+ Reply to Thread
Page 4 of 4 FirstFirst 1 4
Results 61 to 66 of 66

Thread: CPU Security Holes affecting Intel and AMD CPUs

  1. Link to Post #61
    United States Administrator ThePythonicCow's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Language
    English
    Age
    76
    Posts
    28,565
    Thanks
    30,489
    Thanked 138,348 times in 21,474 posts

    Default Re: CPU Security Holes affecting Intel and AMD CPUs

    Quote Posted by Hervé (here)
    Brendon O'Connell- Israel Has Back Door on All Microsoft Devices

    by Brendon O'Connell (henrymakow.com)
    ...

    With Microsoft's move to Israel, Israel now has full and total access to all home, business, corporate, and soon, military computers - The Pentagon Cloud Contract (JEDI).

    A sick, psychotic racial and religiously supremacist state with an ultra-right-wing extremist at the helm has the planet at its fingertips.
    ...

    Microsoft Windows 10 is now fully coded in Israel:
    ...

    A sick, psychotic racial and religiously supremacist state with an ultra-right-wing extremist at the helm has the planet at its fingertips.

    Now you know how Israel is so powerful.

    Can they be stopped?

    This is the most pressing and urgent issue...ever.

    1 - ISRAELS SECRET WEAPON THE TALPIOT PROGRAM
    2 - ISRAELI DRONES WORLD WIDE
    3 - BI BI'S GOT A KILL SWITCH AND HE LIKES TO USE IT
    4. KOMPRAMAT | HOW ROGER STONE WORKED WITH ISRAELI & RUSSIAN INTELLIGENCE
    5. DID RUSSIA & ISRAEL "RE-SHAPE" THE MIDDLE EAST FOR THE BENEFIT OF THE BELT & ROAD INITIATIVE?
    6. CHINA & RUSSIA STEAL U.S TECHNOLOGY VIA ISRAEL
    My hunches are that:
    • Some more superficial threats are overly dramatized above.
    • Underlying, far more serious challenges to humanity are hidden.
    • China's becoming the dominant technical and economic power of this century.
    • The Taming of the Human Spirit proceeds on many fronts.
    • Israel is a "cat's paw", a useful tool of higher powers.
    My quite dormant website: pauljackson.us

  2. The Following 2 Users Say Thank You to ThePythonicCow For This Post:

    Bill Ryan (11th May 2019), Hervé (20th April 2019)

  3. Link to Post #62
    United States Administrator ThePythonicCow's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Language
    English
    Age
    76
    Posts
    28,565
    Thanks
    30,489
    Thanked 138,348 times in 21,474 posts

    Default Re: CPU Security Holes affecting Intel and AMD CPUs

    Quote Posted by Hervé (here)
    Brendon O'Connell- Israel Has Back Door on All Microsoft Devices

    by Brendon O'Connell (henrymakow.com)
    In a couple of the videos you provide, it seems to me that Brendon O'Connell is pursuing a very aggressively anti-Israel agenda.

    So when he presents facts or evidence that supports his apparent agenda, and if those details are not something I already knew or can readily accept as true, then I have to take those presented facts or evidence with a grain of salt ... to they support a true and balanced perspective on affairs, or is Brendon O'Connell cherry picking and massaging the evidence, to better support his apparent agenda.
    My quite dormant website: pauljackson.us

  4. The Following User Says Thank You to ThePythonicCow For This Post:

    Bill Ryan (11th May 2019)

  5. Link to Post #63
    Avalon Member gord's Avatar
    Join Date
    13th October 2015
    Location
    The Vampire State
    Language
    English
    Age
    61
    Posts
    693
    Thanks
    14,944
    Thanked 4,592 times in 672 posts

    Default Re: CPU Security Holes affecting Intel and AMD CPUs

    An interesting open letter from Andrew S. Tanenbaum's website https://www.cs.vu.nl/~ast/intel/:

    An Open Letter to Intel

    Dear Mr. Krzanich,

    Thanks for putting a version of MINIX inside the ME-11 management engine chip used on almost all recent desktop and laptop computers in the world. I guess that makes MINIX the most widely used computer operating system in the world, even more than Windows, Linux, or MacOS. And I didn't even know until I read a press report about it. Also here and here and here and here and here (in Dutch), and a bunch of other places.

