Slashdot Mirror
Google Working To Remove MINIX-Based ME From Intel Platforms (tomshardware.com)
An anonymous reader quotes a report from Tom's Hardware: Intel's Management Engine (ME) technology is built into almost all modern Intel CPUs. At the Embedded Linux Conference, a Google engineer named Ronald Minnich revealed that the ME is actually running its own entire MINIX OS and that Google is working on removing it. Due to MINIX's presence on every Intel system, the barebones Unix-like OS is the most widely deployed operating system in the world. Intel's ME technology is a hardware-level system within Intel CPUs that consists of closed-source firmware running on a dedicated microprocessor. There isn't much public knowledge of the workings of the ME, especially in its current state. It's not even clear where the hardware is physically located anymore.
What's concerning Google is the complexity of the ME. Public interest in the subject piqued earlier this year when a vulnerability was discovered in Intel's Active Management Technology (AMT), but that's just a software that runs on ME--ME is actually an entire OS. Minnich's presentation touched on his team's discovery that the OS in question is a closed version of the open-source MINIX OS. The real focus, though, is what's in it and the consequences. According the Minnich, that list includes web server capabilities, a file system, drivers for disk and USB access, and, possibly, some hardware DRM-related capabilities. It's not known if all this code is explicitly included for current or future ME capabilities, or if it's because Intel simply saw more potential value in keeping rather than removing it.
What's concerning Google is the complexity of the ME. Public interest in the subject piqued earlier this year when a vulnerability was discovered in Intel's Active Management Technology (AMT), but that's just a software that runs on ME--ME is actually an entire OS. Minnich's presentation touched on his team's discovery that the OS in question is a closed version of the open-source MINIX OS. The real focus, though, is what's in it and the consequences. According the Minnich, that list includes web server capabilities, a file system, drivers for disk and USB access, and, possibly, some hardware DRM-related capabilities. It's not known if all this code is explicitly included for current or future ME capabilities, or if it's because Intel simply saw more potential value in keeping rather than removing it.
You are not alone. This is not normal. None of this is normal.
Google Working To Remove MINIX-Based ME From Intel Platforms
... and replacing it with Android. "Just how much juicy monetizable user data could we get that way?"
(I believe I'm joking, but I'm not completely sure...)
I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
Hrmm, so some of these intel systems would have linux on it, and linux would be on some AMD x86 systems, and intel ME isn't on Qualcomm/ARM chips in mobiles that android (linux) runs on, or any of these IoT devices. I'm willing to wager there are more mobile phones in the world than intel ME enabled PCs at this point.
Guys, can you at least get your facts straight before doing another FUD piece on the Intel ME?
1) The ME is not in the CPU, it's in the chipset, specificly it's loaded in the firmware of the firmware hub, and the "hidding processor" is in the chip we typically call the South Bridge.
2) It's OFF BY DEFAULT.
Go ahead and check it yourself:
INTEL-SA-00075 Detection and Mitigation Tool
https://downloadcenter.intel.com/download/26755
Tanenbaum gets the last laugh over Torvalds.
Nice try on the karma bump, slim, but we aren't buying it.
It's the year of the Minix desktop!
This doesn't line up with what I have heard over the past few months:
"Intel's Management Engine (ME) technology is built into almost all modern Intel CPUs."
and
"Intel's ME technology is a hardware-level system within Intel CPUs that consists of closed-source firmware running on a dedicated microprocessor."
How can the IME be INSIDE the CPU, when it's widely known that it monitors packets coming from your ethernet connection EVEN IF YOUR COMPUTER IS POWERED OFF? If it's powered off, there is no power going to the CPU!
Google might want to talk to Purism, who claim to have completely disabled Intel's ME in their secure Linux based laptops.
This is a lot of functionality to be cramming in at such a low level. That makes the attack surface bigger. When, not if black hats find an exploit for this, we can't even flash it with an update.
Open it up.
You should peruse this great website which talked about this three days ago...
https://tech.slashdot.org/stor...
