Intel ME Backdoor, called Odin's Eye

[dangm...@gmail.com]

https://i.redditmedia.com/5mA7LrMiwgmmhrwfYF8Jks0WEng66fxWoCcGw33dhCA.jpg?w=597&s=339d919645f1de31a42913c748d1d7fb

Summary:

Intel Whistleblower leaks details about his role in backdooring all IME chips on behalf of Intelligence Agencies. Posted 3/22/2017. Codename: Odin's Eye

[haaber]

> https://i.redditmedia.com/5mA7LrMiwgmmhrwfYF8Jks0WEng66fxWoCcGw33dhCA.jpg?w=597&s=339d919645f1de31a42913c748d1d7fb
>
>
> Summary:
>
> Intel Whistleblower leaks details about his role in backdooring all IME chips on behalf of Intelligence Agencies.

The post is unspecific. Of course ME is a problem: the allegations could
be true or could be disinformation. "I know exactly" is an unplausible
formulation for a backdooring engineer - it is almost surely a wrong ot
statement if it was not himself who spied ... To conclude: unless some
details are given to enhance trustworthyness (a specific backdoor,
protocol, communication interface, whatsoever), I personally consider
this troll post.

[Tai...@gmx.com]

On 01/07/2018 02:46 AM, dangm...@gmail.com wrote:

> Summary:
>
> Intel Whistleblower leaks details about his role in backdooring all IME chips on behalf of Intelligence Agencies. Posted 3/22/2017. Codename: Odin's Eye
>

That isn't an "intel whistleblower" that is simply a random dude with
too much time on his hands making up a bullshit story, besides there is
no "backdooring" IME as it already is a backdoor.

Intel doesn't need to add a specific backdoor for such a thing nor would
a TLA ever ask as:
They already have knowledge of various exploits that do the same thing
A specific func_backdoor has zero plausible deniability
Any foreign intel agency could easily obtain proof and tell the media.

[qma ster]

воскресенье, 7 января 2018 г., 18:20:37 UTC пользователь Tai...@gmx.com написал:

Sorry but you haven't seen the full story. This "Intel guy" is legit, he provided proofs like this one:

https://i.warosu.org/data/g/img/0595/40/1490327898699.png

Best regards,
Ivan Ivanov

[qma ster]

воскресенье, 7 января 2018 г., 18:14:26 UTC пользователь haaber написал:

[Franz]

Hmmm, which is the sense to avoid telling the Intel guy name, but providing enough information for Intel to understand who is writing? If it was real, Intel and intelligence agencies would immediately act and deprive him/her of the freedom to tell or confirm more. The only working way to do that is how Snowden taught, taking full responsibility, providing plenty of evidence, getting media help  and moving to a country willing to protect you. 

 It seems 

Best regards,
Ivan Ivanov

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ac501523-14ca-4938-a074-0fd5a51fc6bc%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[haaber]

Maybe, maybe not. Who can verify scanned and blacked papers? I would
appreciate him helping me to remove it from my mainboard though! How to
do THIS is the right discussion to my pov.

[Ivan Ivanov]

Yes, sadly not whistleblowers are reasonable, but we need any
whistleblowers - not just the Snowden tier! ;-)

[Ivan Ivanov]

*not all the whistleblowers

[Ivan Ivanov]

Yes, hopefully one day we would see more leaks, that could help us to
truly get rid of ME ;)
Meanwhile, perhaps the only thing we could do is to stockpile those
few computer models
that are both coreboot (or libreboot) supported and without Intel ME / AMD PSP

> --
> You received this message because you are subscribed to a topic in the Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/qubes-users/bqRSuU3T6MA/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to qubes-users...@googlegroups.com.

> To post to this group, send email to qubes...@googlegroups.com.

> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/506eac1a-d270-e5aa-ab72-27088ddd7fea%40web.de.

[an...@rbox.co]

On 01/08/2018 03:27 AM, Ivan Ivanov wrote:
> perhaps the only thing we could do is to stockpile those
> few computer models that are both coreboot (or libreboot)
> supported and without Intel ME / AMD PSP
>

Any hints on which models come into consideration?

[Ivan Ivanov]

>
> > perhaps the only thing we could do is to stockpile those
> > few computer models that are both coreboot (or libreboot)
> > supported and without Intel ME / AMD PSP
>
> Any hints on which models come into consideration?
>

=== Already existing computers ===

Supported by coreboot or libreboot and preferably based on AMD cpu:
AMD added PSP backdoor later than the Intel added ME backdoor, so the
latest AMD without PSP is more powerful than the latest Intel without ME

LAPTOP - Lenovo G505S with A10-5750M quad core CPU

Also, maybe HP Pavilion M6 1035DX if you have a chance - but it is a rare model,
a bit worse than G505S both in hardware and freedom aspects ( for
G505S there is a
leaked schematics for its' LA-A091P motherboard, which improves the
repairability
as well as slightly raises its' "freedom" ; haven't heard about M6
1035DX schematics )
And nobody tried it for ages, so for the latest coreboot additional
work may be needed

WORKSTATION - something AMD based from libreboot list:
https://libreboot.org/docs/hardware/
ASUS KCMA-D8 , ASUS KFSN4-DRE , ASUS KGPE-D16
some of these boards could have issues with certain CPUs or memory modules,
you need to read the libreboot website and look through the mailing
list archives
to ensure the best hardware compatibility while building a PC on such a mobo

=== New modern computers ===

If we need a powerful modern computer that at least tries to be
free-as-in-freedom in software/hardware , and doesn't have Intel ME / AMD PSP ,
it must be POWER cpu based

WORKSTATION - TALOS II - https://raptorcs.com/TALOSII/
very powerful hardware from a great company, available for pre orders

LAPTOP - probably this one
https://www.powerpc-notebook.org/en/
Currently they are doing a crowdfunding for schematics:
https://www.powerpc-notebook.org/campaigns/electrical-schematics-notebook-powerpc-motherboard-donation-campaign/

TALOS II progress is more significant that laptop guys, but at least
they are trying

Best regards,
Ivan Ivanov

> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/bqRSuU3T6MA/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users...@googlegroups.com.
> To post to this group, send email to qubes...@googlegroups.com.
> To view this discussion on the web visit

> https://groups.google.com/d/msgid/qubes-users/a17865f5-f98a-6638-5787-66b897424e8b%40rbox.co.

[Tai...@gmx.com]

On 01/07/2018 03:27 PM, Ivan Ivanov wrote:
> Yes, hopefully one day we would see more leaks, that could help us to
> truly get rid of ME ;)
> Meanwhile, perhaps the only thing we could do is to stockpile those
> few computer models
> that are both coreboot (or libreboot) supported and without Intel ME / AMD PSP

Or you could just buy POWER 9/TALOS 2, have a libre high performance
system right now and stop waiting for what will never happen (and would
be immediately fixed if it did)

If you buy new Intel/AMD CPU's you are supporting future anti-feature
development.

[Vít Šesták]

> Or you could just buy POWER 9/TALOS 2, have a libre high performance
> system right now and stop waiting for what will never happen (and would
> be immediately fixed if it did)

Talos 2 looks nice in theory, but:

* Qubes OS does not support this architecture. So you are going to have something more resistant to backdoors, but it is also less resistant to classical exploits. If your typical threat is not like NSA, you probably lose security. And even if it is, it is at least not clear win, as NSA could use those classical exploits anyway.
* Not an option for those who want a laptop.
* It is quite expensive for needs of most people.

That's not to say Talos 2 has no merit. It might have some niche, but it is far far from a solution for masses.

> If you buy new Intel/AMD CPU's you are supporting future anti-feature
> development.

Maybe this is not that bad for AMD: https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-Disable-Option

But it is still matter of trust. Not having PSP/IME does not mean there cannot be any backdoor.

Regards,
Vít Šesták 'v6ak'

[Tai...@gmx.com]

On 01/08/2018 01:36 PM, Vít Šesták wrote:

>> Or you could just buy POWER 9/TALOS 2, have a libre high performance
>> system right now and stop waiting for what will never happen (and would
>> be immediately fixed if it did)
> Talos 2 looks nice in theory, but:
>
> * Qubes OS does not support this architecture. So you are going to have something more resistant to backdoors, but it is also less resistant to classical exploits. If your typical threat is not like NSA, you probably lose security. And even if it is, it is at least not clear win, as NSA could use those classical exploits anyway.

You could use POWER-KVM and have an assortment of VM's with shared
folders, you can replicate all the other stuff via various methods and
have a better security level it simply wouldn't look as slick.

Qubes isn't virtualization, it is simply a collection of tools that can
theoretically be compiled for POWER although currently the qubes VMM is
xen which isn't yet available for POWER (the xen devs are ignoring
requests to assist with porting efforts).

> * Not an option for those who want a laptop.

If T2 is successful (ie: enough people buy it) there are plans for a
POWER laptop.

> * It is quite expensive for needs of most people.

It fills the very high performance sector that previously had no libre
hardware, it isn't meant for those like you and me who would be
satisfied with the performance of one of the various libre firmware
available boards such as the KGPE-D16, KCMA-D8 ($300 MSRP) etc...

The target market segment is someone who already spends just as much on
an equivilant performance x86-64 system every few years but who needs
and desires better security (ie: they previously have bought one or more
of intel's high end CPU's that cost thousands on their own).

> That's not to say Talos 2 has no merit. It might have some niche, but it is far far from a solution for masses.

It isn't intended for the masses, although if it is successful there
will eventually be lower cost versions intended and priced for the
average linux power-user - already costs have came down drastically
since T1.

No one ever found money or success trying to sell to the average yokel.

>> If you buy new Intel/AMD CPU's you are supporting future anti-feature
>> development.
> Maybe this is not that bad for AMD: https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-Disable-Option

That option simply removes the PCI device and the Option ROM menu, it
doesn't disable PSP - like ME it is integral to the x86-64 boot process
so it simply can't be disabled.

Yet another journalist that doesn't check the facts before publishing.

> But it is still matter of trust. Not having PSP/IME does not mean there cannot be any backdoor.

On an owner controlled system that has libre hardware, firmware and
software it is incredibly difficult to add a backdoor function, one
truly could trust their computer in that case.

[Vít Šesták]

> You could use POWER-KVM and have an assortment of VM's with shared
> folders, you can replicate all the other stuff via various methods and
> have a better security level it simply wouldn't look as slick.

Not sure about that. Qubes is not just set of tools. It is also a set of careful choices of configuration (e.g., strictly using HVMs with stubdoms). I might be wrong, but I don't think you can get a comparable level of security easily. You would have to take similar choices and maybe even to make a new decisions that affect security.

> Qubes isn't virtualization, it is simply a collection of tools that can
> theoretically be compiled for POWER although currently the qubes VMM is
> xen which isn't yet available for POWER (the xen devs are ignoring
> requests to assist with porting efforts).

It is not just the collection of tools.

You are right that QubesOS can be probably ported to KVM. Even if this is a solution (not 100% convinced), it is not there yet. At best, TALOS 2 might be some solution for future, not something you can buy and use just now (for those purposes).

> If T2 is successful (ie: enough people buy it) there are plans for a
> POWER laptop.

Cool.

But at the moment, it does not make me sense to buy a workstation I don't need and hope that some time later, they will release a laptop and someone else will port QubesOS for it. I could somewhat support efforts of porting QubesOS to POWER9, it makes me more sense.

> > * It is quite expensive for needs of most people.
> It fills the very high performance sector that previously had no libre
> hardware, it isn't meant for those like you and me who would be
> satisfied with the performance of one of the various libre firmware
> available boards such as the KGPE-D16, KCMA-D8 ($300 MSRP) etc...

You are right. It is rather a good special-purpose workstation.

> No one ever found money or success trying to sell to the average yokel.

I could argue that selling to average yokel for low price can bring both success and money, because there are plenty of yokels.

I understand this is not for masses in the same scale as Windows. This is not necessary for success. But I am also afraid this is not suitable even for 1 % of Qubes user base. (Maybe it will be successful elsewhere, but it does not matter much in this discussion.)

> That option simply removes the PCI device and the Option ROM menu, it
> doesn't disable PSP - like ME it is integral to the x86-64 boot process
> so it simply can't be disabled.

OK, good to know.

> > But it is still matter of trust. Not having PSP/IME does not mean there cannot be any backdoor.
> On an owner controlled system that has libre hardware, firmware and
> software it is incredibly difficult to add a backdoor function, one
> truly could trust their computer in that case.

Not 100%. First, you cannot be 100% sure your CPU matches the design. Second, some backdoors can look like a regular vulnerability. Those are even worse. Good backdoor can be abused by few people, maybe it requires digital signature. That's not good, but regular (pseudo-)vulnerabilities are even worse, because they can be abused by much broader set of people.

But I agree that having open CPU design can be a good start.

Regards,
Vít Šesták 'v6ak'

[Franz]

Very interesting, it may happen that in a couple of years Qubes will be ported to it and I'll have to change my passwords.  So it may be better to wait before buying a new laptop.

best

Fran

[awokd]

On Mon, January 8, 2018 11:19 pm, Franz wrote:
> On Mon, Jan 8, 2018 at 7:41 PM, Vít Šesták <
> groups-no-private-mail--con...@v6ak.com> wrote:
>

>> Not sure about that. Qubes is not just set of tools. It is also a set
>> of careful choices of configuration (e.g., strictly using HVMs with
>> stubdoms). I might be wrong, but I don't think you can get a comparable
>> level of security easily. You would have to take similar choices and
>> maybe even to make a new decisions that affect security.

