Researchers Run Unsigned Code on Intel ME By Exploiting USB Ports

Slashdot user bongey writes: A pair of security researchers in Russia are claiming to have compromised the Intel Management Engine just using one of the computer's USB ports. The researchers gained access to a fully functional JTAG connection to Intel CSME via USB DCI. The claim is different from previous USB DCI JTAG examples from earlier this year. Full JTAG access to the ME would allow making permanent hidden changes to the machine.
"Getting into and hijacking the Management Engine means you can take full control of a box," reports the Register, "underneath and out of sight of whatever OS, hypervisor or antivirus is installed."

They add that "This powerful God-mode technology is barely documented," while The Next Web points out that USB ports are "a common attack vector."

Please explain

[Anonymous Coward]

A couple of days ago, a story ran discussing many massive vulnerabilities in the Linux kernel USB drivers. Users laughed it off, saying that if someone has physical access, the computer is already compromised. When USB is then used to exploit a vulnerable IME, it's considered a serious issue. Why is it that Linux gets a free pass when other systems do not?

Re:

[Anonymous Coward]

IT doesn't.

But Linux machines in a server farm are common. So all it takes is someone on the "inside", like someone who owns a machine next to yours in a shared cabinet to start compromising all the neighboring machines.

With a laptop or desktop, you only need to compromise one machine to access the network. Like I need to express this point bluntly. IF YOU CAN UNPLUG THE MACHINE, YOU HAVE ACCESS TO THE NETWORK. Change the MAC address on your device to match the one you unplugged and then go nuts via the eth

Re:Please explain

[Anonymous Coward]

even an AC on this site should be smart enough to know the difference. if you can't, perhaps you should go run along to reddit or some other site where the users and their submissions are down at your own comprehension level.

vulnerabilities in linux kernel drivers for usb are relatively easy-to-fix *SOFTWARE* issues.

the code is worked-on and reviewed by multiple, independent parties; and can also be examined and compiled by end users.

vulnerabilities in intel management engine are not. they are flaws in the *HARDWARE*

the feature is embedded in the silicon of every fucking processor they manufacture. a similar feature is also found inside the more recent amd processors as well. problems here would require swapping hardware (processors, processors and/or bios). these features and the firmware that controlls them are closed-source, proprietary, and not documented for the public. you have to give blind faith and trust to hardware vendors (intel, amd, bios producers, motherboard manufacturers, etc) to actually fix the vulnerabilities and/or allow the total and irreversible disabling of the features.

Re: Please explain

[Anonymous Coward]

The vulnerabilities in IME are software. The software is stored in the BIOS and can be upgraded.

Re:

[BLToday]

You know this is Intel right? They didn’t even bother fixing scaling issue on some of their integrated graphics (over scanning or under scanning). Their solution was to load custom resolution which doesn’t work on some effected system because the drivers didn’t allow you to load custom resolutions. And you can’t add a graphics board because the system is a micro PC. Do you really think Intel will go back and fix ME for systems that are more than 3 years old?

Re:

[rudy_wayne]

vulnerabilities in intel management engine are not. they are flaws in the *HARDWARE*

But you still need physical access to the machine.

And I think its mostly firmware, not hardware, so it's probably patchable.

Re:

[Khyber]

"vulnerabilities in linux kernel drivers for usb are relatively easy-to-fix *SOFTWARE* issues."

And yet one sits there, still fucking untouched, and has been since 2003.

Wake me up when Linus actually makes a WORKING fucking product and maintains the core components of it.

Re:

[Khyber]

Looked at latest release. Vulnerability still present.

Back to sleep I go.

Re:

[infolation]

There's no IME on my Intel computer.

I write this on a Thinkpad with Libreboot.

Re:

[ls671]

I am not sure what booting has to do with IME being present on your computer or not..

Re:

[infolation]

Libreboot is just the name of the project and does not mean it only replaces the UEFI (although it is downstream of Coreboot). The SPI flash chip containined the IME is reprogrammed (in my case I used a Beaglebone Black). When a Thinkpad is flashed with Libreboot, the IME is overwritten and completely neutralised.

There's only about 8 Thinkpad models, all pre-2009, that this can be applied to. The core2duo architecture is the last generation of machine that can have the IME entirely removed.

The only ne

Re:Please explain

[DontBeAMoran]

Why does everybody keeps saying that AMD made the PSP? It's made by SONY you morans!

Re:

[thegarbz]

you morans

It's spelled mor... oh for Pete's sake.

Re:

[DontBeAMoran]

http://i0.kym-cdn.com/photos/i... [kym-cdn.com]

Re:

[thegarbz]

Just what I needed, A good sunday night laugh :-)

Re:

[infolation]

Linux and other OSS are near and dear friends.

GNU/Linux and other FOSS are near and dear friends.

Linux and other OSS are only friends.

JTAG = direct serial connection?

[Narcocide]

If they can get a JTAG connection to it directly, does this mean we could also just fry the thing to neutralize it without harming the rest of the computer then?

Re:

[BoRegardless]

Epoxy the USB ports!

Re:

[whoever57]

Epoxy the USB ports!

Not going to help if it's already been compromised before you receive it. [rawstory.com]

epoxy is not the panacea

[Anonymous Coward]

Even if the USB ports are epoxied, one can open up the box and still access the USB bus quite easily.

Re: epoxy is not the panacea

[ʍιchαεl]

Well you could epoxy the headers on the motherboard too.

Epoxy is easily removed.

[Futurepower(R)]

Epoxy is easily removed using a Dremel tool.

Re:

[BoRegardless]

That is the problem, the hardware "fixes" are just impediments to bad guys.

Intel ME as a back door is even scarier. That is why a friend I know who does missle targeting programing does it in an isolation room with no external connections of any type and no electronic devices allowed to be brought in or you might have a very serious accident.

I don't think there is a perfect answer to security. Probably the only thing I can imagine is you carry your own OS/data in your external device and it just boots w

Will Intel ME run Windows ME?

[jfdavis668]

I here it runs a version of MINUX 3. Can we hack in and install the more nomenclaturely correct Windows ME?

God mode.

[Anonymous Coward]

So all this is really saying is physical access is god mode. You don't need an ME for that to be true.

Re:God mode.

[duke_cheetah2003]

So all this is really saying is physical access is god mode. You don't need an ME for that to be true.

Sadly, you're incorrect. This is a fairly viable remote attack vector. All you need to have is something to deliver the sploit to the host, infect any usb storage devices with your ME sploit and wait for some fool to boot one of those devices accidentally or intentionally. In the mean time, your malware continues to infect every USB device ever attached to the machine. You'll definitely hook a good number of targets, with that number always climbing as more machines get infected and infect more USB storage devices.

Re:God mode: Remote...for dummies.

[Anonymous Coward]

You're still forgetting the "remote" part. There's nothing remote about saying physical access means root. And if someone has physical access there's a whole bunch of ways that don't require an ME to execute.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[SuricouRaven]

Rewrite or replace the hardware. Many USB memory sticks have plenty of free space inside - you could easily stick a little CPLD chip in there to sit between the USB port and the flash memory. It'd even still work as a memory stick. You'd need one skilled hacker to design the CPLD, but once it's designed the actual construction is only a low-skill soldering job. Anyone who can buy a PCB and solder an SMD could do it, and you can buy custom-made PCBs on eBay. And CPLDs too.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[thegarbz]

infect any usb storage devices with your ME sploit and wait for some fool to boot one of those devices accidentally or intentionally

USB DCI doesn't work like that. This would need to enumerate as a specific DCI device to the USB Host. It isn't some virus that sits on a storage controller and short of bricking every device that becomes attached to the system it won't spread. Furthermore it will be immediately obvious that something has gone wrong.

Additionally DCI is highly system specific, and while it is possible that Intel's ME is configured identically in every system the odds of it are highly unlikely limiting any exploit, even if it

Intel ME is awesome

[Anonymous Coward]

What I hate about all these stories? We have security researchers who decry the evil of Intel ME. How it can be used to fully control a system. How it allows remote access. You know, those are GOOD things. The only bad parts are (1) it's closed source, (2) it has security vulnerabilities, and (3) the owner (whether it's a corporation or a single person) doesn't have control over it. What I want to see is not the Intel ME disabled. I want to see it turned into a bare bones OS precisely for the average user to remotely log in, flash a new BIOS (or recover from a brick), and to maximize control over things like power settings, usb access, etc.

There's nothing wrong with a God mode. They key is making sure the right person is God.

Re:Intel ME is awesome

[duke_cheetah2003]

What I hate about all these stories? We have security researchers who decry the evil of Intel ME. How it can be used to fully control a system. How it allows remote access. You know, those are GOOD things. The only bad parts are (1) it's closed source, (2) it has security vulnerabilities, and (3) the owner (whether it's a corporation or a single person) doesn't have control over it. What I want to see is not the Intel ME disabled. I want to see it turned into a bare bones OS precisely for the average user to remotely log in, flash a new BIOS (or recover from a brick), and to maximize control over things like power settings, usb access, etc.

There's nothing wrong with a God mode. They key is making sure the right person is God.

The problem here is as the TFA points out, the Intel ME stuff is really poorly documented and it's very complicated what tools and documents I've come across. Certainly way more than an end user could wrap their head around if a refurbisher like me is still trying to understand ME and how it works, when it works, etc.

The closed-source nature of it is a huge problem too, as obvious from this article. So yeah, sure, God-mode might be pretty cool, but it's a bit dangerous if others can exploit it just as easily as I can. This is a pretty viable attack vector too, since you know, a payload could deliver the ME sploit, infect any usb storage devices, and hope for the next fool who boots accidentally or intentionally from those devices. I imagine if an attacker took control of the ME subsystem, it'd be a real bitch to eject their crap, considering how poorly ME is documented and how arcane the tools are.

In my experience as a refurbisher, it's a very rare sight to see any laptop or desktop computer that even mentions ME, or has an option to turn it off in the BIOS. Most of the ME implementations are completely transparent to the host computer, never mentioned in the BIOS, no way to turn it off, no indication it's even there.

Re:

[Anonymous Coward]

The problem here is as the TFA points out, the Intel ME stuff is really poorly documented and it's very complicated what tools and documents I've come across. Certainly way more than an end user could wrap their head around if a refurbisher like me is still trying to understand ME and how it works, when it works, etc.

What you describe covers a lot of electronics that have been co-opted by hackers and turned into Linux running systems. I'm not saying it's a trivial task, and I don't think I'm personally up

Re:

[unrtst]

So yeah, sure, God-mode might be pretty cool, but it's a bit dangerous if others can exploit it just as easily as I can.

Compared to what? Exploiting the kernel? Exploiting the BIOS? We're talking about another level underneath that's fundamentally the same thing. Is getting rid of it any sort of answer? About as much as getting rid of the kernel or the BIOS. Obviously, the focus should be about documenting it and pushing for as many people as possible to replace it.

WTF? It is not fundamentally the same thing! The BIOS is there to initialize the hardware so that the OS can boot. The boot manager handles passing on that to the OS, where the kernel takes over as the running/managing process. That entire time, the ME is still there, and provides no value to that process. (I'm not saying it has zero value, but its value is not in that series of events, but outside it)

Is getting rid of it any sort of answer? About as much as getting rid of the kernel or the BIOS.

So "yes", definitely. Is that way you meant to say? We've been working to get rid of the traditional BIOS f

Re:

[unrtst]

The ME is technically unnecessary, so yes, let's just get rid of it!

USB is technically unnecessary. WiFi is technically unnecessary. GPUs are technically unnecessary. Again, baby out with the bathwater.

USB is the only one of those built into most motherboards, and it can be disabled. They can all be disabled. The power management in BIOS that you spoke of can be disabled. The IME can't be disabled.
These comparisons are not of equal parts.

If the IME were easily disabled (and veritably so), that would probably suffice for the majority of people complaining about it, and the majority of normal people still wouldn't even know what it is and would just leave it running.

Re:

[fahrbot-bot]

There's nothing wrong with a God mode. They key is making sure the right person is God.

Problem is that everyone thinks they're the one - or should be.

Re:Intel ME is awesome

[MrKaos]

There's nothing wrong with a God mode. They key is making sure the right person is God.

Yeah, I'm kinda thinking that if the management engine is on the machine and it is MINIX, I'd like to use it myself to, you know, manage the machine. I'm pretty sure I paid for it.

Re:

[daniel23]

That's easy, Intel and no one else.
However, during development a guy in a dark suit comes along, representing $TLA.
"Thou shalt not..." he says, so now there 2 Gods.

Said agency looks at the matter and insists on a kill switch for their own boxes - which is a wise move and everyone should have that. But then again, where is the fun in being God if everyone can lock you out?

So it is kept top secret how to access the ME and only $ThirdParty with the appropriate clearing learn about it. Amongst them $Contractor

Re:

[Anonymous Coward]

There's nothing wrong with a God mode.

There certainly is something wrong with a "God mode" management engine. Think about it--why do you need a second processor running MINIX and controling the main CPU? It's only because the present-day operating systems running on the main CPU are too handicapped to do the things you want. In principle, if things were designed elegantly, you could just have a single processor with a single operating system that actually did everything.

Re:Intel ME is awesome

[Gravis Zero]

We have security researchers who decry the evil of Intel ME.

The part they decry more than anything else is that it cannot be disabled. Seriously, this is the biggest issue about IME is that it is designed to always run no matter what and if it's not running, the rest of the system is prevented from running.

You may think it's cool but doing so is as stupid as thinking, "that's an awesome gun" when someone has one pointed at your head.

Re:

[Anonymous Coward]

The part they decry more than anything else is that it cannot be disabled. Seriously, this is the biggest issue about IME is that it is designed to always run no matter what and if it's not running, the rest of the system is prevented from running.

No, people decry the level of authority (the God mode) that is granted to Intel along with the difficulty or inability to disable it. Although to that end, it's absurd precisely because Intel is the creator of the CPU and hence already has a lot of supreme power

Re:

[rastos1]

No, people decry the level of authority (the God mode) that is granted to Intel along with the difficulty or inability to disable it. Although to that end, it's absurd precisely because Intel is the creator of the CPU and hence already has a lot of supreme power over the system.

Yes, Intel has supreme power over the system. And we trusted Intel to not abuse that power. Those that did not trust it were ridiculed for the tinfoil hat. And now we have found (*) out that they did abuse the power. Or prepared the

Re:

[Zumbs]

Indeed. The default should be disabled, so that it is possible for experts, e.g. the IT department, to enable the specific parts of it that they want to use.

Re:

[AmiMoJo]

The problem is that they use it to boot the system, so you need it for at least the boot part before it can be disabled. There is that secret NSA disable bit, but you can't rely on it because at the very least the boot code has the execute first and that could be compromised.

To overcome this either Intel would have to create a new boot system and somehow disable any capability to change/update it (unlikely), or it will have to be replaced by an open source system that we can at least audit. Well, I guess th

Re:

[thegarbz]

You may think it's cool but doing so is as stupid as thinking, "that's an awesome gun" when someone has one pointed at your head.

I would think the same thing if I knew there were no bullets. Intel's ME runs all the time because it has system reasons for doing so. The thing that freaks out most people (remote administration) is controlled by the user. This can easily be verified by a network that doesn't respond to anything when it is disabled.

