MINIX — The most popular OS in the world, thanks to Intel:

The creepy thing is that that's not enough to prevent OOB attacked. You'll need a compromised CPU, which you're effectively not allowed to have.

What is an OOB attack?

I think it was a battle lost way before anyone relevant could notice.

Was. Right now there's nothing much anyone can do to change this and it's nothing but empty complaining about it. You either get a little or too much, but there's no way to get none. You use a computer and you're pretty much fucked there.

Architecture doesn't matter. You'll need a CPU from a company not based in a country with a government that can detain you. Maybe VIA is clean. VIA was founded in the U.S. but is Taiwanese now. Of course, VIA not being part of the U.S. "backdoor every CPU" project means it's years behind and you'll have to break the bank hard for slow a CPU.

>*You'll need an uncompromised CPU
Sorry, typo.

Out-of-Band. Basically using another physical networking layer than the primary. For example, you disconnect your PC from the internet but your CPU can still communicate with NFC to the outside world.

CPUs nfc chips in them now? Jesus christ that sounds terrifying.

# pkgin update

# pkgin install git-base
# pkgin install binutils
# pkgin install clang

# pkgin in perl python27
# pkgin_all

Source is Dutch but they delided an i9-7800X and it had RFID inside.

nl.hardware.info/nieuws/52325/intel-verstopt-rfid-tag-in-core-x-processors

Mind you that not all RFID standards are for very close range. Some work over 10m or more.

What's the latest cpu I can buy and avoid it having wireless connection?

Via you burgers!

How did they even obtain x86 license?

It doesn't have a wireless connection. It needs an RFID reader within range and if you have a cooler installed, there's basically no chance of it being read. And that's assuming there isn't a shit load of RF noise in your PC case, which there is.

You tinfoil hats have to understand that the RFID chips are for tracking inside the factories before the chips have any identifying markers.

Isn't power 9 open source?

YEAR OF THE MINIX BACKDOOR

They have some patents used by Intel in x86 so they keep them by the balls.

that's what they want you think.
why'd you bring it up if it isn't to access the cpu wirelessly and why would factories need to track their own chips inside of their own factories?

Do they have any cross-licensing agreements (like amd had with intel)? Because in case of intel you can't keep them by the balls, it's the opposite.

From what I can see the rfid chip isn't connected to system in any way. You can track the chip but there seem to be no way for it to access your machine.

China is a botnet country
America is a botner country

Wait, why is noone in japan or korea making cpus? Sony or samsung? Wouldn't that solve everyones problems?

Russia makes their own CPUs ;)

>what is arm?

G-d bless

Samsung os botnet though.

Is arm what phones use?
I am really out of the loop with cpus, i always assumed if i have a gappless rom im the least botneted

The only real answer is to use old CPUs before the botnet.

Thats slow

Only because of crappy coding. Look how fast RISC-OS is on SoCs, or even Haiku on old x86 computers.

lowRISC will probably be uncompromised by this as they're aiming for reproduceability and transparency.

Also while Allwinner has their security modules and trustzone, I'm 99% sure they can be left uninitialized or loaded with FOSS firmware. Allwinner is nice, just a simple non-programmable bootrom, and great open source U-Boot support thanks to full documentation of the platform. Their own Kernels have had a backdoor once, and they violate the GPL occasionally, but as linux-sunxi.org mainlines and cleans up their work, the chips become freedom heaven.

They put it there to have a backdoor

I hope someone actually compromises IME or the PSP and irrevocably installs malware/botnets/ransomware on huge swathes of the computers out there

Maybe when the national GDP of multiple countries takes a hit because everything HAD to have a fucking backdoor, and both AMD and Intel get ripped to shreds and destroyed as companies for doing it, we'll finally see some sense in hardware security.

>we'll finally see some sense

I doubt it. The last 20 years of computing has been creating problems we never had so solve issues they created.

All it takes is 1 rogue employee

I guess my concerns are completely unfounded, I'm so glad that intel and co are using nfc for singular purpose of keeping track of products while producing them.

ARM is CPU design that companies buy to manufacture CPUs.
arm is upper limb of a human body

For some reason you refer only to x86 chips as CPU. There are more instruction sets. Nobody produce x86 chips because you can't license it from intel and make profit, even if you somehow produce x86 chip you will suffer from intel's anti-competitive practice.
I suppose the most popular modern instruction set is ARM. ARM-based CPUs are produced everywhere. And no, anything can be built with it. There are ARM laptops and servers too.

...

Because everything in CPUs is currently tied to one of two expensive licenses, x86 or ARM. Additionally if you want to fabricate it yourself you're going to need another X billion dollars for the fabrication facilities. And then there's the problem where a ton of stuff on both the design and fabrication side of things is tied up in patents.

ayyy lmao
>loonixfags utterly btfo

Yes.

Actually this BTFO's everyone who uses these CPUs.

I've seen some people here saying that ARM is inherently compromised. Can anyone provide sources proving this? There was a bit of a discussion in this thread about TrustZone, but is there anything else to be aware of?

Then it doesn't have same problem as AMD and intel, does it?

It does not.

>Note to AMD: Now might be a good time to remove similar functionality from your CPU lines to try to win market share from Intel.

But that would make them bankrupt us government would be pissed on amd

Just buy a 8350 if you are a paranoid pedo

idiots will still go for intel cpus.

>why would a company need to track inventory through the production process

neck yourself, retard

what about this user theregister.co.uk/2016/09/01/china_64_core_chip/ ?

Anytime I see threads like this, it reminds me of the huge number of people who have no college related education in regards to computer science or computer engineering.

> TPMs
Hardware security modules have been the thing of study and real-world solution for decades. It's not a secret back-door.. It's a more robust security module whose implementation is reviewed by a consortium of engineers at :
trustedcomputinggroup.org/

They're in everything because they work far better than software security. They're on just about every ARM processor in every phone and ever processor in every computer. They used to reside off chip as a pluggable module on computers but was brought on die to cut complexity, cost, and space. As for remote access capability, it's obvious brainlets never worked in enterprise IT where such things are required features. Stop yappin on /g all day and go get educated.

>networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.html
And also, what dumb fuck wrote this article..

Intel Management Engines are used by IT to update/secure/monitor nodes without needing physically access.
From the article :
>Why on this green Earth is there a web server in a hidden part of my CPU? WHY? The only reason I can think of is if the makers of the CPU wanted a way to serve up content via the internet without you knowing about it. Combine that with the fact that Ring -3 has 100 percent access to everything on the computer, and that should make you just a teensy bit nervous.

> Bryan is a writer and works as the Social Media Marketing Manager of SUSE.
> Social Media Marketing Manager
Brainlet.

The utter state of sensational misinformation on the internet.

>As for remote access capability, it's obvious brainlets never worked in enterprise IT where such things are required features.
Then why is this enabled on machines sold to consumers? Why can't owners of devices turn this off? Why does Intel restrict the installation of Open-Source firmware such as Coreboot or Libreboot with this?

> Why is it on consumer machines
Workstations that need to be managed by IT.
Dell/Business

Also, here :
> en.wikipedia.org/wiki/BitLocker
When used in conjunction with a compatible Trusted Platform Module (TPM), BitLocker can validate the integrity of boot and system files before decrypting a protected volume; an unsuccessful validation will prohibit access to a protected system.[12][13] BitLocker was briefly called Secure Startup prior to Windows Vista being released to manufacturing.[12]

and here :
docs.microsoft.com/en-us/windows/threat-protection/secure-the-windows-10-boot-process
Windows 10 supports four features to help prevent rootkits and bootkits from loading during the startup process:
Secure Boot. PCs with UEFI firmware and a Trusted Platform Module (TPM) can be configured to load only trusted operating system bootloaders.

So,clearly it has highly functional and beneficial use. The whole point is that it just works and you don't know that its there.

> Why does Intel restrict the installation of Open-Source firmware such as Coreboot or Libreboot with this?
What would be the point of a TPM if any jackass can just overwrite the firmware? That's the definition of a rootkit which TPMs are meant to prevent which is why they don't allow 3rd party access to them. Even development for a TPM module is protected under NDAs and the host computer which accesses the spec docs hardware monitored... I really don't think people appreciate how secure and functional these devices are. The firmware is audited by a consortium of engineers at : trustedcomputinggroup.org/.

Instead of engaging in this open-source REEEing, how about you ring them up and ask them to give a talk at an open-source conference as to why they logically don't open up TPMs for general access? No one's backdooring into your loli computer.

He has a valid point though you fucking Intel Jew. We are not free while part of our hardware is able to lock us out.

This. When a company gives employees computers, I don't particularly have that much of a problem with this sort of thing. That's because the computers are owned by the company, and not the employees.
However, When someone buys a computer, that computer is owned by THEM. They own that computer, and should not be surveilled, locked out, or fucked over by this shit. There is truly no purpose to have this shit phoning home if it's not related to business reasons. This is clearly a botnet. Whether it's CIAnigger, or Jewish, or NSA, or deep state, or all of the above, it's a problem.

Are you false-flagging or you are really that retarded?
> it's obvious brainlets never worked in enterprise IT where such things are required features.
Talking out of your ass? Nobody is using this shit, like literally no one. One of the best possible use cases are machines in the datacenter. But people don't use this shit even there and they don't want it in the first place, there are much better tools for job.
Every time this topic comes up on hacker news, someone always asks if somebody is actually using ME on any scale or had any meaningful reallife experience with ME. And no one ever did. You only hear how useful it is from the marketing slides or from the sites who had barely any idea about IT in real-life scenarios.

So basically, they are shoving up your ass the feature nobody uses. The feature that can potentially be exploited to get COMPLETE CONTROL of the system REMOTELY. If you are saying that it's a good thing, just kill yourself, you stupid bitch.

>The feature that can potentially be exploited to get COMPLETE CONTROL of the system REMOTELY.
name a high-profile incident where this has actually happened outside of the twitter page of some nameless "security researcher" under unrealistic conditions

Just because no one robbed your house yet, doesn't mean that it's okay to leave the door open.

After eliminating the botnets in the CPU, we can then turn to eliminating the botnets in the RAM (I'm not even sure about the RAM), HDDs/SSDs, NICs, GPUs, USB modules, HBAs... This will be in the year 9001

the problem is that you're screeching about the door being open when you have fuck all to actually prove that it is, just that it "could potentially" be, therefore it is

How much do they pay you to eat all this shit, you poor sold soul?

I'm not a paranoid pedo, just image if some crazy russian fines an exploit in ME, almost every pc in the world would be at risk.

So why is that part of the CPU locked? Stop being such a shill mate.

*finds

Why are people still worrying about this when the flag used by the US DoD to disable it was found months ago?

github.com/corna/me_cleaner/commit/ced3b46ba2ccd74602b892f9594763ef34671652
>Positive Technologies discovered the presence of an undocumented HAP bit in the PCHSTRP0 field of the descriptor which, when set to 1, disables completely Intel ME just after the initialization.
>This is confirmed both by an analysis of the status of Intel ME after the setting of the bit and by reverse engineering the BUP module.

More info here: blog.ptsecurity.com/2017/08/disabling-intel-me.html

>s-s-shill!
glad we both agree you have literally nothing to shore up your misinformed, regurgitated opinion

>$0.003 have been deposited into your bank account
Are you retarded? How do you know there aren't another thousand exploits?
Stop being a shill.

>s-s-shill!
glad we both agree you have literally nothing to shore up your misinformed, regurgitated opinion

>why is a remote management facility intended for corporate systems designed to be difficult to disable?
Why don't you actually take some time to think about it?

You didn't answer my question shill, How do you know there aren't another thousand exploits in ME?

Maybe because the only people working on ME related tools/exploits/etc have confirmed ME gets disabled after setting the bit?
I think I'll trust the words of people that actually work on these things over some "$money has been deposited to your account xDDD" memeposter.

My next desktop's going to have a Chinese-made MIPS processor. It may have Chinese backdoors but I'd rather be backdoored by a country with no jurisdiction over me.

I want to see you saying that the some of these exploits fall in the wrong hands.

what question? all you did was ask me how much they paid me to ask you for basic evidence to back up your retarded FUD
>How do you know there aren't another thousand exploits in ME?
how do you know there aren't another thousand exploits in any critical networked technology we use today? do you understand how much of a retarded goalpost-moving question this is?

you're not actually trying to get to the bottom of whether the ME is malicious, exploited or not, you're just trying to pose a bunch of manipulative questions and assumptions designed to manipulate people into joining your retarded circlejerk, how do you sleep at night knowing you're such a sleazy piece of shit?

but sure, if we're going to play your little game, there have been an incredible number of exploits released over the last few years from various alphabet soups and not one of them to my knowledge included an ME exploit, isn't it kind of strange to you that they would be popping easily patched 0days on operating systems and common software when according to your bullshit assumptions they basically have "thousands" of ways into a system that operates at an even higher privilege level than the operating system itself?

Did you just copy paste this from the orange site?
>mfw

By aquiring Cyrix.
There is a video on YouTube about this. Saw it there.

>How do you know there aren't another thousand exploits in ME?
I think it'd be pretty difficult to exploit something that's disabled & stuck in a hung state.

>in this mode, BUP hangs instead of executing InitScript. This means that the remaining sequence of actions in normal mode has nothing to do with HAP and will not be considered. The main thing we would like to note is that in HAP mode, BUP initializes the entire platform (ICC, Boot Guard) but does not start the main ME processes.

Sure you might be able to exploit it during the initialization, but if you can exploit that you must already have control of the machine in the first place. Initialization is also probably the most secure part seeing as its sole purpose is to verify module signatures and shit.

Don't forget this initialization takes part long before any other part of the system is loaded, meaning there won't be any kind of Ring 1 -> Ring -3 privilege exploits, because Ring 1 isn't even running yet.

Underrated

Some intel chips with AMT have a 3g modem built in
intel.com/content/dam/doc/white-paper/digital-signage-vpro-amt-3g-paper.pdf

>that's what they want you think.

I want this to happen so bad

...

no it wont
the people that want a system to be compromised they will compromised it...

remember some years ago that someone runned an article about how nsa was able to get every router that was going to the middle east and or other countries in interest and they installed their own version of fw?

MINIX CONFIRMED BOTNET!

the amd psp code is able to do on the fly encryption of the memory
pretty sure its a selling point

ARM's obviously not inherently compromised, they sell CPU designs and instruction sets and those who buy a license can implement it in whatever way they want. This usually means cutting away as much as possible while keeping it functional and reasonably fast.

This does mean that Qualcomm ARM SOCs could have all kind of nasty things and backdoors while Mediatek's don't - or the opposite. I have no idea. I am just saying that you can say very little about ARM SOCs in general since all kinds of players make them.

>Google wants to remove MINIX from its internal servers

Botnet vs. Botnet

Ty! It worked.

So there is no point in choosing Linux as a main OS you still will be a part of botnet?

Unless you use unbotneted hardware/remove the botnet from it.

There is no point in wasting oxygen by allowing you to breath.