely, their HTTPD was logging the entire POST header of ALL requests, regardless if it potentially stored sensitive information or not. This occurs before the application receives the data and can hash it. This is a potential security issue on virtually every HTTPD that is misconfigured. GitHub just announced pretty the exact same thing earlier this week. Odds are one of these announcements triggered an audit in the other's organization to look for the same misconfiguration and they found it. https://www.zdnet.com/article/...

That is so cool. How exactly did Trump get the Freedom Act passed in 2015? Please do tell because I would love to hear more about Trump's time travelling skills!

When they laid off most of their QA folks

I get end-user testing, early preview releases are a good thing, I preach it and live it but frankly these wholesale massive semi-annual fuck-overs to add one or two "features" is annoying as fuck. Every time there's hardware compatibility problems, delays in releasing them because they're refreshing the whole fucking planet. I get that they want to unify frameworks, that's good but for god's sake stop with this 1GB+ downloads and installs that fail over and over again until they finally get it right. Hopefully this should serve as a wake-up to Redmond that they're fucking over their customers and like me a lot of them are minimizing their exposure to Windows OS at least on the desktop.

Former Microsoft CEO Ballmer does about-face on Linux technology

Ballmer: I may have called Linux a cancer but now I love it

Redmond top man Satya Nadella: 'Microsoft LOVES Linux'

Why Microsoft loves Linux

So, how did we get from Linux as Microsoft enemy number one to "love"?

Nadella actually told us the heart of the story, which I can boil down to that classic detective approach: "Follow the money."

Former Microsoft CEO Ballmer does about-face on Linux technology

Ballmer: I may have called Linux a cancer but now I love it

Redmond top man Satya Nadella: 'Microsoft LOVES Linux'

Why Microsoft loves Linux

So, how did we get from Linux as Microsoft enemy number one to "love"?

Nadella actually told us the heart of the story, which I can boil down to that classic detective approach: "Follow the money."

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.
CVE-2017-5689: An unprivileged network attacker could ga

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.
CVE-2017-5689: An unprivileged network attacker could ga

Windows ME, Vista, Version 8 - Microsoft has been having problems here and there with Windows for some time. In 2015, Nadella combined their hardware efforts with the Windows Universal Platform, allowing for cross platform applications [1]. Things didn't go as hoped. While Windows 10 is popular, overtaking Win 7 by February 2018, overall PC sales has been declining. In fact, they have been losing ground for the last 6 years, with a 2.8% drop in 2017 [2].

Consumer Reports stopped recommending the entire line of Surface PCs in 2017 due to hardware concerns. These days CR rates the Surface Pro 4 positively, but they still claim Microsoft is less reliable than most brands, and Apple is the most reliable laptop brand [3]. BTW, if you're interested, Windows can be installed on a Mac with OS X's dual booting Boot Camp. Best of both worlds.

Now, Terry Myerson, the leader of the Windows and Devices Group, is leaving Microsoft. With his departure, Microsoft is creating 2 new teams that will prioritize Microsoft's cloud and artificial intelligence products. Perhaps this is an effort to appease investors [4]. With Myerson's departure and this re-prioritization, it's no surprise Windows applications like Mail are having problems. I expect more trouble across the Windows spectrum. Microsoft's head is in the clouds, and their application platform is in the sunset, rear window.

[1] https://finance.yahoo.com/news/why-microsoft-ceo-satya-nadella-182823659.html

[2] https://www.zdnet.com/article/windows-10-vs-windows-7-has-microsofts-newest-os-just-reached-a-turning-point/

https://www.arnnet.com.au/article/632157/2017-saw-pc-shipments-decline-six-years-straight/

[3] {May be Paywalled} https://www.consumerreports.org/products/laptop/microsoft-surface-pro-4-384902/overview/

[4] http://money.cnn.com/2018/03/29/news/companies/microsoft-restructuring-windows/index.html

The CEO is supposed to coordinate everything done by all groups in the company. That isn't happening.

Microsoft has suffered a HUGE LOSS OF RESPECT because of making Windows 10 into spyware.

One of the many, many articles: 17 Windows 10 problems - and how to fix them (Dec. 1, 2017). There have been MANY terrible problems since then. One example: Windows 10 bug: Microsoft fixes issue that broke USB, built-in cameras, keyboards (Mar. 6, 2018)

Do you see any competence in that?

Very misleading. FBI didn't pursue a solution internally and an outside vendor was found that could. So saying the FBI wasn't able to is incorrect. Did the FBI possess the technical ability at the time, perhaps not. Could they obtain it, YES!

"According to the report, FBI executive assistant director Amy Hess "became concerned" that the department chief of the Cryptographic and Electronic Analysis Unit (CEAU), the division charged with obtaining evidence from electronic devices, did "not seem to want to find a technical solution" that would unlock the shooter's phone.

The report added that the chief said he may have have known of a solution, "but remained silent in order to pursue his own agenda of obtaining a favorable court ruling against Apple.

The report found that nobody withheld knowledge of an existing technical capability, as Hess had feared, but the watchdog found that the CEAU didn't pursue all possible avenues in the search for a solution. http://www.zdnet.com/article/f...

there will be no exodus from PCs to other platforms. PCs have their roles in the market. the gaming industry and corporate clients still need very beefy desktops/workstations. just because YOU don't need a PC does not mean that nobody needs one. you are either a troll or have a limited mindset.

You are truly nothing more than a fucktard that knows nothing. A mass exodus a href="https://www.forbes.com/sites/adamhartung/2016/04/15/pc-sales-in-q1-drop-more-than-10-are-you-surprised-do-you-care/#511d115273bb"> is already happening. There is nothing a PC can do that a tablet cannot. The reverse will not be true as there will be things a tablet can do that a PC cannot. Within five years there will be no need for a PC other than for stupid old fucks like you. The microchip division Intel is hemorrhaging money and soon AMD will face the same fate as Microsoft and Sony get away from X86 for their gaming systems and they will go with ARM or some other microprocessor architecture as they go portable much like Nintendo. Face it, you old fucks love old even if it means staying with insecure relics from another era. I have facts while you have nothing.

http://fortune.com/2017/10/10/...

In the era of flashable everything with zero signature checks, you simply cannot fully trust hardware once it's been compromised. Firmware rootkits have been a thing for a long time, and state sponsored attacks have used these esoteric methods before. Hardware manufactures continue to release vulnerable systems. Everything old is new again.

Intel PR: I warned you about -1, this is now being posted on multiple threads

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

Intel PR: I warned you about -1, this is now being posted on multiple threads

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

Intel PR: I warned you about -1, this is now being posted on multiple threads

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

Intel PR: I warned you about -1, this is now being posted on multiple threads

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

Intel PR: I warned you about -1, this is now being posted on multiple threads

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

Intel PR: I warned you about -1, this is now being posted on multiple threads.

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

Intel PR: I warned you about -1, this is now being posted on multiple threads

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

Intel PR: I warned you about -1, this is now being posted on multiple threads

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

Intel PR: I warned you about -1, this is now being posted on multiple threads

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.