DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 3rd February 2018
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default How to Hack a Turned-off Intel Computer

Blog post of Positive Technologies researchers
How to Hack a Turned-off Computer, or Running Unsigned Code in Intel ME

Quote:
Intel Management Engine (Intel ME) is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) chip and a set of built-in peripherals. The PCH carries almost all communication between the processor and external devices. Therefore, Intel ME has access to almost all data on the computer. The ability to execute third-party code on Intel ME would allow for a complete compromise of the platform.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
  #2   (View Single Post)  
Old 3rd February 2018
Prevet Prevet is offline
Shell Scout
 
Join Date: Oct 2017
Posts: 84
Default

Its not just Intel, its AMD as well. You have to wonder what goes through their heads when they decide to put these things in. Or perhaps no thought went into it. They were compelled to do it.

https://chiefio.wordpress.com/2017/0...md-processors/

For deep security, use ARM, avoid Intel & AMD processors
Posted on 3 February 2017 by E.M.Smith

Quote:
...
It seems that Intel and AMD have decided to put a “computer inside your computer” that only they know how to operate, doing only what they tell it to do, and where nobody but them can see the programs running in it. IMHO, this is a security hole you could drive an entire Three Letter Agency through.

But worse, us “Hacker Types” being very cleaver folks, have figured out how to exploit it… Which means other Governments around the world will also know how to exploit it… Which means you are at risk for Chinese, Russian, Iranian, and who knows what all else TLA’s crawling into your Intel or AMD run box and doing it in such a way that you can not see them, nor ferret them out. Since ARM chips are not subject to this class of exploit, that’s why I’m so focused on making my home systems out of them.

...
Reply With Quote
  #3   (View Single Post)  
Old 29th July 2018
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

07/10/2018
https://www.intel.com/content/www/us...-sa-00112.html
I am going to look closer at me_cleaner project...
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
  #4   (View Single Post)  
Old 30th July 2018
rons's Avatar
rons rons is offline
Snoozing
 
Join Date: Oct 2015
Posts: 69
Default

Quote:
Originally Posted by Prevet View Post
Its not just Intel, its AMD as well. You have to wonder what goes through their heads when they decide to put these things in. Or perhaps no thought went into it. They were compelled to do it.

https://chiefio.wordpress.com/2017/0...md-processors/

For deep security, use ARM, avoid Intel & AMD processors
Posted on 3 February 2017 by E.M.Smith
Yeah - it's difficult to convert entirely over to ARM, but I've done it. The most powerful computer I have is 8 x 2G ARM cores on an Odroid XU4. That runs about like a celeron netbook for some tasks, but is pretty decent for other tasks, depending upon how well the software in question can use the little/big processors. Unfortunately, only Linux and Android have been ported to the XU4 so far. For NetBSD I have to use the Odroid C1, but it's much less powerful.

So, for security there's gain, but there's a perfoprmance loss, and I'm OK with it. I just have to be a little more patient.

Last edited by rons; 30th July 2018 at 11:06 PM.
Reply With Quote
  #5   (View Single Post)  
Old 5th March 2020
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Positive Technologies: Unfixable vulnerability in Intel chipsets threatens users and content rightsholders
Quote:
The vulnerability resembles an error recently identified in the BootROM of Apple mobile platforms, but affects only Intel systems. Both vulnerabilities allow extracting users' encrypted data. Here, attackers can obtain the key in many different ways. For example, they can extract it from a lost or stolen laptop in order to decrypt confidential data. Unscrupulous suppliers, contractors, or even employees with physical access to the computer can get hold of the key.

Related:
INTEL-SA-00213
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
  #6   (View Single Post)  
Old 6th March 2020
bsd-keith bsd-keith is offline
Real Name: Keith
Open Source Software user
 
Join Date: Jun 2014
Location: Surrey/Hants Border, England
Posts: 343
Default

I intend converting to ARM too, my most recent one is a Raspberry Pi 4B with 4GB ram, it seems to work well enough for my usage, connected to a 24" HD monitor.

My only complaint is that I've had to buy a mSDHC card for it , as the promised USB booting still hasn't been programmed, (7~8 months since initial release), but, I expect it will eventually arrive, sometime.
__________________
Linux since 1999, & also a BSD user.
Reply With Quote
  #7   (View Single Post)  
Old 16th March 2020
blackhole's Avatar
blackhole blackhole is offline
Spam Deminer
 
Join Date: Mar 2014
Posts: 314
Default

The Intel Management Engine was and always will be, a horrible idea. They are still building on top of this broken model, so this can only get worse. You don't implement security by creating an insecure mess and then attempt to secure that.
Reply With Quote
  #8   (View Single Post)  
Old 30th May 2020
Sherrant Sherrant is offline
openbsd noob
 
Join Date: Jul 2019
Location: colombia
Posts: 5
Default

how would a pinebookpro work as an arm laptop? Is it secure on a hardware level?
Reply With Quote
Reply

Tags
intel amt, intel me

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
'New users registration facility temporarily turned off' thread Beastie Feedback and Suggestions 0 22nd August 2012 11:48 AM
CA hack: more bogus certificates J65nko News 3 5th September 2011 10:02 PM


All times are GMT. The time now is 05:31 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick