Slashdot Mirror
Intel x86s Hide Another CPU That Can Take Over Your Machine -- You Can't Audit it (boingboing.net)
A report on BoingBoing, authored by Damien Zammit, claims that recent Intel x86 processors have a secret and power control mechanism implemented into them that runs on a separate chip that nobody is allowed to audit or examine. From the report: When these are eventually compromised, they'll expose all affected systems to nearly unkillable, undetectable rootkit attacks. Further explaining the matter, the author claims that a system with a mainboard and Intel x86 CPU comes with Intel Management Engine (ME), a subsystem composed of a special 32-bit ARC microprocessor that's physically located inside the chipset. It is an "extra general purpose computer." The problem resides in the way this "extra-computer" works. It runs completely out-of-band with the main x86 CPU "meaning that it can function totally independently even when your main CPU is in a low power state like S3 (suspend)." On some chipsets, the firmware running on the ME implements a system called Intel's Active Management Technology (AMT). This is entirely transparent to the operating system, which means that this extra computer can do its job regardless of which operating system is installed and running on the main CPU. From the report: The purpose of AMT is to provide a way to manage computers remotely (this is similar to an older system called "Intelligent Platform Management Interface" or IPMI, but more powerful). To achieve this task, the ME is capable of accessing any memory region without the main x86 CPU knowing about the existence of these accesses. It also runs a TCP/IP server on your network interface and packets entering and leaving your machine on certain ports bypass any firewall running on your system. Update: 06/15 18:54 GMT by M :A reader points out that this "extra computer" could be there to enable low-power functionalities such as quick boot and quality testing.
Editor's note: The summary is written with inputs from an anonymous reader, who also shared the story. We've been unable to verify the claims made by the author.
Editor's note: The summary is written with inputs from an anonymous reader, who also shared the story. We've been unable to verify the claims made by the author.
That my PC has an AMD CPU
This is key to enabling low-power functionality in Intel CPUs - think quick boot and quality testing. It doesn't have any surveillance or other purposes.
PCs have been shipping with IME for several years now. Has this person been living under a rock?
...I voted AMD.
Editor's note: The summary is written with inputs from an anonymous reader, who also shared the story. We've been unable to verify the claims made by the author.
Everyone is used to getting their news from social media anyway, so why bother verifying the claims before posting it as news?
-- All that is necessary for the triumph of evil is that good men do nothing. -- Edmund Burke
Comment removed based on user account deletion
https://libreboot.org/faq/#int...
https://libreboot.org/faq/#amd
Both Intel and AMD had this for years - read above links ...
1% APY, No fees, Online Bank https://captl1.co/2uIErYq Don't let your $$$ sit in a no-interest acct.
Looks to be a regurgitation of Joanna's paper http://blog.invisiblethings.or...
That's a major problem for projects like libreboot/coreboot
https://libreboot.org/faq/#int...
https://libreboot.org/faq/#amd
This has been known for years and is present on Intel and AMD. What year is this?
From the article:
We have no physical separation between the components that we can trust and the untrusted ME components, so we can't even cut them off the mainboard anymore.
Why do you trust the main CPU, if you don't trust the ME chip?
This was mentioned along time ago with the VPro Chips having a cellular modem built in.
https://www.popularresistance....
Editor's note: The summary is written with inputs from an anonymous reader, who also shared the story. We've been unable to verify the claims made by the author.
editors, please give in your geek card.
This is not news. Intel has had this system since 2006. AMD since 2013.
Talking about it is important. But "we need to verify it?" even *AFTER* posting links to wikipedia?
Even the libreboot page has been linked here multiple times:
https://libreboot.org/faq/#intel
This is for out of band management so devices can be monitored and restarted remotely (think: enterprise environments). Nothing to get wrinkles in your tin hat over. :)
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Now that is just one step too far - a remote management CPU just for WinTel to exploit at first, then the FBI/CIA/NSA...
then the hackers and crackers and wackers....
NO MORE! My machine, my rules!
John McAfee was making the Alex Jones circuit rounds with this story over a YEAR ago.
FFS. It supports 3G access too, provided the computer has a 3G modem for that purpose. Surprised they didn't throw that in as "Secret 3G chip exposes all intel CPU's to rootkit hack!"
Please don't run anonymously contributed unverified stories. This isn't reddit.
Oh right, here it is.
We even had an article about just this thing earlier this year, too.
If it's really there and Intel has hidden it, I wonder if they could be successfully prosecuted for conspiracy to commit unauthorized computer access.
I don't like the idea of a computer inside my computer I don't have any control over.
I find the article a little on the high side of paranoia, however. Yes, it is possible to have unnamed people from unnamed places get in and get data from your system. The article does go out of it's way to point out that this isn't very likely. The firmware running the second CPU is heavily encrypted and hash-checked at runtime. Making it unlikely to be broken until the heat-death of the universe or we finally figure out the P=NP thing.
Conversely, I'd like to know what's going on under the cover Intel. If this is in the stuff I bought, I figure I have a legal right to be able to access it and run an audit on it. Without having to go through you. Conflict of interest and right of first sale and a few more things spring to mind as to why that's not a something I'd want to do.
I love AMT. AMT is definitely one feature of the Dell Optiplex small form-factor systems that I like to use for my headless home servers. Its like having a built-in Cyclades serial console server. For running headless systems its almost essential.
The only thing I don't like about it is that you need to have Windows installed to be able to update it as part of the updates released by Dell.
There are better ways of doing this than a black box with such power and no possible over-site from the OS or user, even BIOS is usually better, which is saying something!
Editor's note: The summary is written with inputs from an anonymous reader, who also shared the story. We've been unable to verify the claims made by the author.
Uh, the claims are quite true. I've been using these features at work for about a decade to perform remote OS installs and HD re-imaging at remote locations, where the on-site staff only pop in a new blank HD.
All Core i7 CPUs have this in them standard, and many i5's too especially at the higher end.
[PDF] Datasheet on the MEBX management engine:
http://download.intel.com/supp...
[PDF] How to enable and use the AMT active management engine:
http://www.intel.com/content/d...
And here is the SCS software used on another computer to control an AMT enabled computer:
http://www.intel.com/content/w...
RealVNC works with an AMT enabled computer out of the box too and with all the normal features you would expect like remote keyboard/video/mouse control, redirected drives, etc. But isn't a free program.
Other VNC clients seem to be hit or miss but even when they work you only get remote KVM, you'd have to use the built-in AMT web server to configure drive redirection and issue power on/off/reboot commands.
There is a similarly limited VNC client included in the SCS software link above, and a second web browser window will let you do the rest, even if slightly clunky, but still for free.
Place the PC in a faraday cage. Record any radio transmission that is large enough to cross distance.
Have a PC (lets go with Non-Intel) hooked up and set up to be a point to point network connection. Monitor all traffic being sent from the PC.
Put barebones (say really old version of Linux on it)
If something is unexpected then we have a theory to work on. Otherwise is is just some nut trying to get us to use AMD or something.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
It may use the same physical interface, but it has its own address, and it can be disabled if someone is ultra-paranoid about it.
The author's claims that the ME lacks the ability to be audited and that backdoors cannot be removed are patently false.
- The ME is as many have pointed out an ARC processor. There are known disassemblers for ARC and there are few custom instructions (read: beyond standard ISA) - two that I'm aware of.
- The bootrom verifies the flashrom and provides some minimal cryptography and verification related routines. This is a mask ROM, not updatable. The flashrom is overwritten when you flash the bios, hence the main OS and binaries (threadx btw) are overwritten. This would remove any backdoor.
- The ME region of the BIOS is a FAT16 filesystem.
- The ME binaries are unencrypted, PE executables and contain signature verification sections to prevent unauthorized code from loading.
- The only encrypted contents of the filesystem are data files that the binaries use.
Now all this being said, there is a way to load additional modules from the main CPU's operating system through HECI (north bridge interface), however this again requires cryptographic signing.
Source: Former Intel engineer. Additionally none of these are details that cannot be pieced together from Intel published documents and 5 minutes with a hex editor/disassembler.
The chip is just an LM32 core instead of the ARC intel uses.
I2P had a video from CCC two years back (2015? 2014?) from a Russian or Ukrainian guy who managed to hack his (This was back when it was still a discrete part of the chipset, newer ones are built in the APU to help with on-chip power management, and I believe the newer ones also used signed firmware images, whereas the motherboard based models used unsigned firmware, both AFAIK part of the bios image.) In his case he managed to find a method to 'jailbreak' the LM32 processor and run his own code on it. It had been discussed with AMD prior to the convention to ensure it got fixed, but who knows what new exploits are in later revisions of the code.
At this point in time, neither Intel nor AMD chips (Unless you're still buying AM3, in which case a coreboot/libreboot bios should take care of most worries.) you should assume your non-isolated computer can be used to spy on you, or worse yet passively sniff encryption keys.
ARM chips are not much better since Trustzone instances do essentially the same thing, either with a management core, or slicing on the primary core if earlier revisions. This means all modern cell phones should be suspect even outside of non-isolated baseband processors because without disassembly proving the trustzone/hypervisor instance is disabled means all your data could be funnelled into an isolated process space for later exfiltration.
This isn't to say 'be paranoid about everything', but it DOES mean you should never put anything questionable on a non-trustworthy device (And anything without a fully open source firmware chain should be assumed that way today, and anything with one should be assumed to have a hardware backdoor and disallowed from running third party code. If third party data is enough, then the hardware just needs to be chucked.)
And how to ensure it stays disabled?
Religion: The greatest weapon of mass destruction of all time
This is not new & lots of others sell similar functionality Dell DRAC, HP ILO... Those usually have dedicated Ethernet ports, but generally function the same way. I've been helping our workstation guys roll out Intell vPro for remote administration of laptops & workstations. It operates in a powered down state & can do 802.1x authention to the network while the OS is powered down. So ya, there is definately an out of band processor there that can wake the system up & do remote control type stuff. It's a feature Intel is selling & marketing.
Can't comment on the ability of it to do arbitrary memory reads & what not, but that isn't suprising in thoery. It's much less scary than the article is making it out to be, although it is another attack surface to concerned with just like RDP or SSH.
This is the same FUD from Hack-a-day from last Janumanary
DUPE ALL THE THINGS!
Anononymous poster, check!
Be sure to mine the +5 comments from old stories for cheap karma!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
All the editing staff that knew that got kicked out a month or two ago when the last sal^H^H^Hchange of the guard happened and as a result some posted articles were lost in the shuffle :)
More seriously though, this was back on soylentnews a couple days ago linking to the FSF's recent rant about it. You know, years after it could make a difference. It was apparently partly due to rolling libreboot into the FSF/GNU fold. I wonder if they will go like gnupg and spin themselves back off when it turns out there aren't any benefits to being an FSF/GNU project anymore.
GNU is the GNU old :)
This has been out there since 2013...
https://software.intel.com/en-us/articles/intel-active-management-technology-start-here-guide-intel-amt-9
Also AMD users, you are still affected....
https://www.amd.com/Documents/out-of-band-client-management-overview.pdf
Even that its network connection is independent of the CPU and any filtering is described.
I have been aware of AMT since it was discussed as a way to do an psueudo-console connection on modern systems that lack a serial port in FreeBSD kernel debugging discussions. I suspect that Linux discussions also show how to do this as IT IS NOT SECRET!
I'm not really comfortable about it, but it is very useful, has been designed with security in mind and should be very difficult to suborn, and Intel considers it a feature that is advertised, so IS NOT A SECRET!
Kevin Oberman, Network Engineer, Retired
Yo dawg I heard you liked getting hacked so we put a CPU in your CPU so we can take over your machine while we take over your machine
Out of band management processors are nothing new. Neither are the myriad other special purpose chips in a system that can be exploited as general purpose processors, some less predictably than others.
Its awfully convenient, and I don't think anyone would be surprised if they pushed for a hardware level backdoor like this.
If the only goal was simply to provide low-power functionality, the coprocessor would be fully controlled by the operating system (ultimately, by the owner of the machine).
In fact, the main goal is to provide remote administration capabilities (what they call Intel Active Management Technology). In other words, the idea is to allow a remote administrator to take over the machine in a way that is independent of and invisible to the main operating system and processor. This serves a legitimate purpose in an "enterprise" environment (one person administers a large number of diverse machines) -- for example it allows taking back control of a cracked machine, or recovering critical data from memory after OS crashes. However, this feature is not useful for a privately administered single-user machine.
Finally, by definition a remote administration feature is a back door. This one is incredibly dangerous: a rootkit running on the coprocessor is entirely invisible to the operating system, has its own independent network access, and can monitor the disk, the memory and all other peripherals. In principle the remote management features must be activated via the System BIOS and you can set a password there, but really your only measure of safety against this back door is your trust that there are no bugs in Intel's code.
Why isn't Intel allowing you to replace the firmware? Because it's hard to ensure that the owner of the machine is the one initiating the firmware replacement. The real troubling point is that Intel isn't allowing you to disable this feature with a hardware switch. Hardware switches (jumpers on the motherboard) are a way of controlling the system available only to the physical owner of the machine. Having a hardware switch would satisfy both the enterprise and security-concious customers.
Slashdot is unable to verify the claims of this article..... But do they ever verify the claims?
ME's been around awhile.
I can with 100% certainty say that in addition to the things they're discussing, ME is also used to lock in chipset feature sets, for example whether or not the motherboard will do RAID 0, 1, 5, etc. In order to bypass the ME, it requires a special version of the BIOS, with ME nerfed in software, and a corresponding CPU with the appropriate fuses blown to disable the hardware. It was incredibly difficult to obtain proper authorization to have one of the these CPUs created for testing and getting the BIOS wasn't any easier. It took months.
Source: worked in Intel's Storage Lab.
To be extra safe, remove the BIOS battery (it was an old habit of mine to remove the distributor rotor to keep my car from being stolen).
“He’s not deformed, he’s just drunk!”
Please, will someone tell me? Intel vPro x86 processors have had an IPMI and RDS/KVM server for YEARS.
YEEEEAAARRRRSSSS!!!!! What the fuck, Slashdot? Are you all really that fucking stupid? This isn't some NSA hack. It's a feature that large businesses pay a lot of money for to be able to remotely control their PC assets regardless of whether the user has done something to attempt to lock the PC down.
Idiots. Jesus Christ.
Good God. I swear to fucking god I see one of these articles every few months when some asshole "discovers" AMT and makes up all sorts of ridiculous doomsday scenarios. It's about as silly as all those "OMGWTFBBQ UEFI WILL BLOCK LINUX FROM BEING INSTALLED WINDOZZZEE EVIL MICKEY$OFT OMG PANIC!!!!" posts we saw and will probably continue to see.
Between this and the "you can figure out an RSA key if you listen to your computer really hard!" articles I swear this site is being just inundated with even more nonsense than usual.
I'm of the opinion that management features need to get data from the motherboard, and each mobo manufacturer would have to be complicit for this potential attack to affect everything (assuming a bug or backdoor exists). *IF* there's a backdoor in the ME, and *IF* all (or at least YOUR) motherboard manufacturers are complicit, even *THEN* a good external firewall would stop most conceivable attacks.
It really is unfortunate that it is so clouded with mystery and seemingly waiting for a clever enough exploit.
If you are concerned a little, ensure that AMT is disabled.
If you are concerned a little more, consider grabbing an AMD next time. While AMD has similar things, Intel seems like it is both more featured and a larger attack surface, so an AMD exploit might be absent or would take longer to surface.
If you are concerned moderately, ensure that external sources can never successfully send a packet to your PC, by use of an external firewall that is trusted.
If you are concerned a lot, exclusively use open source products from before the mandatory inclusion of the ME. Have one to act as your firewall / router (maybe running OpenBSD or Trisquel), and another to do productivity on. You'll be limited on the power of the chip, of course.
Frankly, I think it is wise to distrust the ME a little bit. Especially because, as part of Intel chips, it is going to be in so many places- it is a lot of faith to put in untested code. But for the ME to be able to hurt or help you, the motherboard has to support its features, and there are a lot of motherboards, a lot of BIOSes- it is still a pretty diverse setup, and many don't support AMT at all.
So, how do I turn the damn thing off? (I suspect the answer to be "can not", but anyone that knows otherwise - let me know)
I do, however, notice that there are no open listening ports on my current Intel computer, when scanned externally. Is this thing always on? What conditions enable it (so that I'd know to avoid those)?
those have executable memory space too, just like the printers
look, if you have a camera, it's hackable
if you have a video card, it has memory and chips that can be used by someone else
face it, you're being spied on, and the Gestapo loves that
-- Tigger warning: This post may contain tiggers! --
Regardless of the caveats from the Editors I'm pretty damn sure this is a repeat of a story from some months ago. I don't know that in either story there's anything to be TOO concerned about at lease in terms of Intel's intensions (management layer etc.) except the fact that people know very little about this extra processor, it can't be controlled easily or locked down etc. As the summary says IF (or when) the cpu gets compromised than that's a big pickle.
