So it's finally happened. Now other than the Govt...

This. There's no escaping this level of botnot.

Just wait until some skid point-n-shoot trash comes up.

They gained access to the part of the chip that has access to the CPU, memory AND networking. Basically, every intel chip has now been confirmed vulnerable.

Wait wait. Guys. GUYS.
Does this mean we can also turn off or replace the ME on OUR systems?

Morris Worm 2.0 soon, fellow Stalker!

the mad man did it

>Holy shit, I feel like I've seen this thread before.
It was deleted

>not using epoxy to affix all peripherals to your computer permanently
>not filling all other ports with epoxy
>not coating motherboard in epoxy

>via USB DCI
If someone else has physical access to your machine it's compromised anyway. That being said, this exploit is still spooky.

Yes it does, however, now all intel chips are vulnerable. So..... is it really better?

>not dipping yourself in epoxy
like you are begging to be hacked lads

Or a single machine on a network.

How is this vulnerability exploited?

so what exactly can you do with this?

pretty sure this is old news anyhow.

Ring -3 botnet. Imagine being able to run malware even if the PC is off.

Eh, you'd be amazed how easy it is to not have people plugging random shit into my PC. I do it all the time.

>Physical access
Wow it's fucking nothing.
First rule of security since the fucking 60s has been "If they have physical access, it's compromised"

they need physical access.

In other words: it's fucking nothing. Only a problem for governments and coporation who think they should be keeping secrets for whatever reason

Wait until someone figures out how to do it over software. Depending on the firmware used to drive it, it should be doable.

>Wow it's fucking nothing

Be that as it may this is still very impressive. The fact they've managed to control the impossible to uncover botnet that only Intel has been able to control for so many years.

They could alter what the chip is storing in its memory, run or alter programs on the cpu, make your computer connect or disconnect to anything on your network it has access to... Pretty much anything.

>Wow it's fucking nothing
>it's fucking nothing

Hey we think alike :))

What about used hardware? Every Thinkpad can be compromised

Or people who could be blackmailed by said governments and corporations.

Or anything pre-built.

Can't wait for next years defcon

Or anything during any part of the manufacturing process. Already happened with routers

>He thinks turning off his computer protects him from the underlying MINIX instillation on Intel CPUs

You better be unplugging as well user, those things can run when the main pc is powered off.

Also "physical access" is a really nebulous term when you consider the capabilities of ME/PSP

Holy fuck

Glad to have a fucking M processor in my mac

Wait, what happened w/ regards to routers? Didn't hear about it under my rock.

Getting my tinfoil hat ready

This one? Also, this image failed to upload so many fucking times. Is Sup Forums acting like shit right now?

Maybe they're talking about this? The government would intercept routers in transport to stores etc and flash them with custom firmware.

>regardless of whatever security you have
Good luck entering my encrypted disk.

That's fucked up.

what is dumping the encryption key from memory?

I wish I could do something about this and i hate it.
I don't even care if it means having to switch to a low-power processor. I don't like the thought of having a second operating system running without my permission.

.... this means we can remove the MINIX os....

Who cares? Just turn off the computer and all cache is gone.

That we're aware of and for the moment. They'll just fix any holes/exploits on future hardware you dessicated tit.

Not necessarily and even so, this is a ring -3 vuln. It can just grab it while your PC is on and phone it back home

>not also having 7 proxies just to be sure

And? You're not gonna need more than a intel i7-7700k for anything. Maybe a i9 for huge tasks. But at this point, I doubt you'll ever need more powerful hardware than we have now. I use my Pentium D machine more than my FX-8350, and honestly, it works just as well. I program, browse the internet, and mess with embedded devices. Using OpenBSD and a Pentium D? Perfectly fine for that.

So if intel is doing this with basically every single chip they've put out in the last decade can we assume that AMD is doing the same thing

I get that everyone here has their favorite sports team or whatever but I would very willingly switch if AMD didn't have these same backdoors.

That would be post exploitation phase

Thanks user!

I'm not sure what you're getting at here. What's wrong with wanting hardware that doesn't have this in the future?

Fact of the matter is, unless RISC-V or Power9 come out and are actually free. Its gonna be bullshit flowing from intel and AMD and they wont care. So now you can use up to a current gen processor and know you are safe. So who care about next gen tech, when we have hit pretty much the plateau anyway

640K is more memory than anyone will ever need.

>What is moores law? why has it been slowing?

1995 vs 2005, huge difference, can't use a packard bell 1995 Cyrix running machine in 2005.

2005 vs. 2015, nearly the same usability for general tasks, using a 2005 laptop now (as I am) is still completely usable.

We have access to the top of the line i9s now and 1tb of RAM. I think you're fine, at least for your life time.

All I'm saying is that you should stop trying to predict the future.

White box exploits are a lot easier to develop than black box ones. Having a code dump will be useful to malicious actors who didn't already have one.

This
>muh limits
>inb4 200ghz graphene cpus

I only ever said this was good and we can now remove the MINIX OS from our CPUs. So how about you suck my dick?

And if software ever ends up needing an i9 and TB of ram, thats on the developers.

>and Intel anyone can get into your OS regardless of whatever security you have
but i use amd

>So how about you suck my dick?
Different user here, are you willing to compromise?

AMD has PSP and its even more undocumented then IME

sure, why not

Questions are

1) Can USB DCI be enabled without special keys (as intel claims) and manual bios shenanigans (via some OS-BIOS interface maube)?

2) Is this shit possible with some kind of virtual, not physical, USB device?

And that's why it's not engineering.

>Implying mechanical/electric/etc engineers don't fuck up on a daily basis

You'd be surprised the stupid shit that engineers say and do.

>blundering errors and fuck ups.
It wouldn't be if Intel didn't backdoor and sabotage. It is time to move beyond such a terrible company.

>yfw the IME is used to administer the patch
>yfw intel were the good guys all along

intel computers are sluts who connect with anyone and accept all of their packages

>anyone
So the average person you'll come in contact with can?

>Woman using a steam gun to weaken enough adhesive to prevent severe ripping.
The U.S. really cares for our packages.

Moore's """Law""" should really be called Moore's Observation

is there something preventing emulation or spoofing of this 'USB DCI' in software?

And now you can do it too!

>sell used thinkpad on ebay
>install a botnet that randomly changes family photos to loli porn

this guy unfortunately commit suicided with 3 barbells in the back of his head in a freak weightlifting accident

are you referring to the African fella who died in an unfortunate weightlifting accident days before testifying again Hillary?

Lol.
If someone has a physical way to reavh your computer you already lost.

AMD has PSP

I've seen shills going, "ITS NOT THE SAME" because apparently it's "trusted computering" instead of a "management engine"

They never actually elaborate on anything so I suspect that yes AMD is just as vulnerable but nobody's delved into it yet the way they have with intel

Actually kind of cool it means that now the door is open to actually put your own code in there instead of the incuck spyware.

>They both live in Moscow
ayy lmao my dude

sure, once someone writes a program that can just be stuck on a usb drive and plugged into a target computer
or a script gets passed around that will do it from the network instead

no that was someone else who unfortunately weightlifted himself to suicide before he could say things in a courtroom

This is very good news. Now we can read what's there and disable it.

I've seen shills implying that the AMD PSP is the same thing as IntelME, despite the ME being demonstrably insecure with passwordless remote access and now fully open to local physical exploitation. Where is the evidence of the AMD PSP being of a similar ilk?

>tfw you're more interested in potential free performance gains rather than security

50¢ have been deposited in your account

It has one too

where is the evidence it isn't?

don't you know how evidence and claims work? You have to prove me wrong

protip: you can't

AMD PSP is just a fucking DRM engine.

>Trust us, you really want to stick with intel Xeon systems in your datacenter.
>Only intel can provide the reliability your organization is looking for.
>It would be terrible if somewhere were to happen to your data, goy.

I wouldn't put this past them for a minute.

this desu
the year of the riscv desktop is nigh

does that mean it can read and access all my files and then lock me out when they think I violate an IP copyright claim by time warner?

I know this is bait but I am replying because you got dubs

en.m.wikipedia.org/wiki/Burden_of_proof_(law)

I wonder how many businesses they've been siphoning corporate data from?

everyone running an intel cpu has been botnetted and intel's been able to spy on all their shit for an entire decade going

I'm starting to think Scott McNealy had some insight into the future when he uttered his famous words.
Probably saw the direction we were going in when the NSA came knocking at his door.

I mean, it kinda looks like the same shit.