> The hijacking flaw that lurked in Intel chips is worse

>>60250680
>CPU firmware
This is why we can't have nice things.

>>60250680
it only affects businesses who gives a shit

Why do they have this """"""security"""""" mechanism in the first place??

>>60250714

you misspelled "backdoor"

>>60250714
>t. intel damage control shill
how much money are you making with that?

i wanted to write some snarky remarks about how this is horrible but then i realized that i'll die without it ever affecting me so i stopped
don't waste breath on pointless shit

>But, remarkably, that authentication mechanism can be bypassed by entering any text string—or no text at all. According to a blog post published Friday by Tenable Network Security, the cryptographic hash that the interface's digest access authentication requires to verify someone is authorized to log in can be anything at all, including no string at all.

You just can't make this shit up

>>60250790
>>60250787
fuck ryzencucks. Your dead cpu probably hides more nasty shit than this. Besides this is totally irrelevant to the consumers and as /g/ is a consumer board this topic has no right to be posted here. I'm reporting this thread to mods for being off topic.

>>60250834
Tell us how you really feel anon. Is it butthurt? Do you need some lotion?

File: 1489292636735.jpg (137KB, 600x631px) Image search: [Google]

137KB, 600x631px

>>60250680
>arstechnica.com
NEVER link to this shithole of a leftist, anti-free-speech, anti-4chan site!

https://archive.fo/Ty4i5

>>60250834
>PLS D-DELET DIS
kek

File: hqdefault.jpg (12KB, 480x360px) Image search: [Google]

12KB, 480x360px

No string at all

>shlomo, what password do we use for secret backdoor?
>I dunno, yitzack, any will do.
>any password it is!

>>60250868
Back to >>>/pol/ you dumb ryzenigger

>>60250903
>/pol/
Looks like your house isn't the only thing that 140W single socket holocaust has burned

File: 85876.png (44KB, 650x350px) Image search: [Google]

44KB, 650x350px

>>60251013
>having to resort to blaming pol to defend a fucking processor
Enjoy your botnet housefire

File: Butthurt.jpg (102KB, 941x960px) Image search: [Google]

102KB, 941x960px

>>60250680
I'm using Core 2 machines with the cuck engines fully disabled. Feels good man.

>>60251013
Do you even know where you are? Tumblr is down the hall, newfag. Pic related.

>>60250680
>A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined, because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password.
That's exactly what we imagined though.

This is exactly what people were trying to warn us and them about.

>>60251123
It's not even a flaw. Intel chips are what we call defective by design.

>>60251202
>password authentication accepting no or the wrong password isn't a flaw
If they were designing it to be a backdoor they would have had a master password to let the NSA in, not just break the authentication entirely.

It's a flaw, in a shittish feature.
And most of us don't have to worry about it because we don't have vPro enabled motherboards.

File: snapshot_21.10_[2016.07.28_03.58.57].png (3MB, 1920x1080px) Image search: [Google]

3MB, 1920x1080px

>>60250834

File: mk_ultra_girl_c1961a.jpg (25KB, 400x289px) Image search: [Google]

25KB, 400x289px

DO ANYONE HERE

DARE I SAY

HAVE ANYHING TO HIDE

???

THESE ARE FEATURES TO COMBET THE TERRORIST THREAT THAT BLEW UP THE TWIN TOWERS IN JEW YORK, REMEMBER GOYM

!!!

File: shekel.jpg (49KB, 400x400px) Image search: [Google]

49KB, 400x400px

>>60250834
well earned
sholomo

well earned

>>60251250
It's a backdoor. You give these people at Intel and the NSA/CIA way too much credit. It's almost like how a few years ago certain partitions on iOS and Android devices weren't protected in any way from being written, allowing all kinds of rooting and bootloader unlocks, or how on Macs you could boot into single user mode and change the login passwords on unencrypted drives. It's just lazy engineers thinking that nobody will notice.

>>60251271
So why does it most hurt businesses and not consumers?

>>60250680
SHUT IT DOWN GOYIM

>>60250680
Are you saying that there is a HTTP server running on Intel CPUs?

>>60250862
wtf I love arstechnica now!

>>60251364
Maybe that's what is causing the stuttering in games kek

don't worry it's patched now, just another 0day discovered and fixed like every other piece of software (including AMD firmware) has had several of at one time, nothing to worry about.

>>60250680
This is fucking ridiculous
Intel won't even address the core issue & let us remove this shitware from our computers, they'll just release a patch that fixes this one vulnerability. It should be illegal for corporations to force this shit on consumers, I hope there is a huge lawsuit being prepped for this

>>60251364
No, it's running on the motherboard.
Most consumer motherboard don't support it.

>>60251396
>0day
I don't think you know what it means.

>>60251423
That's a blatant lie you fucking shill
>As Ars reported Monday, the authentication bypass vulnerability resides in a feature known as Active Management Technology. AMT, as it's usually called, allows system administrators to perform a variety of powerful tasks over a remote connection.
>Currently, AMT is available in desktops, servers, ultrabooks, tablets, and laptops with Intel Core vPro processor family, including Intel Core i3, i5, i7, and Intel Xeon processor E3-1200 product family.

File: 1478327770119.gif (676KB, 350x375px) Image search: [Google]

676KB, 350x375px

>>60251509
Well none of my cheapshit motherboards support it.

My thinkpad is affected. Fuck, time to invest in some hardware and remove ME. But most people won't go to such trouble, and are left with affected systems

>>60251509
It's both the chipset and the CPU.
The chipset gives the access to the network interfaces and other shit while the CPU section allows for access to processing without the OS knowing.

>>60250723
jews my friend
jews

>>60250680
I hope this fucks up Intel.

>>60250680
We /Ryzen/ now

>>60250834
>I'm reporting this thread to mods
see
>https://www.4chan.org/rules#global7
good bye shill

https://semiaccurate.com/2017/05/03/consumer-pcs-safe-intel-meamt-exploit/

> TLDR; There is a remote control mechanism in hardware that cannot be fully disabled and you cannot get Intel hardware without it.

>>60250862

go back to sucking Trump's tiny cock /pol/ fag

>>60251109

> I'm using Core 2 machines with the cuck engines fully disabled

how? the cuck engines (ME/AMT) are in hardware, can only be disabled by blowing fuses

File: me.png (24KB, 480x344px) Image search: [Google]

24KB, 480x344px

>>60251364

On some systems Intel ME is on the chipset (mobo) on others it's on the cpu

>>60252478
t. cuck.

>>60251623
> ...time to invest in some hardware and remove ME

your box won't boot without it

>>60252443
>comsumer pcs safe

>>60252545

With certain thinkpads and libreboot you can.

Honestly though this intel flaw is the biggest botnet of all.

What the fuck is a person to do?

>>60252599

yeah, i think you're right. what's the name of that project? it's on github somewhere

>>60252590

read the full article

>Intel claims the ME is ‘fused off’ completely. SemiAccurate does not believe this to be totally accurate. Our research indicates that there were fuses blown but they don’t actually disable the hardware. If Intel’s claims are accurate then why are bits of functionality that should be “hard disabled” present in other consumer grade features? They may not be robust or fully featured but that is a firmware/software issue. The sizes of the latest branch of ME firmware are ~1.5MB for consumer and ~5MB for corporate.

and don't believe jewtel's claims

>>60250878
underrated

>>60250834
spotted the 7700k owner

>literally nothing will happen like every other supposed big name security flaw
woooooooooooow

>>60250826
yeah I read that article. really shows me how stupid people are

File: michael-hayden.jpg (914KB, 1630x955px) Image search: [Google]

914KB, 1630x955px

you mean the NSA botnet that we all knew is built into Intel chips doesn't require a password to use? top kek!

File: riscv-blog-logo.png (10KB, 366x289px) Image search: [Google]

10KB, 366x289px

how far away are we from a truly open cpu being commercially available? maybe not Kabylake performance, but something like a Raspberry Pi's performance?

>>60252699

so is AMD any better? what are the alternatives then?

File: 1488943260665.png (339KB, 387x550px) Image search: [Google]

339KB, 387x550px

>The problem is what happens if you don't use a browser, but you generate an invalid request manually or using a proxy to alter the response, sending an empty string instead of the 32 character hash. Then the compare code does this:
>strncmp("6629fae49393a05397450978507c4ef1","",0)
>This means the function will compare the first 0 characters between the two strings. So it is equivalent to:
>strncmp("","",0)

Oh look, it's a "Shitty language that should have been killed ages ago causes another exploit" episode

>>60252743
I don't see any articles about Ryzen backdoors.

>>60252743

> so is AMD any better?

not really, AMD has their own version of ME (can't remember what it's called).

> what are the alternatives then?

i have high hopes for...
>>60252738

>>60251330
The very fact that we're debating if it was the handwork of a 3 letter agency(JEW) or pure incompetence is a worrying sign of the times were in.

>>60252744

> house falls down
> stupid shitty hammer

don't blame C, blame jewtel engineers

>>60252760

i thought AMD has their own inhouse backdoor? i think the anon above is right that currently raspberry pi might be the only un-backdoored commonly used processor

>requires a vPro processor to be used
Bad news for business, but it's fucking nothing in terms of your home PC

> vPro processors

Wow it's fucking nothing. Update your firmware if you're affected.

File: Bender_6502.jpg (11KB, 320x216px) Image search: [Google]

11KB, 320x216px

>>60252760

libreboot__dot__org/faq.html#amd

> AMD Platform Security Processor (PSP)

This is basically AMD’s own version of the Intel Management Engine. It has all of the same basic security and freedom issues, although the implementation is wildly different.

The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013)

>>60252859

Does that mean pre-2013 amd's are a decent option?

>>60250812
>server only shit now in business laptops
>vulnerable and buggy as shit
>>this is ok, I don't mind
You don't think this will trickle down to your shitbook?

>>60252873

don't know

This exists in all intel CPUs since many years. What makes VPU processors different?

File: 1461262256809.jpg (80KB, 766x960px) Image search: [Google]

80KB, 766x960px

>>60250680
How do I make an open source processor /g/? I don't like this future.

>>60253006

https://en.wikipedia.org/wiki/RISC-V

the days of cpu monopolies/backdoors will come to an end (hopefully sooner than later)

>>60252788

C, like the pitbull, is truly the "dindu nuffin" of programming languages

>>60250862
please do not post 2hus with shitty pol replies, thanks.

security vs convenience... chose one

most Intel/AMD cucks will gladly piss away security for the sake of convenience (e.g remote management features)

File: 1489943234294.jpg (42KB, 459x459px) Image search: [Google]

42KB, 459x459px

>>60253277
kys or GTFO. you don't belong on 4chan. fuck off back to plebbit you baka.

>>60253290
The users never got any convenience out of it.
It's just apathy and trusting intel and the government.

>>60253299
>kys
redditor detected
please be sure to lurk a few months before posting again, thanks

File: 1480043884097.jpg (86KB, 900x900px) Image search: [Google]

86KB, 900x900px

>>60253403
kys plebbitard. just fucking do it.

>>60253445
>1480043884097.jpg
please stop projecting your newfaggotry
the influx of redditors to /pol/ this election season is ruining this site

>>60252841
More like "update". Right along the lines of "patched".

File: 1471773423224.jpg (94KB, 680x697px) Image search: [Google]

94KB, 680x697px

>>60253562
you have to go back.

