DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 3rd February 2018
e1-531g e1-531g is offline
VPN Cryptographer
 
Join Date: Mar 2014
Posts: 447
Default How to Hack a Turned-off Intel Computer

Blog post of Positive Technologies researchers
How to Hack a Turned-off Computer, or Running Unsigned Code in Intel ME

Quote:
Intel Management Engine (Intel ME) is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) chip and a set of built-in peripherals. The PCH carries almost all communication between the processor and external devices. Therefore, Intel ME has access to almost all data on the computer. The ability to execute third-party code on Intel ME would allow for a complete compromise of the platform.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
  #2   (View Single Post)  
Old 3rd February 2018
Prevet Prevet is offline
Fdisk Soldier
 
Join Date: Oct 2017
Posts: 68
Default

Its not just Intel, its AMD as well. You have to wonder what goes through their heads when they decide to put these things in. Or perhaps no thought went into it. They were compelled to do it.

https://chiefio.wordpress.com/2017/0...md-processors/

For deep security, use ARM, avoid Intel & AMD processors
Posted on 3 February 2017 by E.M.Smith

Quote:
...
It seems that Intel and AMD have decided to put a “computer inside your computer” that only they know how to operate, doing only what they tell it to do, and where nobody but them can see the programs running in it. IMHO, this is a security hole you could drive an entire Three Letter Agency through.

But worse, us “Hacker Types” being very cleaver folks, have figured out how to exploit it… Which means other Governments around the world will also know how to exploit it… Which means you are at risk for Chinese, Russian, Iranian, and who knows what all else TLA’s crawling into your Intel or AMD run box and doing it in such a way that you can not see them, nor ferret them out. Since ARM chips are not subject to this class of exploit, that’s why I’m so focused on making my home systems out of them.

...
Reply With Quote
  #3   (View Single Post)  
Old 3 Weeks Ago
e1-531g e1-531g is offline
VPN Cryptographer
 
Join Date: Mar 2014
Posts: 447
Default

07/10/2018
https://www.intel.com/content/www/us...-sa-00112.html
I am going to look closer at me_cleaner project...
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
  #4   (View Single Post)  
Old 3 Weeks Ago
rons's Avatar
rons rons is offline
Snoozing
 
Join Date: Oct 2015
Posts: 49
Default

Quote:
Originally Posted by Prevet View Post
Its not just Intel, its AMD as well. You have to wonder what goes through their heads when they decide to put these things in. Or perhaps no thought went into it. They were compelled to do it.

https://chiefio.wordpress.com/2017/0...md-processors/

For deep security, use ARM, avoid Intel & AMD processors
Posted on 3 February 2017 by E.M.Smith
Yeah - it's difficult to convert entirely over to ARM, but I've done it. The most powerful computer I have is 8 x 2G ARM cores on an Odroid XU4. That runs about like a celeron netbook for some tasks, but is pretty decent for other tasks, depending upon how well the software in question can use the little/big processors. Unfortunately, only Linux and Android have been ported to the XU4 so far. For NetBSD I have to use the Odroid C1, but it's much less powerful.

So, for security there's gain, but there's a perfoprmance loss, and I'm OK with it. I just have to be a little more patient.

Last edited by rons; 3 Weeks Ago at 11:06 PM.
Reply With Quote
  #5   (View Single Post)  
Old 3 Weeks Ago
Prevet Prevet is offline
Fdisk Soldier
 
Join Date: Oct 2017
Posts: 68
Default

I pulled an Intel 386 tablet out of storage that doesn't have IME or speculative execution. I installed OpenBSD on it and it works fine for my purposes, except I haven't been able to get the sound working so far.

I bought a KVM so I could also access Windows on my main desktop, but I regret that purchase as I don't like using Windows any more. Yesterday I bought a rotary ethernet switch on Ebay for $10. So I will be able to store my personal files on my powerful machine that doesn't go online and access them from the 386.

I've seen these 386 tablets go for $30-50 on Ebay up to $200 if they've been refurbished and had Win 8 put on them. When they were brand new they went for around $3000 so they were good quality when they were new. I probably should have done what you did, but I don't like throwing things out if they are in perfect working order. I guess the upside is I got to continue using OpenBSD...

Perhaps getting one of those Thinkpads the OpenBSD developers seem to like so much, would be a better option. But only if they made them before IME.

Last edited by Prevet; 3 Weeks Ago at 02:31 AM.
Reply With Quote
Reply

Tags
intel amt, intel me

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
'New users registration facility temporarily turned off' thread Beastie Feedback and Suggestions 0 22nd August 2012 11:48 AM
New users registration facility temporarily turned off J65nko Forum Announcements 0 21st August 2012 08:24 PM
CA hack: more bogus certificates J65nko News 3 5th September 2011 10:02 PM


All times are GMT. The time now is 07:59 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick