> This is a mask ROM, not updatable So the mask ROM could check for a certain value at a certain offset in the flashrom. If the value is present, it could inject the backdoor code and/or do some exploit thing. How many people can verify the boot ROM is valid and free from a backdoor?
> The flashrom is overwritten when you flash the bios... This would remove any backdoor.
This could inject any backdoor as well.
Basically, when tech people are talking about this stuff, there's three broad categories of adversaries:
An external hacker who has written exploit code. Checking the signatures of files should prevent this attack, exactly as you say.
A design that trusts anyone who can claim convincingly enough to be a vendor. If the private key gets reverse engineered, leaked, or guessed, than any of that flash rom could be written by the external hacker, above. We don't see these attacks, but the danger is that some of these designs ONLY trust the vendor- they aren't a "two key" system that requires the user AND the vendor to both consent.
An actively compromised manufacturer. With privacy revelations and state level actors in this arena, having any part not able to be verified by everyone makes it a giant target. In these cases, there could be a backdoor (if offset X = Y, then do Z), or something more subtle. Any state level actor discovered actively compromising Intel would start an economic war, at the very least. Why isn't that code inspectable? What IP is in that code that keeping it on lockdown is worth risking the prosperity of the whole of the Earth?
These conversations are often strange because someone like you will be discussing practical real world threats and their mitigations, such as code signing, while a couple posts down someone will be convinced that the NSA is trying to steal their dickpics and compromised every firmware in the world to make that happen. But the tinfoil hat comments do refer to a valid type of attacker, and while the risk is low of such an attack, the cost would truly be immense.
I'm of the opinion that management features need to get data from the motherboard, and each mobo manufacturer would have to be complicit for this potential attack to affect everything (assuming a bug or backdoor exists). *IF* there's a backdoor in the ME, and *IF* all (or at least YOUR) motherboard manufacturers are complicit, even *THEN* a good external firewall would stop most conceivable attacks.
It really is unfortunate that it is so clouded with mystery and seemingly waiting for a clever enough exploit.
If you are concerned a little, ensure that AMT is disabled. If you are concerned a little more, consider grabbing an AMD next time. While AMD has similar things, Intel seems like it is both more featured and a larger attack surface, so an AMD exploit might be absent or would take longer to surface. If you are concerned moderately, ensure that external sources can never successfully send a packet to your PC, by use of an external firewall that is trusted. If you are concerned a lot, exclusively use open source products from before the mandatory inclusion of the ME. Have one to act as your firewall / router (maybe running OpenBSD or Trisquel), and another to do productivity on. You'll be limited on the power of the chip, of course.
Frankly, I think it is wise to distrust the ME a little bit. Especially because, as part of Intel chips, it is going to be in so many places- it is a lot of faith to put in untested code. But for the ME to be able to hurt or help you, the motherboard has to support its features, and there are a lot of motherboards, a lot of BIOSes- it is still a pretty diverse setup, and many don't support AMT at all.
The best they have on Trump is that he may secretly be somewhat bald? Is there any Trump story not newsworthy these days? Soon CNN will find out that he hangs the toilet paper facing in, not out, or something.
I'd like to know more on this. What restricts them? Are they, like, restricted by SE Linux to only act in their own little space, or is something outside the kernel doing this restriction? Whenever I hear about these types of access control, I always get concerned. All these sandboxes and jails have ways out of them normally, and the more obscure, the longer they wait, and their mere existence and claims makes people trust the supposedly protected applications way more than if they knew it was just going to execute with whatever permissions their user has anyway.
It is trivial to avoid GNOME in every distro I've looked at. I really dislike GNOME 3, and as a result I avidly avoid anything by the GNOME team. I've had no problem doing this! It is really easy to never touch GNOME.
SystemD is not a deal breaker for me, but I would avoid it if it were easy to do so. It does not appear to be. Slack and Gentoo can function just fine with any other init system, and Devuan will hopefully eventually scratch that itch. If the requirement is "no systemd", you are ultimately going to be doing some kind of integration right now. I figure at some point there will either be a distro without systemd, or systemd will have had enough fixes shoved down its throat that using it is fine.