>>60253608
>redditors

>>60253562
Aww, the anti white redditor wants a safespace :(

>>60253669
>he got triggered and replied again
REDDIT

>>60253403

he's just lonely and wants to spew some /pol/ bile at someone

>>60253689
/g/ isn't your SJW safespace, redditor

>>60253703
>SJW
reddiiit

How do you even control the internet through a backdoor in the cpu chip thingy

>>60253712
Is SJW your trigger word, reddit?

>>60253712
Just kys faggot

>>60250862
I appreciate your efforts.
t. crossboarding cancerfag

>>60253735
>>60253759
lmao, go back to whining about SJWs on reddit, loser

>>60253779
>that deflection
Go back to /r/anarachism, redditor

>>60253721

Think of it as a listening device with a kill switch.

>>60253793
>he knows the names of specific subreddits
HAHAHAHAHAHAH YOU'RE A LITERAL REDDITOR
you can't make this up

>>60251087
As a lower middle class leftist feminist, /pol/ and botnet apologists are both cancer.

The old sandy bridge backdoor rears its ugly head once more

File: 1489203927630.png (246KB, 720x378px) Image search: [Google]

246KB, 720x378px

>intel fills thread with /pol/fags arguing about inane bullshit to derail it

>>60252744
Intel engineers shouldn't need to use cotton wool-wrapped programming languages. A full awareness of C memory management and string handling is a basic requirement of any competent firmware engineer.

>>60253844
>a bunch of redditors getting triggered that someone doesn't like ars technica
>its somehow /pol/s fault

>>60251396
It's "patched" as in Intel has developed and released a patch to vendors, but literally no end users have actually received the patch. The best you can do at this point is shut down AMT features as best you can.

>>60251431
It's literally a -9year, not a 0day.

>>60251623
All modern Intel processors have ME. And AMD processors have a similar feature, which in all probability will turn out to have similar vulnerabilities. Your only option is to exclusively use pre-2007 or so processors (which is going to become less and less viable as time goes on) or switch to an open-source instruction set.

gee what a huge surprise

File: 1493430372779.png (322KB, 546x700px) Image search: [Google]

322KB, 546x700px

>>60253869
>getting triggered at someone else getting triggered by someone else getting triggered because of a link to ars technica

>>60253842
Or rather the effects are finally being seen. We saw this shit coming back when it was found in sandy bridge.

>>60253922
It can be neutralized in some boards.

>>60253951

metathink is cancer

>>60252743
AMD is paying executive level attention to requests to open source the PSP (ME equivalent) as of a few months ago. There's hope.

File: 1489075872717.png (246KB, 882x758px) Image search: [Google]

246KB, 882x758px

>>60250834

>>60252744
>strncmp("6629fae49393a05397450978507c4ef1","",0)
I refuse to believe that anyone with a professional career writing firmware for one of the largest processor manufacturers could do something that stupid. More likely, they thought they were using strcmp, so that they left out the last argument. In all likelihood the management heard some of the fearmongering about C and told some idiot intern to go through the code and replace all function calls with the "safe" versions. So they came across a spooky scary unsafe strcmp call, so they just changed the name to strncmp without changing the arguments, the stupid compiler didn't say anything about it, and now it just randomly grabs some variable off the stack which is usually but not guaranteed to be zero. Ironically, it's most likely the attempt to write "safe C" that caused this exploid, because honestly segfaults are preferable to what we're dealing with here.

And honestly, if you think we should abolish C for systems programming, what should we use instead? Rust seems somewhat promising, as you can actually do systems programming with it, but it's not quite low level enough to have the benefits of C. Then again, low level pretty much implies the risk of buffer overruns, so there really isn't any plausible way out.

>>60253703
It isn't yours either, /pol/cuck.

>>60253869
You're the one that sperged out because of a link posted to a "leftist" website. You guys are in no position to defend free speech if you can't be exposed to opposing views without feeling a need to shill compulsively.

Understand that your average gigabyte or asus motherboard does not support Amt. if you have an enterprise dell machine, like an optiplex or precision, then you're fucked.

>>60253703

thanks for illustrating my point...

>>60253689

;)

>>60253867
>A full awareness of C memory management and string handling is a basic requirement of any competent firmware engineer.

this. specially for something as widespread as intel cpus. why aren't companies like intel held legally liable for defective products?

>>60253887

if a vulnerability has existed for 9 years, and has not been disclosed, then it's a 0-day.

>>60250834
Stating you've reported a post is against the rules tho :^), enjoy your ban.

>>60254092

this would be a smart move. they will definitely get the $$$ of those users who give a shit about security, and don't want intel's black box backdoors baked into their hardware.

>>60254110

>strncmp("6629fae49393a05397450978507c4ef1","",0)

these code samples come from one of the commenters on ars. what is the original source? how the fuck did they get access to ME firmware source code?

are AMDs before 2013 good?

>>60252744
>when Intel starts outsourcing firmware to poos
It's here. The dark ages of computing. From here on, every company making devices will decide to outsource to smelly poos instead of hiring competent developers.

>>60254304

Not worth it if the NSA puts the screws to them and says do it or else...

File: michael-hayden.jpg (54KB, 640x465px) Image search: [Google]

54KB, 640x465px

>>60254110

funny how this bug didn't show up during the 9 years of "testing" by intel :)

>>60254127

tons of laptops also have amt cancer

>>60254319
>source code
no, reverse engineering
and given the results its not hard to come up with an proper source code sample

here's a wincuck utility to check if you're vulnerable

https://downloadcenter.intel.com/download/26755

>>60254411

or it could just be some ars commenter pulling code out of his ass

https://github.com/corna/me_cleaner

>>60254092
that was just lip service to redditards

AMD wouldn't have the PSP if they weren't forced to have it. It makes no business sense.

File: intel mei.jpg (93KB, 575x535px) Image search: [Google]

93KB, 575x535px

>>60250680
Disabling Intel Manasemen Engine in Device Manager is enough right?

>>60255517
Yes go-- anon, that should be enough.

>>60255517
>Interface
No, it is running even before the CPU starts.

>>60252531
t. what does it mean?

>>60251330
>It's a backdoor. You give these people at Intel and the NSA/CIA way too much credit.
I want to give the credit to MI5/MI6 instead.

File: 1487374919155.jpg (10KB, 200x200px) Image search: [Google]

10KB, 200x200px

>>60250834
>any criticism of Intel's idiotic management engine must be from an AMD fan...
wew lad

>>60255717
>picks agencies from a country that hasn't made a CPU in 30 years
yeah, no

>>60250680
>flaw

ahahahahaha. No, this was always what Trusted Computing(TM) was for, violating your control over your device. The only thing that's "gone wrong" is one evil entity can take control instead of the one which is "supposed to."

>>60255602
This.

It's a completely separate, proprietary, mini-OS if you will, embedded in the hardware. It has it's own CPU and memory in flash, complete with it's own flash partition where the code resides, which is largely encrypted. The only people who can run code on it are Intel (and whoever they share it with), who hold RSA2048 keys required to do so. It has full and direct access to the main CPU, memory and integrated comms chipsets (Ethernet and Wifi) and is running constantly any time power is applied to the device.

It's the ultimate hardware backdoor, completely undetectable by any OS or software running on the device.

>>60250714
It was enabled on my laptop with 2nd get i7

>>60255517

ME intercepts ALL ETHERNET TRAFFIC on your NIC before it gets to your host, nothing you can do in the OS to stop that.

File: NSA Director Keith Alexander.png (429KB, 547x638px) Image search: [Google]

429KB, 547x638px

>>60255803
>...and is running constantly any time power is applied to the device

even when your computer is "off" :)

>>60252649
me_cleaner

95% of this thread is shills trying to get us off topic by yelling about /pol/ and reddit

>>60252738
Are there any devices or anything really planned to use this?

File: szRTjdOX_400x400.jpg (30KB, 400x400px) Image search: [Google]

30KB, 400x400px

>>60254719

kek

> Thx @Intel for this EULA-protected, UNSIGNED zip w/ a bunch of UNSIGNED (PE) executables, so we can see if vulnerable to your AMT Fuckup!

https://twitter.com/rootkovska/status/860413732069019648

this chick knows a thing or two about intel's me

File: hifive1-top-view.png (558KB, 978x663px) Image search: [Google]

558KB, 978x663px

>>60256833

there are microcontroller chips you can buy now

www.sifive.com

there will be a raspberry pi type board next year, from the same guys who did the raspberry pi

lowrisc.org

RISC-V has a shitload of big silicon valley companies behind it. CPUs/cores/etc are being developed for all sorts of applications. I hope it takes off and becomes an open source alternative to intel/amd duopoly (kinda like linux is to winblows/apple)

>>60257098
>there will be a raspberry pi type board next year, from the same guys who did the raspberry pi
In 2018?

>I hope it takes off and becomes an open source alternative to intel/amd duopoly (kinda like linux is to winblows/apple)
Same man, I would buy it if they made it somewhat powerful at least.

>>60257041
>chick
anon, i...

>>60257153

progress update...

https://www.youtube.com/watch?v=g_5jRnCnNU0

> test chips in 2018
> community board in 2019

I think FreeBSD has already been ported to RISC-V, don't know about Linux

>>60257179
i find her strangely attractive

https://www.youtube.com/watch?v=rcwngbUrZNg

>>60257218
Cool, thanks anon. I'll definitely watch that conference.

It still has a long way too go, but hopefully it's good.
I am pretty sure that it'll receive Linux support.

File: heh.png (3KB, 241x46px) Image search: [Google]

3KB, 241x46px

>>60253299
>kys
>GTFO
>plebbit/plebbitard
>baka
>using retarded cirno images
>"you don't belong on 4chan"
>/pol/ bait

You just keep getting better and better.
It's like your the highest, purest of what is on 4chan, but your just an a-hole who tries to project his own opinions and his idea pf "manners" or "culture" into a chinese cartoons website and if people don't agree with you, you'll just angrily shutdown other's opinions

t. holy city fag

>all those faggots saying ME didn't exist, wasn't a problem etc in spite of all the evidence

BLOWN THE FUCK OUT

>>60252528
got an english version of that?

File: 4chan proprietary imagework (32).png (10KB, 236x176px) Image search: [Google]

10KB, 236x176px

>>60250680

>mfw I bought Ryzen which doesn't have a hardware backdoor

>>60257576

it's old. v1.1 is from 2005, v2.0 is from 2006

check out Joanna's talk for more current info...

>>60257241

>>60250680
>true colours of botnet and intel's incompetence

>>60257629
That you know of.

File: amt9-starthere-fig-1.png (45KB, 337x352px) Image search: [Google]

45KB, 337x352px

>>60257576

>>60257629
It has TrustZone-based PSP which may very-well contain backdoors and be as powerful as ME. Intel's ME at least has been poked by researchers for a while now so a lot is known about it, PSP not so much.

>>60257576
Botnet.

File: Intelme.png (22KB, 800x800px) Image search: [Google]

22KB, 800x800px

>>60257576

>>60257700
Yeah, but they at least pretend to care about thinking of open sourcing psp thanks to /l/eddit.

recent talk about Intel ME by Dmitry Sklyarov

https://www.youtube.com/watch?v=2_aokrfcoUk

slides

https://www.troopers.de/downloads/troopers17/TR17_ME11_Static.pdf

>>60253922
>Your only option is to exclusively use pre-2007 or so processor
Not true.
Vishera (AMD FX) doesn't have ME or the AMD equivalent and it is still reasonably competitive especially for the price.

>>60257872

Are there any good laptops with non-botnet AMD processors?

File: 1414239250836.jpg (196KB, 1280x854px) Image search: [Google]

196KB, 1280x854px

>A FUCKING WEBSERVER IN YOUR CPU

There are people who unironically trust jewtel.

>>60257773
Thank you for sharing, it seems quite intresting, will watch his presentation.

>>60251509
>Intel Core vPro processor family
He is right though.
Only a tiny fraction of desktop / SB users are affected. Maybe a 10 overall in the world? 1? 0?

vPro is used in enterprise, and it makes IT a 1000x easier job.

>>60257629
It has the AMD equivalent, dumb shill.

File: 45436324634.png (74KB, 765x530px) Image search: [Google]

74KB, 765x530px

>>60259858
This affects every Intel box made in the last 9+ years you fucking shill.

Intel jews are fucking shameless.

>>60250834
Cry, Shlomo, Cry.
Meanwhile, AMD is working to open source they PSP platform.

>>60255462
>source: my arse

>>60250680
this is why you dont use non-free hardware

>>60260640
Shut up and bathe, Richard!

>>60250714
lol, no, I downloaded dell's paper about affected devices and there are laptops there, if not all of them

>>60260564
>This affects every Intel box made in the last 9+ years you fucking shill.
> what is vPro
What the fuck are you even doing on /g/?
Just end yourself pls.

>>60258215
this. what the fuck...

>>60258215
AMD = Germans
Intel = Jews

File: oracle-sparc-m7.png (249KB, 575x476px) Image search: [Google]

249KB, 575x476px

Reign of SPARC64 when?

>>60261086
since oracle bought them - never

>>60261062
http://investmentwatchblog.com/both-amd-intel-chips-will-now-be-built-in-israel/

https://www.amd.com/en-us/who-we-are/contact/locations

https://www.reddit.com/r/security/comments/4ot223/do_amdprocessors_have_something_like_intel/

It's okay.

>>60261099
Not the case anymore. Oracle dumped it.

https://www.thelayoff.com/t/LsIZB0T

They may sell off the patents and rights to other bidders.

File: index.jpg (74KB, 896x287px) Image search: [Google]

74KB, 896x287px

>>60254110
actually the bug was a bit different.

>>60250714
My Thinkpad is affected.

>>60260578
They won't be doing that AMDrone.

It's ARM TrustZone, meaning they can't opensource it.

And when the enivitable flaws come out for ARM TrustZone, you can't do anything to stop someone from stealing your information thanks to your Poozen CPU.

Should've stuck to POWER, cuck.

File: 18301238_1421331177932759_8650651993985490145_n.jpg (51KB, 680x960px) Image search: [Google]

51KB, 680x960px

>>60261274
I would be really sweet if you could have multi-socket ARM capable CPU boards that you could install into slots. So much processing power.

>>60257098
How far away is risc-v from being useful in desktops? I don't need much other than emacs, compilers, a window manager and the typical GNU utils, but it would definitely be nice to run something like ubuntu on it out of the box too.

>>60261463

probably two years

the indians decided to not trust jewtel and design their own 64-bit RISC-V cpu

http://www.eetimes.com/document.asp?doc_id=1328790

i think they are adopting RISC-V nationally, the russians will as well. trusting an open source ISA instead of proprietary backdoored black boxes seems like a no-brainer security decision.

>>60253248
>but the supervisor-mode instructions are unstandardized as of 10 November 2016
It'll become the Haskell of CPUs, I tell you.

>>60261617
Nice, any informed guess on what sort of technology the first desktop capable risc-v chips will use?

Unironically happy india is doing this since they're javashitters so it'll probably mean we'll get JVM on risc-v so I can write muh-scala on it

>>60255635
t. Can I join the fun?

>>60250868
>>60251258
>>60251300
>>60251954
>>60252675

>falling for the obvious b8

>>60261666

the indian RISC-V cpu is called SHAKTI. here's a presentation from a couple of years ago

https://www.youtube.com/watch?v=OoxOzvf78uQ

File: RISC-V_Logo.png (4KB, 400x125px) Image search: [Google]

4KB, 400x125px

https://en.wikipedia.org/wiki/RISC-V

> A partial list of organizations that support the RISC-V Foundation includes: AMD, BAE, Berkeley Architecture Research, Bluespec, Inc., Cortus, Draper, Google, Hewlett Packard Enterprise (HPE), Huawei, IBM, ICT, IIT Madras, Lattice Semiconductor, Mellanox Technologies, Microsemi, Micron, Microsoft, Nvidia, NXP, Oracle, Qualcomm, Rambus Cryptography Research, Western Digital

why doesn't some one like google, nvidia, or imb design their own 64-bit open source mass market cpu? they do have the engineers and gazillions of dollars. is it impossible to break the intel strangle hold?


David Patterson on RISC-V

https://www.youtube.com/watch?v=mD-njD2QKN0

https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/

> For a security hole that was present for about a decade that suddenly gets patched, this means an affected party with the leverage to get Intel to act did just that

who pressured intel to fix this hole?

>>60257872
How do we know they don't? I kinda want a hex/octa core for gentoo

>>60261028
IME is built in EVERY CPU, the weberver is an addition.
people can still access the ME from outside!

>>60250834
holy fucking shit this post is gold.

how do i check if i'm affected?

>>60262009
AMD and Intel are very happy with their duopoly on the CPU market. They'd team up and crush google like a bug before they could get a foot in the door just like with what happened with google fiber.

File: Joanna_Rutkowska.jpg (22KB, 320x480px) Image search: [Google]

22KB, 320x480px

>>60257041
>chick

>>60262974
https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5689.html

>>60261291
>t. shlomo noseberg

>>60250680
okay but am I supposed to think AMD is doing the same shit under our noses?

No matter what brand, the NSA/FBI/etc. can and WILL make them cooperate.

>>60250826
>this is totally irrelevant to the consumers
oh, but you are so wrong, you fucking shill
>https://support.lenovo.com/pt/en/product_security/len-14963#ThinkPad
can you count how many _consumer_ thinkpad models are marked as affected in the list provided by lenovo? what abut all the other brands? get cucked shill

So where can I find the exploit? I have a few machines I can test on

>>60263343
qt

>>60262756
But the secholes does not affect every CPU.
Yeah yeah the NSA and the lizards will be able to watch you, but not attackers.

>>60263343
>>60257041
> Russian people talking about security
I-i-i don't know anon. I would be pretty fucking cautious with those fucks.

> inb4 muh murrican election hack
Fuck no, I am not even from the US.
But Russians and Chinese coders whose job is to develop malware and spread misinformation all day long?
And I am supposed to trust THEM?

FUCK NO.

From the top of my head, it's like 90% of the most sophisticated malware that infected half the world is coming from Russian for example. And yeah I know Russia is big and you have the government and independents, but still. Everyone should take their word with a pinch of salt.

File: hurrdurr.png (34KB, 604x495px) Image search: [Google]

34KB, 604x495px

>>60264760
>>60262756

>>60264822
It's not vulnerable to THAT bug
also
>trusting intel
it's not like they would lie to you, would they?

>>60264842
I work, I earn money, I have stuff to do.
Could live without a laptop, a fridge, a stove, or my phone but that would just make my life a thousand times harder.
So being the lazy fuck I am - I chose to embrace technology and had to accept the dark part of the deal.

> Worrying about only one brand of one CPU
There is no way of knowing how many exploits are out there for all kinds of shit. And this is no tinfoil shit, researchers managed to copy live data out by blinking the HDD led and using a drone. But to be more software based, I am pretty sure the default stack one might have on any OS is attackable in some degree.

Windows, Linux, OS X who cares, all has its attack surface. Hardware, software, all of it.
It's like the HDD Encryption thing. If you have to worry about the NSA and such, you are already fucked.

>>60250812

Thing is this one might not, but the trend to put more and more brains in hardware,bios, and other low level stuff means the next flaw might effect you.

Even if you opt out of computers everything in your life is tied to computers, your car, your doctor, your bank. So unless you go totally off grind and join a tribe in the Amazon there is a pretty good chance major flaws like this may at minimum inconvenience you.

There isn't much one can do other than hope hardware locks can be put in place that totally disconnect pieces from a electric level ( basically the equivalent of physically removing power from the idrac from a Dell for instance)

It's like webcams the only sure way to make sure they can't capture anything is to use a piece of tape or physically remove it. You always need a brain dead solution to turn the risky bit off while you wait for a fix.

It's like having software control the breaks in your car - it's a bad idea if when it fails you can't press extra hard or use the ebreak to make the car stop.

I'm not losing sleep over this but things are only going to get worse.

>>60264930

It's not just oh no NSA government spies knowing I like bbw porn, it's like this stuff is critical to my computer working, if there is a bug it could seriously fuck my hardware up. Which wastes my time, money and possible data loss. More scary is it's at least theoretically possible it could possibly cause a fire. I don't mean just CPU or that Nvidia house fire edition card - it's not crazy to think we could have more smarts inside the computers power supply in the near future which could actually fairly easily be a serious danger.

I dunno man crazy world. I live the convenience life too but it's something to keep in mind

>>60265202
if you are worried about fire hazard, well, it's electronic shit, that can happen anytime.
that's why you back up and have insurance.

though there is yet to be a case of house fire from a computer and whatnot.
the world got like millions of computers running, even in shithole like Brazil with noname PSUs and this never happens.

trust me a human error is a lot more likely than your PC causing a fire (due to a bug or not).
my sisters made fried potatoes. but boy did they cook slow.
so they went back to watch tv.

the kitchen evaporated.
but insurance paid for it all.

I love how these threads always get derailed so quickly. It's always the same D&C shills posing as posters from /pol/ acting like retards to distract everyone else from the real problem while also drawing hatred from non-/pol/ posters. This is a very advanced shill tactic, kudos to the kikes.

>>60250834
Kek.

Only muslims and terrorists would risk from this. I'm neither of those so I don't give a fuck.

File: 1493496908202.jpg (23KB, 704x398px) Image search: [Google]

23KB, 704x398px

>>60250834
wew

File: .jpg (630KB, 1280x1024px) Image search: [Google]

630KB, 1280x1024px

>>60264805
>Everyone should take their word with a pinch of salt.
So in other words trust but verify.. and all of which can be verified.

>>60253271
I would call it more like a wolf

>>60266054
Islam is filled with terrorists though

>>60252503
The C2D era machines are the only ones that can have it disabled fully without merely stripping out parts of it's firmware, that's why the X200 can use Libreboot.

>>60250862
Go back to /pol/

>>60268124
fuck off back to plebbit you scumbag

>>60251364
Also a Java VM.

>>60255517
>>60255588
>thinking he can disable the ME from device manager

It can't even be fully disabled from BIOS. That thingy in device manager is just an interface which reports if ME/AMT is running.

>>60255517
If you think that closing your eyes makes threats or problems disappear, because that's what disabling HECI/MEI in device manager amounts to. It is just a software interface which allows the OS to receive feedback from the ME circuitry and its firmware (which includes AMT software).

>>60250680
What models are affected? Is this only newer chips?

>>60264805
>Russian
She' Polish, not Russian. Also, pathetic argument in general.

>>60261122
>https://www.amd.com/en-us/who-we-are/contact/locations
>the Israel location is tucked away at the very, very end
>"hopefully no-one notices"

File: 1436697901011-2.png (129KB, 354x504px) Image search: [Google]

129KB, 354x504px

>>60268711

>>60263343

>Joanna_Rutkowska

yes. and she's polish.

File: nehalem_westmere_family.jpg (424KB, 1200x2610px) Image search: [Google]

424KB, 1200x2610px

>>60263521

nice! thanks

>>60250714
>it only affects businesses
what does that mean though? does business have special i5s so mine that is for home should not worry lol?

File: puffy.png (197KB, 1280x833px) Image search: [Google]

197KB, 1280x833px

>>60264930
>Windows, Linux, OS X who cares, all has its attack surface

the sane thing to do would be to minimize that surface ;)

>>60268663

all chips from Nehalem to Kabylake, 9+ years) use Intel ME. read the thread for links to tools to check if your computer is affected.

File: Joanna-Rutkowska.jpg (18KB, 383x316px) Image search: [Google]

18KB, 383x316px

>>60269896

smart & cute

i think she's the lead (or one of the leads) for Qubes OS

This is why Terry should stick with AMD and away from Intel pajeets. I for one will build my first temple with ryzen. Enough drama with CIA niggers.

>>60270028
AMT, not ME you misinformation spreading nigger. The vuln is in AMT, and you are not affected if you never set up AMT.

>>60257629
I have an 8350 the last newest cpu to not have a back door

>>60270081

> and you are not affected if you never set up AMT

what a gullible dummy, kek

>>60270146
Neck yourself. The OP fucking link states that the vuln is in AMT. AMT is a program that runs on the ME.

>>60270081
AMT is just software which is running on the ME circuitry hardwired into Intel CPUs since Nehalem. AMT exposes certain remote control functionality to the corporate end user (similarly how the HECI/MEI interface device which appears in device manager exposes certain information from ME), but it's the ME circuitry which actually makes it possible for functionality exposed by AMT to even work. The ME circuitry has its own internal ROM (entirely separate from the SPI flash where the firmware implementing AMT, a web server, a Java VM, etc. sits) and nobody except Intel knows what it is capable of on its own.

>>60270179
>the ME hardware rootkit itself is not a problem, because the vulnerability that has become known is (((just))) in its AMT auxiliary software

>>60270388
Quote me where I said that the ME isn't a problem, you illiterate nigger. I said that the vuln under discussion does not impact you unless you've turned on AMT.

Unless you have evidence to the contrary, shut up or fuck off, ideally both.

>>60270413
>does not impact you unless you've turned on AMT.
>unless you've turned on AMT.
>you've turned on
>you've

what a dummy, top kek

>>60261617
so are the chinese

File: sleep forever.png (197KB, 666x472px) Image search: [Google]

197KB, 666x472px

At this point it is too late. Intel cucks will have to deal with their vulnerable backdoor for trusting the jews. Inb4 "AMD HAS A ISRAEL LOCATION TOO", AMD processors are designed in Texas, Intel processor are designed in their big plant in Israel run by big noses..

This is why i physically disconnect my LAN every night.

>>60270413

Did you read the article, mother fucker?

>>60250680

If this effected consumers, would it only be those who blindly installed every imaginable driver on their Mobo disk?

This is just an instance of 'fancy features' having major exploitable holes.

>>60250680
Can I join a class action lawsuit for this?

>>60270772

i thought the chinese developed Loongson as their national cpu (MIPS based)? do you have any info on their RISC-V effort?

>>60270846

all the jew hating aside, both intel's me and amd's psp are black boxes full of cancer, trusting either one is foolish.

>>60271081

read the ars and semiaccurate articles linked above to get a better understanding of who's affected

>>60271091

me2

manufacturers need to be held responsible for providing defective products

Whats the advantage of AMT over the usual methods of remote administration, be it over local corporate network or over the internet?

>>60257098

How many years will we have to wait for these to hit gayming levels of speed (for modern AAA). You can already use PI for light stuff like browsing, torrenting etc. Just that for my use case anything below current x86 for desktop isn't viable.

>>60254092
>'paying attention'
sure they are anon

>>60257435
Those were shills anon.

>>60252738
how do you know they wont immediately backdoor it?

>>60271369

you know how winblows has a defacto monopoly on gaymes. even linux, running on identical hardware doesn't have AAA gaymes. i don't think RISC-V systems will be targeted at gaymers. general purpose home PCs and laptops, that's another story.

>>60271517

who are "they"? the ISA is open. if the implementation is not open, then don't buy it.

>>60255803
That's where my electric bills come in. Fuck.

>IdeaPad - not affected
Well....putting up a nmap vulnerability scan just to make sure

>>60250834
Destroyed Intlel feminist is destroyed.

What of you disconnect your Ethernet cord

>>60270413
You CANNOT fully disable AMT, if you ever did any actual research on the matter you would know that. Instead it's you who's the dummy falling for Intel and/or Lenovo's bullshit.

https://thinkpad-forum.de/threads/189807-Intel-AMT-auf-T420-vollst%C3%A4ndig-deaktivieren

>>60251330
>on Macs you could boot into single user mode and change the login passwords on unencrypted drives

Uh on Linux you can boot a livecd, chroot in to the HDD filesystem, run passwd and grats you have access

>>60253951
This is a Reddit meme btw

>>60271806
W I - F I

>>60271885
So is being triggered. So why don't you go back to where you belong?

