March 2017 Intel employee outed ME backdoor

I was on that thread, only a few Anons believed him. Shills flooded the thread by saying the ME is nothing to worry about. That's why I still have a Pentium III somewhere

wow glad i have phenom.

why? it's fake and gay

You have similar my dear Fingolian with your CPU

Related: extremetech.com/computing/261364-massive-intel-cpu-bug-leaves-kernel-vulnerable-reduce-performance

i mean yeah it's devious, that thread is kind of old news already, not sure why it's a big deal now... in any case nobody expects true privacy anymore. i think it's a given at this point that even if you are taking hand-written notes transmitted via carrier pigeon to talk about rooney mara's immaculate feet they will just read them with x-ray vision from outer space.

AMD
RISE
ARISEN
RYZEN PLUS
NOW WITH TIGHT BACKDOOR
FREE OF GOUVERNMENT INTERFERENCE
YOURS FOR ONLY LESS THAN INTEL'S DIRECT COMPETITION

>massive-intel-cpu-bug-
>bug

Not a bug, it was fucking intentional, only a problem that it was becoming public.

I trust the communist Chinese to protect my privacy over Silicon Valley.

go on, user

Oh yeah, totally forgot about this

So do ARM cpus have something similar or do I need to go back in time and dig out my dual pentium pro box to find a machine that is not spying on me?

...

bump

Yeah, people have been saying this for like a decade now. I'm an independent hobbyist security researcher and I've come to know a lot about the Intel ME and AMD PSP while attempting to reverse engineer them. AMD version uses ARM trustzone so it's a little different, but I'll try to explain the ME. Here's a quick rundown:

>the Intel ME is an embedded coprocessor in modern Intel chipsets with ring -3 privs
>uses firmware that's stored on the same ROM as the BIOS
>ME core in older models was an ARC core but is now an x86 core based on the Intel 486 design
>Intel ME is always running as long as power is supplied to the chipset by battery or adapter
>all versions of the ME hardware are the same across generations of chipsets with the variation being in firmware configs offered for enterprise use
>there's no way to turn it off or else the machine just won't boot or will shut down every 30 minutes
>the firmware is highly modular to provide enterprise customers flexibility
>firmware starts with an FPT (firmware partition table) which maps the modules for the ME hardware to access, they are stored one module per partition
>FPT also has keys and checksums which are run through a cryptography module, not sure where or whether the ME has its own of if that's something related to TXE and the chipset has a whole
>there are usually 10-16 modules depending on version and config
>BUP is the most vital which does basic hardware init and handoff to the BIOS for high level hardware init and driver loading
>BUP contains limited drivers like SPI drivers and CPU drivers for at least one of the main x86-64 system cores
>in later versions the ROMP module is embedded in the silicon as actual firmware in real ROM rather than purely in EEPROM in the onboard BIOS chip
>other modules control stuff like the kernel which provides APIs and a scheduler and stuff, TXE firmware, and AMT

So is it spying on you? Yeah, probably. Buy an old PowerBook on ebay and install Linux. AMA, fags.

This. The ME is much more problematic than the kernel problems. Nothing can be done on the OS level to mitigate it.

See Are the raspberry pi devices fucked, or do I really need to move to older hardware?

Nice pepe

They have, but not as evolved. We really should get some kind of security boxes and put them between the router and internet connection in order to filter any weird packets out.

What a load of fucking shite, Management Engine is a software component.

>tfw just went with intel

I don't know what any of this means ya fuckin nerd

That larp doesn't even have anything to do with the vulnerability you absolute fucking retards holy shit.

That is what terrifies me. My router and my file server all run on on arm. They are on 24/7 doing everything from tracking airplanes to running my local dns. You wouldn't even need to compromise my laptop or desktop. They would give you everything you need

F

big if true

>tfw haven't had a proper rig for 1 year because can't be arsed to build one since last one shit the bed
>tfw can easily wait another couple of months for this entire ordeal to blow over
>tfw me thinking of you

I don't know much of anything about Raspberry Pi computers other than installing Debian and using flashrom. I use mine as a tool for external reading and writing of the firmware chips on my boards. I know they have non-free GPU drivers and other firmware restrictions. For example I had to use the firmware settings to set a fuse in it to be able to boot Debian ARM from an external HDD on one of the USB ports, which was an absolute bitch by the way. So I would not recommend using a Raspberry Pi as a personal computer.

Here's what I would recommend, from least to most expensive:

>old x86 hardware (pre-Core, Core Solo or Core2 era)
>can get them from trash piles for free

>PowerBook G4 from ebay or Amazon
>toss in an SSD or new HDD and install Debian
>PowerPC processor doesn't have hardware backdoors
>uses Open Firmware as the BIOS
>will have decent packages like Firefox and things like that so it's still usable
>will probably cost less than $200

>Sun SPARC workstations
>expensive as fuck
>no software

>Talos II workstation
>uses POWER9 CPUs
>is a fucking beast and can emulate x86 easily with QEMU
>will cost $8000+ for a good configuration

Theoretically, at least for Intel, the ME could even download some cp and put it in your images folder as it has access over everything including ip stack. That's scary++.

What port does it operate over?

by that point it was stale point

All too real. Conspiracy theorists win again.

*pasta

>mfw cianiggers have been watching me jerk off to cam whores all along

>>tfw haven't had a proper rig for 1 year because can't be arsed to build one since last one shit the bed
My shit was a decade old.

I was on the verge of buying more guns, instead went for the silicone soy. I get what I deserve.

What about these?
puri.sm/products/

That was indeed a good thread.

Ohhh yaaasss

The noble chinese would never evar steal IP...........

I knew this was happening all the way back in 2009 when they started forcing intel management engine on consumer CPUs. All the cuckolds over at sweclockers called me a paranoid tinfoiler.

Fuck all normie cucks, you deserve this shit. Trump deserves it too for not shutting down the NSA. I mean the guy fucking knows the deep state is spying on everything he does, yet all he wants to do is give them more money and resources. Is he fucking retarded?

tfw running 11yo c2d desktop, REDEMPTION

Not fake nor gay I remember this thread and I'll admit I didn't really believe him at the time.

Yep.

Thanks user. I will take a look at the powerbooks, same price range as the pos chromebook I installed linux on. Thankfully I don't need much beyond a text editor, web browser, and the ability to read pdfs

Raspberry Pi use ARM which has automatic remote updates for the hardware and being created by the UK, well you can bet they're spying somehow.

Thanks.

No, it's software, firmware, and hardware. At the OS level on Windows and Linux it has kernel drivers. You can remove or disable those. At the firmware level it has an entire operating system stored on the same chip that your BIOS is on. At the hardware level, it has an embedded processor that can control everything, including the main CPU cores, your memory (RAM and hard drives), all your PCI and USB devices, and can even hook into the OS network stacks or set up its own. And it can create RAM disks to load its own components into.

Officially you configure that manually in AMT settings.

They ship with non-free GPUs so they're retarded anyways. But the ME firmware has been stripped to one or two modules, so the Intel ME will be active but it can't do anything and as far as we know, can't reinstall itself unless you manually restore the ME firmware with an external flasher. They also use Coreboot as the BIOS. Those machines are secure but I wouldn't recommend any machine with any management engine at all.

Of course it's real you daffy dollop..

I too remember that thread...got me like!

Seem I was never part of the deep state

Asus M4A78T-E
AMD Phenom(tm) II X4 955 Processor
G Skill 16gig
Radeon Rx480

All but the Radeon are 2009

>a decade old
Ohh, that sucks even more then.

>AMT settings.
Can it be blocked by a firewall since it has to go through the network card and the card is controlled by the OS?

>He thinks AMD is exempt
Adorable.

kind of fucked up, i remember lurking in that thread as well, thinking it was a really weird LARP.

>tfw want to avoid spying but dont know what any of the tech jargon means

me too

i already have this crap in my PC.
anything i can do now to kill it/minimize its power?

this image will self-destruct in 3 minutes. good luck my friends

IP laws are bullshit

2009 AMD cpu's didn't have backdoors or management engine

From the explination of this new or should I say swept under the rug "vulnerability". If the ME backdoor is real it isn't this new exploit but rather the existence of this "ODINS EYE" would be the cause of the exploit. As the ME would need someway to be able to interact with the Kernel in such an instance without being detectable.

All it takes is someone to have the right information to know where to look and find such a thing. This leak could have caused the exploit to be found in the first place, because it gave someone something to look for.

It's not LARP. This is pretty common knowledge stuff in Sup Forums. I guess it wouldn't interest any of you to know Intel chips are assembled in Israel and the NSA sends unfiltered intelligence, including your bank records and transactions, to Israel. The goal is pretty obviously total information awareness and control. Not to stop jihadis, but to stop y-o-u, presumably from revolting.

