CPU backdoors

too bad amd botnet is even more malicious and you can't do anything about it

ME has full and direct access to the CPU, RAM, and thus, by extension, to virtually anything else on the system. Thus encryption obviously isn't a means to prevent it from accessing data, unless the decryption key is never used on that system.

>unplug my computer's ethernet cable

Checkmate.

Do you have links to some resources on that?

>so long as at least one complier is clean

This is dumb. If you have a clean compiler you could have used that in the first place...

>encryption means that the CPU will never access anything during the time I decrypt the drive

I guarantee you're only surviving on buzzwords for now, but you obviously have no fucking clue how this shit works, do you? This also does not help when the encrypted container is unlocked by the machine itself.

libreboot.org/faq/#amdpsp
What happens if you disconnect your network, decrypt your shit and reboot your system? I doubt it they can get your key.

>linux with full encryption is still the most secure OS
LUKS literally put your passphrase in clear text on a file

>added support for AMT out-of-band communication for wireless network with 36/48/54Mbps speed

Thinkpads from 2011 and later presumably all come AMT access over wireless LAN (the x201 from 2010 needed to have the ME firmware updated to enable this).

tau.ac.il/~tromer/acoustic/

>libreboot.org/faq/#amdpsp
>listening to lying trannies

i can understand people that want to protect their privacy but at some point where does it end if company just backdoor CPU what are you gonna do about it ?

The ME is active all the time, even if the unit is in S3 sleep mode. While AMT is the specific part enabling remote access, ME is all-encompassing and always active. Even the OEM mainboard firmware (BIOS/UEFI) is basically just its sockpuppet.

>This is dumb. If you have a clean compiler you could have used that in the first place...
Not really.
Firstly, you don't have to know WHICH complier is clean. So you can try with a dozen and see what happens.
Secondly, the "trusted" compiler(s) doesn't have to be practical. It could target an architecture no-one uses, be an antique piece of shit, be horrible at optimisation, or be a built specifically to make infection virtually impossible (and therefore hopeless at everything but this task). They just have to successfully compile the "compiler under test".

dwheeler.com/trusting-trust/dissertation/html/wheeler-trusting-trust-ddc.html#4.6.Why not always use the trusted compiler

You should read it, it's pretty neat.

...

Stallman explicitly recommends not to use anything post-Core2.

stallman.org/intel.html

This is actually is a bit imprecise, as there were plenty of Core2 systems with integrated ME/AMT on it already, such as the T61(p)/X61, X200, etc. - only the first gen Core2 (Merom) lacks it, that's why he has been using an X60 since ages (if he upgraded after all then probably to a librebooted X200).

They have to be very close to the machine fir this to work. And absolutely no one with a brain trusts RSA. Irrelevant and not part of my threat model.

>implying the chinese havent backdoored every single component they put on the market

resources.infosecinstitute.com/hardware-attacks-backdoors-and-electronic-component-qualification/

This is so common that the US Govt is starting to refuse to use any components not manufactured or quality checked by US companies with government oversight for DoD purposes.

I don't think you know what Intel is
hint: it's not the government

this. you have to find ancient/obscure hardware and run it off a battery inside a fucking faraday cage

or you know, just use facebook and masturbate to regular porn like a normal human being

>And absolutely no one with a brain trusts RSA. Irrelevant and not part of my threat model.

I guess you should stop using TLS and SSL over the web since 90% of those keys are RSA.

>amd botnet is even more malicious

stallman.org/to-Sup Forums.html
>I don't know how much better the current AMD processors are, but they are surely not worse.

Is he misinformed on these matters then?

Wait, did he publicly visit Sup Forums before?

That particular attack would only be used by a govt agency in my case

No, you don't have to be close. CPUs operate in the range of UHF/SHF frequencies and anyone with a receiver, no matter how far away and with the right equipment and power supply can pick this up. If this were the case, radars would not be able to pick up aircraft that have their IFF off.

No, people email him.

Ssl has long been compromised. Tls not so much, but anything I do warrants no attention

So is it worth buying an older CPU and running libreboot or is that too tin foil hat?

So what is the range, since you seem to know all about it?

You don't understand. A private company, and many potential workers involved in that backdoor could gain access to you information. The government is one thing, but normal, white & blue collar people?

