Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 24 Nov 2017, 11:22
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Intel ME controller chip has secret kill switch
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [15 Posts]  
Author Message
cthisbear

Joined: 29 Jan 2006
Posts: 4219
Location: Sydney Australia

PostPosted: Mon 28 Aug 2017, 20:40    Post subject:  Intel ME controller chip has secret kill switch  

Intel ME controller chip has secret kill switch

http://www.theregister.co.uk/2017/08/29/intel_management_engine_can_be_disabled/

" Security researchers at Moscow-based Positive Technologies have identified
an undocumented configuration setting that disables Intel Management Engine 11, a CPU control mechanism that has been described as a
security risk. "

Chris.
Back to top
View user's profile Send private message 
souleau


Joined: 23 Oct 2016
Posts: 112

PostPosted: Tue 29 Aug 2017, 12:44    Post subject:  

From the article:

Quote:
Positive Technologies in its blog post acknowledged that it would be typical for government agencies to want to reduce the possibility of unauthorized access.


Yes. It is also typical for certain government agencies to ensure the possibility of unauthorized access.

I think I'll leave it at that.
Back to top
View user's profile Send private message 
Puppyt

Joined: 09 May 2008
Posts: 756
Location: Gatton, Queensland

PostPosted: Wed 30 Aug 2017, 22:15    Post subject:  

https://www.notebookcheck.net/Eureka-The-Intel-Management-Engine-can-be-finally-disabled-thanks-to-the-NSA.245922.0.html
so a silver lining is on the cards. Horizon? Whatever - you get my drift. Thank goodness for our Guardians of Democracy at the NSA, eh? Eh?? When cthisbear posted the OP I had been wrangling with a refurbished Win7 laptop (now with several Puppy flavours dual-booting) when I noticed some strange Intel AMT stuff crop up in updates I didn't actually recall giving the OK for. So my BS-meter was already sensitized to Intel's shifty machinations. I wonder whether going "native" with Coreboot etc would help to ship this sort of commercialized duplicity into the latrine trench were it all belongs?

_________________
What I get up to when I'm not on the Puppy Linux Murga forum:
http://scholar.google.com/citations?user=EMQxfgYAAAAJ
Back to top
View user's profile Send private message Visit poster's website 
Burn_IT


Joined: 12 Aug 2006
Posts: 2915
Location: Tamworth UK

PostPosted: Thu 31 Aug 2017, 11:16    Post subject:  

It is almost llike the government/security people insist on having back doors built in to products with the intention of them being discovered/leaked just to justify their own existence.!!!! Rolling Eyes
_________________
"Just think of it as leaving early to avoid the rush" - T Pratchett
Back to top
View user's profile Send private message 
april


Joined: 14 Sep 2013
Posts: 1009
Location: Off Lizard Island for a bit

PostPosted: Thu 31 Aug 2017, 12:59    Post subject:  

You can make light of it and joke around but really it has profound effects on what manufacturers of phones ,tablets,computers,TVs and all electronics gear are producing.

Consider say the arduino microprocessor and any others really as an example of a chip. This is an Atmel AVR chip but you can safely bet that this has similar built in hardware if Intel are doing it.

You buy one ,build a device and place on it hex code you have developed over 20 years say and have paid thousands or even millions to develop only to find the chip you trusted to hold that code can be looked at over the internet and they can take a full copy of the hex code .

Thats pretty damn despicable behaviour by anyone no matter what their so called justification. Thats "CRIMINAL BEHAVIOUR" from the yanks.

Last edited by april on Thu 31 Aug 2017, 13:11; edited 1 time in total
Back to top
View user's profile Send private message Yahoo Messenger 
Burn_IT


Joined: 12 Aug 2006
Posts: 2915
Location: Tamworth UK

PostPosted: Thu 31 Aug 2017, 13:07    Post subject:  

Quote:
You can make light of it and joke around
Have you never heard of IRONY??
_________________
"Just think of it as leaving early to avoid the rush" - T Pratchett
Back to top
View user's profile Send private message 
april


Joined: 14 Sep 2013
Posts: 1009
Location: Off Lizard Island for a bit

PostPosted: Thu 31 Aug 2017, 13:13    Post subject:  

Burn_IT wrote:
Quote:
You can make light of it and joke around
Have you never heard of IRONY??


Not in this context . Its just not funny or ironic . Its just bloody fraud and theft by deceipt.
They are quite prepared to kill inocent people too to justify their ends . Makes you wonder where they are taking the world in general and more specifically who it will be that stops them?
Back to top
View user's profile Send private message Yahoo Messenger 
april


Joined: 14 Sep 2013
Posts: 1009
Location: Off Lizard Island for a bit

PostPosted: Thu 31 Aug 2017, 13:21    Post subject:  

Puppyt wrote:
https://www.notebookcheck.net/Eureka-The-Intel-Management-Engine-can-be-finally-disabled-thanks-to-the-NSA.245922.0.html
I wonder whether going "native" with Coreboot etc would help to ship this sort of commercialized duplicity into the latrine trench were it all belongs?


I didn't know of Coreboot can you recommend a good site to read up on it. ?
Quote:
coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and run a modern 32-bit or 64-bit operating system.More at Wikipedia


If the above intel stuff boots up anyway each time the hardware boots then surely whichever BIOS, or UEFI nowadays ,you use its still gong to be there isn't it?
Reading the above links tells me it can run its own server and access any memory location without the operating system ,and thus the firewall ,being aware.
Back to top
View user's profile Send private message Yahoo Messenger 
Burn_IT


Joined: 12 Aug 2006
Posts: 2915
Location: Tamworth UK

PostPosted: Thu 31 Aug 2017, 17:09    Post subject:  

I was being ironic suggesting that it was accidental.
Of COURSE the back doors are there by design and demand of governments.

In this case the it IS a complete OS hidden in the chip and was put there so that Intel and whoever else has access could UPDATE the firmware without having to worry about what the user had running on the chip (including any security software). It will start as soon as power is applied and will be invisible to and not accessible by any normal processes.

There are pretty much ALWAYS going to be back doors into code of any sort.
In many cases they will never be used or even made known because they would have been put there by the original designer in order to facilitate the correction of the errors that will always also be there - no matter how well the system is designed.
I know I have left back doors into many systems I've worked on - some under orders and some for my own protection.

The usual and biggest one is a developers password. [/i]

_________________
"Just think of it as leaving early to avoid the rush" - T Pratchett
Back to top
View user's profile Send private message 
Puppyt

Joined: 09 May 2008
Posts: 756
Location: Gatton, Queensland

PostPosted: Thu 31 Aug 2017, 19:41    Post subject:  

Thanks april for your earlier message
april wrote:
<snip>
I didn't know of Coreboot can you recommend a good site to read up on it. ?
Quote:
coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and run a modern 32-bit or 64-bit operating system.More at Wikipedia


If the above intel stuff boots up anyway each time the hardware boots then surely whichever BIOS, or UEFI nowadays ,you use its still gong to be there isn't it?
Reading the above links tells me it can run its own server and access any memory location without the operating system ,and thus the firewall ,being aware.

...yes it was a fruitlessly quixotic thought I had, as outlined here with a bit of research https://www.coreboot.org/Intel_Management_Engine and you are quite correct, the rot is already in the foundations it seems. The coreboot list summarizes a pretty good argument of "what NOT to buy" laptops if one were concerned about working on proprietary information or intellectual property. I wonder what backdoors AMD might have in their chipsets?

EDIT: https://www.coreboot.org/users.html outlines coreboot's philosophy to eliminate "backdoors and '80's cruft", and provides further working solutions for isolating yourself (i.e., intellectual property etc) from Intel Management Engine incursions. (Whups Freudian slip - incursions via Intel Management Engine)

_________________
What I get up to when I'm not on the Puppy Linux Murga forum:
http://scholar.google.com/citations?user=EMQxfgYAAAAJ
Back to top
View user's profile Send private message Visit poster's website 
april


Joined: 14 Sep 2013
Posts: 1009
Location: Off Lizard Island for a bit

PostPosted: Sat 02 Sep 2017, 18:11    Post subject:  

I see thanks "Toady"

Time to leave the toads and stop the Narvua Sedge . Cattle paddocks are going down at a frightful rate . 50% loss of production of edible grass for ruminants.

Last edited by april on Sat 02 Sep 2017, 18:21; edited 2 times in total
Back to top
View user's profile Send private message Yahoo Messenger 
april


Joined: 14 Sep 2013
Posts: 1009
Location: Off Lizard Island for a bit

PostPosted: Sat 02 Sep 2017, 18:18    Post subject:  

Burn_IT wrote:
[There are pretty much ALWAYS going to be back doors into code of any sort.
In many cases they will never be used or even made known because they would have been put there by the original designer in order to facilitate the correction of the errors that will always also be there - no matter how well the system is designed.
I know I have left back doors into many systems I've worked on - some under orders and some for my own protection.

The usual and biggest one is a developers password. [/i]


Hmm I don't feel that is needed . Fine while the code is being developed it has to be but once released to the public it can't be altered ,or shouldn't be,so it should be left out on final release. Any changes necessary after that are done by releasing a patch or the next release .
Back to top
View user's profile Send private message Yahoo Messenger 
Burn_IT


Joined: 12 Aug 2006
Posts: 2915
Location: Tamworth UK

PostPosted: Sun 03 Sep 2017, 07:58    Post subject:  

You obviously have not had to support many pieces of software!!
I can't count the times I've been rung up in the middle of the night and some large institution is pannicking because their critical system is down and their own support staff are on holiday and cannot be contacted.
The hardest part is convincing them that you were told their password and remember it. In some cases I have had to refuse to help even though I could.

_________________
"Just think of it as leaving early to avoid the rush" - T Pratchett
Back to top
View user's profile Send private message 
april


Joined: 14 Sep 2013
Posts: 1009
Location: Off Lizard Island for a bit

PostPosted: Sun 03 Sep 2017, 08:26    Post subject:  

Whatever
Back to top
View user's profile Send private message Yahoo Messenger 
8Geee


Joined: 12 May 2008
Posts: 1265
Location: N.E. USA

PostPosted: Mon 16 Oct 2017, 23:58    Post subject:  

The day the wpa2 supplicant KRACK vunerability gets released to vendors comes this revelation as Original Post.

hmmmmm
8Geee

_________________
Linux user #498913
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [15 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1164s ][ Queries: 11 (0.0059s) ][ GZIP on ]