>>60271896
>wifi
>desktop

File: impeach god.jpg (827KB, 1536x2048px) Image search: [Google]

827KB, 1536x2048px

APOLOGIZE

https://stallman.org/intel.html

>>60271917
The chip has wireless signal so you're fucked whatever you do.

>>60271930

He's always right.

File: 1493762003450.jpg (76KB, 349x735px) Image search: [Google]

76KB, 349x735px

>>60271896
Ew

>>60271940

What if I build a faraday cage around the box?

File: 1493963716757.gif (249KB, 500x375px) Image search: [Google]

249KB, 500x375px

>>60271940
No fucking way?

>>60252792
No, the guy behind it has ties with intel community and recently got knighted for making the pi, raspberry pi is definitely backdoored.

>>60271930
HE WAS RIGHT ALL ALONG

>>60254343
It's worth telling the NSA to eat shit if it means the future profitability of your entire company.

Intel is well and truly completely fucked if the following occurs:

1. They put this exploit in on purpose
2. They put it in by incompetence/accident
3. Someone stole business secrets from a fortune 100 company using this exploit
4. That fortune 100 company has lost billions and is out for blood

Intentionally putting in backdoors for intel agencies is just about the stupidest fucking business decision you could ever possibly make as a hardware manufacturer. The MOMENT it's revealed you've done this, your company is well and truly fucked. Nobody wants a chip that lets a random chinese hacker steal all their trade secrets, they sure as hell don't give a fuck if the NSA or CIA were the ones who originally asked for the backdoor in the first place.

We've already seen from the shadowbroker and other leaks that the government can't keep a lid on their exploits. It is literally only a matter of time before we find out who and what have made backdoors for these morons.

lmaoing at ur pathetic nerd "arguments"
one word
VIDEO GAMES
amd btfo
linux btfo
/g/ btfo

>>60272056
There name is INTEL, Ironically

>>60261617
There's chip fabs and research coming up all over the place - Russia, India, and China.

Because none of them trust western hardware and/or they want to control their own botnets. We're probably going to see an explosion of new CPU architectures over the next decade as these guys try completely new non-86 designs.

>>60271930
>the ME is capable of accessing any memory region without the main x86 CPU knowing about the existence of these accesses. It also runs a TCP/IP server on your network interface and packets entering and leaving your machine on certain ports bypass any firewall running on your system.

WHAT THE FUCK

>>60250862
If you visit their site with adblock enabled you're only wasting their bandwidth without giving them any money.
I believe most people here are smart enough to use adblock so linking to this site is a good thing.

>>60272143
Did you read the OP article?
The authentication can be bypassed completely, means that anyone on your network has total control of your Intel PC.
Intel shill /v/irgins won't care though

Now you know why intel cpus have such high pricetags, they're actually two cpus in one package.

>>60271930
>because they have the "management engine" back door and no one can shut it off.

Short and straight to the point. He correctly and precisely identifies the ME circuitry as being the embedded rootkit and there real problem which has no business being there in the first place, instead of spreading some bullshit how supposedly "the ME is ok and there's nothing wrong with it, the problem is with AMT software that runs on top of it but you can turn it off and the problem is gone".

>>60272143
Later versions also can run Java applets via an embedded Java VM. That's right, Pajeet's Java spaghetti could technically be uploaded into SPI flash and be executed by the ME, well underneath and out of sight of the OS kernel or even the motherboard OEM firmware.

>>60271930
>https://stallman.org/intel.html

stallman is a prophet

>>60257241
>https://www.youtube.com/watch?v=rcwngbUrZNg

EVERYONE should watch this to have a realization what the situation with the ME really is. She openly admits that the way things are, her past five years' efforts on QubesOS were largely in vain, given that with something such as the ME on board, securing the system is basically doomed to be hopeless.

>>60272086

FYI

Intel = integrated electronics

Intel != intelligence

Do not let the thread die, someone make a pasta with some of the most important links and a new thread to continue this one.

File: intel_integrated_graphics_die_area.jpg (596KB, 2000x1125px) Image search: [Google]

596KB, 2000x1125px

>>60272189

three cpus, don't forget that half your die is wasted on an integrated gpu

So if it's that easy to get into the ME, what's stopping someone from going in themselves and securing it from inside?

>>60272346

watch this vid

>>60257773

ME is a fucking nightmare to reverse engineer

>>60250680
Ryzen Master Race

>>60272358

You don't need to reversengineer the whole thing, just get in and fuck things up until it doesn't function anymore.

>>60272346
You are missing the point entirely. The fact that remote control software running on an embedded backdoor chip can be exploited does not give you control over the backdoor itself.

>>60272378
That's what what the me_cleaner tries to kinda do, except it only erases most of the SPI flash firmware, but still doesn't touch ME itself.

>>60250878
Top kek

>>60250878

stupid sexy flanders

>>60250862

Why don't you fuck off back to The_Donald and KotakuInAction

Do Macbooks have this problem?

>>60272480

the OS doesn't fucking matter. macbooks are just overpriced intel boxes.

https://hackaday.com/2016/11/28/neutralizing-intels-management-engine/

Coreboot/libreboot is the answer. They found a way to neutralise Intel Management Engine.

File: emojinexttoaflame.jpg (13KB, 394x394px) Image search: [Google]

13KB, 394x394px

>this one analdevastated intlel shill

>>60272508

>With a BeagleBone, an SOIC-8 chip clip, and a few breakout wires

So basically hardware hack. Have fun breaking your mobo doing that.

>>60255635
t. < means regards in finnish, it's usually meant to imply you take one side or the other in a debate here are common examples.
>trump sucks
t.cuck
>apple is the best
t.iToddler

>>60272573
It's a good first step.

D-DELID DIS