Discussion in 'Serious Discussion' started by emk810, Mar 29, 2017.
"I have consulted with my senior NSA colleagues and they validate this information."
Can you post sources? That would give us an audit trail, so that we can determine how credible the source is.
Welcome to MDL, btw.
I'm not an expert and don't know anything about this topic. I'm hoping to get more info here.
I can't post links: "To be able to post links or images your post count must be 20 or greater. You currently have 1 posts."
I found the pic from Robert Steeles Blog called phibetaiota (.net)
Secret of Intel Management Engine by Igor Skochinsky (slideshare)
Neutralizing Intel’s Management Engine (hackaday(.com))
Those are Robert Steeles words
You can most always get around limitations
you can post a link so it doesn't look like a link but can be interpreted :
hxxp slash slash wxyz dot com
googled intel me and found this;
this theme has been around since last August:
haha beat you by 02sec MJ
That makes more sense then, you'll discover here on MDL just how many new members come here claiming such things
Confirms my earlier suspicion. To have any privacy, one must become Amish, live off the land, and not speak to or interact with any outsiders.
I suppose with a good firewall and other tools, you could monitor and/or block any such "backdoor" traffic once you become aware of what it is. The firewall probably has backdoors as well.
I'm more worried about the MPAA than NSA, hence I use Simple DNSCrypt, PeerBlock, NordVPN and Protectii. Intel's relationship with the NSA is disturbing, though.
OP is a Copy/paste from http://phibetaiota.net/2017/03/robert-steele-details-on-nsa-backdoor-in-intel-chips/
You mean, like M$, Yahoo, Google and all the rest of them...???
I will explain a bit more on this until I finished several tests. Since there are a lot of open questions (look at the discussions on the original post). Especially if it can bypass your NAT firewall.
<-- opens server and pulls the "SUPERMICRO SIM1U+ REMOTE MANAGEMENT CARD WITH AOC-USB2RJ45 CABLE" until more info is available.
I want to collect the facts here:
NSA never officially admit such thing (well no surprise) there are only 'opinions' and demands.
Just sourcing NSA colleagues does very little for credibility. The person itself is known to be trusted since he is father of open source. So if there are question then more about the details (which aren't really shown).
Saying that NSA can abuse it would require a partnership with Intel to directly implement several things to make this undetectable. It requires time and huge money, I doubt that Intel would allow that, especially if it would come out it would ruin entire trust in Intel and again money reasons.
It can't bypass the Firewall NAT (even if that was true). it's still physically connected through the same internet cable and the router (current gen) detect the status + it can log traffic and and and. It's not even theoretically possible to bypass it, because the TCP/Ip stack is reliable on the OSI model (which uses mostly 4 suites in current protocol sessions). Phys, Data, Network (Ethernet) and Transport ... The other 3 are normally not necessary, if we talking about bypassing the NAT since every e.g. Session (Layer 5) would immediately pickup-by your logging mechanism.
CPU exploits, are possible and would be the 'better' alternative since it would be harder to detect. The mentioned SandyBridge hole which is mentioned in some of the sources are wrong, it's vulnerable but it's not related to ME - ,it's basically a architectural privilege escalation.
The AMT/ME concern mentioned on Wikipedia are common, which also applies to every hardware which runs out of the OS. It's related on the how the public key infrastructure was build, but without any source code it's difficult to test and verify if it's a backdoor since no keys were leaked to test this directly. If you use a admin password you at least prevent access to the management console.
The 'when they are compromised' discussions are useless anyway, this applies to software same like with hardware.
When the secret Boot mechanism is embedded in the chipset is started up, it normally should first check the SHA256 checksum of the public key (matches the one from the factory) - which then verifies the RSA signature of the firmware payload by e.g. recalculating it and comparing it to the store signature. In theory there is no way to hack the signature checking mechanism because it's done by code stored in a ROM buried in silicon, even trough we have the public key and the signature. What does it mean? You need to exploit the bootloader directly. The Intel ME (Huffan) algorithm is given here btw.
Does any wild exploit is available? Not from my knowledge.
Is AMD also affected by this? Yes they have a slightly different version of ME, they call it Platform Security Processor (PSP).
Is it a good recommendation to disable ME via me cleaner or other tools? No, it can result in bad side-effects, you get stability problems, GbE doesn't work and possible other features are f**ed up. Only try if you know the risks or for testing reasons since there is never a guarantee. In my own test I even was forced to use ME driver otherwise I had troubles with some devices and their communication.
Rest is FUD without any proof.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0744 (original addressed to Linux only .. later classified as Win, BSD and potentially OS X too)
'Original' re-opened question/topics:
https://www.youtube.com/watch?v=Ck8bIjAUJgE (deleted - uploader account banned)
Wow! Even if the PC is powered off?
So, only cable outta network works, then...
I stumbled upon this issue as I was trying to figure out what the heck Intel ME is on my BIOS and if I can avoid reinstalling it during my computer refresh. And one of the most "interesting" links I found was https://social.technet.microsoft.co...ine-interface-what-is-it?forum=w7itprogeneral.
Since the original question matched mine exactly, I found it hilariously disturbing that the answer that was 'chosen' - by a moderator no less! - was censored and the person who wrote it evidently banned within 2 weeks of giving the answer. (Things that make you go 'hmmmmm')
The invasion of privacy is not really surprising.
We've been slowly but surely manipulated in this direction over the past 20 years.
What I find most insulting AND disturbing is the fact that 'they' don't even waste their time pretending otherwise or providing a somewhat believable lie. That just seems rude.
As for the Intel ME, as far as I can see, there is no way to avoid reinstalling it.
(I hate having my choices taken away.)
To make an opinion about the censored answer without to know the answer makes actually no sense.
Furthermore I don't think that Intel would let something like a backdoor or privacy invading 'device' appear as device to be installed with an appropriate driver.
Anyway I think Intel is capable of hiding microprocessor layout which includes backdoors and the like in cooperation with the NSA.
Contrary to this I wonder why nobody has discovered suspicious traffic yet. There is no communication without traffic encrypted or not.
Even if they could have managed that traffic isn't delectable at the 'Intel interfaces' it must be possible somewhere.
Btw: Let's name 'they'..I associate the US govt to them...Intel and M$ have a long time alliance already and I bet the NSA is a friend as well...(EternalBlue and keeping silence)