Slashdot Mirror
WikiLeaks Reveals CIA's Secret Hacking Tools and Spy Operations (betanews.com)
Mark Wilson, writing for BetaNews: WikiLeaks has unleashed a treasure trove of data to the internet, exposing information about the CIA's arsenal of hacking tools. Code-named Vault 7, the first data is due to be released in serialized form, starting off with "Year Zero" as part one. A cache of over 8,500 documents and files has been made available via BitTorrent in an encrypted archive. The plan had been to release the password at 9:00am ET today, but when a scheduled online press conference and stream came "under attack" prior to this, the password was released early. Included in the "extraordinary" release are details of the zero day weapons used by the CIA to exploit iPhones, Android phones, Windows, and even Samsung TVs to listen in on people. Routers, Linux, macOS -- nothing is safe. WikiLeaks explains how the "CIA's hacking division" -- or the Center for Cyber Intelligence (CCI) as it is officially known -- has produced thousands of weaponized pieces of malware, Trojans, viruses and other tools. It's a leak that's essentially Snowden 2.0. In a statement, WikiLeaks said CIA has tools to bypass the encryption mechanisms imposed by popular instant messenger apps Signal, Confide, WhatsApp (used by more than a billion people), and Telegram.
So while the US president is claiming his phones were tapped we get a great release of information about the hacking tools that would be used to do the tapping. No correlation at all. There is not some mysterious power supporting Trump. Nope, Naha. Pure coincidence.
What difference does this make? It's too late, we're already owned.
No need for zero-day exploits when Donnie's using a four-year-old Samsung that's probably got more holes than Jeff Sessions' Congress testimony.
It is not so much that these would have been used on Trump. This is just fuel for speculation that they might have been used. It matters not that they were used only that this can increase the speculation thus giving "weight" to the original claims even though it is still just more speculation.
How would we know these are the CIA tools and not ones the Russians released to Wikileaks and fooling them into thinking they are the CIA tools? Or that Wikileaks knows they are Russian and is simply lying?
But hardly unexpected it seems to me.
@peetm
N/T
We have Reuters, NYT, AP, Telegraph, and many other reports... yet the /. mod, a former BetaBoobs employee, pushes this crap down our throats. When is /. firing this d-bag that pushes stories from his friends down our throats? How much are you making on the side mashed potato-head mod?
We have these Wikileaks of CIA tools. We have Trumps muslim ban mk 2. We have the bill cancelling Obamacare. We had Trump accuses Obama of spying on him.
Swamping the new cycle.
That's what happens when Republican propaganda machine and Russian propaganda machine work in perfect harmony.
The interesting thing would be to see the targets. Given it's the CIA, they are only authorized to surveil targets foreign to the US. The problem with malware and high tech devices is that they cannot always be accurately contained. So how many US citizens and US allies were "inadvertently" tapped? How about political targets?
Custom electronics and digital signage for your business: www.evcircuits.com
Your Intel CPU is already backdoored
Forget security, your Intel CPU is already backdoored and it is wide open.
Remember, *3 Billion devices run JAVA*, and your motherboard backdoor is running it.
REcon 2014 - Intel Management Engine Secrets
32c3 Intel backdoor live hack demonstration, keystrokes logged and downloaded over wire, wireshark can't detect:
Towards (reasonably) trustworthy x86 laptops
Tools to remove Intel backdoor firmware:
https://github.com/corna/me_cleaner.
Neutralize your Intel backdoor:
Neutralize ME firmware on SandyBridge and IvyBridge platforms
First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).
The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.
https://hackaday.com/tag/intel-management-engine/
Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code. When â" not âifâ(TM) â" the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intelâ(TM)s Management Engine is the single most dangerous piece of computer hardware ever created.
Intel Active Management Technology
Almost all AMT features are available even if the PC is in a powered-off state but with its power cord attached, if the operating system has crashed, if the software agent is missing, or if hardware (such as a hard drive or memory) has failed.[1][2] The console-redirection feature (SOL), agent presence checking, and network traffic filters are available after the PC is powered up.[1][2]
The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional[29] part in all current (as of 2015) Intel chipset
What about vaults 1 through 6?
That any of these were turned on the Trump Campaign....Riiiiight?
If Breitbart says it, it must be true. I sure am glad our White House has such reliable intelligence sources.
If these had been used he'd be sitting in a cell now rather than in two years from now.
https://wikileaks.org/ciav7p1/...
Reading list
A list of websites I like to check out to stay up to date and get new ideas:
General
http://reddit.com/r/netsec along with all the other good subreddits (RE, forensics)
http://thehackernews.com/
http://slashdot.org
Forensics
http://swiftforensics.com/
Ha, ha, hello CIA friends, I hope you've enjoyed all my ENTIRELY SATIRICAL posts over the years that may have appeared to the slow of wit to be critical of the government and the Agency, but were in fact entirely in jest. I'm sure you had a good chuckle all the times I COMPLETELY IRONICALLY referred to you as lying liars who lie about your lies to bring us into war under war false pretenses...over and over again.
Anywho, keep up the good work, friends!
We don't have a state-run media we have a media-run state.
20 years ago there would have been hearings and elections and all sorts of excitement about this.
Now we just shrug cry and accept.
Hey Wikileaks assholes where are the zero daze from Russia/China/N Korea? Don't have any?
Then *what good are you*?
Just remember, the Americans will haul your ass into court. But the Chinese will disappear you, the N Koreans will VX your face, and the Russians will beat you to death, then piss on you.
Sir BoltmanLives from BetaNews could be taking a dump on /. and praising how Windows 10 is the best and most secure operating system, and anyone who disagrees is a caveman.
From the press release:
UMBRAGE
The CIA's hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity.
This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.
The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.
UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.
Uh oh. So combine with:
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
Doesn't that make attributing the source of a hack based on exploit fingerprinting essentially meaningless? If a motivated hacker had access to this trove, and therefore Umbrage, and say they wanted to hack the email server of a US political party, could they not simply leave behind a Russian fingerprint in order to implicate them?
Always seemed strange to me the DNC hackers used a Russian VPN. Isn't the first rule of haxx0ring to be behind 7 proxies? And the last of which sure as shit shouldn't be anywhere near where you really are?
We don't have a state-run media we have a media-run state.
"upstanding journalistic organizations"
Nah, they're Julian Assange, and he'll leak anything that comes his way that looks juicy. In this case it will be the same source as his DNC leaks, i.e. Russian intelligence using him as an outlet.
The timing is telling, Trump just did a "Obama spied on me to interfere with the elections" thing. Who hacked the elections? Well the US spies say it was Russia, but POTUS says it was Obama. That fell flat on it's face. And now from the same source, a lot of CIA zero day exploits, with the release brought forward to today. Tomorrow I wouldn't be surprised if we get Trump tweeting again, trying to leverage this into an attack on the CIA and FBI to back up his spy claims. Another day, another attack from POTUS on America, another defense of Putin.
This is a ping-pong pattern, Trump said Sweden was crime ridden due to immigrants. next day Sweden then had a riot, Radio24syv investigates it, finds Russian TV station NTV paid youths to burn a car. Trump supporters cited the riot as proof Trump was right and Swedish media was wrong.
When you have a foreign countries propaganda unit at your disposal, and Republican putting party before country, you have a takeover. It's the same pattern repeating itself.
The NSA records every phone call, every email, every SMS and most web access, especially foreign people. Obama did not have to order a special wire tapp (Trump's spelling), it is done routinely. Trump may have shot himself in the foot by making surveillance an issue. Everybody does not like being under surveillance so I will throw the canned response back at this administration, "If you have nothing to hide, why complain about surveillance?"
I expect privacy and anonymity, but I know I do not have right.
For what it's worth, many of these attack vectors have been known for a while (see https://www.degruyter.com/view...) - it was only a matter of desire for someone to weaponize them.
*3 Billion devices run JAVA* because everyone's motherboard is running it.
32c3 Intel CPU backdoor live hack demonstration, keystrokes logged and sent over wire, wireshark can't detect packet because the Intel backdoor runs above the OS:
Towards (reasonably) trustworthy x86 laptops
REcon 2014 - Intel Management Engine Secrets
Tools to remove Intel backdoor firmware (The backdoor firmware sits outside the BIOS, you need to physically clip onto a 8pin chip on motherboards to download/neutralize/flash the rom, nothing else can touch it):
https://github.com/corna/me_cleaner.
Neutralize your Intel backdoor:
Neutralize ME firmware on SandyBridge and IvyBridge platforms
First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).
The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.
https://hackaday.com/tag/intel-management-engine/
Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code. When â" not âifâ(TM) â" the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intelâ(TM)s Management Engine is the single most dangerous piece of computer hardware ever created.
Intel Active Management Technology
Almost all AMT features are available even if the PC is in a powered-off state but with its power cord attached, if the operating system has crashed, if the software agent is missing, or if hardware (such as a hard drive or memory) has failed.[1][2] The console-redirection feature (SOL), agent presence checking, and network traffic filters are available after the PC is powered up.[1][2]
The Management Engine (ME) is an isolated and protected co
Intel Active Management Technology (AMT) is only supported on some specific chipsets, mostly geared toward enterprises and servers, for remote management (and yes, it can be cracked from the LAN, depending on your network configuration, and thus be hijacked for malicious purposes, including by governments). Everything listed is simply very normal and useful features for remote management.
Unless you brought one of these chipsets, it is simply not there.
The article summary is a bit misleading. There is no indication that the CIA can break Signal's encryption or intercept its communications in-transit.
Wikileaks' press release states that the CIA can root mobile devices, which then allows them to intercept Signal communications *before* encryption is applied.
Insurance costs should come way back down.
I'll hold you to that, AC.
Personally my money's on costs continuing to go up, up, and away! but at least conservatives will be happy.
Can I be the first to say:
In CIA America, TV watches YOU!
I feel like I may already be too late though.
Management Engine may not be the spooky thing he implies, but it also may be. The ME can't be disabled, and if you boot on a machine that is modified to not have an ME, the chip itself shuts down sharply after 30 minutes.
AMD's equivalent is the PSP.
Both of these run signed code that is either encrypted or effectively so, and no one can ever see the code or disable it, and it runs at ring -3 so it could do pretty much any damned thing.
The AMT you are referring to is how you or I would configure a machine for ILO usage. Intel's ME and AMD's PSP may just be what they claim to be- ways to make that happen, should the user part be plugged in. But if you aren't at least a little suspicious of this, you aren't thinking straight.
I remember when there were reports of Samsung Smart TV's sending pictures to Samsung unknown to the owners. The problem with any "black box" device is you have no idea what it's doing.
The IoT "revolution" is a technological dark age in my opinion: Companies adding eyes and ears to devices that can be accessed by anyone in the world and giving them out like candy. and of course things like OnStar in your car...anyone see the movie "Minority Report"? We are already there and our best defence is to say "no" to all the promises of convenience through operating your home over a smart phone. I remembering reading two things:
1. Necessity = Convenience + Time
2. Convenience comes at the price of security.
Scary isn't it? It's great that we "conspiracy theorists" are vindicated by people like WikiLeaks. It's only Paranoia until it's proved, right?
"Imagination is more important than knowledge" - Einstein
...for "undetectable assasinations" ?
How many recent car crashes really weren't "accidents"at all ?
Market forces are exactly what you want in play when you're lying on a gurney in the emergency room; that way people won't be saved for a penny less than they or their families value their lives.
HOW did CIA break these encryptions? Some vulnerabilities, enormous number-crunching farm, a quantum computer, or did they find N=PN solution? Or did they waterboard the makers of the compromised software until they gave them the private keys?
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
The cat is out of the bag, you guys are evil, just fuck off with the lying.
The Intel backdoor is in all Core/i3/i5/i7/Xeon CPU/Motherboard that support, it is packaged under multiple names.
Intel ME is part of vPro, if your CPU has vPro, you have it, that means all Xeon, and most i3/i5/i7. It is also on all notebook CPUs and has WiFi capabilities under names such as "Anti-Theft Technology".
http://www.intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html
Intel® Active Management Technology (Intel® AMT) is a feature of Intel® Coreâ processors with Intel® vProâ technology1,2 and workstation platforms based on select Intel® Xeon® processors.
The rest is packaged as "Small Business Advantage":
Learn about Intel® Small Business Advantage
Intel® Small Business Advantage provides an out-of-the-box hardware-based security and productivity suite designed for small-business users with unmanaged IT.
Intel Small Business Advantage offers a server-like solution without a server. No special configuration is required to use Intel Small Business Advantage.
This piece of shit is everywhere and it is on by default. Intel actually say it is an "advantage" with a straight face.
Keeps getting down voted on here. The post went from Score:3 to Score:1 within minutes.
On consumer CPU the backdoor is marketed as "Small Business Advantage" and "Anti-Theft Technology", and it is accessible via powershell scripts.
You didn't think they would miss a beat did you?
Wikileaks is one of the few remaining upstanding journalistic organizations. .
The fact that you don't like how the US operates does not in and of itself prove that Wikileads is as upstanding as you hope. Take a look at Russia and China. Can you and I at least agree that those countries have their own problems of various kinds? Don't you find it funny that nobody, not one single person, who lives there and has access to their secrets is willing to send them to Wikileaks? Back in the old days of the USSR, the US was able to find Soviet citizens who would risk their lives to pass on information to the US and not for profit. Why is it that today nobody seems willing to leak documentation on Russia and China? It's not difficult to find born and raised in China people who aren't very fond of their government. So I wonder could it possibly be that people actually are submitting leaks from Russia and China and Wikipedia isn't publishing them? I don't know. But I think anybody who blindly supports Wikileaks as the champion of right should wonder why it seems that only leaks from the USA (and apparently Saudi Arabia once) make it there.
Russian intelligence released CIA secret hacking tools and spy operations through it's website, wikileaks.
Aww is that all you got?
Intel is calling it an "advantage" because the fucking backdoor is on by default. ROTFLMFAO!!!!11!!
http://www.intel.com/content/www/us/en/support/software/software-applications/000005817.html
Intel Small Business Advantage offers a server-like solution without a server. No special configuration is required to use Intel Small Business Advantage.
No, the reason we need no exploits for Drumpf's phone is that he'll just put all those things he shouldn't say directly on twitter.
NSA/CIA/GCHQ Shills kept down voting this from Score 3:
Your Intel CPU is backdoored and it is wide open, right now.
The backdoor is on all modern intel CPU/Chipset and is marketed as vPro/AMT/Small Business Advantage/Anti-Theft Technology.
Remember *3 Billion devices run JAVA* because everyone's motherboard is running it.
REcon 2014 - Intel Management Engine Secrets
CCC Intel CPU backdoor live hack demonstration, keystrokes logged and sent over wire, wireshark can't detect packet because the Intel backdoor runs above the OS:
30C3 To Protect And Infect - The militarization of the Internet
Jacob Appelbaum - To Protect and Infect Part 2 - At 30c3 on Mass Surveillance Tools & Software
Towards (reasonably) trustworthy x86 laptops
Tools to remove Intel backdoor firmware (You need to physically clip onto a 8pins chip on motherboards to download/neutralize/flash the rom, nothing else can touch it):
https://github.com/corna/me_cleaner.
Neutralize your Intel backdoor:
Neutralize ME firmware on SandyBridge and IvyBridge platforms
First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).
The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.
https://hackaday.com/tag/intel-management-engine/
Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canâ(TM)t even look at the code. When â" not âifâ(TM) â" the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intelâ(TM)s Management Engine is the single most dangerous piece of computer hardware ever created.
Hell yeah! It is time to start paying the people who save lives serious money. Wait, the doctor's pay isn't going up, is it?
No need for zero-day exploits when Donnie's using a four-year-old Samsung that's probably got more holes than Jeff Sessions' Congress testimony.
Now, now. Jeff was "honest and correct as he understood it at the time."
( I can't wait to use that excuse myself sometime, 'cause, if it was good enough for the Attorney General of the US (under oath) and The Congress doesn't care, I don't see why I should be held to a higher standard. )
It must have been something you assimilated. . . .
Russia tries to further discredit the US.
Hit the snooze button.
Am I being overly sensitive, or is the tone of some of the leaks seriously surprising given the source being attributed to CIA professionals?
I'm talking about the whole malicious attitude thinly veiled when, for instance, discussing specific attack methods:
https://wikileaks.org/ciav7p1/cms/page_14588670.html
"Fun things to do with these:
Kill pesky processes in unit tests that don't want to die normally
Knockover PSPs
Troll people"
Not exactly. If the CIA (or anyone) hacks the phone, they can install keyloggers, which can grab data before it gets encrypted. They can also install screen readers that can see incoming messages after they've been decrypted.
In other words, if they can look over your shoulder, you're not secure.
Best Slashdot Co
Well. That would be the closest to a realistic explanation I've got as to why mine is so damn slow and buggy!
NSA/CIA/GCHQ Shills kept down voting this:
Your Intel CPU is backdoored and it is wide open, right now.
The backdoor is on all modern intel CPU/Chipset and is marketed as vPro/AMT/Small Business Advantage/Anti-Theft Technology, it is in all Core i3/i5/i7/Xeon CPU/Chipset in the past 6 years.
Remember *3 Billion devices run JAVA* because everyone's Intel CPU backdoor is running it.
REcon 2014 - Intel Management Engine Secrets
CCC Intel CPU backdoor live hack demonstration, keystrokes logged and sent over wire, wireshark can't detect packet because the Intel backdoor runs above the OS:
Towards (reasonably) trustworthy x86 laptops
Untrusting the CPU (33c3)
30C3 To Protect And Infect - The militarization of the Internet
Jacob Appelbaum - To Protect and Infect Part 2 - At 30c3 on Mass Surveillance Tools & Software
More links in this discussion:
The Intel ME subsystem can take over your machine, can't be audited
Tools to remove Intel backdoor firmware (You need to physically clip onto a 8pins chip on motherboards to download/neutralize/flash the rom, nothing else can touch it), the backdoor is designed to shutdown your machine within 30 minutes after boot, if you just remove the backdoor and don't handle checksums correctly:
https://github.com/corna/me_cleaner.
Neutralize your Intel backdoor:
Neutralize ME firmware on SandyBridge and IvyBridge platforms
First introduced in Intelâ(TM)s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).
The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating systemâ(TM)s memory as well as to reserve a region of protected external memory to supplement the MEâ(TM)s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that canâ(TM)t be ignored.
https://hackaday.com/tag/intel-management-engine/
Five or so years ago, Intel rolled out something horrible. Intelâ(TM)s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets e
Your reading comprehension skills are terrible. Very first sentence of the article:
"The NY Times reported that wiretaps of people on the Trump team"
TRUMP TEAM. No where in either article mentioned does it say that Trump himself or Trump Tower was wire tapped. It's like you people don't even read...at all. I mean, it's EVEN IN THE HEADLINE TOO.
Another AC spewing pro-Trump, pro-Putin lies. FSB running in over-drive.
The President doesn't need the spooks' technological spying techniques. That's what he's got Breitbart and Fox for!
The world's burning. Moped Jesus spotted on I50. Details at 11.
"Well they're the CIA, that's their job right?"
What really bugs me about this sort of thing is that they're charged with keeping America safe. THAT'S their job. And I fully understand that to keep us safe, the state has to make certain other people very much unsafe. In the dead sort of way. Sad but true. And towards that end the CIA has developed weapons to help them with that.
But these are weapons that can be used against us. Zero-day exploits. Unknown vulnerabilities in critical systems that US citizens and officials and generals use on a daily basis.
Do they think they're the only ones who found these exploits?
Has the CIA made any effort to fix these exploits? To help the maintainers patch up the holes? I don't know. It's hard to know anything about the CIA. But I doubt it since they had a pile of zero-day exploits. The nature of the weapon is that it goes away if other people know about it.
By not being ethical hackers, and keeping these exploits secret and useable for themselves, they've traded DEFENSE of the USA for their own OFFENSIVE capabilities. Which runs counter to their stated goal.