At that point you are limited to physical attacks that require someone to already own your machine.

"That's a pretty neat and loaded gun that you're about to shoot me with" I said as I lay bleedi

Re:

[Gravis Zero]

Intel's ME runs all the time because it has system reasons for doing so.

It only has reason to run during the initial boot sequence. This has been verified and yet IME still runs even if you disable ATM.

The thing that freaks out most people (remote administration) is controlled by the user. This can easily be verified by a network that doesn't respond to anything when it is disabled.

IME monitors packets and only acts when it gets the proper packet sequence. The stars will burn out long before you're done enumerating every packet value.

At that point you are limited to physical attacks that require someone to already own your machine.

Permanently disconnecting your computers from all networks and external devices is the only real option here. A compromised installer, updater or USB device could easily result in a permanently owned box. At that point the

Re:

[thegarbz]

IME monitors packets and only acts when it gets the proper packet sequence.

IME enumerates a separate interface for networking. When you disable the network interface IME is no longer listening.

Unless you can show me a detailed description of where it says otherwise.

Re:

[thejynxed]

They've found at least in the case of laptops that have cellular enabled wireless, disabling your network interface does nothing because the IME has direct access and control over the wireless radio. Neither does yanking the power cord or removing the battery, because the newer ones have started coming with their own power supplies, sort of like the old CMOS batteries, only you can't access or remove those, either.

Re:

[thegarbz]

They've found at least in the case of laptops that have cellular enabled wireless, disabling your network interface does nothing because the IME has direct access and control over the wireless radio.

And yet IME does not actually listen or respond to cellular interfaces. It does have control but that's about it. If you did have a point it was diminished by the fact that you believe a tiny battery will power fully functioning network interfaces / cellular modems.

Re:

[havana9]

What should be done for safety is to add a couple of pin on the chip, one that enables the BIOS flash an the one that enables the ME engine or not. So a couple of jumpers on the motherboard could make the buyer to control the behaviour. IF this is difficult because is a laptop or an embedded ssytem they could be changed with soldered blobs or even using a keyboard controller that remember the configuration set with a particular key combo on power on in an eeprom. Problem solved.

Re:

[Gravis Zero]

Intel won't even allow people to disable IME, let alone give them the option of how to do it. They could solve this problem a bunch different ways with ease but the point is that Intel does not want to allow you to disable IME.

Re:

[phantomfive]

The problem is you can't get rid of it by reformatting your hard drive. This isn't a root account, and it's not ring 0. Unless you know how to make it secure, it shouldn't exist, and Intel doesn't know how to make it secure.

Re:

[phantomfive]

But, yea, keep on beating the dead horse. Or, you know, recommend that IME be updated (with something better, perhaps?) like every security ridden nightmare that is the modern PC. Push for Intel to document it a lot better?

Intel should use formal verification. They already do it for a lot of their hardware. Also, they should at least have code review, because current evidence shows that really really dumb stuff is getting through (for example, empty password always accepted).

Re:

[phantomfive]

You do realize that formal verification on software is somewhere between a lot harder to impossible, right?

There have been a lot of tools created in the last decade that make formal verification easier.
At a minimum, Intel needs to use basic security practices like code review, which in many cases they are not.

Re:

[sjames]

It's a dangerous as hell way to "solve" an already solved problem. The servers I work with have IPMI and a BMC on them rather than the ME. The BMC can emulate a USB DVD drive so I can do a fresh OS install. It also connects to an internal serial port so I can do serial console over LAN. It can simulate a press on the power and reset buttons. The newer ones can also act as a KVM for dealing with OSes that insist on GUI interaction. Using that, I can fully manage a server I have never actually seen that lives

dahlink

[PopeRatzo]

A pair of security researchers in Russia

I've found a photo of this pair of "security researchers" in Russia:

https://pre00.deviantart.net/f... [deviantart.net]

 

Beyond scary

[markdavis]

This Management Engine stuff just gets scarier and scarier. Just like intentional backdoors in encryption WILL be found and exploited, these undocumented "systems" within our systems will be cracked and the result can and will be DEVASTATING. It is hard enough to keep operating systems updated and secure. Firmware-level security is not something that can be easily maintained on running machines, even if Intel and friends can put out patches fast enough. I want my machine to be MINE.