It seems like just a day ago, there was a Slashdot posting about this, and several highy-rated comments amounting to "naw man, there's no way this could be a problem!"
So with all the verifiable, proven news of backdoors being built-in to software and hardware over the past decade, and all the news of vulnerabilities in software and hardware that compromise systems, people say "nah, not a problem, see, you can turn it off" about this "computer in my computer." Really? It's off?
I'm not seeing reports saying "The Intel ME is off by default in consumer devices, and this is verified by researchers." In fact, I'm seeing the opposite, which says that the Intel ME is always on. Do we have any proof that the "off switch" in BIOS actually makes this feature unexploitable? Because, really, that's what I want: I want this feature to be unexploitable, and the only way I can be sure of that is for it to be disabled, for real, because I don't need this feature.
So yeah, please forgive us all if we are just a BIT skeptical about Intel ME. Forgive us if we're skeptical of spokespersons at Intel saying "There's no problem with this feature."
This may be worth 0.02 or less but I believe the vulnerabilities can be mitigated somewhat by using disk encryption. I store all of my data on virtual encrypted file system with a hardware decryption key. When I am done with the filesystem, I just unmount it and remove the USB thumb drive that acts as the decryption key. Yes, it's a pain in the ass and yes, it really only works on desktops. It is a little impractical to do this on a server. It would be good for Google to find a way to stop this Intel menace.
Intel's ME being based on MINIX is quite old news. Or at least, based on the summary. Is there anything new in the talk that should have been in the summary / writeup?
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
Due to MINIX's presence on every Intel system, the barebones Unix-like OS is the most widely deployed operating system in the world.
I seriously doubt this claim. Phones have outnumbered PCs for years, for one thing. And Linux is deployed maybe even in more TVs and routers than phones, and numerous other embedded systems, now increasingly including cars. Anybody with decent stats on this?
When all you have is a hammer, every problem starts to look like a thumb.
First, not all Intel systems that are capable of it actually have the management engine software. Second, the Intel PC motherboard probably does not hold the "largest number of systems" title, that might belong to Android phones. And anyway isn't the fact that MINIX with its BSD/MIT style licensing was used for the most user-hostile system in recent time an indictment of that license? You would not see GPL software used for this, for obvious reasons, and people who use GPL should be proud of that.
Bruce Perens.
See subject: Stop it's ability to send info. outward via router port filtering ala ports 16992-16995 that Intel AMT/ME uses so filter those ports in a modem/router external to OS/PC. Intel ME/AMT operates from your mobo but has NO CONTROL OF YOUR MODEM/ROUTER!
(This stops it cold talking in/out permanently OR being able to remotely 'patch' it to use other ports by Intel OR malicious actors/malware makers etc.!)
Additionally, once you disable the AMT engine's software interface (ez via software these articles note)? A malware to 'repatch' this = impossible (bios updaters require it in usermode ware, e.g. ASUS).
(I only allow 80, 8080 & 443 in/out here on a SINGLE stand-alone system (no home LAN but TCP/IP connected online in BOTH my modem or router port filters or software firewalls))
HOWEVER - Be CERTAIN your modem/router's internal ware is "solid" as well (turn off things like UPnP etc. & CHECK router/modem HAS NO KNOWN BACKDOOR EXPLOITS (tons do unfortunately)) - get it patched ASAP if it's KNOWN exploited & TONS of routers, ARE https://it.slashdot.org/comments.pl?sid=9995967&cid=53488785/
* GOOD ROUTERS/MODEMS HAVE PORT FILTERING OPTIONS (crappy ones do not)!
APK
P.S.=> Good luck - it's the BEST EASIEST & CHEAPEST DEFENSE using what you already have (hopefully, again as not ALL modems have port filtering but most do & certainly GOOD ONES DO) vs. this threat by stopping it being able to communicate in/out period, from OUTSIDE of the INTEL chipset external to it via a router/firewall hardware... apk
Seriously, and no joke, chromebooks disable the ME after boot.
Some drink at the fountain of knowledge. Others just gargle.
Irony.
Brought to you by Carl's Junior.
Who told you about our ahem intentions?
Google is just as or more evil than... Wait. You know what? Fuck attempting to say something clever. I've always been on board with Open Source, yet I have always had my limits on the philosophy. It always seemed to me that the hard line Open Source philosophy wanted hold things back. I get it now. Not just because of this. Hold up and hold back. We are irresponsible with technology and ultimately we are holding back and damaging our species. If a hard line stance on Open Source means holding technology back, hold it back.
Brought to you by Carl's Junior.
See subject: Point me to a valid reputable security community source that shows more ports being used than what I listed.
APK
P.S.=> All I know is what Symantec & others showed in the past as to HOW this thing works & that is the port range noted (so block it as I said, off-mobo in your router (provided it is secure, has port filtering & no other 'bugs' (tons of routers do & not all do port filtering as I noted)))... apk
"According to some researchers, the ME has access to âoeeverything,â including network, memory, and the cryptography engine" FROM http://www.tomshardware.co.uk/intel-amt-vulnerability-me-dangerous,news-55499.html/
* TRY THIS INSTEAD (I came up w/ it & so far it's been pretty solid & 'up-voted' by our /. peers in the past) https://linux.slashdot.org/comments.pl?sid=11338175&cid=55522717/
(See subject - Your heart was in the right place though)
APK
P.S.=> You'll understand HOW/WHY it'd work since it works "off-motherboard" in your router (using port filtering to block Intel AMT/ME)... apk
Without a doubt, this Achilles heel is a worldwide disaster waiting to happen. When it gets hacked, everything will be vulnerable. Once this software gets hosed, there is no simple way to fix it or even people knowledgeable enough to fix it. If it is used to take down the Internet, it may be months or years of darkness before everything can be restored, if ever.
Intel is running their software on your CPU, using electricity
which you pay for. If they do not compensate for that, they are essentially
stealing money from you, which is an offense for which they can be held liable in court.
I propose everbody with such a CPU starts sending Intel invoices.
If they do not compensate, a class action law-suit should be started.
Why does a 1970's show from Great Britain Suddenly seem so relevant Now?
queue.. the Federation.. is the Orange One actually Avon ?
UPDATE: Ports 623-625 also filter them - JUST picked that up today (new information apparently, maybe for versions past 5-11.6 Intel AMT/ME have).
APK
P.S.=> An unidentifiable ac (probably a troll harassing me as usual) noted it uses port 80 in his reply to my original post (maybe in the usermode software interface, that's easily removed, but I have not seen news of it being in the MINIX on motherboard chip portion)... apk
This sounds like an Austin Powers Spy thriller
https://www.eff.org/deeplinks/...
1) It doesn't matter where in the hardware its physically located.
2) It's ON by default, Intel says it checks the config as its doing power management to see if its disabled then stops. But any attacker would interfere with that check to keep it running.
3) ITS A FOOKING BACKDOOR UNDER INTELS CONTROL. You have no idea if it actually disables itself because you are only going on words Intel throws your way. It's a fooking backdoor with an encrypted link back to Intel that is completely out of your control despite owning the hardware. It has the effect of nullifying any security measure you have in place. It's running a fairly large OS, with a giant attack surface, so its an exploitable backdoor by third parties too.
4) "Go ahead and check for yourself"??? You know this is closed source running on an embedded processor, THEY CANNOT check for themselves.They like you can only read Intels press releases and hope they're not lying too much.
The only person spreading FUD is you.
See subject Bert64 - Monitoring in/out communique from router logs external to the PC would tell fact of what ports it used easily beyond Intel's docs.
* Communication in/out of the motherboard/pc STILL has to go thru a router (they have logs & there are other kinds of analysis equipment too) - what do you THINK security researchers used to determine it Bert64? Intel's DOCS alone?? Guess again - I wouldn't have done THAT!
Above ALL else Bertie boy? I don't see YOU contributing a DAMN THING here other than effetely TRYING to "give me guff" - you're useless!
APK
P.S.=> Lastly, 1st you say
we still have no idea what ports it uses - by Bert64 ( 520050 ) on Thursday November 09, 2017 @09:21PM (#55523263)
& THEN you CONTRADICT that via
We know for sure that it does use those ports listed - by Bert64 ( 520050 ) on Thursday November 09, 2017 @09:21PM (#55523263)
- Kindly make up your mind, ok? apk
hardware built into every PC? Are they going to somehow overwrite the Minix OS? Any side effects?
See subject: When you enter the port ranges to filter (how port filters are done OR can be done usually, not just singly) it's covered IF you do what I do (only allow 80/443/8080) anyways IN the range layout (by luck for me really).
* "BONUS" (lucky, but 'bonus' anyhow)!
(Thanks for the upmods to whoever issued them my way too...)
APK
P.S.=> Anyhow/anyways - enjoy people - this DOES work (not to remove it but rather to CRIPPLE it vs. its no username/no password required penetration problem)... apk
It's a UNIX system, I know this!
Lookup Google Chrome EFast (a malicious doppleganger created by OpenSORES code for Chrome being out there - think about that).
* Google NOT "holding back" BACKFIRED on them (per my subject line above).
APK
P.S.=> That is THE main reason I won't OpenSORES my sourcecode for APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ - I will NOT allow that happening to anything with MY NAME on it = why (I'm NOT that stupid, not after threats I've had issued my way here on this site alone in regards to it) - Too bad - I'd open its code & POSSIBLY have another dev improve it (never hurts to have another "pair of eyes", especially GOOD ones/skilled in Object Pascal/Delphi)... apk
There's no contradiction, we know for sure it uses *some* ports but do not know what other ports it *might* use. Your notion of blocking the known ports is flawed as it may well communicate via other as yet unknown ports.
See subject: Point me to a valid reputable security community source that shows more ports being used than what I listed.
I don't need to prove that more ports are being used, you need to prove that other ports are *NOT* being used in order to validate your claim that filtering at the network layer is effective.
Monitoring in/out communique from router logs external to the PC would tell fact of what ports it used easily beyond Intel's docs.
Monitoring the network traffic only shows the communication that actually takes place, not the communication that *could* take place. We don't know if any circumstances exist in which it could attempt other forms of communication. Sure the network router could log this traffic were it to take place, but we cannot be sure of all the triggers which would make it do so. That also assumes that the device only has wired connectivity, which is connected directly to your networking equipment. If the device has any form of wireless connectivity it could attempt communication with anything that's within range.
Unless we are 100% sure of all the possible network communication the device could perform, and what could potentially trigger it, a blacklist approach at the network gateway can never be truly effective.
We don't know, and a lack of knowledge is dangerous.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
See subject line: Says it all & router logs tell all from mobo outward. We know what ports it uses via that route for sure...
APK
P.S.=> It's all you need to know as to what ports it uses - & by the way? Do better than that, yourself, ok??... apk
"Hey, I was wondering APK, can you modify your famous HOSTS file to suit a different platform?" - by Anonymous Coward on Friday November 10, 2017 @12:08AM (#55523921)
See subject & https://www.embarcadero.com/products/delphi/ but then see this & why I don't https://linux.slashdot.org/comments.pl?sid=11338175&cid=55523653/
* Too bad - I could do all you require & THEN SOME... but you see why I will not.
APK
P.S.=> Period... apk
BBOS was based on a realtime nix aka QNX, so why not keep options open? I'm hoping to run Intel ME as main OS ala CyanogenMOD inspiration; whatis wrong with administrators having access to all states and data down the hardware chain when I am the admin with true party of interest standing at arms length?
BIOS should always start with /sbin, and the end-user OS just a sandboxed /usr/local mountpoint.
See subject: This (it works) https://linux.slashdot.org/comments.pl?sid=11338175&threshold=-1&commentsort=0&mode=thread&pid=55522717/|
* Good Luck!
('Edge cases'? Too bad where your going apparently can't figure out things I did, doesn't really take a brain... I only posted what works, unquestionably - figure that problem you note of roaming yourself...!)
APK
P.S.=> I'll tell you 1 thing - it's NOT easy being "world-class" (like me), lol... apk
See subject: Windows' WFP/SFP already protect hosts vs. alteration & my program does above that (nothing usermode busts in). Access IS, 'encrypted' (not really but close enough). ID matters.
* Straight-up, best I can do on THAT account!
(Every 200ns, not ms, my program applies read-only attribs above Windows' own methods - you can't get to it in usermode)
APK
P.S.=> I understand you're 'trolling' me but come on - That's weak of you, lol... apk
Which is enabled/disabled in the stage0 bootloader usually, with signing/hashing just like the Intel ME firmware.
The only difference is that the TrustZone stuff runs on ARM cores and may run either on the primary cores, or a dedicated coprocessor depending on the design chosen by the downstream chip designer.
Earlier versions of TrustZone as well as the ARM Java/JVM stuff (I forget what those extensions were called, but they were basically the predecessor to TrustZone) were completely proprietary, required even stricter license to develop or use, and were never enabled for end-user applications. In theory you can install a custom TrustZone kernel on the later implementations, but I am not clear on if that documentation is available outside academia/nda'd commercial settings, and even then 99 percent of ARM devices that support TrustZone will not allow you to install an unsigned or user signed TrustZone kernel, and even on those devices that will, you will lose support for a large variety of applications (gapps and likely widevine support on android) that rely on the vendor key baked into a locked device's image, which your unlocked device will not have available to avoid the risk of you reusing the key to commit piracy or avoid digital rights management restrictions on the code, data, or device.
Ever since the mid 1990s when ATX got implemented on Pentium era motherboards (Might have been some 486 that were as well, or PPro/P2s that were AT instead, although I had had neither.) motherboard chipsets have contained microcontrollers which ran off a 5V standby supply provided by ATX power supplies. The concerns regarding this from both a security and 'is it really off' perspective were debated about *BACK THEN* with the background context of the Clipper Chip and a variety of other concerns about software and hardware backdoors.
Fast Forward to today: We have 4+ billions more people with computer access and none of them know the history or concerns of the 90s era Web/Cypherpunk movement and how the concerns of that era have been snuck into every piece of general purpose computing hardware since the mid 2000s, starting with cryptographically locked down cell phones, and ending with end to end exploits in general purpose PCs restricting both the replacement of firmware with documented open source and auditable alternatives as well as operating systems which not only *HAVE* backdoors provided, whether to government or corporations, but actually disclose this fact in their license agreements and have you agree to indemnify them if you are found civilly or criminally liable or are hacked as a result of running their operating system.
I can only hope the great culling that is going to happen when the elite finally decide they don't need the majority of human labor any more takes the internet plebs first and sees those of us who survived this debate in the 90s the opportunity to say I told you so to the pile of corpses, and not as I fear that we all get culled, or worse yet enslaved into the sort of dystopian void imagined by all the near-future science fiction authors of the past 50 years or so.
Are AMD CPUs clear of it?
Has someone got it onto RISC chips?
Has the NSA or other criminals got their hooks into it?
Can it be "zapped" with some xrays like cancer patients?
I'll see your Constitution and raise you a Queen.
can someone compute the global power consumption of all these processors? and then compute how many nuclear reactors we need to run them all?
For chromebooks where google can't use their own openbios-based stack,
they use heavily modified firmware, where the ME part running on the micro-controller embed in the chipset is reduced to the base minimum necessary to get the chipset running.
Among other, all the juicy bits that are targeted by ME-exploits (half-broken webserver serving as the user-interface, capability to reflash the UEFI/BIOS while the main Intel CPU isn't even powered, VNC-like server with USB-over-network extensions, etc.) are all removed.
(Common, these are *chromebooks*, why to they need tools for Admins doing "lights-out" maintenance ?!?)
In a similar way, the parts of UEFI that run at "negative rings" on the main Intel CPU have also been reduced or removed.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Until someone runs Doom on it.
intel ME isn't on Qualcomm/ARM chips in mobiles that android (linux) runs on, or any of these IoT devices. I'm willing to wager there are more mobile phones in the world than intel ME enabled PCs at this point.
The correct mention would be :
MINIX is the most widely deployed OS on desktops in the world.
But indeed, the desktop themselves are completely dwarfed by the embed world, were Linux seems to be the king.
and linux would be on some AMD x86 systems
BTW, IPMI is the industry standard for "lights-out management" (and Intel ME/AMT is the Intel proprietary "lights-out management").
According to several presentation at conferences :
- lots of IPMI implementation run actually Linux on their embed micro-controller.
(Meaning that even in the server room/cluster/data center, Minix isn't the king it claims to be on the dekstop)
- expect as many GPL-violations and tivoizations as you could imagine
(so no, you can't install Debian on your micro-controller)
- IPMI is just as buggy, broken and exploitable as Intel ME.
(Running a IPMI-enabled server with an Opteron on a Super-micro motherboard, won't save you from exploit. It will just switch you to a different collection of exploits).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
I was struggling with a decision between Intel and AMD, but right now ThreadRipper is looking like it'll be the center of my next machine.
Google has done a great job however Google also has done a good thing on pixel phones and that is their camera clarity.
See subject: It's that simple & if not? That's a risk you take/price you pay - as far as 'useless'? You come up with better, ok?
APK
P.S.=> We'll see WHO or WHAT is 'useless' then.. apk
See subject: Bert64 HAD to have used sockpuppets to self-upmod himself after I point out his bs here https://linux.slashdot.org/comments.pl?sid=11338175&cid=55526475/
* He didn't even contribute A DAMN THING that fixes this (I certainly did) for others, only his bullshit I completely shut down!
I.E. - Bert64 says we don't know what ports it uses?
(Ahem: "Bullshit")
A router log would show it & you can EVEN TEST IT YOURSELF since AMT/ME (the big stink about it) has a blank username/password logon string vulnerability you can use to TEST WHAT PORTS IT USES YOURSELF!
APK
P.S.=> To me, it's unbelievable the depths he obviously went to 'self-upmod' to TRY to "save face" vs. his HUGE ignorant blunder vs. myself while he tried "taking a potshot" @ me too no less... apk
MINIX is a transparent and nice OS, well suited for this kind of tasks.
Not only do we know what ports it could use, it could easily piggyback it's communications on a known port while it's being used. It's code may include anti-circumvention code that in the case it can't communicate with it's home base that it starts trying all available ports including port 80. It's ability to edit packets at transmission.
Solution: default-deny on all ports except the ones you provide services on or require yourself to provide those services. (I.e. including *outgoing* connections, not just incoming ones) and use a separate application-relay in your DMZ (like the original design of the TIS firewall - Marcus Ranum's old notes on effective firewall design are still the best advice out there IMHO) so that data cannot be hidden in the control packets and so that the application relay cannot access the internal network.
We don't know? It's easily proven via router log monitoring as I said https://linux.slashdot.org/comments.pl?sid=11338175&cid=55524099/ + on purpose abusing the blank password/username vuln AMT/ME has YOURSELF to see what it uses - NO questions asked: Your bs reply IS PUREST BS & doesn't MERIT a +4 rating!
* QUESTION: How many sockpuppet modpoints did you have to blow on YOURSELF to self-upmod yourself as "Bert64" to pull that off, eh?
DOWNMODDING LAST TIME I POSTED THIS PUTTING YOU AWAY TO "HIDE IT" TOO? Weak https://linux.slashdot.org/comments.pl?sid=11338175&cid=55526475/
You're obviously sockpuppeting... no questions asked.
APK
P.S.=> We don't know? No, Bert64 - Beg to DIFFER - we do know (just by using the vulnerability I note above AMT/ME has to "set it off" on purpose to MONITOR it by a router log check to see EXACTLY WHAT PORTS IT USES)... apk
See subject & BETTER question is what was this TROLL BS FROM YOU earlier https://linux.slashdot.org/comments.pl?sid=11338175&cid=55523761/
* Fucking useless troll...
APK
P.S.=> Jerkoffs like YOU are what ruins the internet (hell, the world - useless do-nothing imbeciles 'trolling' when those like myself help others instead... I pity "your kind", I truly do (you're so disgusting))... apk
See subject: I restrict ALL sources (2) to 1 download server (malwarebytes, so I am confident it's secured). It shows up anyplace else? I have it removed (I've done so)...
* Does that "lessen my surface area" for exposure of it? Yes, but it keeps it safer vs. what you say (& I periodically go looking for what you say happening).
(As I said, Dr. Mark Russinovich pretty much does the same - you get his file from HIS servers (or MS ones only), for those reasons...)
My program itself can't be altered (self-checking code) & if it alters by even 1 byte? It won't run & warns you of alteration... had fools try it with hexeditors etc. & they failed, lol!
APK
P.S.=> Above all though - too bad I have to do it thus, & yes, not release the source - others MIGHT be able to improve it & yes, I have a model that is 50% faster with large data here I am testing too, but I wait a LONG time prior to release to shake out ANY issues first (only malwarebytes has seen & audited it - they gave it a clean bill of health & wouldn't host it otherwise & I didn't blame them either))... apk
See subject & I put Bert64's TOTAL bs away https://linux.slashdot.org/comments.pl?sid=11338175&cid=55527999/ (you can force it to work to show what ports it uses, router logs record it) & that useless FAKE NAME for a FAKE LIFE (like you) are FULL OF IT - any FOOL can "theorize", I actually provide a USEFUL PROVABLY WORKING DEFENSE vs. it instead (BIG difference between MY kind, & "your kind", merely 'theorizing' with NO PROOF as was demanded of me).
APK
P.S.=> The REASON AMT/ME is worried about IS what you use against it to monitor it via routers - it has a BLANK LOGON error (means anyone can use it) so force it to work, monitor & block ports it uses - it is NULLIFIABLE, easily & proving it is easy as I just stated - you guys w/ your 'theoretical bullshit' are like saying "BUT, but, but... if the grass was blue & the sky was green" horseshit... apk
See subject: you routinely fail to understand the point the other person makes, freaks out and attacks them with nonsensical bullshit. Brockmire P.S=> learn to fucking write a comprehensible post. Brockmire
See subject: Fact - AMT/ME's easily monitored via routerlogs on ports & is triggerable manually for testing (blank logon which IS WHAT EVERYONE WORRIED ABOUT in Intel AMT/ME) stupid.
* Have Bert64 the self-upmodding bullshit artist do-nothing prove me wrong... or you can try too (good luck, it's impossible & you KNOW it, you FAKE NAME for your FAKE LIE OF A LIFE puny off-topic do-nothing TROLL you are that constantly stalks & harasses me (your post history proves it)).
Bert64 via sockpuppets TRIED DOWNMOD "HIDING" THIS NO LESS too, lol!
Always a pleasure to make you EAT YOUR WORDS vs. me again, as I have before, lol https://slashdot.org/comments.pl?sid=10557875&cid=54347839/ chump.
APK
P.S.=> See subject & his "POINT" = bullshit vs. the facts I laid out (& NO QUESTIONS ASKED my method WORKS to block AMT/ME nullifying it & SO DOES MY PROOF of how to analyze it for ports used, so his 'point' falls apart right there, lol - just like your useless bs, loser)... apk
I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
(APK's) work, I've flat out said it's good by BronsCon
I've tried his hosts file generating software. It works by bmo
APK your posts on this & the hosts file posts, and more, have never been in error &/or bad advice by BlueStrat
Your premise that hostfiles are a good way to deal with advertising & malvertising is quite valid by JazzLad
I like your host file system by Karmashock
NEED MORE?
* Hosted by Malwarebytes' hpHosts!
YOU'VE DONE BETTER? No,
APK
P.S.=> China imitated me http://www.theregister.co.uk/2017/04/26/boffins_supercharge_the_hosts_file_to_save_users_plagued_by_dns_outages/ ... apk
Supposedly we all may have this pretty cool feature built into our processors, that if we can figure out how to get access to it and control it, we can then do lots of cool shit with our computers without even having to turn them on fully. We should set up some kind of public 'bounty' or such, to incentivize and reward the first people to get us a reliable open source toolkit, for taking control of this feature on our processors and putting it to use - and further bounties, for discoveries of externally accessible exploits within this feature (and a super-sized bounty for discovery of deliberate malicious exploits/backdoors built in). There's not just a security-based incentive for giving huge financial rewards here, there's the incentive based on this being an actual really cool feature.
See subject: Answer that. If on a server pointing @malwarebytes it's ok coming from 1 place @ malwarebytes. Not worth worrying about.
If YOU manage to do better you FAKE NAME for your FAKE 'life'? Then talk troll "ne'er-do-well" https://linux.slashdot.org/comments.pl?sid=11338175&cid=55528623/
MY work gets featured well & does well - your non-existent work, doesn't (lol) see link above as proof thereof... hell, Alexa shows it's one of, IF NOT THE MOST POPULAR PROGRAM @ Start64.com in fact (3% of their total traffic).
LMAO - All you do, which you post history PROVES for me, is stalk me - you have a REAL "hardon" for me don't you?
It's your FAULT you're a do-nothing zero, not mine!
APK
P.S.=> A "DO-NOTHING STALKING DOUCHE" like YOU might try put MY work up elsewhere to "prove your point" but you only prove you're a trolling JEALOUS fool... apk
See subject & WHY Bert64 has to "Run, Forrest: RUN!!!" vs. this against his UTTER useless bs 'theorizing' I shut the fuck down easily with facts https://linux.slashdot.org/comments.pl?sid=11338175&cid=55528559/
* You stupid little useless trolling fuck...
APK
P.S.=> Unbelievable - your weak bullshit (attempting to 'mock me') FAILS & that puny 'tactic'? Straight outta the "Rules for Radicals" by Saul Alinsky (always fails)... apk
Had a *DEDICATED* remote console port, whose only purpose was to connect the iKVM to a private network that would be used for remote management purposes.
Intel ME on the other hand overload the PRIMARY NETWORK INTERFACE for doing remote management over the same network as your regular network traffic opening up both the threat profile of a hacker gaining access to your public network being able to remotely access your KVM, as well as a state actor with sufficient resources being able to compromise your system at a level ABOVE the kvm and doing sneaky things like pulling all the 'software protected' keys out of your ME based TPM 2.0 keyring and sending them to the NSA/FBI who in turn can use them for passive surveillance or decrypting your supposedly secure files whether for corporate espionage, the planting and signing of 'evidence' onto your computer systems, or simply for passive surveillance towards having both metadata and traffic level access to almost all data flowing over the internet, which in turn would make *ACTUALLY SECURE* encrypted streams easier to detect, since anyone with encryption after these exploits were taken would be running 'unauthorized electronic systems with weaponized encryption', and thus could be black bagged or rubber hosed as needed to begin identifying and eliminating rogue elements, whether criminal or political in nature.
People scoff, but the endgame is clear. Information is power, as the asymmetry increases it just makes more and more of us slaves to those who have the information.
captcha was 'slumming' as in 'cyberpunk' :)
There's probably a windows 10 spying driver for Intel ME. The customer is a piece of shit to modern tech companies. No choice, no privacy. Screw the customer.
Regardless, intel processors, whether they're purchased individually or on a machine manufactured by the likes of dell, has Intel ME activated from the start. That's the point. Your nitpick is insignificant.