As joepie91 states on Twitter:
Joepie91
Highly suspect that @wikileaks switched from GPG to 7z for releases, and explicitly says to decrypt using `7z`. Suggests an exploit. #Vault7
If I had a 7z vulnerability and I wanted to target/compromise "techie crowd interested in leaks", this is *precisely* what I'd do. #Vault7
Typical Trump supporter
Price competition can lower prices even when demand is perfectly inelastic, however, there is a strong motivation to rent seek by limiting supply through collusion or monopolization in such situations. The market can fail to be properly competitive in a number of ways but the question is how do we want government to intervene? Regulate to restore competition, regulate to restrict competition or nationalize the system entirely? Right now we are operating with a mix of restricted competition to make the profitable parts maximally profitable and nationalization to distribute the losses of the unprofitable parts to the tax payers. Government is already intervening very heavily in the health care market, but the interventions serve the special interests of insurance companies, trial lawyers, drug manufacturers and doctors at the expense of consumers and tax payers. 90% of prescription drugs aren't dangerous or prone to abuse and could be sold over the counter without the need for a doctor. If those drugs are out of patent and aren't covered by insurance their prices will be driven down to what is fair and they will become affordable. An automated system already warns of potential drug interactions. Healthcare costs could be brought down by more than 50% by restoring freedom to the consumer, which means freedom to self diagnose and self treat. Obviously taking that away and granting a license to diagnose and treat will increase costs. It can increase quality too, but the freedom to pay extra for that quality would still exist without it. On the supply side drug manufacturers are highly consolidated, collude to limit competition even further and are primarily interested in rent seeking based upon patent monopolies. Instead of intervening on behalf of these companies government should be rejecting their merger and buy out deals and breaking up the large ones. The FDA might just as well be eliminated entirely at this point, it serves to primarily limit the supply of new drugs by creating nearly insurmountable barriers to entry into the market. There is a huge category of diseases that will never be treated pharmacologically because they are too rare to justify the billions on approval costs for new drugs. Taking away more freedom by coercing the taxpayer to pay for even more healthcare than they already are won't fix any of the problems with the system, instead it will allow the inefficiency to be more easily paid for by issuing government debt and printing money, which threatens the fiscal stability of the entire global economic system.
Are you saying, clinton/obama/bush/clinton/bush didn't know about this crap? Now its Jeff sessions testimony thats the issue.
shades of disappointement.
After reading the article my linksys wrt-54g crashed and I had to turn it off and on to get my internet connection back.
The backdoor is on all modern intel CPU/Chipset and is marketed as vPro/AMT/Small Business Advantage/Anti-Theft Technology, it is in all Core i3/i5/i7/Xeon CPU/Chipset in the past 6 years.
If it's not in vPro then it's in SBA, every desktop motherboard has SBA basic in the chipset, they just don't advertise it, if it's not in SBA then it's in Anti-Theft, which is for mobile/notebook CPUs.
http://www.intel.com/content/www/us/en/support/software/software-applications/000005817.html
Intel Small Business Advantage offers a server-like solution without a server. No special configuration is required to use Intel Small Business Advantage.
SBA (Small Business Advantage) - A combination of hardware and software usage focused on security and productivity. SBA supports chat, file sharing, screen sharing, USB Blocker, Software Monitor, Backup, and Health Center.
Gotta love the swampy double-speak. Nothing says 'we the people' like having to lie about everything to the people.
Then wouldn't it be more efficient for healthcare companies to institute a kind of ransom situation ... "We have your daughter. Pay us $500,000 within 48 hours or she will die!"
Then either the family will raise the money, or the body can be harvested for organs.... the market wins either way.
Mod me flamebait if you will, but that's how Trump got to "I was wiretapped!" Via a conspiracy theory from a right wing radio host that Breitbarts picked up and Fox ran with. We have a man at the top of the one of the most powerful espionage machines the world has ever known, and he gets "intel" from right wing commentators. Can't you see this for what it is, a massive vulnerability at the very top of the US Government? A foreign power could game the system by selectively feeding the likes of Levin and Breitbart stories of this kind, and because Trump clearly has no trust of his own departments, and spends far too much time watching television, he would be supremely vulnerable to such manipulation.
The world's burning. Moped Jesus spotted on I50. Details at 11.
I find it weird that Wikileaks is this good at what it does but has no information as to how to fix the Tor Browser exploit the FBI uses. Anyone else curious about this?
You really think our future president, Mark Z isn't working with agencies? That's funny. The day he bought WhatsApp was the day it was compromised. Where do think they get the money to keep the service running? My god, FB is a profile site that can NEVER go bankrupt. It would be too devastating to national security.
That guy is obviously a shill. They keep saying it's a corporate feature, when it isn't, it's a hardware + firmware permanent backdoor, marketed under different names in different segment
vPro/AMT is only one of them, there are Small Business Advantage (It's called "Small Business" but the SBA "basic" version is somehow hidden on normal Asus/gigabyte desktop board inside the chipset)
There are videos on youtube showing all you need is to run a powershell command to get access into the ME.
Anyone opening the wrong webpage/attachment with the newest exploit can run a powershell script to activate the ME, and the hacker can instantly get KVM access, your data will be stolen without the OS even knowing about it.
The ME itself is close sourced and is highly insecure. If it's really for business only then why the fuck is it everywhere, why did they keep quiet about it, and why the fuck is it so hard to remove.
Only a lying cunt would defend something like this.
Fuck these shills.
lols.
Trump claimed his tower, Trump Tower in NYC, was tapped, that that HE was tapped.
Fail. Its worse than Watergate for Obama to wiretap a political opponent at the end of an election. The DNC, who rigged their primary to prevent Sanders from winning, also looks like they were rigging the general election as well. From this story it looks like they used CIA tools to make it look like Russians were hacking Clinton to blame Trump. From what I see, the ONLY evidence of election rigging is that done by the DNC.
The DNC has proven themselves too irresponsible to be ever given power.
People keep pointing to this piece of an NY Times story and inserting claims that were not made. It's been known for fucking months that US security services were keeping a damned close eye on Russian communications. If the likes of Sessions and Flynn were so fucking stupid and incautious as to be just chatting up the Russian Ambassador on behalf of their boss, well they deserve what they get. The takeaway here is that Trump and his proxies are fucking morons, regardless of whether they were actually doing anything wrong or not. In politics, the perception of scandal can be as bad as an actual scandal.
The world's burning. Moped Jesus spotted on I50. Details at 11.
As far as I know, it hasn't been cracked or even popular enough to be a concern.
The post went from Score 3 informative straight down to Score: 0 within an hour.
And they call this a fucking tech site.
Can't afford to let the cat out of the bag can they.
Towards (reasonably) trustworthy x86 laptops
Untrusting the CPU (33c3)
30C3 To Protect And Infect - The militarization of the Internet
Jacob Appelbaum - To Protect and Infect Part 2 - At 30c3 on Mass Surveillance Tools & Software
The Intel ME subsystem can take over your machine, can't be audited
So we're off the Russia-did-it narrative and now its back to old right wing radio?
Democrat playbook is only a few pages apparently.
And so I get to pay for all those extra pennies that the family declined to pay?
Do you think Levin has any actual evidence for his claims?
The world's burning. Moped Jesus spotted on I50. Details at 11.
Congrats for parroting the std leftist talking points
And when listening in on a foreign agent, if they find a non-investigated US citizen on the line, they are supposed to stop. Not record it, and then give the recording to CNN.
Whoops, you just listed a felony by a spy agency against a Trump team member, involving wiretapping. Bet you didn't intend to PROVE what was being claimed by Trump did you?
lols. You liberals have become so corrupt and dependent on the news to cover for you, you don't know how to handle it.
Either...
1. Spy agencies illegally spied on a Flynn call and leaked it to CNN, like you claim and Trump was correct.
2. There was no investigation into Russian Trump ties, and you all have been making it up for the last few months, an OUTRAGEOUS claim about a sitting president making claims that you have NO PROOF OF.
Which one is it? Are you a liar, or corrupt?
Do you have a similar post about the baseband processors in smartphones?
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Trump's team was located in Trump Tower throughout the election cycle. It's impossible to wiretap them without trapping Trump Tower.
Your naked shilling is hilarious. ShareBlue, CIA, or unpaid apologist?
shades of disappointement.
Remember kids, the shadows of disappointment are caused by occluding the sunshine of hatred!
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Finally, we can all spy on our spouses.
The insanity here is watching the masses ignore the shit out of it, while claiming they still care about privacy and security.
I get it. However, I thought the Invisible hand would correct these problems, once there is a demand for more privacy friendly hardware. But it seems the market is failing us. Time to panic?
Since the CIA apparently CAN make hacking look like it's coming from Russia, it all adds up now. Obama had the CIA hack the DNC to try to keep Trump out of the Whitehouse.
God you are dumb.
Flynn's recorded call, that was illegally leaked to CNN, happened in January. Are you seriously claiming Flynn didn't think Trump would win in January, 2 months after Trump won?
So it is ok to wiretap political opponents if you say "RUSSIA!" while doing it? I bet Nixon wishes he had known that was an acceptable defense and he wouldn't have had to resign.
So now you are outright ADMITTING Trump told the truth about Obama wiretapping Trump Tower, specifically his transition team after the election. So Trump isn't "unhinged" it is Obama that is "unhinged". You listed a lot of felonies happening under the Obama administration, and I doubt they would have done any of them without informing the president at the time.
Yep, Watergate was a walk in the park compared to this. What did Obama know, and when did he know it?
Your points sound good on a quick read AC. Maybe if you broke up your thoughts into paragraphs and developed them with a little more verbosity you wouldn't get ranked into oblivion. Your prose is more complex than average so to the casual observer it reads like a wall of obtuseness, which it isn't. So +1 "Insightful" from me if I had mod points to give.
Only I can judge you.
For obvious reasons.
BlameBillCosby.com
Don't we already have that in place? Don't families already have to stage car-washes and Fund-me campaigns to help pay for medical care?
Only I can judge you.
No. But isn't that the point. When you have marginally real 'news' organizations like Breitbart, and partially real ones like Fox laundering the fake news rantings of a circus clown like Levin into 'real' news, we have a problem.
In the past, The National Enquirer could blissfully print their space alien abduction stories, and nobody even considered that they were real. Facebook trolling fake news click-bait stories are probably not intended to be believed literally either - though they're harder to detect, and easy to emulate by those who intend to deceive. But Breitbart and Fox demand that we treat them as the real thing - though they uncritically disseminate this kind of crap, and rarely (if ever) retract stuff when proven wrong.
For what it's worth, Facebook could easily put a big crimp on it's fake news by vetting its news sources. Only publish stories from sources that adhere to some set of standards for truth and/or retractions. Why they don't eludes me. Other news aggregators surely do this. FB is making money off of fake news, and they'll keep doing it until their users protest. In fact lets start a "Day without Facebook" protest right now, shall we?
Posted from my Android phone. Oh, I can change this? There, that's better...
The scrapings at the bottom of that barrel you keep scratching for must be running thin.
Any other delusional conspiracy theories you'd like to share?
In politics, the perception of scandal can be as bad as an actual scandal.
Indeed. Just ask Hillary Clinton.
"Sneakers" 1992
ooh, sharebule, another new neato spawn of the illiminuti
Well, I figured I'd google to see. So I checked "Is IQ genetically linked?. The top three links at this time of posting are:
(1): https://en.wikipedia.org/wiki/Heritability_of_IQ : (relevant snippet) "The general figure for the heritability of IQ, according to an authoritative American Psychological Association report, is 0.45 for children, and rises to around 0.75 for late teens and adults.[5][6] The heritability of IQ increases with age and reaches an asymptote at 18â"20 years of age and continues at that level well into adulthood.[7] Recent studies suggest that family and parenting characteristics are not significant contributors to variation in IQ scores;[8] however, poor prenatal environment, malnutrition and disease can have deleterious effects.[9][10]"
[7]: Bouchard, Thomas J. (2013). "The Wilson Effect: The Increase in Heritability of IQ With Age". Twin Research and Human Genetics. 16 (05): 923â"930. doi:10.1017/thg.2013.54. ISSN 1832-4274. PMID 23919982.
[8]: Beaver, KM. (2014). "A closer look at the role of parenting-related influences on verbal intelligence over the life course: Results from an adoption-based research design.". Intelligence. 46: 179â"187. doi:10.1016/j.intell.2014.06.002.
[9]: Eppig, C. (2010). "Parasite prevalence and the worldwide distribution of cognitive ability". Proceedings of the Royal Society of London B: Biological Sciences. 277 (1701): 3801â"3808. doi:10.1098/rspb.2010.0973. PMC 2992705Freely accessible. PMID 20591860.
[10]: Daniele, V. (2013). "The burden of disease and the IQ of nations". Learning and Individual Differences. 28: 109â"118. doi:10.1016/j.lindif.2013.09.015.
(2) https://ghr.nlm.nih.gov/primer/traits/intelligence "Is intelligence determined by genetics?" (relevant huge chunk) "Researchers have conducted many studies to look for genes that influence intelligence. Many of these studies have focused on similarities and differences in IQ within families, particularly looking at adopted children and twins. These studies suggest that genetic factors underlie about 50 percent of the difference in intelligence among individuals. Other studies have examined variations across the entire genomes of many people (an approach called genome-wide association studies or GWAS) to determine whether any specific areas of the genome are associated with IQ. These studies have not conclusively identified any genes that underlie differences in intelligence. It is likely that a large number of genes are involved, each of which makes only a small contribution to a personâ(TM)s intelligence."
"Intelligence is also strongly influenced by the environment. Factors related to a childâ(TM)s home environment and parenting, education and availability of learning resources, and nutrition, among others, all contribute to intelligence. A personâ(TM)s environment and genes influence each other, and it can be challenging to tease apart the effects of the environment from those of genetics. For example, if a childâ(TM)s IQ is similar to that of his or her parents, is that similarity due to genetic factors passed down from parent to child, to shared environmental factors, or (most likely) to a combination of both? It is clear that both environmental and genetic factors play a part in determining intelligence."
(3) http://www.sciencemag.org/news/2014/10/genes-dont-just-influence-your-iq-they-determine-how-well-you-do-school (relevant snippets) " A new study of more than 6000 pairs of twins finds that academic achievement is influenced by genes affecting motivation, personality, confidence, and dozens of other traits, in addition to those that shape intelligence"
"In all, about 62% of the individual differences in acade
Thank you for putting in the work. That was very helpful.