How modern are we talking about here?

Would a is 3570k be backdoored?

> It's like a segmented, hidden part of the processor solely dedicated towards "updates" and you can't turn it off.

This is factually incorrect. If you want to make a genuine argument against something don't exaggerate like you're an 80 IQ teenage sheboon.
Unfortunately these sub processors actually serve a purpose in the business world, so much so that if you want to sell a system to anyone they're now required. Everything from laptops, SFF desktops, POS systems, all the way up to server ships. Among other things these sub processors are serving as a more advanced implementation of trusted execution. They're put in place for legitimate security reasons.

You can argue that they're not free as in freedom like you're the autistic communist Richard Stallman, but you can't say that these have no purpose.
And as far as the freedom argument goes, most of what your processor does is totally obscured from you.

Depends on what you do. Doesn't make s huge difference if the network you used is compromised.

When it is used in the wild, I might start giving a shit. But again i do nothing that would warrant that attention.

Anything post core duo/quad so yes

>Tls not so much, but anything I do warrants no attention

Anything you do warrants attention under the new doctrines in place. What you search and what you view is building a model of certain kinds of personalities on the web. This is how the NSA develops a threat model and throws red flags for National Security (at least that's their party line). They may not explicitly come after you for doing anything wrong, but they know everything about you and the way your mind operates per your personality model. This isn't about "they caught me doing something bad." This is them building models to exploit people to get what they want, whether it be information or to blackmail to get them to do something for them. Intelligence communities have worked extensively on these programs through PsyOps since the cold war and failed, because they would get caught. It's a lot easier for them to be able to do this now, when people are freely exchanging sensitive/exploitable information about themselves over the web.

Anyone with a directional antenna and a decent power supply to transmit over long distances can eavesdrop. The trick is tuning your antenna to focus in a particular area where you're not going to be picking up conflicting noise from other machines on that frequency. But these technologies have gotten so good over the years that it can be set up point to point almost like a laser. Microwave link technology has perfected this.

He found only inane comments.

>tau.ac.il/~tromer/acoustic/

I feel paranoid now

You aren't nearly paranoid enough yet.

Nah, bro.
It's one thing we can't have 100% security.
It's a differnt story to server them your private data on a a plate.

It's about hardening your defenses, not about 100% protection.

Of course, if a TLA wants your data - I mean specifically YOUR data - there is nothing you can possibly do to be 100% secure. But it's all about mass data, it's all about meta data. So try to get as secure as possible without truning full tinfoil hat. Today there's a lot of information about protecting yourself.

At the end of the day, there are people out there who make decisions. And maybe the difference wether it's 10 millions to get the data you want or it's 10 billion will make the differnce if a big data grab project starts or not.

>It's one thing we can't have 100% security.
A realistic goal is to have reasonable security. The problem is we might be headed towards ~0%.

>tfw there's probably side channel attacks for neurons and the NSA can read that I like trap pics

really afraid now, desu

Im very cognizant of that information. Tge government wants a file on everyone since J. Edgar. The government has much, much bigger fish to fry than me.
This is still a very remote, implausible situation in my case.
Nothing would surprise me about backdoors, but I don't work in a sensitive industry or have any information of value.

Your thoughts can be read externally. Its just that the signal is too low powered to be read from a distance.
If you had sensors strapped all over your scalp they could see what you were thinking. Read the alphabet and they can see the letters in your head as you're reading them.

> The government has much, much bigger fish to fry than me.

This is a faulty line of thinking. The government doesn't have to target anyone specifically. They simply catalog information, and eventually it gets sorted. Sorted information forms a record for every citizen. It is all linked together. Your digital fingerprint, all your credit history, everything about you.
Decide to run for office one day and some government agency already has a mile high blackmail folder prepared to use against you. That data is being kept forever, and when government has a resource available they will eventually make use of it. Its only a matter of time, if they haven't started doing it already.

Mass surveillance and data collection itself is a fundamental threat to liberty.

The issue here is that the hardware is the lowest in the trust model you could give. You do not have any oversight over the production of the hardware you are receiving on the market and do not know what kind of technologies are being implemented to have remote capabilities outside of your machine. There is no real auditing done on these technologies and there may be real serious exploits with these that security experts are not totally aware of.