You are right. There's a good overview here:

https://www.qubes-os.org/news/2017/10/03/core3/

[dangm...@gmail.com]

On Sunday, January 7, 2018 at 10:14:26 AM UTC-8, haaber wrote:
> > https://i.redditmedia.com/5mA7LrMiwgmmhrwfYF8Jks0WEng66fxWoCcGw33dhCA.jpg?w=597&s=339d919645f1de31a42913c748d1d7fb

> I personally consider
> this troll post.

That Red Pill is a bitter one, isn't it?

[awokd]

On Wed, January 10, 2018 8:35 pm, dangm...@gmail.com wrote:
> On Sunday, January 7, 2018 at 10:14:26 AM UTC-8, haaber wrote:


> That Red Pill is a bitter one, isn't it?

I don't trust ME either and run me_cleaner but that link is just some
unsubstantiated text. If he'd really been working at Intel 15 years he
should have been able to get copies of internal documentation at least. A
blacked out W-2 form doesn't cut it either.

[dangm...@gmail.com]

Do you find that sticking your head in the sand to be a productive form of security?

I'm sorry that this information upset you so much, but by denying it you're only putting others in harms way.

Maybe you'd like for others to have security vulnerabilities?

Perhaps you are exposing your agenda too much?

[awokd]

On Thu, May 10, 2018 12:37 am, dangm...@gmail.com wrote:
> On Wednesday, January 10, 2018 at 2:02:36 PM UTC-8, awokd wrote:

>> I don't trust ME either and run me_cleaner but that link is just some
>> unsubstantiated text. If he'd really been working at Intel 15 years he
>> should have been able to get copies of internal documentation at least.
>> A
>> blacked out W-2 form doesn't cut it either.
>
> Do you find that sticking your head in the sand to be a productive form
> of security?

How does requiring proof instead of an anecdote equate to sticking one's
head in the sand? Do you believe all scientists are sticking their head in
the sand when they do research?

> I'm sorry that this information upset you so much, but by denying it
> you're only putting others in harms way.

What gave you the impression I was upset?

> Maybe you'd like for others to have security vulnerabilities?

No, that's why I encourage them to use Qubes. I think you must be new
here. Check out some of my other posts.

> Perhaps you are exposing your agenda too much?

Re-read the first sentence of what I wrote above, perhaps more slowly this
time, then explain what agenda it is you think I have.

[charly LEMMINKÄINEN]

Anyway people, even if he was saying the truth. Then why is he silent then ? Why doesn’t he have joined purism or coreboot or qubes or others to neut the ME?

The difference between reality and what can be real is really thin and it’s often easier to believe what could be then what really is.

First you need to indentify the goal and here it is not clear. Do you know why ?

Because it would mean that Chinese could get access to it with enough intelligence. Russian could get access to it. And what you are calling Odin so the NSA or any other entity, don’t want all that because it would mean that even them are at risk ;) which is clearly not the goal.

You don’t want to implement something that you can not control.

So it’s easier to find an exploit, there are enough of them. Or to create one within software or OS where you can patch it easily than in hardware.

The real threat from all time, is not the intelligence services, it’s the companies. Anything else doesn’t matter.

Obtenez Outlook pour iOS

---

From: qubes...@googlegroups.com <qubes...@googlegroups.com> on behalf of awokd <aw...@elude.in>
Sent: Saturday, May 12, 2018 4:38:08 PM
To: qubes-users
Subject: Re: [qubes-users] Intel ME Backdoor, called Odin's Eye

 

--

You received this message because you are subscribed to the Google Groups "qubes-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.

To post to this group, send email to qubes...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5cca9a5a8bfd3e53a8a53f1e560dfda1%40elude.in.

[Jo]

I totally agree with you, finding exploits is way easier, especially with practically unlimited resources. The whole Me-thing is blown completely out of porpotion, altough of course you do not want an Me, especially not me 11/ any closed source remote admin functions you cant effectively disable nor remove.

Also, please do not mention Purism in the same Sentence with legit Opensource Projekts like Qubes ore coreboot.This is very offending for people like the coreboot ore Qubes devs who actually try to make people free and secure, while others in comparison only scam people by making them believe their laptops/handys are opensource and with coreboot.

cheers

To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/AM5P190MB03374A2B4B81C19532CBE1EAAB9E0%40AM5P190MB0337.EURP190.PROD.OUTLOOK.COM.