/tech/ - Technology and Computing

Technology, computing, and related topics (like anime)

Site was down because of hosting-related issues. Figuring out why it happened now.

Build Back Better

Sorry for the delays in the BBB plan. An update will be issued in the thread soon in late August. -r

Max message length: 6144

Drag files to upload or
click here to select them

Maximum 5 files / Maximum size: 20.00 MB

More

(used to delete files and postings)


Open file (103.61 KB 1200x800 prism-slide.jpg)
Intel Management Engine Has NSA Kill-Switch Anonymous 10/18/2019 (Fri) 12:30:31 No.468
>According to a highly technical blog post, Positive Technologies experts revealed they discovered a hidden bit inside the firmware code, which when flipped (set to "1") it will disable ME after ME has done its job and booted up the main processor.

>The bit is labelled "reserve_hap" and a nearby comment describes it as "High Assurance Platform (HAP) enable."

>High Assurance Platform (HAP) is an NSA program that describes a series of rules for running secure computing platforms.

http://blog.ptsecurity.com/2017/08/disabling-intel-me.html

>Our DMA malware DAGGER is not executed on the host processor. It is
executed on the processor provided by Intel’s ME. No additional hardware is
required. DAGGER implements a sophisticated isolated runtime attack on user
input. Additionally, our DMA malware could steal cryptographic keys, target
OS kernel structures in an attack, and copy files from the file cache.

https://pdfs.semanticscholar.org/88ad/913424405ac32657a8557f74003b22e9be3c.pdf

This is old news, but the new board needs a new reminder that until RISC-V hardware becomes readily available, no amount of free software will protect you from glow nigger spying.
>>468
>no amount of free software will protect you from glow nigger spying.
But I use a Librebooted Chinkpad. Shame it's affected by Spectre and Meltdown.
>>468
This is interesting in two ways. How can this be utilized to get around the ME in everyday life? And how to determine of the ME of a given processor has been tampered with?
According to a highly technical blog, experts have discovered that water is wet
>>468
I'm getting tempted to just disconnect my stuff from the internet when I'm not actively using it. My processor's free to spy on me as much as it wants if it can't transmit shit or take instructions from these people.
>>530
>implying it won't run silently when you think it's shut down
>implying it won't keep a connection and only pretend it's disconnected
If it's not a hardware power switch then it's useless. Ideally on your router, just unplug that shit.
No surprise Intel decreases CPU prices and leaks ME "killswitch" when they have nothing to counter 7nm Ryzen.
Open file (44.83 KB 427x544 exploited_amada.jpg)
>>549
>Ryzen
Reminder that there's AMD's Platform Security Processor on all Ryzen systems, which is similar to ME, and there's little to no way to exploit/reverse engineer at the moment. I see several articles that discuss Intel's ME issues and exploits, but not much with AMD's processor.

As an aside, how come most of the libre hardware consist of laptops, servers, and high end workstations? There's not much for basic desktops, and the AMD FX CPUs have potential, even if they can be a housefire.
>>553 Yeah everyone's dickriding amd but they're just as jewy as jewtel
I very much want to be able to buy AMD and Intel processors without these spy chips. You would think they would have to provide that to various governments at least then we could buy them when they are decommissioned.
Can you guys tell me other chans that have bigger areas to talk about Linux?
>>1338 Plebbit or IRC (freenode or Rizon).
>>1339 thank you. i am looking for chans, though. dont think i could set foot into reddit.
Open file (4.68 MB 500x281 afaggot.gif)
>>1340 Lurk 2 years minimum or fuck off.
>>1338 you are out of luck mayne, ever since we got Shoah'ed the /tech/ community has been fragmented and most of us went into hiding and using shitty tor sites
>>1352 this
>>1352 this I don't know where the hell I've even been, I spent a bit of time on zeronet, then endchan, fucking lainchan, plebbit too, and now here after hopping through a million chans and bunkers. it's all so tiresome.
>>1352 I miss the text boards JEWS
>>1352 Go tell them to use this one. Also remember the 60000000 wizards terminated in the cybershoah by splooge drinking glowniggers.
>>1326 >Anne (((Neuberger))) head of the NSA's Cybersecurity Directorate
>>1388 >>1340 lainchan
>until RISC-V hardware becomes readily available, no amount of free software will protect you from glow nigger spying. WRONG Let me fix it for you: >nothing will protect you from glow nigger spying. It's trivially easy for them to plan a camera in your room, or set up a good RF antenna that can pick up the EM noise made by your screen to then figure out what was displayed on it, or even intercept and bug the hardware you ordered online. All you can do is defend your privacy a bit against large corporations, maybe.
>>1866 May be so. But the method you described takes manpower, comparing to the usual ring -3 telemetry and deep learning analysis. For specific oshw, resources have to sketched pretty thin to cast such a wide net of hardware backdoor. Unless they manage to get every pcb fab to insert their backdoor, you have to be a somewhat high value target for them to do it. Even so, you can always cut off from the internet and wrap your stuff in a faraday cage.
>>1868 That's why you only do the IRL attacks on the guys stupid enough to buy RISC-V. The point is, don't hope for a tech solution to a social problem.
>>1886 RSIC-V is a meme right from the start. The license is the proprophecy of a proprietary lockdown fragmentation through vendor custom instruction sets and compilers. Those why are stupid enough to buy it don't even need a manually installed backdoor.
>>1886 Next you will say that locking your door increases the chance you will be robbed.
Open file (154.84 KB 464x259 you.jpg)
>>1892 The threat model here is not "random criminal" but "giant and nigh-unstoppable intelligence organization", you colossal cock connoisseur. Locking the door defends you from the average robber and using adblockers/avoiding social network sites/not installing adware defends you from the average tracking company, but putting twenty locks on your door won't stop SWAT from blowing it up and buying a meme CPU won't stop the NSA from spying on you.
>>1352 >you are out of luck mayne, ever since we got Shoah'ed the /tech/ community has been fragmented and most of us went into hiding and using shitty tor sites What tor sites are there?
>>2450 I am getting blind from your post.
>>468 > no amount of free software will protect you from glow nigger spying. Doesn't matter. NSA and most other western intelligence agencies are extremely intelligent, but clinically niggerlicious ( fortunately/unfortunately depending on your glow level) <"extremely intelligent, but clinically niggerlicious" What this? This is best illustrated via an example... Consider the following: Objective: Open door. NSA solution - spend $1bn designing advanced AI drone that turns the door handle with a laser tractor beam using telepathic remote control. Non-retard solution - Turn door handle. So although glowniggers can peek up your ass digitally it has been fuck all use because hundreds of thousands of chinky sleeper agents walked right past them and have pretty much fucked over the countries they were supposedly 'defending' from harm. Spying on your own populace makes you inherently weak.* Excessive 'Navel gazing' ensures you WILL miss exterior threats. *This will also be exploited in repercussions against (internally spying) chink commies during the upcoming (obvious) war(s). Glownigger, before you bitch about "B-but No, that's not true!" IT HAS ALREADY HAPPENED! I bet those Chinese commies are pissing themselves at parties laughing at just how useless you all are.
>>2467 >niggerlicious >r e-t=a.r:d,e/d >c u c k e d wordfilters found
>highly technical blog post
>>1889 RISC-V is such a meme that it's CISC
>>1853 no.

Report/Delete/Moderation Forms
Delete
Report