...why didn't our ancient alien overlords stop the NSA from doing this?
Looks like somebody found a service processor. Gosh, me tenders!
Vernor Vinge drew up some diagrams of what this would look like, whereabouts 2005: http://vrinimi.org/front9uns.j...
Egress filter. Use non-integrated NICs.
Or, leverage it to manage 1000s of workstations in a business environment.
Non-story.
so how this effect things if i'm running a software firewall on an intel platform?
It also runs a TCP/IP server on your network interface and packets entering and leaving your machine on certain ports bypass any firewall running on your system....How exactly? Those packets would still need to be routed ... somewhere.
I didn't even know they still made them since most every modern OS requires 64bit processors.
So it's an entry point. You wouldn't add extra points of entry yourself unless you wanted to let *your company eg. Intel* or a government agency in.
To post this specific story with the disclaimer:
Editor's note: The summary is written with inputs from an anonymous reader, who also shared the story. We've been unable to verify the claims made by the author.
Well that says a lot to a mental gymnast. It means you are posting stories about Intel knowing very well this website has a large enough audience to be government monitored.
Slashdot is government monitored. CIA 24/7
Leaving a control mechanism in users' hardware on a large retail scale is of no good to anybody good. One could say yeahh.. in case you forget your password we have this in there and stuff you know. That's not why government's monitor your PC's. They fear losing their control over the public.
Known vulnerabilities and exploits
A Ring -3 rootkit was demonstrated by Invisible Things Lab for the Q35 chipset; it does not work for the later Q45 chipset as Intel implemented additional protections.[39] The exploit worked by remapping the normally protected memory region (top 16 MB of RAM) reserved for the ME. The ME rootkit could be installed regardless of whether the AMT is present or enabled on the system, as the chipset always contains the ARC ME coprocessor. (The "-3" designation was chosen because the ME coprocessor works even when the system is in the S3 state, thus it was considered a layer below the System Management Mode rootkits.[32]) For the vulnerable Q35 chipset, a keystroke logger ME-based rootkit was demonstrated by Patrick Stewin.[40][41]
Another security evaluation by Vassilios Ververis showed serious weaknesses in the GM45 chipset implementation. In particular, it criticized AMT for transmitting unencrypted passwords in the SMB (small business) provisioning mode when the IDE redirection and Serial over LAN features are used. It also found that the "zero touch" provisioning mode (ZTC) is still enabled even when the AMT appears to be disabled in BIOS. For about 60 euros, Ververis purchased from Go Daddy a certificate that is accepted by the ME firmware and allows remote "zero touch" provisioning of (possibly unsuspecting) machines, which broadcast their HELLO packets to would-be configuration servers.[42]
If Wikipedia is correct, AMT is a shitball which can be accessed with a $60 HTTPS Certificate from a shit-SSL-cert supplier.
And then you need only one (1) PC in your network infected to enable an attacker to root 100% of your machines.
Indeed AMT should be disabled, if that is possible.
Or better, do not buy an Intel product. Buy some CPU without these craptastic functions. Best is to buy a product from a jurisdiction where Hillary and Carly have no saying. Because they want to pwn your computer - something they openly state.
Fujitsu and the Chinese make CPUs. So does MCST of Moscow. Why do we need Ameri$hit with builtin N$A$hit ?
Some folks from Chengdu and from the North Korean Long Range Reconnaissance Forces have been administering your information at the same time. Cheers !
Oh wait, that is not a problem if your are a donor and chummy of Hillary Clinton.
Also, NSA gives a copulation if they can get in. All they care is to get in, they do not care about other dicks having that capability, too.
The ME has been around for ages and ages. I met a team researching exploits for it YEARS ago.
There is no new information here
The Coreboot people have been trying to work out how to deal with this stuff for a long time. See https://www.coreboot.org/Intel.... They're trying to work out how to disable it, but progress is not that good.
I have to say, I am actually pretty surprised by this news. I had no idea boingboing was even still going...
Is this new? Hackers have been using this to take over networks for years
Since when was the ME a secret? TFA is nonsense. It's claiming it's secret so they can make a fuss about it when it isn't a secret. It's functions, like AMT are documented in the Intel CPU manuals.
It's also needed so you can have effective power management. The CPU can't manage it's own power when it's turned off. So a small CPU that consumes less power is useful to handle the switching on and off of sub units.
Secret? ummm welcome to a decade ago. The only thing secret about this appears to be the authors lack of knowledge about technology from the last decade. This has been a common selling point for a long time with its various iterations to allow management of machines regardless of OS and/or health of said OS so that you can fix shit remotely.
Access to fucking TCP/IP? Fuck you
Author says '' Unfortunately, since the firmware is protected by RSA 2048, we currently have no way to execute our own code on the ME hardware because it fails validation. We have no way to move forward, even if we wanted to. ''
Well I know someone who could call Intel and demand the RSA keys and they would get them.
So if you care about your data security, don't buy Intel.
http://opentools.homeip.net/
Something else to add to the list.
With the price of servers coming down, home users may have this technology, and for the same reasons.
When I looked up what ME was when it was invented it basically said it can do stuff while your computer is off. I thought "well that's exploitable and besides that, very suspicious." Now fast forward and people finally caught on. If this hits the news media that a computer can be permanently hackable and even while in sleep mode, every last consumer is rushing out to get AMD-based systems. Corporations will too! They don't want their data secretly stolen past their OS's anti-malware suites. Intel might as well have mailed a check for 5 billion dollars over to AMD and after the BS in their pricing lately and monopoly abuse and dishonest product naming, they deserve it.
I've had this really tiny drill bit for ages and I've been wanting to find a use for it. Thanks to Intel I now at last can do something with it.
Light gray text on white-ish background? I can hardly see there are comments in the white space, but maybe years have finally caught up with me.
Intel ME seems quite scary even without AMT. See https://libreboot.org/faq/#intelme.
How is this "news" or "claims" if the Intel AMT / ME documentation described this from the very start?
Is any of this enabled by default? Does it have to be manually activated in BIOS? None of my systems repsond on those ports. Ofcourse it's enabled for NSA already, but for us ordinary people?
Maybe the NSA has already done that "extraordinary work" you speak of.
Of course they have, I'd be extremely disappointed in their effectiveness if they hadn't. Heck, they probably gave the idea to Intel in the first place. This doesn't mean I like the idea of them doing it, only that I am a realist and know that the NSA exists to do exactly this.
Is it a conspiracy when its in their charter?
More or less old news for me: https://libreboot.org/faq/#intelme
AMD has something similar to Intel ME called PSP: https://libreboot.org/faq/#amdpsp
Knowing both AMD & Intel have ways to remotely read storage and open hardware ports, even while main CPUs are "off", where is the 64 bit alternative? ARM, MIPS & Power all might be good but who markets a 64 bit laptop without AMD or Intel inside?
ARMv8 & ARMv9 laptops always seem to be tomorrow. What is today?
This stupid alarmist bullshit keeps popping up every few months. Some moron even wrote a research paper on it. The fact that Slashdot sees fit to post it as a front-page article is deeply disappointing, but not surprising.
I have been reading many different types of justifications on the security of the CPU makers (whatever be the brand). However we can't overestimate the fact that we are humans and that anybody can make mistakes, in particular with so complex artifacts as CPUs. These hidden parts and their security mechanisms can have bugs (yesterday, today or tomorrow). And also, they are not designed only to work with previous and current scenarios, but with the unknown future ones that are completely unexpected.
Thinking on this issue I checked quickly what CPUs have the Cisco Firewalls (just to check a famous brand), and notice that they have different ones depending on the appliance model, from the AMD Geode to some Intel Xeon variants, so there are possibilities even on security appliances for this to be exploited.
The problem with this hidden CPU approach is that they can bypass the computer built security without the operating system noticing it, with potentially dangerous consequences. And we are updating our software regularly but the most of the people is not aware of the updating on the underlying things (if they can be updated). The lack of knowledge in this respect is a dangerous thing.
But what can be done?
A very few are careful enough on checking the internal hardware specifications on the networking devices, the ones could protect any not so well controlled hidden device inside our network. So, it is really important to learn more about what we really have and if it is possible to combine "different" layers of appliances. For example, not to rely only on Intel or only on AMD for both servers and security appliances, or even to combine x64 and x32 with ARM, MIPS or other type of CPUs. This way, if there is a breach because some architectural failure, the next layer won't suffer the same fate because it is different (not necessarily because it is better). This combination of suppliers is something it is already being recommended for antivirus on enterprise environments (don't trust only in one supplier).
On the other case, when knowing extra ports and other elements that nobody is actively controlling within our network, will be possible to understand better that maybe that "extra" traffic has a hardware and not a software origin.
Our modern environments are rich and powerful, but this richness doesn't come for free. We need to understand it and control it correctly.
https://communities.cisco.com/...
Joanna has been researching this for a while, this is her presentation at 32c3.
And it will most definitely not be Intel based now.
Buy real and fake Passport ,Visa,Driving License,ID CARDS,marriage
certificates,diplomas etc for sell
Guaranteed 24 hour passport,citizenship,Id cards,drivers
license,diplomas,degrees,certificates service available. Tourist and
business visa services available to residents of all 50 states and all
nationalities Worldwide. are unique producers of Authentic High
Quality passports, Real Genuine Data Base Registered and unregistered
Passports and other Citizenship documents.I can guarantee you a new
Identity starting from a clean new genuine Birth Certificate, ID card,
Drivers License,Passports, Social security card with SSN, credit
files, and credit cards, school diplomas, school degrees all in an
entirely new name issued and registered in the government database
system..
We use high quality equipment and materials to produce authentic and
counterfeit documents.All secret features of real passports are
carefully duplicated for our Registered and unregistered documents.we
are unique producer of quality false and Real documents.We offer only
original high-quality Registered and unregistered passports, drivers
licenses, ID cards, stamps, Visa, school Diplomas and other products
for a number of countries like:USA, Australia, Belgium,Brazil, Canada,
Italian,Finland, France, Germany, Israel, Mexico, Netherlands, South
Africa,Spain, United Kingdom.
UNIVERSAL PAPERS
Contact us on................pauldocument508@gmail.com
General Support:-------- pauldocument508@gmail.com
we are able to produce the following items;
REAL BRITISH PASSPORT.
REAL CANADIAN PASSPORT.
REAL FRENCH PASSPORT.
REAL AMERICAN PASSPORT.
REAL RUSSIAN PASSPORT.
REAL JAPANESSE PASSPORT.
REAL CHINESSE PASSPORT.
AND REAL PASSPORT FOR COUNTRIES IN THE EUROPEAN UNION.
REAL DRIVERS LICENSE,I.D CARDS,BIRTH CERTIFATES,DIPLOMATS,MARRIGE
CERTIFICATES,AND VISAS.
REGISTERED AND UNREGISTERED BRITISH PASSPORT.
REGISTERED AND UNREGISTERED CANANIAN PASSPORT.
REGISTERED AND UNREGISTERED FRENCH PASSPORT.
REGISTERED AND UNREGISTERED AMERICAN PASSPORT.
REGISTERED AND UNREGISTERED RUSSSIAN PASSPORT.
REGISTERED AND UNREGISTERED JAPANESSE PASSPORT.
REGISTERED AND UNREGISTERED CHINESSE PASSPORT.
REGISTERED AND UNREGISTERED PASSPORTPASSPORT FOR COUNTRIES IN THE
EUROPEAN UNION.
Buy Registered and unregistered USA(United States) passports,
Buy Registered and unregistered Australian passports,
Buy Registered and unregistered Belgium passports,
Buy Registered and unregistered Brazilian(Brazil) passports,
Buy Registered and unregistered Canadian(Canada) passports,
Buy Registered and unregistered Finnish(Finland) passports,
Buy Registered and unregistered French(France) passports,
Buy Registered and unregistered German(Germany) passports,
Buy Registered and unregistered Dutch(Netherland/Holland) passports,
Buy Registered and unregistered Israel passports,
Buy Registered and unregistered UK(United Kingdom) passports,
Buy Registered and unregistered Spanish(Spain) passports,
Buy Registered and unregistered Mexican(Mexico) passports,
Buy Registered and unregistered South African passports.
Buy Registered and unregistered Australian driver licenses,
Buy Registered and unregistered Canadian driver licenses,
Buy Registered and unregistered French(France) driver licenses,
Buy Registered and unregistered Dutch(Netherland/Holland) driving licenses,
Buy Registered and unregistered German(Germany) driving licenses,
Buy Registered and unregistered UK(United Kingdom) driving licenses,
Buy Registered and unregistered Diplomatic passports,
Buy Registered and unregistered USA(United States) passports,
Buy Registered and unregistered Australian passports,
Buy Registered and unregistered Belgium passports,
Buy Registered and unregistered Brazilian(Brazil) passports,
Buy Registered and unregistered Canadian(Canada) passports,
Buy Registered and unregistered Finnish(Finland) passports,
Buy Registered and unregistered French(France) passports,
Buy Registered and unregistered German(Germany) passports,
Buy Registered and unregistered Dutch(Netherland/Holland) passports,
Buy Registered and unregister
When I use my i7 laptop I make sure I'm wearing my AL foil hat ;-}
our new Intel Management Engine overlords.
Star Trek transporters are just 3d printers.
I fail to see why this is such a big deal. This type of approach has been used for years. I am most familiar with the Oracle ILOM but IBM, HP, and others do something similar. I guess when they do it on a chip basis people treat it differently than when they do it on a system. When I first started working with computers, the machines would use multiple boards to implement the cpu. Now people act as if the world has been recreated because we have System-in-a-chip technology. While I recognize the progress and agree that things have improved, the approach is still the same when you think in terms of functional units.
Here the point is that finally big brother has a golden backdoor to every Intel computer there is/will be. Microsoft will stop supporting older Intel CPUs and only Skyline and future Intel CPU generations will be supported in Windows 10 +. I don't think that is a coincidence. You have the most privacy careless OS (Windows 10) running on the top of a CPU that has a built in backdoor. If that is not scary then I don't know what is.
A while back I remember reading an article where a guy was constantly getting hacked even when his laptop was not connected his network. How difficult can it be to install a radio receiver and transmitter on ME so that even if Wireless and Network card are disabled, somebody can still access your PC through a radio receiver installed in ME? All that person would have to do is get close enough to your PC to access it.
You can fight all you want about Intel vs AMD, but at the end of the day. We all lose because AMD is probably going to be forced to add something like ME in its CPUs in order to "compete" with Intel.
If you like Intel, then go to your garage and get those Pentium 4 and Core 2 Duo Desktop PCs otherwise you will have somebody else watching all those cat videos you keep watching in Facebook.......
Highly unlikely.
Self-importance and self-indulgence is the root of ALL evil.
Can you please urgently (within the next 24 hours) make a US passport and a US high school diploma certificate, roll them up together, and shove them up your ass? If the deadline is not too much for you, I can send you further information.
Including computers capable of out-of-band communication and control of the local machine has been a staple of server design for DECADES - corporate desktops have included this facility for years as well. This is nothing more than yet another server technology migrating to end-user desktops. It is fascinating that the article describes this as 'secret' yet includes links to public pages on intel's website that document this over 8 years ago.
Intel ME features has been around for many many years and Intel makes no effort to hide it. Its not a secret that Intel ME operates out-of-band and its mainly supported on models targeted for businesses (non-consumers). If you don't like it, don't enable it in the first place or don't get a processor model that supports it.
Can't wait for that developer to discover other IPMI implementations.
I can't but think that if Intel corp is working for a warring faction, and is involved in acts of espionage, sabotage and surveillance of users of their computer chips, like with possibly other corporations, I really think such an organization would be potentially harmful and definitely threatening, hypothetically making them as dangerous and threatening as the proverbial enemy combatant.
They want to cache the pedos who like young girls and keep the world safe for women.
Remeber: opposing men taking young female children as brides is a death sentence: (Dt 13:6 hebrew) (elohim means judges/rulers/gods/etc)
Men are permitted to rape2own female children: (Dt 22:28-29 hebrew)
Enticing others to follow something else is a death sentence: (Dt 13:6 hebrew)
Mad the backdoor is getting some exposure, techie faggot shill?
Aren't you too busy making the world safe for (women's) democracy?
Hurry, there are some men marrying young girls somewhere in the world.