Like said,
slideshare.net/codeblue_jp/igor-skochinsky-enpub

It's really a case of, "Don't trust it if you didn't build it yourself." Unfortunately for computing, you cannot recreate these things because of the laws and institutions in place.

>Im very cognizant of that information. The government wants a file on everyone since J. Edgar.

They don't want "you." That would be too much information they would have to manage. They want your template. They're building a database to see how many people really fit or closely match templates. Not only in foreign countries, but around the world. It gives them an idea of what to expect from someone when they have to deal with them. It's kind of a creepy and fucked up way of getting to know someone before you even meet them.

brb getting rid of this machine and replacing it with an ancient dos machine and never using the web again

All you do is tell me why I should be worried. You offer no solution, no new information on the subject, just fear. And to top all that, here you are posting on a Nazi imageboard telling everyone that will listen to why we are all fucked. What I'm doing online is really no worse than 96% of other folks. Sure I agree with your assessment, but offer some solution: stay offline all the time, use cash for everything?

At least Intel's can be removed. AMD's has yet to have this possibility.
github.com/corna/me_cleaner/blob/master/README.md

I'm on Intel Core2 Duo T6500, am I safe? pls help

and if the OS is secure, and nobody can remote access the PC then this hardware with a backdoor is not going to let anyone in,

There is some very recent information in the latter two links posted by .

For decades people have voted in politicians that campaign on destroying liberty. Everyone loves their chosen conquerors. Put the right coat of paint on any legislation and you can get half or more of the country to support it, no matter what harm it does to them.
The damage can be undone the same way it was done in the first place. Vote in officials who will reign in abuses of power, and who take oversight seriously.

The problem is that people get the government they deserve. The majority of people are under evolved tribal animals who associate political parties as their own tribe, so they support them unquestionably. Its not a battle that has to be fought against the government directly. What we have to face is a war on culture itself. Mindsets need to change, the people themselves have to change, or any impact that one or two radical elections have will eventually rebound, and it will return to the mean which is infringing on liberty for the sake of expanding government.

Educate everyone you know. Its your duty.

Its all software based, relax every one.

Something something AMD trust something Intel theft protection something something, You really dont need the internet to survive.

this thread is dedicated to tinfoil asshattery

/thread dead

Where is any proof intel and AMD have backdoors?

From my understanding there are encrypted blobs of code that are signed and can't be audited or switched out for your own (since it's signed), which is obviously a POTENTIAL security concern because there COULD possibly be a backdoor in this code, BUT since it's encrypted and has never been audited (as far as I'm aware anyway), there is no proof there are or are not backdoors in place.

The most you can say is there is the potential for a backdoor, however it is always safe to assume a state level actor(s) can get access to your computer and your data, regardless of your security measures and encryption.

If you throw enough money at the problem, it WILL disappear. This includes CPUs without backdoors too, it just takes more sophisticated methods and more time/money.

It has direct memory access, network stack access out-of-band, and runs unauditable code on practically every meaningful computer in existence. It even implements an entire java vm, millions of lines of code. Tell me that the government wouldn't spend 2+ billion on access to even one 'accidental' vulnerability in this system, if it meant they could invisible own any device in existence.

Hell, that's probably way less than they spend on R&D for exploits anyways

What you fail to mention is that all parties supported this. You can't play the "you voted them in!" argument when they were both the same.

It's the "I voted for Kodos" defence.

Delete the relevant blob and be done with it.
github.com/corna/me_cleaner/blob/master/README.md

>Its all software based, relax every one.

That's not even remotely true.

youtube.com/watch?v=4kCICUPc9_8

>Tell me that the government wouldn't spend 2+ billion on access

Well as I said
>it is always safe to assume a state level actor(s) can get access to your computer and your data, regardless of your security measures and encryption.

If an entity with that sort of budget wants to know what you're up to, they're going to find out.

I don't care if you built the CPU from scratch in your basement and run your own OS, etc.

What you fail to mention is that 3rd parties exist.
Both the DNC and RNC are privately owned organizations controlled by a handful of wealthy donors.
I did not in anyway push the two party paradigm, your mind is simply stuck there from years of social programming.

Anyone with half a brain understood the implications of ME. Just like pre Snowden era when anyone suspected that the govt was hacking everything possible. No its not 200% confirmed, the govtt will hang on to the vulnerability as long as possible to avoid disclosure.