We don't have a state-run media we have a media-run state.
> For what it's worth, Facebook could easily put a big crimp on it's fake news by vetting its news sources.
Help me out here. Do you actually think that if people can't communicate via Facebook, they won't spread it any other way?
Clapper DID NOT unequivocally deny it.
Parse his language carefully. "... I was aware of ... I oversaw ..." and most weaselly "...against Donald Trump ..."
If you wiretap foreigners and foreign agents and then US citizens speak with them, then YES you are wiretapping the US citizens. Your wiretap may not be (technically) "against" (a very strange word to use in what should be an explicit denial) the US citizen but that is a distinction without a difference.
No, WikiLeaks is a bunch (but mostly one guy) of idealistic patsies, not to be confused with real journalists. The way WikiLeaks "works" makes it much more useful for propaganda and disinformation than for the kinds of substantial facts that REAL journalists work hard to collect and then verify. Just send anything to WikiLeaks and you've got a megaphone. Idealists are too easily manipulated by abusing their ideals.
The trick to playing WikiLeaks involves the information glut effect leveraged against their lack of a real economic model. Because WikiLeaks also wants to raise money, they want to leverage their releases of information for maximum impact. The resulting visibility produces donations (including book sales (in case you've forgotten that ad)). That's also why WikiLeaks prioritizes leaking American secrets. Many Americans still care about these issues and can also afford to send money.
Given the situation that exists, I'm unwilling to guess how much of this story is real and how much is pure BS intended to ramp up the paranoia. WikiLeaks makes no pretense of even wanting to know who the sources are, what their motivations were, or how valid the data is. Then again, my own paranoia is so high that I remain confident Michael Hastings was murdered by hacking his car's electronics.
I suppose I could say more, but it doesn't matter much on Slashdot, and if Putin actually cares, then I'm already on one (hopefully more) of his watch lists. (I'm inclined to believe the claims that Putin is the richest man in the world, and if he has #PresidentTweety's pecker in his pocket (as I suspect he does), then he's also the most powerful.) These days Slashdot doesn't have enough journalistic credibility to sneeze at, though what most disheartens me is the lack of significantly funny comments, both in quantity and quality. The jokes associated with this target-rich topic were quite lame. I also looked at all the comments moderated as insightful, and did various keyword searches (all fruitless) for the terms I regarded as most interesting and insightful in relation to the topic.
"So sad," as Herr #PresidentTweety would tweet.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
So you got nothing but "I signed a NDA"?
You're talking bullshit here, the intel backdoor isn't secure and has its own backdoor, you can even access it through powershell.
Your NDA or "*6 years*" experience doesn't mean jack shit when anyone can use an exploit to tap into the ME, or the NSA send you a magic packet to your NIC which taps into the ME.
Why the fuck is that piece of shit activated when I buy a I3/I5/I7/Xeon? If I wanted corporate features the safe way should be allowing me to download a firmware form Intel, it shouldn't be built in by default and marketed as "advantage" or some other bullshit.
Fuck NSA and their shills.
networkBoy ( 774728 ) Is definitely a shill, the chip and ROM is on both consumer system as well as corporate systems.
win-raid.com has a long thread with every version of Intel ME from v1 to v11 available for download. People are sharing their Intel backdoor ROM from their consumer and corporate motherboards.
Intel Management Engine: Drivers, Firmware & System Tools Last Updated: 07/03/2017 (dd/mm/yyyy)
B1. Consumer Systems
Intel ME 11.6 Consumer PCH-H Firmware v11.6.20.1221
For 100/200-series SKL/KBL-S and SKL/KBL-H systems which come with ME firmware v11.6
Intel ME 11.6 Consumer PCH-LP Firmware v11.6.20.1221
For 100/200-series SKL/KBL-U and SKL/KBL-Y systems which come with ME firmware v11.6
Intel ME 11.0 Consumer PCH-H Firmware v11.0.22.1000
For 100-series Skylake-S and Skylake-H systems which come with ME firmware v11.0
Intel ME 11.0 Consumer PCH-LP Firmware v11.0.18.1002
For 100-series Skylake-U and Skylake-Y systems which come with ME firmware v11.0
Intel ME 10.0 1.5MB Firmware v10.0.50.1004
For Broadwell mobile systems which come with ME firmware v10.0
Intel ME 10.0 Apple Mac 1.5MB Firmware v10.0.35.1012
For Apple Broadwell mobile systems which come with ME firmware v10.0
Intel ME 9.5 1.5MB Firmware v9.5.60.1952
For 8-series systems which come with ME firmware v9.5
Intel ME 9.5 Apple Mac 1.5MB Firmware v9.5.4.1856
For Apple 8-series systems which come with ME firmware v9.5.x
Intel ME 9.1 1.5MB Firmware v9.1.37.1002
For 8/9-series systems which come with ME firmware v9.1 *
Intel ME 9.0 1.5MB Firmware v9.0.31.1487
For 8-series systems which come with ME firmware v9.0
Intel ME 8 1.5MB Firmware v8.1.65.1586
For 7-series systems which come with ME firmware v8 **
Intel ME 7 1.5MB Firmware v7.1.80.1214
For 6-series systems which come with ME firmware v7
Intel ME 7 Apple Mac 1.5MB Firmware v7.0.1.1205
For Apple 6-series systems which come with ME firmware v7
Intel ME 6 1.5MB Firmware v6.2.50.1062
For 5-series (Ibex Peak) systems which come with ME firmware v6
Intel ME 6 Ignition Firmware v6.0.30.1199
For 5-series (Ibex Peak) systems which come with ME Ignition firmware v6
Intel ME 5 Base Consumer Firmware v5.2.0.1002
For ICH10D desktop systems which come with ME firmware v5
Intel ME 4 TPM Firmware v4.2.30.1040
For ICH9M mobile systems which come with ME firmware v4
Intel ME 3 QST Firmware v3.2.3.1037
For ICH9 desktop systems which come with ME firmware v3
Intel ME 2 QST Firmware v2.0.6.1125
For ICH8 desktop systems which come with ME firmware v2
B2. Corporate Systems
Intel ME 11.6 Corporate PCH-H Firmware v11.6.20.1221
For 100/200-series SKL/KBL-S and SKL/KBL-H systems which come with M
This feature was designed for corporate users, basically putting a RILO card embedded into every corp desktop. From that perspective it's actually a really cool feature. Now, that it was so tightly integrated was Intel's way of making sure the OEMs bought it. Security was taken *VERY* seriously about this entire environment. Intel knows that if this was breached in a big bad way it would be devastating for it's customers, and thus for it as well.
Any other questions?
If it's for corporations the why is the Intel backdoor on most consumer systems? Why is it so hard to remove?
The corporation of the Intel backdoor firmware is 5MB, the consumer version is 1.5MB.
This simple fact alone shows you're shill who doesn't know wtf he's talking about.
Stop reading from an Intel brochure and use your head, if it's so easy to remove it wouldn't take coreboot/libreboot 5 years.
Any questions?
Read the list here
B. About Intel ME Firmware Updates
ME Firmware is divided into two main SKUs: Consumer/1.5MB for Consumer Systems and Corporate/5MB for Corporate Systems. To understand your exact SKU, manual research on your hardware may be required first. Usually MEInfo, MEManuf and ME Analyzer (by loading your BIOS file) can help you sort most system specific details out.
A3. Intel MEI Drivers & Software
These packages contain the Intel MEI/SOL drivers with their respective software & system services. It's important to install the correct package depending on your Consumer/1.5MB or Corporate/5MB system.
Intel MEI v11.6.0.1047 for Consumer systems Drivers & Software
Intel MEI v11.6.0.1047 for Corporate systems Drivers & Software
Intel MEI v11.0.6.1194 for Consumer systems Drivers & Software
Intel MEI v11.0.6.1194 for Corporate systems Drivers & Software
Note: ME Drivers & Software v11.6.0.1047 includes MEI v11.6.0.1042. ME Drivers & Software v11.0.6.1194 package includes MEI v11.0.5.1189 driver.
They'd rather link to fagot n1gger site for clickbait money.
Many shills are trying to do damage control claiming the Intel backdoor is only a corporate feature.
That is a LIE.
The corporate version of the Intel backdoor firmware is 5MB, the CONSUMER version of the backdoor firmware is 1.5MB.
Read the long list of Intel backdoor firmware here.
The long thread has people sharing their own Intel backdoor firmware ROM dumped from their own consumer desktop motherboards.
The consumer version does not require extra software or system services. Anyone who claims the backdoor is for corporation only is a liar.
A1. Intel MEI Driver Only
These packages contain only the Intel MEI driver without any additional software or system services. They are compatible with both Consumer/1.5MB and Corporate/5MB systems. Since the software and system services are not really needed for Consumer/1.5MB systems
B. About Intel ME Firmware Updates
ME Firmware is divided into two main SKUs: Consumer/1.5MB for Consumer Systems and Corporate/5MB for Corporate Systems. To understand your exact SKU, manual research on your hardware may be required first. Usually MEInfo, MEManuf and ME Analyzer (by loading your BIOS file) can help you sort most system specific details out.
who post on slashdot please leave a disclaimer. Thanks!
Yes, the "Buck Never Stops Here" president. Nothing in his administration is his fault.
He was on Fox News waving around NY Times from Jun 2016 talking about how the administration was asking for taps and the court said no then, but yes in October. So.. the NYT?
trump got info via federal sources tracking vault7 release -- trump had julians key b4 others
You stated: It's been known for fucking months that US security services were keeping a damned close eye on Russian communications. I have a question: Who knew? I know lots of people speculated but this stuff is Top Secret. It is not for public consumption by design. So again, who actually knew anything?
Please understand that I know everyone has an opinion of what happened or who was being investigated for what. But only the FISA courts know who is being surveilled in this manner. This type of thing is exactly why FISA was created in the first place. It's purpose was to give accountability to covert surveillance so it isn't used for political purposes or against US citizens without a damn good reason.
The only way the opposition leader of a party (Donald Trump) gets investigated as a Soviet foreign agent - a real one - is if the President himself (Obama) signs off on it. There is no way in hell that investigation goes on without his express permission because of how it looks and the precariousness the situation during the election.
Either the surveillance was rogue or it went through the FISA court and has documentation (like probable cause, etc). If surveillance was rogue, Obama and his administration have a huge problem. And if it was approved and no evidence was found, then why are we still talking about it?
Trump was a target of this monster and he is sounding the alarm. Making this an issue is doing the right thing.
If Intel can write a firmware or driver to access the ME. So can a hacker.
Intel's firmware isn't the only key to access the hardware feature. So your work experience is completely irrelevant.
I just checked my rig and it has Intel ME in it.
This is very, very bad.
Ok genius, who ordered the wiretapping? Give us specific name, not a hand waved three letter agency or "FISA approved it" or some other bullshit.
You don't have -any- idea clue or information the rest of us don't have. You are spewing based on absolutely nothing but your political bias and agenda.
Who lets such crazy stupid paranoids like you outside psych wards?
Certainly if they intend to communicate fake news, they have plenty of ways. But it seems like the biggest problem is people spreading stuff via Facebook that they don't know is fake. Or that they click 'Like' on, because they think it's funny - and then all their friends see it and don't get that it's fake.
My point is for those of us who think fake news is a problem - and Facebook's solution isn't good enough - should communicate to Facebook that we think it's a problem, and will consider pulling back our use of their site. For once the "you're the product" dynamic actually gives us some power. So why not use it?
Posted from my Android phone. Oh, I can change this? There, that's better...
1. Qualcomm has monopoly on mobile patents.
2. Qualcomm chips has backdoors baked in.
https://twitter.com/i/moments/... Disclosure, it's my first try at making a Moment.
Former Intel employee under NDA claims closed source binary blob hidden in Intel hardware is secure.
For what it's worth, Facebook could easily put a big crimp on it's fake news by vetting its news sources. Only publish stories from sources that adhere to some set of standards for truth and/or retractions. Why they don't eludes me.
Because Facebook wants to be able to call individual Facebook user submissions as "news". They also don't want to hire humans to manage the newsbot sifters to make sure nothing that may damage the Facebook News brand (like a shitpost). What I find egregious is that Facebook could easily declare their "news" feed a rumor mill, avoid all this angst, but those greedy f**kers just want to call user innuendo and content "News" for marketing purposes, but not exert an iota of responsibility in validating the content.
There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon
How long before Zeynep comes out and says that the leaks are fake / inaccurate / technically void and urges the public to keep using WhatsApp; Calling those who stop using it idiots, fools, traitors, and scum.
Will she denounce Fox for reporting on it like she denounced The Guardian. You betcha.
A spook in geeks clothing.
[Rent This Space]
Fining people for not have a subscription service is not a right. And it certainly isn't freedom.
This is classic misinformation. Presumably Wikileaks is just an NSA operation (what better way to catch the leakers and whistleblowers!). Windows update (and ilk) is all that is needed to get a hook into a device. Who would waste their time playing around with erratic vulnerabilities? And co-operation from said companies is a (secret) no-brainer.
When I hear stories like this from Wikileaks I always wonder why the real stories never appear. Why no stories about what submarines get up to with cables? Why no stories about satellite capabilities (like with MH17)? And why no stories about Windows Update?
Insurance costs should come way back down.
I'll hold you to that, AC.
Personally my money's on costs continuing to go up, up, and away! but at least conservatives will be happy.
Yeah right. That's the point of the game: the real players moving the pieces don't ever have to be on the hook if it turns into a disaster.
It's all about privatizing profits and socializing costs.
You greatly overestimate how difficult manipulating a transparent narcissist like Trump is.
Especially for someone like Vladimir Putin, who when he worked for the KGB was trained to successfully manipulate real diplomats.
I can't *imagine* why Putin didn't want an old war horse like Hillary who'd see right through him to be President.
For what it's worth, Facebook could easily put a big crimp on it's fake news by vetting its news sources. Only publish stories from sources that adhere to some set of standards for truth and/or retractions. Why they don't eludes me. Other news aggregators surely do this. FB is making money off of fake news, and they'll keep doing it until their users protest. In fact lets start a "Day without Facebook" protest right now, shall we?
The creators of the right-wing fake-news sources have already patched that vulnerability.
They've created a fucking cult which tells you to not believe any other source of news, and that anyone who says otherwise is not to be trusted.
Trump clearly has no trust of his own departments, and spends far too much time watching television
Maybe now he'll stop watching that much TV?
3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.
Naaaaah... He'll probably just get a blanket to throw it over the TV or he'll start playing music from his phone to "jam the TV" or something equally retarded and unhinged.
Like he'll start forcing everyone around him into the bathroom where he'll keep flushing the toilet while whispering about spies who are out to get him.
Mit der Dummheit kämpfen Götter selbst vergebens
Oh bull pussy! He is diverting attention away from his crew getting found out colluding with Russia. This happens every time one of his boys gets caught. You aren't even paying attention.
Healthcare costs could be brought down by more than 50% by restoring freedom to the consumer, which means freedom to self diagnose and self treat. Obviously taking that away and granting a license to diagnose and treat will increase costs. It can increase quality too, but the freedom to pay extra for that quality would still exist without it.
I don't have a problem with that freedom, but nobody should be choosing to self diagnose and treat because they can't afford professional care.
I'd lay good odds that has already happened.
Stop insulting parrots! They are better than most people.
Only in America.
I thought all you had to do was run an altered hosts file!
So what kind of restrictive, and yet usable router/gw/proxy setup should be used.
I know from radio that the first step is to be able to listen for it... how can we do this?
Catatonic
Trump's team is known to have had contacts with Russian officials.
Oh Noe! Except Clinton received money from the Russians.
Clinton collected millions in donations from Russians: NYT
Hillary campaign chief linked to money-laundering in Russia
You can politely ask the ME to overwrite itself
So can the NSA, through your WiFi.
NSA has the signing key and there will be no evidence after they're done using it to hide backdoor in other parts of your machine.
If there is anything wrong about an arrest, the appropriate place to address it is in court. Burning cars won't make things right. People who do this are savages who deserve to be shot by the police and property owners.
Swedish culture and ethnicity is being wiped from the face of the Earth. Is this a good thing? The loss of a culture and ethnicity? Is it perhaps unimportant or even desirable that a western culture or white ethnicity be wiped out, but tears would be shed for any other?
A nation is more than a piece of land or a set of laws. Putting 3rd-world people in a 1st-world country does not turn 3rd-world people into 1st-world people. Given the birth rates and the rape and the other violence, the 1st-world people just go extinct. This is not mere immigration, and certainly isn't integration. It is conquest.
Things are going to work out for the Swedes about as well as things worked out for the original natives of the Americas when Europeans showed up. The original population goes bye-bye.
Do we get to see the full shadow, or merely the slightly peeved penumbra?
People might take you more seriously if you weren't so obviously full of rage. Probably not though because that seems to be your main selling point.
Bush was an idiot ignorant country bumpkin hayseed, remember? Never mind that he graduated from Yale University and the Harvard Business School. Now the new narrative is that Trump is an ignorant doofus. Believe this propaganda at your own peril. If you live long enough, you'll start to see this sort of thing, and come to the realization that lots of people tell the same lies over and over, year after year because there is a new crop of young minds waiting to be brainwashed...
A sane person would be concerned about even the slightest whiff of a government using it's power to go after political enemies.
Murphy was an optimist
Conservatives will be happy until they or their kids suffer a chronic condition their insurance company will refuse to cover or they have to go to the hospital. Then they may realise they've screwed themselves and their kids. Or maybe they won't realise anything. We're not talking about thoughtful, insightful people here.
Only boring people are ever bored.
The president has the power to order a wiretap without a court order. Clapper is using word semantics!!!
Taxing someone for being a member of a group that costs society money, on the other hand, is perfectly normal. We do it with smokers. We do it with car drivers. Why shouldn't we do it with people who don't have health insurance?
It's not even as if we're forcing everyone who doesn't have it to pay a fixed fee - it's just a slight increase in income tax for those who don't have insurance, to help recover the costs they incur by being vastly more likely to declare bankruptcy, have unrecoverable medical debts, and be more likely to be sick and cause others to be sick. We're also making it easy to avoid the situation of not having insurance, by subsidizing it for those on lower incomes.
In some respects, its fairer than taxing cigarettes. The latter are an addiction, and smoking is hard to quit, whereas the availability of subsidies means getting insurance is an easy thing for most of the population to do right now.
Don't get me wrong, I don't like Obamacare, but you're complaining about the wrong aspects.
You are not alone. This is not normal. None of this is normal.
If this is the real deal, then Russia and China are thanking their maker for Wikileaks, and are using this treasure trove to get busy "going dark" while we are going to stay lit up like a Christmas tree... Why is everyone on this board so naive to not consider the strategic and national defense implications of a leak on this scale?
LOL, Intel used custom compression and multiple instruction sets (ARC/ARCompact/SPARC V8/ARM) for their backdoor to make reverse engineering extremely difficult.
And this Intel shill come out acting everything is save because "the firmware is signed". And the other NSA/CIA shills modded him up.
The Trouble With Intel's Management Engine
To break the Management Engine, though, this code will have to be reverse engineered, and figuring out the custom compression scheme that's used in the firmware remains an unsolved problem.
But unsolved doesn't mean that people aren't working on it. There are efforts to break the ME's Huffman algorithm. Of course, deciphering the code we have would lead to another road block: there is still the code on the inaccessible on-chip ROM. Nothing short of industrial espionage or decapping the chip and looking at the silicon will allow anyone to read the ROM code. While researchers do have some idea what this code does by inferring the functions, there is no way to read and audit it. So the ME remains a black box for now.
There are many researchers trying to unlock the secrets of Intel's Management Engine, and for good reason: it's a microcontroller that has direct access to everything in a computer. Every computer with an Intel chip made in the last few years has one, and if you're looking for the perfect vector for an attack, you won't find anything better than the ME. It is the scariest thing in your computer, and this fear is compounded by our ignorance: no one knows what the ME can actually do. And without being able to audit the code running on the ME, no one knows exactly what will happen when it is broken open.
The first person to find an exploit for Intel's Management Engine will become one of the greatest security researchers of the decade. Until that happens, we're all left in the dark, wondering what that exploit will be.
He was a successful businessman too, and all totally on his own merit and nothing to do with his family connections at all, no no no, I must have him confused with someone else.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."