    I knew that Intel had some potential interest in MINIX several years ago when one of your engineering teams contacted me about some secret internal project and asked a large number of technical questions about MINIX, which I was happy to answer. I got another clue when your engineers began asking me to make a number of changes to MINIX, for example, making the memory footprint smaller and adding #ifdefs around pieces of code so they could be statically disabled by setting flags in the main configuration file. This made it possible to reduce the memory footprint even more by selectively disabling a number of features not always needed, such as floating point support. This made the system, which was already very modular since nearly all of the OS runs as a collection of separate processes (normally in user mode), all of which can be included or excluded in a build, as needed, even more modular.

    Also a hint was the discussion about the license. I (implicitly) gathered that the fact that MINIX uses the Berkeley license was very important. I have run across this before, when companies have told me that they hate the GPL because they are not keen on spending a lot of time, energy, and money modifying some piece of code, only to be required to give it to their competitors for free. These discussions were why we put MINIX out under the Berkeley license in 2000 (after prying it loose from my publisher).

    After that intitial burst of activity, there was radio silence for a couple of years, until I read in the media (see above) that a modified version of MINIX was running on most x86 computers, deep inside one of the Intel chips. This was a complete surprise. I don't mind, of course, and was not expecting any kind of payment since that is not required. There isn't even any suggestion in the license that it would be appreciated.

    The only thing that would have been nice is that after the project had been finished and the chip deployed, that someone from Intel would have told me, just as a courtesy, that MINIX was now probably the most widely used operating system in the world on x86 computers. That certainly wasn't required in any way, but I think it would have been polite to give me a heads up, that's all.

    If nothing else, this bit of news reaffirms my view that the Berkeley license provides the maximum amount of freedom to potential users. If they want to publicize what they have done, fine. By all means, do so. If there are good reasons not to release the modfied code, that's fine with me, too.

    Yours truly,
    Andrew S. Tanenbaum

    Note added later: Some people have pointed out online that if MINIX had a GPL license, Intel might not have used it since then it would have had to publish the modifications to the code. Maybe yes, maybe no, but the modifications were no doubt technical issues involving which mode processes run in, etc. My understanding, however, is that the small size and modular microkernel structure were the primary attractions. Many people (including me) don't like the idea of an all-powerful management engine in there at all (since it is a possible security hole and a dangerous idea in the first place), but that is Intel's business decision and a separate issue from the code it runs. A company as big as Intel could obviously write its own OS if it had to. My point is that big companies with lots of resources and expertise sometimes use microkernels, especially in embedded systems. The L4 microkernel has been running inside smartphone chips for years. I certainly hope Intel did thorough security hardening and testing before deploying the chip, since apparently an older version of MINIX was used. Older versions were primarily for education and newer ones were for high availability. Military-grade security was never a goal.

    Second note added later: The online discussion got completely sidetracked from my original points as noted above. For the record, I would like to state that when Intel contacted me, they didn't say what they were working on. Companies rarely talk about future products without NDAs. I figured it was a new Ethernet chip or graphics chip or something like that. If I had suspected they might be building a spy engine, I certainly wouldn't have cooperated, even though all they wanted was reducing the memory footprint (= chip area for them). I think creating George Orwell's 1984 is an extremely bad idea, even if Orwell was off by about 30 years. People should have complete control over their own computers, not Intel and not the government. In the U.S. the Fourth Amendment makes it very clear that the government is forbidden from searching anyone's property without a search warrant. Many other countries have privacy laws that are in the same spirit. Putting a possible spy in every computer is a terrible development.
    Back to my home page
    Last edited by gord; 11th May 2019 at 16:42.
    The only place a perfect right angle ever CAN be, is the mind.

  6. The Following 3 Users Say Thank You to gord For This Post:

    Bill Ryan (11th May 2019), Hervé (11th May 2019), Michi (12th May 2019)

  7. Link to Post #64
    United States Administrator ThePythonicCow's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Language
    English
    Age
    76
    Posts
    28,565
    Thanks
    30,489
    Thanked 138,348 times in 21,474 posts

    Default Re: CPU Security Holes affecting Intel and AMD CPUs

    Quote Posted by gord (here)
    An interesting open letter from Andrew S. Tanenbaum's website https://www.cs.vu.nl/~ast/intel/:

    An Open Letter to Intel

    Dear Mr. Krzanich,

    Thanks for putting a version of MINIX inside the ME-11 management engine chip used on almost all recent desktop and laptop computers in the world. I guess that makes MINIX the most widely used computer operating system in the world, even more than Windows, Linux, or MacOS. ...
    Yes - Tanenbaum's open letter came out in late 2017: https://www.techpowerup.com/238677/m...er-minix-drama

    There's another "OS" inside Intel and AMD CPU's - the UEFI. Back in about the year 2000, when I was working on developing computers using not yet announced Intel processors, I was involved with adapting my company's operating system to the new EFI firmware inside that Intel processor. It was quite obvious to me at the time that Intel's EFI (Extensible Firmware Interface) was a re-write of Microsoft's DOS, with a FAT-like file system, command line prompt, simple editor, executable files, and batch file scripting. EFI's command options and conventions were quite familiar to someone who already knew DOS.

    The pretty (well, prettier than the old BIOS) UEFI screen that comes up on all modern X-86 (Intel and AMD) systems these days is basically a GUI application running in this miniature operating environment.

    Like Minix in the Management Engine, UEFI also presents a potentially rich attack surface to compromise any of our laptop, desktop or server systems.
    My quite dormant website: pauljackson.us

  8. The Following 4 Users Say Thank You to ThePythonicCow For This Post:

    Bill Ryan (11th May 2019), gord (12th May 2019), Hervé (11th May 2019), Michi (12th May 2019)

  9. Link to Post #65
    Avalon Member gord's Avatar
    Join Date
    13th October 2015
    Location
    The Vampire State
    Language
    English
    Age
    61
    Posts
    693
    Thanks
    14,944
    Thanked 4,592 times in 672 posts

    Default Re: CPU Security Holes affecting Intel and AMD CPUs

    Yup, a bogus update on a compromised system could put just about anything down in here:
    ~$ sudo ls -1F /boot/efi/EFI
    BOOT/
    debian/
    refind/
    tools/
    The only place a perfect right angle ever CAN be, is the mind.

  10. The Following 3 Users Say Thank You to gord For This Post:

    Hervé (12th May 2019), Michi (12th May 2019), ThePythonicCow (12th May 2019)

  11. Link to Post #66
    Avalon Member
    Join Date
    3rd July 2018
    Posts
    4,343
    Thanks
    39,271
    Thanked 33,389 times in 4,323 posts

    Default Re: CPU Security Holes affecting Intel and AMD CPUs

    How Intel wants to backdoor every computer in the world | Intel Management Engine explained

    Apr 7, 2019

    The Hated One

    Intel embeds Management Engine into all of its computers since 2008.

    Intel Management Engine has been criticized for its security risks and has been called a backdoor with rootkit possibilities by many security experts and researchers. This is Intel Management Engine. A subsystem microprocessor that’s operating inside every Intel CPU platform made from 2008 onward. Despite its name and some basic functions, we don’t know anything about what Intel Management really does.

    What we do know is that this microcontroller works completely independently from the main CPU. It can’t be manually removed or disabled. Even if the main computer is powered off, as long as it is plugged in to the mains or the battery, IME will continue to run. Intel Management Engine is a computer within a computer. It is running it’s own operating system, called Minix, and is installed by default on every modern computer with an Intel CPU. This probably makes Minix the most widely used operating system in the world. But unlike Windows, Mac OS or Linux, Minix is completely outside of user control. It cannot be scanned by an antivirus or malware detection software. It can bypass any firewall configuration and has a dedicated network connection that can circumvent the main CPU and the main operating system.

    Sources and further reading
    https://www.slideshare.net/codeblue_j...
    https://www.howtogeek.com/334013/inte...

    Intel Management Engine security problems
    https://boingboing.net/2016/06/15/int...
    https://www.csoonline.com/article/322...
    https://www.techrepublic.com/blog/it-...
    https://www.zdnet.com/article/intel-w...
    https://www.eff.org/deeplinks/2017/05...
    https://mjg59.dreamwidth.org/48429.html
    https://www.wired.com/story/intel-man...
    https://www.zdnet.com/article/compute...
    https://www.zdnet.com/article/minix-i...
    https://www.networkworld.com/article/...
    https://www.fsf.org/blogs/sysadmin/th...
    https://www.fsf.org/blogs/licensing/i...
    https://www.zdnet.com/article/researc...

    Purism's approach to Intel ME
    https://puri.sm/learn/intel-me/
    https://puri.sm/posts/deep-dive-into-...

  12. The Following 3 Users Say Thank You to Gwin Ru For This Post:

    Bill Ryan (29th July 2020), muxfolder (29th July 2020), onevoice (30th July 2020)

+ Reply to Thread
Page 4 of 4 FirstFirst 1 4

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts