Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel: We've Found Severe Bugs in Secretive Management Engine, Affecting Millions (zdnet.com)

Posted by msmash on from the security-woes dept.

Liam Tung, writing for ZDNet: Thanks to an investigation by third-party researchers into Intel's hidden firmware in certain chips, Intel decided to audit its firmware and on Monday confirmed it had found 11 severe bugs that affect millions of computers and servers. The flaws affect Management Engine (ME), Trusted Execution Engine (TXE), and Server Platform Services (SPS). Intel discovered the bugs after Maxim Goryachy and Mark Ermolov from security firm Positive Technologies found a critical vulnerability in the ME firmware that Intel now says would allow an attacker with local access to execute arbitrary code. The researchers in August published details about a secret avenue that the US government can use to disable ME, which is not available to the public. Intel ME has been a source of concern for security-minded users, in part because only Intel can inspect the firmware, yet many researchers suspected the powerful subsystem had bugs that were ripe for abuse by attackers.

102 of 207 comments (clear)

  1. Further proof by WoodstockJeff · · Score: 5, Insightful

    of how well "security by obscurity" works.

    1. Re:Further proof by zifn4b · · Score: 5, Insightful

      It works just fine until some fucking idiot blabs

      It's your thinking that is "fucking idiocy". It doesn't require someone to "blab", it requires a savvy hacker to discover it and that's precisely why you shouldn't do it because it's not good security practice.

      --
      We'll make great pets
    2. Re:Further proof by DontBeAMoran · · Score: 4, Funny

      My house lacking a fucking door worked fine until some jackass thief noticed the lack of door.

      --
      #DeleteFacebook
    3. Re:Further proof by Anonymous Coward · · Score: 1

      Apparently it works pretty well. Intel ME has been out for how many years now, and this is just coming to light now. So...sounds like they got away with it for quite a while.

    4. Re:Further proof by Archangel+Michael · · Score: 1

      Two people can keep a secret, if one of them is dead. Other than that it takes "trust" and that isn't security at all.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    5. Re: Further proof by DontBeAMoran · · Score: 4, Insightful

      When most people say "Security by obscurity" they mean "there's no door in the fucking doorway", not "there's a lock that can be picked on the door in the fucking doorway".

      --
      #DeleteFacebook
    6. Re:Further proof by Aaden42 · · Score: 4, Insightful

      The only people who think they're idiots for blabbing are the hackers and governments (what's the difference again? I keep forgetting.) who have been exploiting these bugs/back doors to their own gain. Just because you're just hearing about the bugs doesn't mean they haven't been known and used by others for years.

    7. Re:Further proof by thegarbz · · Score: 1

      of how well "security by obscurity" works.

      Given the length of time it has been in place combined with the complete lack of any open exploits until very recently I'd say so far the answer to that question is "incredibly well" clearly out performing most other forms of security.

    8. Re: Further proof by DontBeAMoran · · Score: 1

      The door is in the back of the house, you can't know there's no door unless you enter the property.

      --
      #DeleteFacebook
    9. Re:Further proof by gweihir · · Score: 1

      There was no one that did "blab" here. Instead the "fucking idiots" are all with Intel and likely the NSA.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    10. Re: Further proof by gweihir · · Score: 3, Insightful

      Credentials, crypto-keys, etc. are explicitly _not_ "security by obscurity". You just demonstrated extreme incompetence.

      Look up "Kerckhoffs's principle" some time to at least get a minimal clue.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    11. Re:Further proof by gweihir · · Score: 2

      And now it demonstrated how it works in the face of a competent attacker: Full, catastrophic, immediate failure. It outperforms any other security in this regard as well, only that it does worse than any other for of security.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    12. Re: Further proof by Ashtead · · Score: 3, Insightful

      This ME thing is like a door on the back of the house. It is painted so as to not be easy to tell apart from the wall, but it is not impossible to discover. And it even has a lock, with a key that has a funny and strange shape.

      And this backdoor is present on every house on the street. And although the key is of an obscure and not readily available design, it is the same one for all these houses. So once you find out how to open up one of these doors, opening any of the others on all the neighbors' houses from the same manufacturer iis easy, with the knowledge of the design of this key.

      Some other houses may have been made by a different manufacturer. Some of these have similar doors with a different key that works on all of them, in much the same way. Then there are still a number of houses that are either too old, or made by a manufacturer that doesn't include this back door.