Press F to pay respects to based Intel user who tried to warn us. He's now probably at the bottom of the lake with cement boots in front of the Intel Tel Aviv office.

Flash your machine and use it as a paperweight.

Nice try Phil, I work for AMD and I know all about your gay porn addiction. Get help Phil, get help.

Try not being stupid?

it is true. it's always been true. but someone found out how to expolit it, and now it's news. funny how everyone calls us anons larper's and tinfoil nutters until shit hits the fan, huh.

"Major 'design flaw' in Intel processors made in the last decade could expose your private passwords to hackers"

dailymail.co.uk/sciencetech/article-5232037/Security-flaw-Intel-chips-past-decade.html?ITO=1490

Don't forget your modem/routers have this as well

>buys crazy expensive magic crypto laptop
>installs windows

What is the point if you are going to install a back door yourself?

They're simply laptops with chips that don't have built-in backdoors.

>literally giving money to israel

should have used templeOS

Yep, it's all standard PowerPC hardware. Keep in mind that they are 32-bit and so RAM is restricted to 4GB and your boot disk can't be bigger than 1TB with the Open Firmware implementation they used. Battery life is also going to suck.

They probably are but I don't have any idea on what's in the SoCs of the RasPis. As in like trustzone stuff.

You have the same problems if you're running Windows or a closed source BIOS. Just putting that out there.

You can shut off AMT and even remove the module. The problem is that the ME hardware itself is providing and entirely unnecessary attack vector for not only the CIA niggers, but also the skids on the same hotel public wireless network as you. The ME is not isolated from the OS. It can be accessed using a kernel driver. The updates are signed but these security measures have been broken before, and it's only a matter of time until it happens again.

Yes, actually. There's a project up on GitHub called ME cleaner. You'll need to dump the firmware off the BIOS ROM. You risk bricking the board and there's a 50/50 chance it'll work. I'm using a ThinkPad with a Core i5 and the ME is neutalized but there's a bug where the machine doesn't always boot and I have to try several times.

There is no perfect or easy one click solution, if that's what you're asking for.

Personal computer security is a meme. If the govt wants your shit they will get it and all tech companies should be assumed complicit.

The difference is I don't want the choice of: running like dogshit vs have my computer become Vladimir's personal mining bitch because I watched the wrong flash video.

They just want absolute information superiority.

They're dumb and don't think of the consequences of centralizing all the access.

yep, and of course you'd deny it, and no one would come to your defense because "fuck pedos" and of course everyone would believe the allegations because "why would yhe government lie?" but "of course you would hide such activity."
sounds like a perfect situation for subversive spooks

I believe I had read that it uses its own network card. Hopefully this guy knows for sure.

>it's software, firmware, and hardware

Proofs, plz.

...

I wish it was just about superiority. Then you read about PRISM and how virtually all net activity is being archived for datamining. They want to build a blackmail database and run the planet, effectively. There's no other reason to design and create such a thing.

>t.US taxes

Fell for the benchmark meme

Well wouldn't the attack vector be gone if the ports aren't accessible? Also my processor is an i7 from '09 when they came out, am I good or fucked?

>spent about $150 on a new mobo and cpu
>never even heard about this
Are the newer Pentiums ok? Specifically the G4560? Shitting a fucking brick man

>this image will self-destruct in 3 minutes. good luck my friends

4chanx strikes again

>>Sun SPARC workstations
>>expensive as fuck
>>no software
But they're great machines and Solaris is really intuitive to use

They were still using PPC on G4s?

To make money from nothing, and to observe.

If it was pure control it would be flexed more, it's not really a secret these days

Obviously, there's nothing that can be done. It's not just PC's, it's mobile phones, televisions, routers basically everything.

Unless you're Ahmed Mohamed and can make your own CPU's using nothing but a clock and a soldering iron? You gon get spied on.

Oh, shit, I remember that!

flag checks out

I remember. Bump

>Are the newer Pentiums ok
Every intel cpu minted in the last decade is fucked, with possible exception of the atom.

But then you become an anomaly. Its easier to hide amongst the noise in this day and age

Spying, tailoring adverts to suit you (making cash), selling your data to insurance companies and credit agencies.

etc. Lot's of reasons.

...