Did you even read any of the documentation? If someone has the keys, they can gain access. All the doors are in place, it's not even a secret. It's known what ME/AMT does officially, what isn't known is its undocumented "features", and obviously like in any software, there's bound to be bugs to be exploited if (or rather once) they're discovered. You sound like someone who claims that the existence of the Bilderberg group is just a lunatic conspiracy theory - no it's not, it's official that the meetings take place and who attends, but it's unknown what is being discussed and decided there. That's a vast difference.

How did the process go for you? Do you have problems with the NIC?

>it's official that the meetings take place and who attends, but it's unknown what is being discussed and decided there. That's a vast difference.

Lol except in this case there has never been a confirmation ME was for a backdoor, sure, anyone in the industry can read between the lines and make an educated guess. But show me literally ANY source that can actually confirm if there is a backdoor.

>all parties
Blue and red are not the only colors.

Only ones that matter. It's pointless to even begin discussing 'third' parties.

No amount of saying how smart you are (like ) will make anyone change their voting patterns.

AMT itself is the backdoor, it's obvious if you know how it works. Whoever either has the cryptographic keys or can exploit a bug can make use of it.

>only ones that matter
Opinion discarded. Kill yourself. You are the problem with this country.

>it's obvious if you know how it works.
And how would you know how it works since the code is encrypted and has never been independently audited?

>It's pointless to even begin discussing 'third' parties.

This mindset itself is the problem.

>being this defeatist

If SJWs can come out of the woodwork to get social policies changed around countries and a bunch of fat NEETs on Sup Forums can somehow convince the country to vote for Trump, why couldn't you convince anyone to vote for a 3rd party?

If ME checksum fails the system will shut down after 30 minutes. The person who wrote that shitty python script obviously never tried it on real hardware.

Yo, can you give me some sources on these backdoors? I'd like to know a bit more about what chips are and what aren't backdoored, and is it even true that they are backdoored?

What kind of organisations post data on these kind of issues? Wikileaks? White-hat security companies? Universities?

You already know its a backdoor in your heart, but you are trying to justify your apathy towards it. Like a German that is convinced their communication was not compromised because they had no concrete proof

This is fallacious. If no one's reporting on this, that doesn't mean it isn't happening.

I didn't even know it would boot, I thought if it detected unsigned code it simply wouldnt boot.

The officially documented features and accessible information (whether straight from Intel or obtained via independent research) are more than enough.

>You already know its a backdoor in your heart
Kek, love the source.

Sorry, I have no arguments that it is probably a backdoor, but fuck off with your CONFIRMED backdoor bullshit, nothing is confirmed you fucking nigger, stop trying to pretend to make yourself feel better.

>much bigger fish to fry than me.

>what is mass fishing.

No one will single you out and target specifically. It'll be a mass sweep with everyone taken with looking.

Lets see the source then bby. Point me at these backdoors publicly being mentioned.

me.bios.io/Resources

Can't you just physically damage that part of the chip like they cut dies to make lesser chips out of better chips?

The 30 minute window is there to let a technician "repair" the device.

Stein and Johnson were a joke. Run a plausible candidate with s feasible platform and I might consider it.

repair meaning flashing the proper Management Engine code.

im a poorfag still using q6600 so lol at u

No. Like said. The system relies on these components for boot.

Also
>cutting into a 14nm chip

I'd love to see someone do this.

It's literally a case of "the only winning move is not to play." That's why so many people protest now by spoiling the ballot, because it's a countable method of protest that's better than not even turning up.

It's true. You can elbow your way through the line to put in your vote for the third party but it's not going to count for anything in the grand scheme of things because you're still playing the game.

Sup Forums didn't do shit. What won Trump the election was promising abandoned people of the rust belt (how does a country happily have an entire stretch of a continent with such a poor name but no help for it?) being told that a vote for him will bring back their dignity.

SJWs win because they have the same school of thought as the Marxists that are our politicians.

>q6600
Uhhh. The Q6600 has iAMT 2.0

The 2nd generation of AMT.

Spoiling the ballot as a protest isn't going to make people do anything different. Even if 40% of voters wrote in the same meme it wouldn't matter.