I think ultimately the community has been taken by surprise at the massive surge in most distros toward systemd. Different distros have all kinds of diverse things under the hood, different package managers, different locations for stuff, etc. But systemd just swarmed over everything, it seems really odd.
My experience with anti-net-neutrality argument breaks into two pieces.
1)- The principle that the network is owned by the telecoms, and, as their property, they should be free to do as they wish. 2)- The practical idea that telecoms will have to greatly increase costs to cover all the bandwidth (or even, that they will do so out of spite).
Any arguments besides these two are generally shills. I've talked with people in real life who honestly hold to one of those two reasons, or both.
I find (1) somewhat compelling, but not enough. Not only was there a lot of tax dollars involved in building the infrastructures, it creates an endless profit pool for a rather arbitrary middleman who is providing a utility. If your electrical devices had to communicate upstream what they were (and couldn't lie about it), you can bet that we'd have had this conversation about each and every device in your home, regardless of how much electricity drawn. Because why not profit where you can, if nothing stops you? We have absolutely no reason to believe that this wouldn't be used to choke the internet except for a few approved companies. If you came up with a good peer to peer solution, then the network owners AND the company you are competing with would have every motivation to stop you in your tracks- and that's to say nothing of the effect it would have on new companies, much less technical ideas.
I find (2) to be absolutely ludicrous. Why would the company act against its own self interest? Is internet bandwidth SO undersold that caps would be both inevitable and very low? If that's the case, frankly, fine. If the true cost of good internet is X, then we will definitely have X extracted from us, one way or the other. Better the solution that doesn't break literally everything.
I think it actually got the nickname when it was going to be some dude that has to check every day online or it won't play your games. Microsoft scrapped that negafeature prelaunch, but the term stuck and subsequently lost all or most of its negative connotation. Some consoles get nicknames, it's just how it goes. Microsoft is probably glad that "xbone" sounds kinda cool and isn't hostile.
I'd heard that they actually chose the name "Xbox One" because the "Xbox 360" was called by most fans as 'the 360', and they wanted people to call the xbone "The One". That might just be a rumor though, I dunno.
While Microsoft offers a profiler, this is NOT that. I'm puzzled how someone could could confuse the two. Profilers / debuggers / all manner of code analysis tools are all hooks that allow the developer (not Microsoft) to analyze how something works in development. They are usually stripped out of release builds, but, more importantly, are only ever present at the convenience of the developer.
The mysterious telemetry calls are not even claimed by MICROSOFT to be debugging or profile hooks. "The event data can only be interpreted if a customer gives us symbol information (i.e. PDBs) so this data is only applicable to customers that are actively seeking help from us and are willing to share these PDBs as part of their investigation. ". This means that the hooks make data available to a telemetry subsystem, on production code, which Microsoft can usefully access in some fashion- while to make use of this in any way would require a developer to know about it (it is not publicized), contact the "right" part of Microsoft (which no one knows), and ask to use the data Microsoft has been collecting about their shipped code, using an undocumented system to gather unknown data.
If this was in any way benign: 1- It would have been documented: you'd know what it gathers 2- Microsoft would offer this data to the developer in some fashion, including what it is 3- It would have been opt-in: you'd have to link in the telemetry, instead of linking it OUT. 4- It wouldn't be present in secret on ALL code Microsoft compiles. This affects run times in some fashion, even if you ignore the massively spooky privacy issues. 5- The data wouldn't be available for Microsoft's use, but not the developer: what right do they have to gather data on your code as you build it, much less on your code as it runs for your customer?
This whole thing gets crazier. That Microsoft is putting hooks into as much code as they can may actually be illegal, or it may be buried in some document- all I know is, this is just what has been FOUND so far. Every couple weeks, someone finds more stuff. All of it is found by acting on some highly technical layer Microsoft hasn't been able to obscure yet. How much more is there? We really have no way to know.
To get back your improperly grabbed civil asset forfeiture, you normally need to sue the USG or state government. You'll see cases with names like "State of Texas vs. One Gold Crucifix" and "United States v. $124,700 in U.S. Currency". While hilarious, you need to WIN this lawsuit, at whatever cost to yourself, to get your shit back. If you lose the case- totally possible- then you are out your shit, and also the cost of litigation, plus whatever it cost you in YOUR courtroom. Again: this can, and does, happen to entirely innocent people. You can be found innocent of a crime, and not get your shit back, and pay for two trials.
> It's a distinction without a difference for many.
It's a distinction WITH a difference for the majority. More specifically, it is a large difference for ME, which is why I asked the fucking question. The article thoroughly answers any questions that someone using a prepaid card might have: it does not, however, comment on the bank thing that the headline alleges. It appears that your bank account is safe from this attack, based on the other comments. For now.
I see no reference to the bank accounts, only the prepaid credit cards. Can anyone site something that actually talks about the attacks on bank accounts?
> ND have the hubris to assume that someone this advanced would actually want to have anything to do with us?
Because it isn't hubris. Humans are interesting. Perhaps not to some rock-being, or whatever space opera alien is in your head that is Sooooooooo advanced that they find us boring, but to SOMETHING at SOME TIME. You posit a pretty strange concept: that if there's a zillion advanced lifeforms out there, that literally NONE of them would find Earth, or humanity, interesting in the slightest. That's the problem: it's trivial to imagine a species "so advanced" that we are very very boring to them. It's much harder to imagine that the universe is EXCLUSIVELY filled with these beings.
> What city was your mother born in? TpV2e\LE-hYX*^w+d0l@\p3Ta
> Good luck getting those right.
I will STRONGLY recommend against these. If you have to come up with a fake answer here, make it a city name that *might* exist, and looks foreign.
The downside to using real ones is that you are open to attacks that guess from a few likely locations, and, of course, someone might just be able to google it. The downside to your solution is that most of the time these stupid questions are used as an entrance of last resort- meaning that if they are garbled, then someone attempting to gain access has numerous social engineering options that they would not if it was Woodportia or something.
You're not a horrible person, you have to deal with a horrible password scheme. There's almost assuredly not a good reason for forcing a change every three days- the more secure a system, the less often you should change the password. Again, all the common wisdom is completely backwards.
No, I don't support changing A's to ats, E's to 3s, etc. The reason is that what is easy to remember is the SENTENCE. Why is the a changed to @, but not the o to 0, the i to a !, or maybe a 1? You end up having to remember varying things about each password. If you have a fixed string that is on every password, then sure. But otherwise you have like eight iterations if you haven't logged in in months (say, access to your electric company's online access, or whatever). Since many things give you drama if you fail to login a ludicrously short number of times (like three or something), it is much better to have a password you can remember from the pieces your brain naturally has- "this sentence maps to this account, and *every* password ends with &7", instead of something much more specific. Ideally, you wouldn't be forced to have meaningless and idiotic special characters, but since the entire security world has everything about passwords exactly wrong, you can end up needing workarounds because as long as at least ONE account you need has restrictions that make it harder for you to get in, without increasing the difficulty for attackers, your simplest solution becomes to incorporate it into everything.
Slashdot Mirror
Ok, I want to go through this with a tinfoil hat.
> This is a mask ROM, not updatable
So the mask ROM could check for a certain value at a certain offset in the flashrom. If the value is present, it could inject the backdoor code and/or do some exploit thing. How many people can verify the boot ROM is valid and free from a backdoor?
> The flashrom is overwritten when you flash the bios ... This would remove any backdoor.
This could inject any backdoor as well.
Basically, when tech people are talking about this stuff, there's three broad categories of adversaries:
An external hacker who has written exploit code. Checking the signatures of files should prevent this attack, exactly as you say.
A design that trusts anyone who can claim convincingly enough to be a vendor. If the private key gets reverse engineered, leaked, or guessed, than any of that flash rom could be written by the external hacker, above. We don't see these attacks, but the danger is that some of these designs ONLY trust the vendor- they aren't a "two key" system that requires the user AND the vendor to both consent.
An actively compromised manufacturer. With privacy revelations and state level actors in this arena, having any part not able to be verified by everyone makes it a giant target. In these cases, there could be a backdoor (if offset X = Y, then do Z), or something more subtle. Any state level actor discovered actively compromising Intel would start an economic war, at the very least. Why isn't that code inspectable? What IP is in that code that keeping it on lockdown is worth risking the prosperity of the whole of the Earth?
These conversations are often strange because someone like you will be discussing practical real world threats and their mitigations, such as code signing, while a couple posts down someone will be convinced that the NSA is trying to steal their dickpics and compromised every firmware in the world to make that happen. But the tinfoil hat comments do refer to a valid type of attacker, and while the risk is low of such an attack, the cost would truly be immense.
Who are these people who hate ads but don't have ublock origin?
Reading is an order of magnitude faster than listening.
I'm of the opinion that management features need to get data from the motherboard, and each mobo manufacturer would have to be complicit for this potential attack to affect everything (assuming a bug or backdoor exists). *IF* there's a backdoor in the ME, and *IF* all (or at least YOUR) motherboard manufacturers are complicit, even *THEN* a good external firewall would stop most conceivable attacks.
It really is unfortunate that it is so clouded with mystery and seemingly waiting for a clever enough exploit.
If you are concerned a little, ensure that AMT is disabled.
If you are concerned a little more, consider grabbing an AMD next time. While AMD has similar things, Intel seems like it is both more featured and a larger attack surface, so an AMD exploit might be absent or would take longer to surface.
If you are concerned moderately, ensure that external sources can never successfully send a packet to your PC, by use of an external firewall that is trusted.
If you are concerned a lot, exclusively use open source products from before the mandatory inclusion of the ME. Have one to act as your firewall / router (maybe running OpenBSD or Trisquel), and another to do productivity on. You'll be limited on the power of the chip, of course.
Frankly, I think it is wise to distrust the ME a little bit. Especially because, as part of Intel chips, it is going to be in so many places- it is a lot of faith to put in untested code. But for the ME to be able to hurt or help you, the motherboard has to support its features, and there are a lot of motherboards, a lot of BIOSes- it is still a pretty diverse setup, and many don't support AMT at all.
The best they have on Trump is that he may secretly be somewhat bald? Is there any Trump story not newsworthy these days? Soon CNN will find out that he hangs the toilet paper facing in, not out, or something.
This election, holy moly.
That's not the same. Many distros push GNOME as a default.
I think there's also Steam, right?
"confines them into their own restricted space"
I'd like to know more on this. What restricts them? Are they, like, restricted by SE Linux to only act in their own little space, or is something outside the kernel doing this restriction? Whenever I hear about these types of access control, I always get concerned. All these sandboxes and jails have ways out of them normally, and the more obscure, the longer they wait, and their mere existence and claims makes people trust the supposedly protected applications way more than if they knew it was just going to execute with whatever permissions their user has anyway.
It is trivial to avoid GNOME in every distro I've looked at. I really dislike GNOME 3, and as a result I avidly avoid anything by the GNOME team. I've had no problem doing this! It is really easy to never touch GNOME.
SystemD is not a deal breaker for me, but I would avoid it if it were easy to do so. It does not appear to be. Slack and Gentoo can function just fine with any other init system, and Devuan will hopefully eventually scratch that itch. If the requirement is "no systemd", you are ultimately going to be doing some kind of integration right now. I figure at some point there will either be a distro without systemd, or systemd will have had enough fixes shoved down its throat that using it is fine.
