Intel spyware

[Noob]

Hello,

Last year, someone asked:
"Is the Intel Management Engine a backdoor?"
http://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/

And now, we learn that an RCE has been lurking in AMT
since 2010.

"Intel patches remote hijacking vulnerability that lurked in chips for 7 years"
https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/

I am aware that some users actively use these remote management
features, but there needs to be an easy way to entirely remove
the spyware that is the IME.

Regards.

[Bruce Hoult]

There appears to have been considerable resistance to fixing it, as it was reported long ago.

The interesting question is: who was making use of it? And was it both sides, or only one? (more?)

[Anton Ertl]

Bruce Hoult <bruce...@gmail.com> writes:
>The interesting question is: who was making use of it? And was it both sides, or only one? (more?)

What do you mean by "both sides"?

If I can identify sides here, it's those:

1) One side is the computer owners/users who want their computer under
their own control and not reveal their data to other parties except
as authorized by the owner/user.

2) The other side is various attackers who want control over other
people's computers, to access the data there, or for other purposes
(e.g., ransomware, or sabotage as in Stuxnet).

I don't think side 1 has made use of vulnerabilities in the ME.

- anton
--
M. Anton Ertl Some things have to be seen to be believed
an...@mips.complang.tuwien.ac.at Most things have to be believed to be seen
http://www.complang.tuwien.ac.at/anton/home.html

[Megol]

Your use of "spyware" is completely wrong.
AMT is an additional software layer that uses the ME for communication, the bug in question is analogous to a software package running on an operating system - even if scary the operating system isn't relevant unless proven faulty otherwise.

Now if someone could show that AMT is done by the same team (and to the same security standards) as the ME then there could be an indication Intel have serious problems in their development process. They obviously have in their bug-fixing process given that a premium feature have had a known bug for a long time.

[Bruce Hoult]

On Wednesday, May 3, 2017 at 7:10:40 PM UTC+3, Anton Ertl wrote:
> Bruce Hoult <bruce...@gmail.com> writes:
> >The interesting question is: who was making use of it? And was it both sides, or only one? (more?)
>
> What do you mean by "both sides"?

The Russians/Chinese as well as just the NSA.

[Doug McIntyre]

an...@mips.complang.tuwien.ac.at (Anton Ertl) writes:
>Bruce Hoult <bruce...@gmail.com> writes:
>>The interesting question is: who was making use of it? And was it both sides, or only one? (more?)

>What do you mean by "both sides"?

The purpose of the AMT or vPro services that have hooks into the CPU
chipset for remote management by enterprise IT departments, so
they can do things such as reimage systems without the OS running.
Power cycle on/off/from dead off (but still power cord connected)
through the OS bootup and fully running cycle.

This is different than IPMI, which is usually a coprocessor built into
the BMC on the motherboard, probably built into some I/O chip. The AMT
ME is built into the CPU chipset itself, and included in every set
Intel shipped. Although Intel also is big on IPMI, and possibily the
same parts are used for both systems, with different interfaces.

One side would be the Enterprise IT departments bought into this as a
solution to manage their hardware. The other would be individual users
that have no need for this, and are scared by the security holes
documented in CVE-2017-5689.

--
Doug McIntyre
do...@themcintyres.us

[Stefan Monnier]

>> >The interesting question is: who was making use of it? And was it both
>> > sides, or only one? (more?)
>> What do you mean by "both sides"?
> The Russians/Chinese as well as just the NSA.

OK, I'll bite: that's one side, what is the other?


Stefan

[Noob]

I took Bruce's remark to mean domestic powers (NSA, FBI)
vs foreign powers (every one else).

[Noob]

On 03/05/2017 18:41, Megol wrote:

> On Wednesday, May 3, 2017 at 8:06:09 AM UTC+2, Noob wrote:
>
>> Last year, someone asked:
>> "Is the Intel Management Engine a backdoor?"
>> http://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/
>>
>> And now, we learn that an RCE has been lurking in AMT
>> since 2010.
>>
>> "Intel patches remote hijacking vulnerability that lurked in chips for 7 years"
>> https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/
>>
>> I am aware that some users actively use these remote management
>> features, but there needs to be an easy way to entirely remove
>> the spyware that is the IME.
>
> Your use of "spyware" is completely wrong.

Software that may be (ab)used to spy on the system's rightful owner.

The Intel Management Engine (IME) is "an isolated and protected coprocessor,
embedded as a non-optional part in the chipset". It runs firmware (i.e.
binary blobs) that cannot be audited ("trust us, we know what we're doing")
and gives access to key parts of the system, over the network, even when
the computer is "shut down", independently of any OS.

I don't have big enough a font to spell "DO_NOT_WANT".
(I'm not sure AMD's Zen is any better in this regard?)

https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Hardware
https://www.fsf.org/blogs/community/active-management-technology
https://libreboot.org/faq.html#intel

> AMT is an additional software layer that uses the ME for
> communication, the bug in question is analogous to a software package
> running on an operating system - even if scary the operating system
> isn't relevant unless proven faulty otherwise.

The problem is the very existence of ME.
Why doesn't Intel provide a simple way to nuke it on PCs?

> Now if someone could show that AMT is done by the same team (and to
> the same security standards) as the ME then there could be an
> indication Intel have serious problems in their development process.
> They obviously have in their bug-fixing process given that a premium
> feature have had a known bug for a long time.

Maybe large business swoon over IME/AMT, but consumers do not want
this crap. Microsoft is another company that didn't get the memo.

Regards.

[MitchAlsup]

On Wednesday, May 3, 2017 at 11:10:40 AM UTC-5, Anton Ertl wrote:
> Bruce Hoult <bruce...@gmail.com> writes:
> >The interesting question is: who was making use of it? And was it both sides, or only one? (more?)
>
> What do you mean by "both sides"?
>
> If I can identify sides here, it's those:
>
> 1) One side is the computer owners/users who want their computer under
> their own control and not reveal their data to other parties except
> as authorized by the owner/user.
>
> 2) The other side is various attackers who want control over other
> people's computers, to access the data there, or for other purposes
> (e.g., ransomware, or sabotage as in Stuxnet).

Microsoft applications and especially W10) fall into category 2 also.

[Noob]

On 03/05/2017 08:06, Noob wrote:

> Last year, someone asked:
> "Is the Intel Management Engine a backdoor?"
> http://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/
>
> And now, we learn that an RCE has been lurking in AMT
> since 2010.
>
> "Intel patches remote hijacking vulnerability that lurked in chips for 7 years"
> https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/

Matthew Garrett's in-depth analysis:
https://mjg59.dreamwidth.org/48429.html

Regards.

[Rick C. Hodgin]

This is why you should all come on board and help me complete my
hardware designs. I have for our purpose to use the skills God
gave us to create products which have a purposeful nod to God,
to not be targeting any things which can harm people, and are not
possibly cleverly crafted to have an apparent outward appearance
while providing additional unknown activants which, when issued
and/or enabled, would allow something like a full machine takeover.

I want us to work together to create products which are not based
on corporate or governmental goals, but are based upon our own
skills coming together for the purpose of helping other people.

CPU, memory, motherboard components, networking protocols, video,
protocol chips for remote interchip communication, wireless, and
more. Operating systems and drivers, assemblers, compilers,
applications, Internet tools, suites, everything.

A full hardware and software stack.

By looking up to the Lord as our source for guidance, we have an
automatic purpose on doing things rightly. We don't look toward
any worldly goals (not money, fame, control, power, glory), but
only to use the skills we have to serve Him by creating tools for
the right reasons, of the right designs, to help people in this
world do more in their areas of expertise and creativity.

Please consider helping me on this project.

Thank you,
Rick C. Hodgin

[MitchAlsup]

On Thursday, May 4, 2017 at 5:16:28 PM UTC-5, Rick C. Hodgin wrote:

> This is why you should all come on board and help me complete my
> hardware designs. I have for our purpose to use the skills God
> gave us to create products which have a purposeful nod to God,

I remind you, I came to offer my advice and service to your cause,
the only request was that you never bring God discussions back to
this NG.

Since you can't, I can't.

BTW, offer still stands.

[Rick C. Hodgin]

On Friday, May 5, 2017 at 12:11:23 PM UTC-4, MitchAlsup wrote:
> On Thursday, May 4, 2017 at 5:16:28 PM UTC-5, Rick C. Hodgin wrote:
>
> > This is why you should all come on board and help me complete my
> > hardware designs. I have for our purpose to use the skills God
> > gave us to create products which have a purposeful nod to God,
>
> I remind you, I came to offer my advice and service to your cause,
> the only request was that you never bring God discussions back to
> this NG.

I remind you I replied to that offer:

https://groups.google.com/d/msg/comp.arch/vFwmR11a7AE/eM4KQol_DwAJ

> Since you can't, I can't.
> BTW, offer still stands.

My offer still stands as well, Mitch. I could use your help. But
there are more important things than me completing my hardware
designs. And those more important things are you, and Ivan, and
Terje, and Walter, and John, and all the others on this forum that
I really do care about.

I want you all thriving in eternity, painting your corner of God's
universe, shining on like that song says: "And we all shine on,
like the moon, and the stars, and the sun," except for real.

Jesus alone makes it possible by forgiving your sin and restoring
you to a right relationship with God. It's why I teach this, and
point you to Him to verify it for yourself. It's real.

[MitchAlsup]

On Friday, May 5, 2017 at 12:16:36 PM UTC-5, Rick C. Hodgin wrote:
> On Friday, May 5, 2017 at 12:11:23 PM UTC-4, MitchAlsup wrote:
> > On Thursday, May 4, 2017 at 5:16:28 PM UTC-5, Rick C. Hodgin wrote:
> >
> > > This is why you should all come on board and help me complete my
> > > hardware designs. I have for our purpose to use the skills God
> > > gave us to create products which have a purposeful nod to God,
> >
> > I remind you, I came to offer my advice and service to your cause,
> > the only request was that you never bring God discussions back to
> > this NG.
>
> I remind you I replied to that offer:
>
> https://groups.google.com/d/msg/comp.arch/vFwmR11a7AE/eM4KQol_DwAJ
>
> > Since you can't, I can't.
> > BTW, offer still stands.
>
> My offer still stands as well, Mitch. I could use your help. But
> there are more important things than me completing my hardware
> designs.

And high on that list is spamming this NG.

> And those more important things are you, and Ivan, and
> Terje, and Walter, and John, and all the others on this forum that
> I really do care about.

Utterly untrue.

>
> I want you all thriving in eternity, painting your corner of God's
> universe,

Here is where I go back asking for evidence that god exists: So, here is a
good question for you:: "Why does god afflict so many innocent young
children with horrible diseases?"

[MitchAlsup]

On Friday, May 5, 2017 at 12:16:36 PM UTC-5, Rick C. Hodgin wrote:

> Jesus

Is just a dead jew on a stick who has not been seen or heard for 2000 years.

[Rick C. Hodgin]

Mitch Alsup:

> "Why does god afflict so many innocent young children with horrible
> diseases?"

He doesn't. When He was on the Earth He healed all:

http://biblehub.com/kjv/matthew/9-35.htm
35 And Jesus went about all the cities and
villages, teaching in their synagogues, and
preaching the gospel of the kingdom, and
healing every sickness and every disease
among the people.

Sin is the cause of all disease. Jesus takes sin away and makes all
things new:

http://biblehub.com/kjv/revelation/21-5.htm
5 And he that sat upon the throne said,
Behold, I make all things new. And he said
unto me, Write: for these words are true
and faithful.

There is a real invisible war taking place. It is beyond imagination
in scope, and affects al our lives worldwide.

You say, "Why hasn't God done this or that to save us?" He has
done everything. All we have to do is ask forgiveness and we are
forgiven, and saved. This world is playing out until all the people
who will be saved are saved, then all things as they are today end.

[Melzzzzz]

On 2017-05-05, Rick C. Hodgin <rick.c...@gmail.com> wrote:
> Mitch Alsup:
>> "Why does god afflict so many innocent young children with horrible
>> diseases?"
>
> He doesn't. When He was on the Earth He healed all:
>
> http://biblehub.com/kjv/matthew/9-35.htm
> 35 And Jesus went about all the cities and
> villages, teaching in their synagogues, and
> preaching the gospel of the kingdom, and
> healing every sickness and every disease
> among the people.
>
> Sin is the cause of all disease.

Another lie. We now now that magic, curses and such stuff does not cause
diseases,,,

[Rick C. Hodgin]

Melzzzzz, you are mistaken about God, about the Holy Spirit, about
spiritual things, about sin's effect on all of creation, and the born
again nature.

You speak based on things you think you know. You have nothing
to back up your claims except your personal beliefs. If you don't
straighten up and fly right, it will cost you more than you can pay.
It will cost you your soul.

[Melzzzzz]

I think that one can't loose what one don't have...
Rick innevitability of death of all creatures is something you should
be aware of... and you are obviously not..

[MitchAlsup]

On Friday, May 5, 2017 at 6:51:13 PM UTC-5, Rick C. Hodgin wrote:
> Mitch Alsup:
> > "Why does god afflict so many innocent young children with horrible
> > diseases?"
>
> He doesn't.

Then he is not worth worshipping !

[Stefan Monnier]

>>>>> The interesting question is: who was making use of it? And was it both
>>>>> sides, or only one? (more?)
>>>> What do you mean by "both sides"?
>>> The Russians/Chinese as well as just the NSA.
>> OK, I'll bite: that's one side, what is the other?
> I took Bruce's remark to mean domestic powers (NSA, FBI)
> vs foreign powers (every one else).

I didn't realize this is a US newsgroup!


Stefan

[already...@yahoo.com]

I don't think that Bruce suggested that.
He suggested, however, that Intel *is* an US American corporation.