      Point is, once the presence and nature of the back-door and its lock are known, the house is wide open, and security by obscurity has failed.

      --
      SIGBUS @ NO-07.308
    13. Re:Further proof by Groo+Wanderer · · Score: 5, Informative

      As the one who outed the 10+ year AMT bug a few months ago, Intel's ''security' policy is a joke. No it is worse than that, it is willfully malign. They know how to do the right thing but they refuse to do so for whatever reason. I have been begging them for quite literally years not to be abjectly stupid on TXT and ME security issues but they just get worse. You are seeing the tip of the iceberg, wait for the hardware issues you can't patch to be found....

                    -Charlie

    14. Re: Further proof by hey! · · Score: 1

      Not really. Accessing your secured assets always requires some secret, possibly encoded in hardware (something you have). But robust security reduces the secrets you depend on to a single easy to protect secret, like a private key.

      Security by obscurity refers to trying to using weak methods and hoping nobody notices.

      It's important to understand this, because you're making it sound like a well choosen high entropy password is no better than rot13. In fact passwords can still work pretty well, if you can force an attacker to search a large key space by brute force.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    15. Re:Further proof by zifn4b · · Score: 1

      Almost all security involves obscurity. I'd go so far to say that, aside from physical barriers (walls, guards, etc), all security is based on obscurity.

      I'm not sure why I feel compelled to respond to yet another AC on this topic, especially one that made a reference Legendary Hidden Treasures (El Dorado, the City of Atlantis) as though that were actually relevant to the topic, but have you heard of something called a Cryptographic Hash Function by chance?

      --
      We'll make great pets
    16. Re:Further proof by DarkOx · · Score: 1

      combined with the complete lack of any published open exploits

      There fixed that for you.
      We have no idea if the 3 letters American or otherwise have known about or have been abusing this for years! Nor do we know if organized crime groups might have been using it.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    17. Re:Further proof by thegarbz · · Score: 1

      Exploits don't need to be published to be in the wild, actually the vast majority of exploits aren't.

    18. Re:Further proof by thegarbz · · Score: 1

      it requires a savvy hacker to discover it and that's precisely why you shouldn't do it

      If that is your defence you've just described every exploit ever regardless of whether it was through security through malice or through sheer incompetence, and to be honest I'm not sure which of the three is the worst.

    19. Re:Further proof by MangoCats · · Score: 1

      My house with glass windows is perfectly secure, until somebody picks up a rock from the flowerbed.

      My uncle's solid wood front door was perfectly secure until some jerk with a sledgehammer smashed it open.

      Sometimes the key under the mat just doesn't matter, other times the thief will notice it and you're done.

    20. Re:Further proof by MangoCats · · Score: 3, Insightful

      But, are you privy to the government deals which have been brokered to leave these flaws in the mass market chips?

      Oftentimes, willfully malign is a signpost for covertly compensated.

    21. Re:Further proof by Groo+Wanderer · · Score: 2

      Some, enough to keep me from sleeping some nights, and more than enough to keep me from having any respect for the people ostensibly working in our best interest who simply don't get the implications what they are doing.

    22. Re: Further proof by Anonymous Coward · · Score: 1

      Security by obscurity has nothing to do with hiding your private key.
      It references the fact that you have a poor design but hope that no one looks there.
      E.g. build a massive safe, with a fancy complicated unpickable lock, but painting the safe hinges the same color as the wall, hoping that no one looks at the hinges, because anyone with half a brain can just take the hinges off.
      The 'private key' (combination) is still secret, but the security is not there (only in appearance...big safe door).

    23. Re: Further proof by toddestan · · Score: 1

      Security by obscurity would be more like there's no obvious door into the house. There's a lever obscured by the downspout that when pulled opens a secret door so you can get inside. Anyone determined to get into your house will figure out how to get in, especially since there's no actual lock on the lever. But the thieves who want to bust in, grab something quick, and be out within a minute aren't going to spend more than a few seconds trying to get in and thus may give up and move on.

    24. Re:Further proof by misnohmer · · Score: 1

      How is this different from full transparency? Are you somehow under the impression there are no security vulnerabilities in open source software, which is completely open to anyone for inspection?

  2. ugh... by Anonymous Coward · · Score: 4, Funny

    I want my C64 back. I want hardware I can understand and software I can control. Fuck this modern bloated 4 gigabyte web browser tab horseshit with thousands of people mashing their keyboards randomly and millions more observing my private data.

    1. Re:ugh... by Narcocide · · Score: 1

      Seconded.

    2. Re:ugh... by zifn4b · · Score: 1

      I want my C64 back. I want hardware I can understand and software I can control. Fuck this modern bloated 4 gigabyte web browser tab horseshit with thousands of people mashing their keyboards randomly and millions more observing my private data.

      So you prefer ASCII porn then?

      --
      We'll make great pets
    3. Re:ugh... by DontBeAMoran · · Score: 2

      Fuck your lame C64. I want my 512 KiB CoCo3 back, with OS/9.

      Jokes aside, what's the lowest we can go without all the spying bullshit? Is the Motorola 68060 safe?

      --
      #DeleteFacebook
    4. Re:ugh... by pscottdv · · Score: 1

      Arduino?

      --

      this signature has been removed due to a DMCA takedown notice

    5. Re:ugh... by DontBeAMoran · · Score: 1

      And I'll grant you that the C64 had a much better sound chip, the 6581 is one of the most legendary sound chip ever made.

      --
      #DeleteFacebook
    6. Re:ugh... by MrDoh! · · Score: 2

      There's other types now?

      --
      Waiting for an amusing sig.
    7. Re:ugh... by Neo-Rio-101 · · Score: 1

      May I present to you: http://mega65.org/

      --
      READY.
      PRINT ""+-0
    8. Re:ugh... by complete+loony · · Score: 1

      There's a hobby-ish project attempting to recreate one; Mega 65

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
  3. What about older CPUs? by Neuroelectronic · · Score: 1

    Are we just to assume that they're effectively obsolete and have to purchase new "patchable ME" CPUs that are probably just putting a newer, more secure back door in?

    1. Re:What about older CPUs? by networkBoy · · Score: 5, Interesting

      Actually on ME9 Intel changed the kernel. In ME6 they changed the platform layout.

      * ME < 6: GMCH northbridge and southbridge. ME lived in the GMCH and had full access to RAM even in S5 (off) system state. Kernel is based on ThreadX. CPU is ARM core.
      * ME 6-8, same kernel, but moved to PCH (formerly southbridge) and the CPU gined the GM part of GMCH. Northbridge removed from platforms. ME loses access to RAM in all states besides S0 (on) and has to make do with PRAM on PCH.
      * ME9+: ME now runs on Minix and Quark CPU. Vulnerabilities become an issue.
      * ME10: internal struggle for dominance between kernel and AMT teams (based in US and Israel respectively) leads to departures. (including mine)
      * ME11 (12?): US team is disbanded.

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    2. Re:What about older CPUs? by Groo+Wanderer · · Score: 1

      Like many others trying to do the right thing on Intel security, I am sorry you left. I know several others starting with the pre-AMT vPro reveal team members who got sick of beating their heads against the wall and quit in frustration. The idiots stay. This is not good for humanity.

    3. Re:What about older CPUs? by sexconker · · Score: 1

      I predict that as Intel gradually loses its grip on the desktop and server markets, Israel will gradually lose its grip on US policy, with some lag time.

    4. Re:What about older CPUs? by rahvin112 · · Score: 1

      Eh, when the inevitable hacking starts and then the lawsuits start Intel as a company may cease to exist in it's current form.

    5. Re:What about older CPUs? by Groo+Wanderer · · Score: 1

      The hacking is already done and it is more than documented. I have been warning Intel directly about the financial implications for literally years. They denied it was a problem. Now it is too late.

    6. Re:What about older CPUs? by networkBoy · · Score: 1

      Yeah, I started in the 3.1 days, so AMT was already there.
      I still maintain that the ME kernel (prior to the push to get on to tiny IA and Minix) was pretty damn secure.
      I also maintain that a sub processor with a kernel based os running apps for system bringup is a good idea. It allows not having to build dedicated hardware for all the separate functions on a motherboard (power management, USB init, SATA init, etc.) the issue is making this kernel have *any* outside world connection other than an output only health monitor BAR or similar.

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  4. Going out on a limb here.... by Luthair · · Score: 3, Insightful

    Going out on a limb here.... while Intel claims the problems affect the 6th, 7th, and 8th gen processors, I bet they probably didn't bother testing or auditing earlier systems. Hasn't ME been around much longer than that?

    Really, this ought to be factory disabled by OEMs and only shipped enabled to large corporate customers.

    1. Re:Going out on a limb here.... by DontBeAMoran · · Score: 1

      Does the Core 2 Duo series have any of this bullshit?

      --
      #DeleteFacebook
    2. Re:Going out on a limb here.... by paulej72 · · Score: 1

      Going out on a limb here.... while Intel claims the problems affect the 6th, 7th, and 8th gen processors, I bet they probably didn't bother testing or auditing earlier systems. Hasn't ME been around much longer than that?

      Really, this ought to be factory disabled by OEMs and only shipped enabled to large corporate customers.

      Yes ME has been around for 10 years or more. I would not be surprised that the older ones have the same issues or very similar ones. Unfortunately I work for a large university that purchased all of our systems with vPro enabled so no help here.

    3. Re:Going out on a limb here.... by AmiMoJo · · Score: 5, Interesting

      Unfortunately you can't disable the ME. It's needed for the CPU to start up from cold. It manages the cold boot process. The best you can do is disable it after the initial boot up, but you have to trust that setting the disable flag really did what it claims to.

      You can also erase all the firmware modules not related to the early boot process, but again you have to trust that the ME is lying when it says they are gone.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:Going out on a limb here.... by thegarbz · · Score: 3, Informative

      Yes. Everything after about 2006 does to varying extent.

    5. Re:Going out on a limb here.... by networkBoy · · Score: 1

      ME Ver 9 saw an architecture change (new kernel, new CPU core). Not actually sure what "generation" that maps to, as MEINFOVer is not the same as CPU gen ID

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    6. Re:Going out on a limb here.... by thegarbz · · Score: 1

      Going out on a limb here.... while Intel claims the problems affect the 6th, 7th, and 8th gen processors, I bet they probably didn't bother testing or auditing earlier systems. Hasn't ME been around much longer than that?

      ME in some form or another has been around since 2006. However it has gone through many changes over the years with 11 major versions each introducing additional features. It stands to reason that bugs may be introduced in certain versions. e.g. Despite how long it's been around the majority of it's more advanced remote control features weren't introduced until AMT 7.0 which provided remote provisioning and KVM functionality. That didn't even come out until ... 2013 ... I think.

    7. Re:Going out on a limb here.... by infolation · · Score: 1

      The Core 2 Duo series are the last design that can have the ME entirely removed (see Libreboot project).

    8. Re:Going out on a limb here.... by sexconker · · Score: 1

      Or they lied. Intel loves to dodge the question, too. They'll tell you your CPU doesn't have it even though it's physically present and is just disabled (trust us) via firmware. Or they'll tell you your system isn't vulnerable even though your BIOS shows the vulnerable ME firmware version string because your SKU doesn't have those features enabled.

      It's all still physically present. The hardware is there in the CPU (or chipset on older platforms), waiting to fuck you, and you have to trust the firmware and hardware to be truthful. You have to go over a decade back to be safe from this shit.

  5. And that is why back-doors are a very bad idea by gweihir · · Score: 1

    As can be nicely seen, not only do back-doors allow people in that you do not really want to let in (Intel, the NSA), they often have serious flaws that let everybody else into your machines as well. The only sane and secure design is not to have any back-doors in the first place.

    Since Intel now has a ton of egg on their faces after their announcement, I expect we have a really, really serious problem now as long as the ME stays active in any significant number of computers. Otherwise they would just have tried to sweep this under the rug, but it seems to be that the insecurity of the ME is far, far too bad for that.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re: And that is why back-doors are a very bad idea by gweihir · · Score: 1

      You seem to forget that this potentially compromises a massive amount of enterprise computing.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  6. Let me guess... by jonr · · Score: 3, Insightful

    ...and very difficult to patch?

    1. Re:Let me guess... by thegarbz · · Score: 1

      Why would it be? Surely since it's backdoored Intel can just push out a global update to everyone on the internet.

  7. Re:Give me the list of impacted hardware by Narcocide · · Score: 2

    I wouldn't bet on the Pi being backdoor-free, either.

  8. local only though... by Anonymous Coward · · Score: 2, Interesting

    I do not like the ME, but at least this is local acess exploit only:

    would allow an attacker with local access to execute arbitrary code.

    To be fair, a local attacker can pretty much always gain access to your system, ME or no ME. A simple HW keylogger is ample and most people would never notice.

    So you HAVE to keep your hardware secure if you want the data ot be secure. That is still true with the ME. I will be much more worried if there is a remote exploit.

    1. Re:local only though... by networkBoy · · Score: 1

      There is a remote exploit in AMT (one of the apps for ME). So if you have AMT you're remotely exploitable if it's not disabled in ME.

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    2. Re:local only though... by gweihir · · Score: 2

      You are mistaken. This is an attacker that can locally execute code. It is not one with physical access. And a local code execution can sometimes be upgraded to a fully remote code execution, especially as the ME can snoop at least on chipset-integrated network cards.

      In addition, AV cannot detect an infection...

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re:local only though... by ctilsie242 · · Score: 1

      Local access can mean a heap of trouble as well. Especially on the CPU level where a VM may run untrusted code, and the code is able to use the ME to escalate privs.

    4. Re:local only though... by Anonymous Coward · · Score: 2, Interesting

      If you have a server running public services. Web server, mail server, FTP server, etc. then everyone on the public Internet has some level of "local" access. That's just the way it works. Think about it.

    5. Re:local only though... by cfalcon · · Score: 3, Interesting

      > I do not like the ME, but at least this is local acess exploit only

      It's still fucked up.

      The previous ME flaw involved gaining remote access illegitimately. This one involves being able to inject stuff into the super ultra privileged secret area that operating systems can't see or guard against once you have that access. And there's NO REASON to believe that this is the final bug that exists. So far it looks like chained vulns from internet down to a run level that the chip prevents the kernel from seeing.

    6. Re:local only though... by Groo+Wanderer · · Score: 1

      I take issue with the term 'a'. :)

    7. Re:local only though... by Groo+Wanderer · · Score: 3, Informative

      There have been remote attacks capable of provisioning AMT in the wild. Intel conveniently does not acknowledged them in their NDA documents about security for some reason, can calls users with AMT turned off 'safe'. Take from that what you will about their priorities when it comes to customer's security.

  9. Is Intel the only one with such a thing? by 140Mandak262Jamuna · · Score: 2
    Have other chipmakers clearly and unambiguously said their chips do not have a back door mechanism?

    More importantly has there been any independent verification of chips from others? Intel has been doing it for years. Employees, senior developers and managers routinely leave one chip company and join other chip companies. This idea must have metastasized by now and the dispersed cells must have established new locations to grow.

    Are you really going to trust any statement from the management of Samsung, of all companies? Heck, I can't even trust German companies after Volkswagen.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:Is Intel the only one with such a thing? by iCEBaLM · · Score: 1

      AMD has started adding what they call the PSP to their zen core chips. It's apparently an ARM trustzone system. Lots of AMD customers have been asking AMD for a way to disable it since Ryzen launched.

    2. Re:Is Intel the only one with such a thing? by erapert · · Score: 1

      They ALL have back doors similar to Intel's, though they're called other names.

      But this doesn't mean there's no way to punish Intel. Here are some options:

      1. Send them some nasty letters and emails. Even better: be polite but detailed and specific in explaining exactly how they went wrong and why you will no longer buy from them nor allow your company to buy from them.

      2. Buy AMD chips instead. Yes, of course, AMD chips have the same thing in them-- but that is still money that Intel won't get from you and you'd be fostering competition which is a good way to motivate AMD or Intel to remedy this stuff.

      3. Send a letter to your congresscritter and demand they apply the force of the federal government to safeguard the privacy and security of the citizens. Fat chance of this, by the way, because who do you think wanted Intel to build in these back doors in the first place?

      4. Contribute to OpenRISC and/or RISC-V with the goal being to produce a truly open source chip for actual, useful, computing on the desktop.

      5. Contribute to various projects to help hack the ME stuff out and disable it.

      6. Write a seriously nasty virus that goes out and infects all Intel chips that have this thing in them. It would wake up the whole world and light a fire under Intel's ass. If you do it right you might even embarrass the government and shame them into getting the NSA to back off... unlikely, but we can dream can't we?

    3. Re:Is Intel the only one with such a thing? by infolation · · Score: 4, Interesting

      Have other chipmakers clearly and unambiguously said their chips do not have a back door mechanism?