I think ultimately the community has been taken by surprise at the massive surge in most distros toward systemd. Different distros have all kinds of diverse things under the hood, different package managers, different locations for stuff, etc. But systemd just swarmed over everything, it seems really odd.
My experience with anti-net-neutrality argument breaks into two pieces.
1)- The principle that the network is owned by the telecoms, and, as their property, they should be free to do as they wish.
2)- The practical idea that telecoms will have to greatly increase costs to cover all the bandwidth (or even, that they will do so out of spite).
Any arguments besides these two are generally shills. I've talked with people in real life who honestly hold to one of those two reasons, or both.
I find (1) somewhat compelling, but not enough. Not only was there a lot of tax dollars involved in building the infrastructures, it creates an endless profit pool for a rather arbitrary middleman who is providing a utility. If your electrical devices had to communicate upstream what they were (and couldn't lie about it), you can bet that we'd have had this conversation about each and every device in your home, regardless of how much electricity drawn. Because why not profit where you can, if nothing stops you? We have absolutely no reason to believe that this wouldn't be used to choke the internet except for a few approved companies. If you came up with a good peer to peer solution, then the network owners AND the company you are competing with would have every motivation to stop you in your tracks- and that's to say nothing of the effect it would have on new companies, much less technical ideas.
I find (2) to be absolutely ludicrous. Why would the company act against its own self interest? Is internet bandwidth SO undersold that caps would be both inevitable and very low? If that's the case, frankly, fine. If the true cost of good internet is X, then we will definitely have X extracted from us, one way or the other. Better the solution that doesn't break literally everything.
I think it actually got the nickname when it was going to be some dude that has to check every day online or it won't play your games. Microsoft scrapped that negafeature prelaunch, but the term stuck and subsequently lost all or most of its negative connotation. Some consoles get nicknames, it's just how it goes. Microsoft is probably glad that "xbone" sounds kinda cool and isn't hostile.
I'd heard that they actually chose the name "Xbox One" because the "Xbox 360" was called by most fans as 'the 360', and they wanted people to call the xbone "The One". That might just be a rumor though, I dunno.
Who knows with these names man. Microsoft called it the Xbox 360 because when you see it you turn 360 degrees and walk away.
Like you had an xbone, now you had to buy a second one, so you have two xbones.
Are they hoping for an old school "play dem xbones"? reference?
> the M16/AR15 was adopted by the US military in part because it's less deadly than its predecessors?
hahaha what on earth
I think you really need to add a source on this. That's an incredible claim.
> Debug performance telemetry? Yep. Clearly spyware.
While Microsoft offers a profiler, this is NOT that. I'm puzzled how someone could could confuse the two. Profilers / debuggers / all manner of code analysis tools are all hooks that allow the developer (not Microsoft) to analyze how something works in development. They are usually stripped out of release builds, but, more importantly, are only ever present at the convenience of the developer.
The mysterious telemetry calls are not even claimed by MICROSOFT to be debugging or profile hooks. "The event data can only be interpreted if a customer gives us symbol information (i.e. PDBs) so this data is only applicable to customers that are actively seeking help from us and are willing to share these PDBs as part of their investigation. ". This means that the hooks make data available to a telemetry subsystem, on production code, which Microsoft can usefully access in some fashion- while to make use of this in any way would require a developer to know about it (it is not publicized), contact the "right" part of Microsoft (which no one knows), and ask to use the data Microsoft has been collecting about their shipped code, using an undocumented system to gather unknown data.
If this was in any way benign:
1- It would have been documented: you'd know what it gathers
2- Microsoft would offer this data to the developer in some fashion, including what it is
3- It would have been opt-in: you'd have to link in the telemetry, instead of linking it OUT.
4- It wouldn't be present in secret on ALL code Microsoft compiles. This affects run times in some fashion, even if you ignore the massively spooky privacy issues.
5- The data wouldn't be available for Microsoft's use, but not the developer: what right do they have to gather data on your code as you build it, much less on your code as it runs for your customer?
This whole thing gets crazier. That Microsoft is putting hooks into as much code as they can may actually be illegal, or it may be buried in some document- all I know is, this is just what has been FOUND so far. Every couple weeks, someone finds more stuff. All of it is found by acting on some highly technical layer Microsoft hasn't been able to obscure yet. How much more is there? We really have no way to know.
> So what are they gonna do if they goof?
To get back your improperly grabbed civil asset forfeiture, you normally need to sue the USG or state government. You'll see cases with names like "State of Texas vs. One Gold Crucifix" and "United States v. $124,700 in U.S. Currency". While hilarious, you need to WIN this lawsuit, at whatever cost to yourself, to get your shit back. If you lose the case- totally possible- then you are out your shit, and also the cost of litigation, plus whatever it cost you in YOUR courtroom. Again: this can, and does, happen to entirely innocent people. You can be found innocent of a crime, and not get your shit back, and pay for two trials.
> It's a distinction without a difference for many.
It's a distinction WITH a difference for the majority. More specifically, it is a large difference for ME, which is why I asked the fucking question. The article thoroughly answers any questions that someone using a prepaid card might have: it does not, however, comment on the bank thing that the headline alleges. It appears that your bank account is safe from this attack, based on the other comments. For now.
Irrelevant. I'm asking about banks, specifically, because I use a fucking bank.
I see no reference to the bank accounts, only the prepaid credit cards. Can anyone site something that actually talks about the attacks on bank accounts?
> ND have the hubris to assume that someone this advanced would actually want to have anything to do with us?
Because it isn't hubris. Humans are interesting. Perhaps not to some rock-being, or whatever space opera alien is in your head that is Sooooooooo advanced that they find us boring, but to SOMETHING at SOME TIME. You posit a pretty strange concept: that if there's a zillion advanced lifeforms out there, that literally NONE of them would find Earth, or humanity, interesting in the slightest. That's the problem: it's trivial to imagine a species "so advanced" that we are very very boring to them. It's much harder to imagine that the universe is EXCLUSIVELY filled with these beings.
> What city was your mother born in? TpV2e\LE-hYX*^w+d0l@\p3Ta
> Good luck getting those right.
I will STRONGLY recommend against these. If you have to come up with a fake answer here, make it a city name that *might* exist, and looks foreign.
The downside to using real ones is that you are open to attacks that guess from a few likely locations, and, of course, someone might just be able to google it. The downside to your solution is that most of the time these stupid questions are used as an entrance of last resort- meaning that if they are garbled, then someone attempting to gain access has numerous social engineering options that they would not if it was Woodportia or something.
> Vuh;Kal-Poh23
If your name is Vuh Kal-Pol, this isn't very secure. And that's a pretty common name on Kronos.
> powerful3education=automaticallyMeasured
Psh, you'll guess that two tries after powerful1education=automaticallyMeasured
You're not a horrible person, you have to deal with a horrible password scheme. There's almost assuredly not a good reason for forcing a change every three days- the more secure a system, the less often you should change the password. Again, all the common wisdom is completely backwards.
No, I don't support changing A's to ats, E's to 3s, etc. The reason is that what is easy to remember is the SENTENCE. Why is the a changed to @, but not the o to 0, the i to a !, or maybe a 1? You end up having to remember varying things about each password. If you have a fixed string that is on every password, then sure. But otherwise you have like eight iterations if you haven't logged in in months (say, access to your electric company's online access, or whatever). Since many things give you drama if you fail to login a ludicrously short number of times (like three or something), it is much better to have a password you can remember from the pieces your brain naturally has- "this sentence maps to this account, and *every* password ends with &7", instead of something much more specific. Ideally, you wouldn't be forced to have meaningless and idiotic special characters, but since the entire security world has everything about passwords exactly wrong, you can end up needing workarounds because as long as at least ONE account you need has restrictions that make it harder for you to get in, without increasing the difficulty for attackers, your simplest solution becomes to incorporate it into everything.