These "infected" machines are making their way into our entire infrastructure- controlling everything from power generation, traffic, government operations, military, healthcare, just about everything. Imagine black-hatters, rogue nations, criminals, or terrorists simply bypassing all normal security and just taking control of the hardware and doing whatever they want.

WE ALL NEED THE ABILITY TO ABSOLUTELY DISABLE ME AT THE BIOS AND/OR HARDWARE LEVEL. And we need it NOW!

Oh, and AMD is doing the same thing as Intel, so don't look to them as some alternative.

Re:

[110010001000]

No computer running a general purpose OS is secure. None. Security is the antithesis of general purpose computers.

Re:

[markdavis]

>"No computer running a general purpose OS is secure. None. Security is the antithesis of general purpose computers."

With that type of broad statement, you are correct- NOTHING is really "secure". Security is always matter of degrees. There is no safe that can't be broken into, eventually, with enough effort and resources. And once that method is found, it could quickly enable other safes to be broken. We shouldn't allow some company to have control over our safes and install a bunch of secret "locks

Re:

[Bert64]

With physical access there are many ways...
Open the case, extract the disk, load some malware onto it, put it back in?

Re:

[omnichad]

Scan for RF interference from the keyboard [slashdot.org] to get the password.

Re:

[Gravis Zero]

This Management Engine stuff just gets scarier and scarier. Just like intentional backdoors in encryption WILL be found and exploited, these undocumented "systems" within our systems will be cracked and the result can and will be DEVASTATING.

You are now finally on the same page that computer scientists have been on for over a decade. It's been repeated many times that it's not a question of "if" it will be compromised but rather "when".

The fact that you are only just started freaking out clearly exemplifies the problem: the general public doesn't care about security until it's too late and they won't listen to experts.

Re:

[markdavis]

>"The fact that you are only just started freaking out clearly exemplifies the problem: the general public doesn't care about security until it's too late and they won't listen to experts."

I have been freaking out about it ever since it was introduced, and really believed that it would have been stopped or undone by now. I am not the "general public" but I agree with what you are saying. Now that there are millions of such chips out there, we have lots of ticking time bombs just waiting for the right e

A very important front for software freedom

[jbn-o]

WE ALL NEED THE ABILITY TO ABSOLUTELY DISABLE ME AT THE BIOS AND/OR HARDWARE LEVEL. And we need it NOW!

What you're describing is software freedom. And you deserve software freedom for all of the computers you own. You should be allowed to run, inspect, share, and modify the BIOS, "Management Engine" (or workalike), and all of the other software on the computer including any encryption keys used. Fortunately for all of us people are working on different architectures and on freeing common architectures [slashdot.org], so I hope you'll help them.

Re:

[thejynxed]

Except the software is the smallest part of the ME.The ME comprises a series of CPUs (some ARM-based), low-level hardware access, and in some cases found so far, it's own power supplies and cellular data connection.

The software side of it is only a small start to things that need remedied in this situation, especially a situation in which we find a system-within-a-system such as this that can entirely override the command functions of the UEFI/BIOS firmware, the OS, and last but not least, the end-users/sys

Re: Beyond perspective.

[Anonymous Coward]

You mean someone had physical access to the computer you now own. Like the guy at the shop who sold it to you.

Re:

[markdavis]

>"Funny how you find that scary, and not the fact that someone has physical access to your computers."

Today it is a compromise with physical means. Tomorrow it could be remote.... remember, the ME has access to the network and the host OS, so attack vectors could come from various places.

Re:

[markdavis]

>"You have no choice but to adopt whatever they sell, or go back to the stone age and use pen and paper or some old CPU."

There are some other options:

1) Pressure the two companies to stop it
2) Try to pass a law to make them stop it
3) Use white-hatters to break into it and release ways to stop it.

Re:

[WaffleMonster]

No can do. Only two companies sell the CPU, Intel and AMD that runs your windows, linux, osx apps. Don't like their terms? Don't buy their products.

No big deal. The way things are going we're all going to be running ARM on desktop before too long anyway. Intel and AMD should do everyone a favor and go back to sleep.

You have no choice but to adopt whatever they sell, or go back to the stone age and use pen and paper or some old CPU.

The customer has all the power in the world.

Could make DRM core accessible

[Gravis Zero]

This could potentially give people full access to the Intel Insider [wikipedia.org] core which is what all the 4K DRM relies on.

I hope after IME is fully pwn3d that people will start taking a crack at AMD's PSP because I would like to have a fully open system but I refuse to financially support Intel due to their highly unethical and anti-competitive behavior.

Looks like we're all about to be bitcion miners

[doug141]

... for a botnet.

Questions

[NicknameUnavailable]

• How practical is it to execute code on ME?
• How powerful is the ME processor compared to the real one? 100% the power? 10%? etc?
• Is it possible to take advantage of this to not only stop the ME from spying, but to increase performance?

Re:

[Gravis Zero]

How practical is it to execute code on ME?

For general applications, it's absolutely worthless. It doesn't even use the x86 architecture.

Is it possible to take advantage of this to not only stop the ME from spying, but to increase performance?

Realistically, no.

This isn't a bug

[Anonymous Coward]

This is not an exploitable bug, it is an NSA feature.

I'm safe!

[DontBeAMoran]

I knew there was a good reason to keep this VIA C3 Mini-ITX motherboard around!

Abort! Abort!

[mentil]

Nerd: *tapa tapa tapa* Oh my god! The Intel Managament Engine... it's gone rogue! It's out of control!
Man With Shades And Many Chevrons: Shut it down!
Nerd: *tapa tapa tapa* I'm trying! But it's not responding to the shutdown code!
Man With Shades And Many Chevrons: Just pull the plug or something!
Nerd: It already has control over our systems! We'll need to do a manual override!
Man With Shades And Many Chevrons: Dammit! Where's Bruce Willis when you need him?!

Thank God Minix 3 is under a BSD-style License

[rodia]

It helps to protect Intel's valuable intellectual property called ME from people like us. Don't listen to this barefoot Hippie Stallman from the FSF, he just wants the unwashed masses to have actual control over the machines they payed for.

Something useful?

[aglider]

I have no idea how powerful that engine is.

I hope someone will come out with some neat idea to usefully exploit that ME in favour of the users.
Maybe some femto-kernel or the likes...

Re:

[Anonymous Coward]

I have no idea how powerful that engine is.

In raw number crunching "power"? Not very powerful.

In complete access to your system "power"? Quite powerful.

Re: MODERATION IS CENSORSHIP

[140Mandak262Jamuna]

You here the right to speak. We have the right to ignore you. It is our freedom of speech to call you a crack pot.

Re:

[Narcocide]

When you post off topic drivel in an attempt to derail a conversation you're suppressing the free speech of others. Get fucked.

Re:

[Narcocide]

Provably false. You're not very smart, are you?

Re:

[omnichad]

viewing threshold above that level.

Right...because they don't want to see it. Why is that not fine?

Re:

[OrangeTide]

That is censoring a post, plain and simple.

No, that's not plain nor simple. Each viewer has the choice to view messages at the threshold they desire. Everyone posting here agrees to the system was have here. If you do not agree, you are free to operate your own forum somewhere else.

PS - starting off-topic discussion will get you modded down. That means most people won't see your post, I will still see it because I frequently have mod points and spend them cleaning house.

Re:

[Dog-Cow]

You deserve to have a rusty spike shoved through your eyeball.

Re:

[thegarbz]

but consider this civil disobedience against a system that suppresses dissenting opinions.

Trust us, the irony of your disobedience along with the resulting moderation they receive is not lost on us.

Re:

[BronsCon]

invisible to other users with a viewing threshold above that level

Well, it sounds like those users who don't see it have decided they wanted to exercise their

right to ignore you.

You still had (and exercised) your

right to speak

and people who wish to hear you can still hear you. How do I know this to be true? I moderate (with a heavy slant toward positive moderation or none at all -- I rarely use all of my mod points), I browse at -1, and I see all of your moronic comments. You are not being censored, but you are being sorted and categorized so that people who wish to ignore your messages, which you seem to

Re:

[Anonymous Coward]

Oh, please cite of stfu

Here is a well researched article describing the lack of any Federal support for freedom of speech on private property through SCOTUS rulings over the past 70 years. Only one case found for free speech, because the California constitution allowed for it and it was seen to supersede the US Constitution. Laws like that only apply in 6 states. [slate.com]

You really should learn how to back up your spew

Re:

[uncqual]

Which Supreme Court? Are you thinking of the Pruneyard Shopping Center v. Robins (1980) case? This was initially decided by the California Supreme Court based on the California Constitution. The Supreme Court of the United States upheld the California Supreme Court decision by ruling that State Constitutions are not in violation of the United States Constitution if they grant broader rights within the state than the United States Constitution does - they didn't find that the United States Constitution prote

Re: MODERATION IS CENSORSHIP

[140Mandak262Jamuna]

Probably a bot. Watching new topics and post first.

Re:

[Anonymous Coward]

Yes, it's important to censor dumbasses.

Re:

[MrL0G1C]

Posting as AC is self-censorship.

Re:

[thegarbz]

Undoubtedly, your first reaction is to censor this position to -1.

Yep, the title alone qualifies for an "offtopic" mod. Goodbye. It was nice not reading your irrelevant opinion.

Re:

[Anonymous Coward]

It's a non-story until someone writes a destructive virus or ransomeware that uses ME, but then it's too late. The journalists' laptops will not longer work. So I guess it's always a non-story.

Re:

[Anonymous Coward]

Since the ME has access to all peripherals, the network, and the RAM, it doesn't matter how many VMs you run in a live DVD of whatever. The ME has full access, and whoever has control over the ME has full access.

Designing hidden access is bad for Intel.

[Futurepower(R)]

Maybe they should make a movie, "Why Intel went bankrupt."

How can you deliver Intel (and AMD) computers to customers knowing that there is secret control by unknown agencies? Do you tell the customers? If you don't tell the customers, can you be taken to court and sued for damages?

Does anyone think that secret government agencies are well-managed? No one at a secret agency would ever steal?

Could the problem be solved by isolating Intel computers from the Internet, providing internet access from oth

Re:

[infolation]

Ironically, Google might be the answer to this.

Google's engineer's work to remove unwanted firmware [slashdot.org] from Intel's chips is only one of their directions in this area.

Hopefully Google's interest in the fully open IBM Power architecture [theregister.co.uk] will move OpenPower out of the niche market. Google's specifically said that concerns about Intel ME and other related tech is part of their interest in the Power platform.

Re:

[Agripa]

How can you deliver Intel (and AMD) computers to customers knowing that there is secret control by unknown agencies?

Maybe the NSA was the customer and paid for it like they paid RSA.

If you don't tell the customers, can you be taken to court and sued for damages?

Do you mean like all of those people who took the telecommunication companies to court when it was revealed that they were cooperating with the US Government to conduct warrantless surveillance?

https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:

[Z80a]

I think it is news, but due the other way around.
As you can access the thing via USB, now you can in theory create an USB device that knocks the unneeded ME modules off