Intel Management Engine

Interesting talk about Intel AMT, more specifically the ME coprocessor:
http://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf
https://www.youtube.com/watch?v=Y2_-VXz9E-w

Basically, this is a super-rootkit on a chipset. I told you that the "anti-theft" technology was pure shit.. Also, this is why you need security clearance to work at Intel in US.

Store your old computers kids!

This is why projects like Coreboot are great. We need to go deeper, we need to go lower lover and build a completely open source computer.

>>2

lower lover

what

>>1

Also, this is why you need security clearance to work at Intel in US.

There are so many unvetted people with the ability to compromise the security of mass market computer systems, it's not even funny. Modern PCs have a huge amount of firmware code that gets very little scrutiny - just check the physical size of your motherboard's onboard flash sometime. If you think it all gets audited you're delusional...

Is AMD known to have any similar ``theft protection" measures?

>>2
The people at coreboot inserted non-free microcode into it. It's in fact the same as using a proprietary bios but a little bit freer.

>>5

When you buy new hardware, don't buy Intel hardware that has AMT. AMD chipsets do not contain anything like AMT. Note, however, that there are other comparable problems in hardware from both Intel and AMD.

https://www.fsf.org/blogs/community/active-management-technology

Just avoid Intelligence Community shills.

>>4,1
My question is do we really need to verify anything apart from networking devices? The non-networking hardware can contain all sorts of backdoors but how will anybody access those backdoors or otherwise retrieve data if our networking devices can log every bit and then block everything that isn't specifically accounted/whitelisted?

>>8
from page 4:

Has a dedicated connection to the network interface; can intercept or send any data without main CPU's knowledge

EM is now inside Intel's chipsets anyways. But even if you wouldn't have network access you still could save some specific data in some NVM for future physical reading.

>>9

even if you wouldn't have network access you still could save some specific data in some NVM for future physical reading.

If they have physical access to your machine, you're already fucked with or without a hardware backdoor. A paranoid person would have some sort of dead man's switch that will destroy the computer for that scenario.

>>10
People use truecrypt because they are afraid that maybe some day someone else will have physical access. Imagine if their private keys are being secretly stored in some chip in their own motherboards...

This reminds me:
http://www.theregister.co.uk/2014/05/23/grauniad_peripherals_trashed_in_gchq_snowden_raid/
http://www.theguardian.com/world/2013/aug/20/nsa-snowden-files-drives-destroyed-london

>>8,9
Functionally, technologies like SMM and AMT have to be able to do everything a rootkit does as a basic design requirement. Subversion of user controls are literally what they are designed to do. Intel as a whole has a giant hard on for "OS bypass" technologies like AMT because they add capabilities to the system which they exclusively control.

When a hardware maker tries to sell you on a security feature, always ask whose assets are being secured and against whom. Often the honest answer is that the feature is securing the manufacturer against competitive threat or legal exposure to liability.

>>1

copro

Haha.

>>12
This goes to prove that UK is USA's bitch.

>>13
Why implement such feature when only 0,001% of your market will ever use it? I mean, this kind of things (like DASH) used to be inside very few network interfaces, not in every fucking chipset..

>>16
The potential market for lights management is large (most medium to large businesses) and if you have the die area to spare it's simplest to design it into everything. Transistors have been cheap for a long time now so that's exactly what Intel is doing here. As long as there's a mechanism to disable the feature where it's explicitly unwanted, everyone's needs are met.