      Yes, IBM's Power series of CPUs are fully open without any equivalent of the Management Engine.

    4. Re:Is Intel the only one with such a thing? by Groo+Wanderer · · Score: 5, Informative

      Intel can't say their chips don't have a back door. They also haven't said their chips don't have a back door so at least they are honest.

      AMD is working on greater disclosure and I am prodding them as hard as I can. Internally they seem to be doing the right things, or at least trying to.

      ARM has their full code base published on Github. This doesn't prevent licensees from using something else, adding nefarious things etc, but I can almost guarantee most don't. You can always checksum the code if you want.

      As an aside, AMD's PSP is based on ARM's stuff which is completely open source. I am fairly sure that the majority of AMD's code in this area is unchanged from the vanilla ARM version so you could consider AMD's partially open.

              -Charlie

    5. Re:Is Intel the only one with such a thing? by markdavis · · Score: 2

      >"AMD is working on greater disclosure and I am prodding them as hard as I can. Internally they seem to be doing the right things, or at least trying to."

      Unfortunately, there is only one real acceptable solution to many of us, and that is the owner of the computer needs to have the ability to turn it all OFF. Anything short of that is really an automatic "fail." If they are worried about how THAT might be accessed, then make it a jumper or physical switch on the motherboard. Done.

    6. Re:Is Intel the only one with such a thing? by Baron_Yam · · Score: 1

      Allow me to suggest a modification to your plans...

      1. Send them some nasty letters and emails. Even better: be polite but detailed and specific in explaining exactly how they went wrong and why you will no longer buy from them nor allow your company to buy from them UNTIL THEY CHANGE THEIR WAYS.

      2. Buy AMD chips instead. Yes, of course, AMD chips have the same thing in them-- but that is still money that Intel won't get from you and you'd be fostering competition which is a good way to motivate AMD or Intel to remedy this stuff. CEASE BUYING AMD PREFERENTIALLY IF INTEL CHANGES OR LOSES ENOUGH MARKET SHARE THAT YOU CAN START THREATENING AMD.

    7. Re:Is Intel the only one with such a thing? by Groo+Wanderer · · Score: 1

      I agree. Inte; has that feature but they deny it and hide it from users, even users who they know are being exploited. I am pissed.

  10. Re:Give me the list of impacted hardware by Anonymous Coward · · Score: 1

    RPi is actually a fascinating device. The ARM CPU is not really the main one. On boot the GPU is the one that's running a proprietary firmware and is starting the "main" ARM CPU later on. There are no public sources or tools to build software for that GPU.

  11. Re:Give me the list of impacted hardware by EndlessNameless · · Score: 2

    Intel AMT (which runs on the ME) predates multicore CPUs, and AMT has supported an IP stack since its original release.

    Only offbrand and extremely obsolete hardware lacks this feature. AMD has a different but similar feature---Secure Processor, based on ARM TrustZone.

    As suggested by AMD's implementation, ARM has the same capability, although it is up to the SoC designer to decide whether or not it's implemented. I will assume that Qualcom, Samsung, and Broadcom all use the feature until I hear otherwise.

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  12. Re:Is the U.S. government no longer a democracy? by Narcocide · · Score: 1

    Are you shilling for Broadcom here? What makes you think their black box is any more secure?

  13. Good reason to buy AMD by ealbers · · Score: 1

    Forget Intel chips, use AMD

    1. Re:Good reason to buy AMD by Kokuyo · · Score: 2

      I've got bad news for ya, matey...

    2. Re:Good reason to buy AMD by Barefoot+Monkey · · Score: 1

      Same problem, different name. AMD now uses what they call PSP, which is essentially their own version of IME.

      As much as I'd like to support AMD adoption, they're unlikely to back off on PSP if everyone who dislikes IME switches to AMD without holding them to the same standard. If you want to see a change it might be better to loudly complain about IME while commenting that you would switch to AMD if only they didn't have the same problem. Maybe then AMD would eventually notice that they're missing out on a lot of potential customers. Maybe.

      If AMD at least provided a mechanism for the actual owners to control the key used for TrustZone (along with maybe the source to a barebones firmware with all the trade secret magic stubbed out) then that would probably be enough.

  14. Re:Is the U.S. government no longer a democracy? by ealbers · · Score: 1

    The USA has NEVER been a Democracy, never. Thats just a fact, its a republic, theres a difference.

  15. Re: Wow by Anonymous Coward · · Score: 1

    Yeah... they didn't learn from Microsoft's experience and had to put ME in their chips.

    I hope they don't fix it by upgrading to Vista

  16. I'm shocked by Revek · · Score: 1

    Somebody bring me my fainting couch. Security through obscurity never works.

  17. Re: Is the U.S. government no longer a democracy? by mspohr · · Score: 2

    The US is a corporate kleptocracy similar to Fascism but with less government control.

    --
    I don't read your sig. Why are you reading mine?
  18. Re:Is the U.S. government no longer a democracy? by Revek · · Score: 1

    The US is republic. We have always pseudo democratic processes to choose our leaders.

  19. The other side of the chip... by CyberRacer · · Score: 2

    OK. It's there and it's not going to just disappear, sooooo, is there any way to root it and use it ourselves? Who wouldn't want to turn a dual-core into a tri-core (or even just a dual and 1/2 core)?

    1. Re:The other side of the chip... by Opportunist · · Score: 1

      is there any way to root it and use it ourselves?

      Yes.

      Why do you think a patch is necessary?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:The other side of the chip... by networkBoy · · Score: 1

      it'd be a dual and a couple cents.
      there is not much memory available to it, and it's a pretty limited Quark core (or ARM if older than ME9).

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  20. Re:I hate the CIA by Anonymous Coward · · Score: 1

    STFU or we'll plant CP on your devices because we can and have you SWATed and sent to prison using parallel construction like we have done to countless innocent people before you.

    --US TLAs

  21. Of what nature are those "bugs"? by Opportunist · · Score: 1

    The kind where the user can take control of his machine against the wishes of its maker? Yeah, that's a nasty one, fix that immediately!

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  22. Re:Is the U.S. government no longer a democracy? by hoggoth · · Score: 1

    > Intel [...] is on a path to bankruptcy.

    lol. because they enable government agencies to spy on us? have you been paying any attention to who has all the money?

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)
  23. Re:Give me the list of impacted hardware by gweihir · · Score: 1

    Form most practical purposes "EVERYTHING" with an Intel CPU is a good approximation. AMD and alternate CPU architectures are not yet affected, may take a few years until the same attack is performed there and published.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  24. Re:Enabled on Macs? by gweihir · · Score: 1

    Of course. Why would it not be? Unless people that do this kind of crap are locked away for life when discovered, this is not going to stop. There are far too many authoritarian assholes in governments around the world that do not feel comfortable until they can spy on everybody.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  25. Thank heavens I have an old Athlon... by emil · · Score: 1

    ...where I run CentOS and Firefox. I'm not trusting any sensitive personal data to Intel until I get easy tools to remove the ME.

    I wish Oracle would put out a "Raspberry-Pi" class of the SPARC T2. The design is open and can be trusted.

    1. Re:Thank heavens I have an old Athlon... by sexconker · · Score: 1

      ...where I run CentOS and Firefox. I'm not trusting any sensitive personal data to Intel until I get easy tools to remove the ME.

      I wish Oracle would put out a "Raspberry-Pi" class of the SPARC T2. The design is open and can be trusted.

      Nothing from Oracle can be trusted. Being open doesn't mean something is trustworthy. It means you're able to build your own and audit it. You can't trust something unless you actually do that.

  26. At Least They're Admitting It by TheFakeTimCook · · Score: 1

    Two thumbs WAY down for Intel pulling this shit in the first place.

    One thumb sorta up for them admitting they have bugs in said shit.

  27. Russian and Chinese chips by Anonymous Coward · · Score: 1

    This is why I only buy my chips from the Russians and Chinese.

  28. Re:Give me the list of impacted hardware by infolation · · Score: 1

    The Beaglebone Black would be a better platform than the Pi. A Beaglebone can be booted using open-source Secure Boot, as discussed in this thread.

  29. Re:Give me the list of impacted hardware by infolation · · Score: 1
    AMD has shared the same vulnerabilities as Intel since 2013 due to the AMD Platform Security Processor.

    The libreboot project recommends avoiding all modern AMD hardware. If you have an AMD based system affected by the problems described below, then you should get rid of it as soon as possible.

    The PSP is an ARM core with TrustZone technology, built onto the main CPU die. As such, it has the ability to hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, login data, browsing history, keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM "features" to work as intended), which means that it has at minimum MMIO-based access to the network controllers and any other PCI/PCIe peripherals installed on the system.

    In theory any malicious entity with access to the AMD signing key would be able to install persistent malware that could not be eradicated without an external flasher and a known good PSP image. Furthermore, multiple security vulnerabilities have been demonstrated in AMD firmware in the past, and there is every reason to assume one or more zero day vulnerabilities are lurking in the PSP firmware. Given the extreme privilege level (ring -2 or ring -3) of the PSP, said vulnerabilities would have the ability to remotely monitor and control any PSP enabled machine completely outside of the user's knowledge.

  30. So no need to Worry by oldgraybeard · · Score: 1

    The govcode/malware is installed directly by the manufacturer.

    One wonders how fast computers would be if they were not running other priority tasks at all times.

  31. Re:Enabled on Macs? by rogoshen1 · · Score: 1

    And there are even more soccer-mom types who don't feel comfortable unless everyone is surveilled, because if you don't have anything to hide, why worry, right?

    the problem here is you'd need a huge grassroots-type movement to get AMD or Intel to back-down on this. But sadly the truth is that the vast absolute majority of people:

    Do not care
    Don't understand enough about the hardware to have a valid opinion

    OR worst of all actively support this kind of capability to you know; keep their kids safe from terrorists and/or the child-predators that some app has clearly shown to be infesting their neighborhood.

    We live in a society that has completely run out of real threats, and so we've started to hyperfocus on statistically anomalies (partially thanks to a sensationalist media and 24 hour news cycle) to invent new ones.

    Call it the Nancy Grace syndrome.

  32. Re:Is the U.S. government no longer a democracy? by Thanatiel · · Score: 1

    "choose" ... with a convoluted process where one's vote does not carry the same weight as someone else's.
    "choose" ... going around a few obstacles making it very difficult for many people to vote

    "choose" ?

    Who do you think has the power in the end ?
    _ The people ?
    _ Whoever corrupts ... sorry, I meant lobbies the politicians ?

    --
    Irrelevant news and morons using moderation to mod down what they disagree on. 2018 resolution: so long.
  33. And these clowns want to take our "legacy" BIOS by ponraul · · Score: 1

    http://www.templeos.org/ToPuni...

    Heed Terry the Terrible's Edict!!!

    Brian Richardson directly challenged authority of King 11/18/17. Gets a beating for stupidity. 11/18/17 NIST at 17:20 hours

  34. Re:Give me the list of impacted hardware by gweihir · · Score: 1

    It is not "the same" vulnerabilities. It is "similar" ones. Nobody yet has found a way to dump the AMD PSP code. Also, AMD made at least sure that code has to be signed to get in there.

    Wile that is still not a good situation, it is a bit different from the "full compromise" Intel currently has.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  35. Re:Enabled on Macs? by gweihir · · Score: 2

    And there are even more soccer-mom types who don't feel comfortable unless everyone is surveilled, because if you don't have anything to hide, why worry, right?

    Well, ask them to put cameras and microphones into their bathrooms and bedrooms and at least some seem to wise up.

    the problem here is you'd need a huge grassroots-type movement to get AMD or Intel to back-down on this. But sadly the truth is that the vast absolute majority of people:

    Do not care
    Don't understand enough about the hardware to have a valid opinion

    OR worst of all actively support this kind of capability to you know; keep their kids safe from terrorists and/or the child-predators that some app has clearly shown to be infesting their neighborhood.

    We live in a society that has completely run out of real threats, and so we've started to hyperfocus on statistically anomalies (partially thanks to a sensationalist media and 24 hour news cycle) to invent new ones.

    Call it the Nancy Grace syndrome.

    We will see. There is a real possibility using these CPUs may become illegal in some sectors of finance and medicine in the EU. Also, think about how much critical infrastructure is possibly affected. That would create a bit of pressure, I Imagine.

    While I agree on the hyperfocus on statistical anomalies, I do really not think this is one. I agree that "ordinary citizens" are clueless as always. Just look like about every fascist and totalitarian government was cheered in by these "ordinary people". I do expect this will have a lot of people very, very concerned for years to come in a professional capacity, and some of those people will be the ones that decide about really large hardware purchases.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.