The hijacking flaw that lurked in Intel chips is worse than anyone thought

>arstechnica.com
NEVER link to this shithole of a leftist, anti-free-speech, anti-Sup Forums site!

archive.fo/Ty4i5

>PLS D-DELET DIS
kek

No string at all

>shlomo, what password do we use for secret backdoor?
>I dunno, yitzack, any will do.
>any password it is!

Back to you dumb ryzenigger

>Sup Forums
Looks like your house isn't the only thing that 140W single socket holocaust has burned

>making Holocaust jokes
>haha boicott Jewtel

Go back to you stupid fascist neo nazi.

>having to resort to blaming pol to defend a fucking processor
Enjoy your botnet housefire

I'm using Core 2 machines with the cuck engines fully disabled. Feels good man.

Do you even know where you are? Tumblr is down the hall, newfag. Pic related.

>A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined, because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password.
That's exactly what we imagined though.

This is exactly what people were trying to warn us and them about.

It's not even a flaw. Intel chips are what we call defective by design.

>password authentication accepting no or the wrong password isn't a flaw
If they were designing it to be a backdoor they would have had a master password to let the NSA in, not just break the authentication entirely.

It's a flaw, in a shittish feature.
And most of us don't have to worry about it because we don't have vPro enabled motherboards.

...

DO ANYONE HERE

DARE I SAY

HAVE ANYHING TO HIDE

???

THESE ARE FEATURES TO COMBET THE TERRORIST THREAT THAT BLEW UP THE TWIN TOWERS IN JEW YORK, REMEMBER GOYM

!!!

well earned
sholomo

well earned

It's a backdoor. You give these people at Intel and the NSA/CIA way too much credit. It's almost like how a few years ago certain partitions on iOS and Android devices weren't protected in any way from being written, allowing all kinds of rooting and bootloader unlocks, or how on Macs you could boot into single user mode and change the login passwords on unencrypted drives. It's just lazy engineers thinking that nobody will notice.

So why does it most hurt businesses and not consumers?

SHUT IT DOWN GOYIM

Are you saying that there is a HTTP server running on Intel CPUs?

wtf I love arstechnica now!

Maybe that's what is causing the stuttering in games kek

don't worry it's patched now, just another 0day discovered and fixed like every other piece of software (including AMD firmware) has had several of at one time, nothing to worry about.

This is fucking ridiculous
Intel won't even address the core issue & let us remove this shitware from our computers, they'll just release a patch that fixes this one vulnerability. It should be illegal for corporations to force this shit on consumers, I hope there is a huge lawsuit being prepped for this

No, it's running on the motherboard.
Most consumer motherboard don't support it.

>0day
I don't think you know what it means.

That's a blatant lie you fucking shill
>As Ars reported Monday, the authentication bypass vulnerability resides in a feature known as Active Management Technology. AMT, as it's usually called, allows system administrators to perform a variety of powerful tasks over a remote connection.
>Currently, AMT is available in desktops, servers, ultrabooks, tablets, and laptops with Intel Core vPro processor family, including Intel Core i3, i5, i7, and Intel Xeon processor E3-1200 product family.

Well none of my cheapshit motherboards support it.

My thinkpad is affected. Fuck, time to invest in some hardware and remove ME. But most people won't go to such trouble, and are left with affected systems

It's both the chipset and the CPU.
The chipset gives the access to the network interfaces and other shit while the CPU section allows for access to processing without the OS knowing.

jews my friend
jews

I hope this fucks up Intel.

We /Ryzen/ now

>I'm reporting this thread to mods
see
>Sup Forums.org/rules#global7
good bye shill

semiaccurate.com/2017/05/03/consumer-pcs-safe-intel-meamt-exploit/

> TLDR; There is a remote control mechanism in hardware that cannot be fully disabled and you cannot get Intel hardware without it.

go back to sucking Trump's tiny cock Sup Forums fag

> I'm using Core 2 machines with the cuck engines fully disabled

how? the cuck engines (ME/AMT) are in hardware, can only be disabled by blowing fuses

On some systems Intel ME is on the chipset (mobo) on others it's on the cpu

t. cuck.

> ...time to invest in some hardware and remove ME

your box won't boot without it

>comsumer pcs safe

With certain thinkpads and libreboot you can.

Honestly though this intel flaw is the biggest botnet of all.

What the fuck is a person to do?

yeah, i think you're right. what's the name of that project? it's on github somewhere

read the full article

>Intel claims the ME is ‘fused off’ completely. SemiAccurate does not believe this to be totally accurate. Our research indicates that there were fuses blown but they don’t actually disable the hardware. If Intel’s claims are accurate then why are bits of functionality that should be “hard disabled” present in other consumer grade features? They may not be robust or fully featured but that is a firmware/software issue. The sizes of the latest branch of ME firmware are ~1.5MB for consumer and ~5MB for corporate.

and don't believe jewtel's claims

underrated

spotted the 7700k owner

>literally nothing will happen like every other supposed big name security flaw
woooooooooooow

yeah I read that article. really shows me how stupid people are

you mean the NSA botnet that we all knew is built into Intel chips doesn't require a password to use? top kek!

how far away are we from a truly open cpu being commercially available? maybe not Kabylake performance, but something like a Raspberry Pi's performance?

so is AMD any better? what are the alternatives then?

>The problem is what happens if you don't use a browser, but you generate an invalid request manually or using a proxy to alter the response, sending an empty string instead of the 32 character hash. Then the compare code does this:
>strncmp("6629fae49393a05397450978507c4ef1","",0)
>This means the function will compare the first 0 characters between the two strings. So it is equivalent to:
>strncmp("","",0)

Oh look, it's a "Shitty language that should have been killed ages ago causes another exploit" episode

I don't see any articles about Ryzen backdoors.

> so is AMD any better?

not really, AMD has their own version of ME (can't remember what it's called).

> what are the alternatives then?

i have high hopes for...

The very fact that we're debating if it was the handwork of a 3 letter agency(JEW) or pure incompetence is a worrying sign of the times were in.

> house falls down
> stupid shitty hammer

don't blame C, blame jewtel engineers

i thought AMD has their own inhouse backdoor? i think the user above is right that currently raspberry pi might be the only un-backdoored commonly used processor

>requires a vPro processor to be used
Bad news for business, but it's fucking nothing in terms of your home PC

> vPro processors

Wow it's fucking nothing. Update your firmware if you're affected.

libreboot__dot__org/faq.html#amd

> AMD Platform Security Processor (PSP)

This is basically AMD’s own version of the Intel Management Engine. It has all of the same basic security and freedom issues, although the implementation is wildly different.

The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013)

Does that mean pre-2013 amd's are a decent option?

>server only shit now in business laptops
>vulnerable and buggy as shit
>>this is ok, I don't mind
You don't think this will trickle down to your shitbook?

don't know

This exists in all intel CPUs since many years. What makes VPU processors different?

How do I make an open source processor Sup Forums? I don't like this future.

en.wikipedia.org/wiki/RISC-V

the days of cpu monopolies/backdoors will come to an end (hopefully sooner than later)

C, like the pitbull, is truly the "dindu nuffin" of programming languages

please do not post 2hus with shitty pol replies, thanks.

security vs convenience... chose one

most Intel/AMD cucks will gladly piss away security for the sake of convenience (e.g remote management features)

kys or GTFO. you don't belong on Sup Forums. fuck off back to plebbit you baka.

The users never got any convenience out of it.
It's just apathy and trusting intel and the government.

>kys
redditor detected
please be sure to lurk a few months before posting again, thanks

kys plebbitard. just fucking do it.

>1480043884097.jpg
please stop projecting your newfaggotry
the influx of redditors to Sup Forums this election season is ruining this site

More like "update". Right along the lines of "patched".

you have to go back.

>redditors

Aww, the anti white redditor wants a safespace :(

>he got triggered and replied again
REDDIT

he's just lonely and wants to spew some Sup Forums bile at someone

Sup Forums isn't your SJW safespace, redditor

>SJW
reddiiit

How do you even control the internet through a backdoor in the cpu chip thingy

Is SJW your trigger word, reddit?

Just kys faggot

I appreciate your efforts.
t. crossboarding cancerfag

lmao, go back to whining about SJWs on reddit, loser

>that deflection
Go back to /r/anarachism, redditor

Think of it as a listening device with a kill switch.

>he knows the names of specific subreddits
HAHAHAHAHAHAH YOU'RE A LITERAL REDDITOR
you can't make this up

As a lower middle class leftist feminist, Sup Forums and botnet apologists are both cancer.

The old sandy bridge backdoor rears its ugly head once more