Using Intel CPU and Motherboard ? Your Bitcoins may be in actual danger.

[rikfredsy]

So Intel = Skynet?

Intel = NSANet

Waaaw this is really interest information i heard 2015 . i didn't think that technology is so so developped like this
Intel core 2 duo E6750 is this safe for old CPU like mine ? or almost intel CPU > 2005 NOT safe ?

Intel CPUs/MBs older than 2011 are probably completely safe.

However, the worst part is - we cannot actually be sure. Intel has hard-wired code in all motherboards supporting their CPUs and nobody knows what the code is or what it does. It is completely encypted and has strong DRM.

This is not the work of an honest company. This is an obviously evil plot.

Thanks
Great informations where did you get them please i love this kind off informations

[onemorebtc]

fud

no its not fud.
i doubt intel or nsa would use it to get your coins, but i dont see any reason why an attacker couldnt use it (we are talking about money secured by home pc's)

its not easy for an attacker to get access (as its encrypted). but once the keys leaked (and i am sure they will) its only a matter of time

http://www.intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html?_ga=1.228067549.152289045.1416188825

intel claims to even have access if the pc is powerd down

[bluefirecorp]

fud

no its not fud.
i doubt intel or nsa would use it to get your coins, but i dont see any reason why an attacker couldnt use it (we are talking about money secured by home pc's)

its not easy for an attacker to get access (as its encrypted). but once the keys leaked (and i am sure they will) its only a matter of time

http://www.intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html?_ga=1.228067549.152289045.1416188825

intel claims to even have access if the pc is powerd down

AMT isn't new (been around for a couple of years). It's a feature for management. Not that complicated. Of course you should have freaking access. Ever heard of Wake on LAN? Seriously. It's like you guys have never even looked at enterprise management for systems.

Hell, even SCCM has AMT shit built into it.

Edit: This doesn't even include the loads of fucking networking that needs to be done. Good fucking luck with that NSA in a decent corporate network, there's no way random outbound connections are going to be allowed.

Edit2: This is the exact definition of FUD fyi. Literally spreading fear, uncertainty and doubt about fucking computer processors.

[Balthazar]

I feel much safer buyer CPUs from Russia so Putin can steal my BTC:

http://www.futurelooks.com/russian-government-says-america-fine-well-make-cpu-arm-linux/

Russia already has SPARC64 and VLIW based CPUs, used for military purposes.

http://mcst.ru/r_1000
http://mcst.ru/elbrus_2c_plus

http://elbrus.ru/files/535269/0e0cd8/50586f/000000/2014-04-19_161043.png
http://elbrus.ru/files/535269/9f0cd8/50606f/000000/2014-04-19_161108.png

So it seems that there is no sense to use ARM.

[onemorebtc]

AMT isn't new (been around for a couple of years). It's a feature for management. Not that complicated. Of course you should have freaking access. Ever heard of Wake on LAN? Seriously. It's like you guys have never even looked at enterprise management for systems.

Hell, even SCCM has AMT shit built into it.

Edit: This doesn't even include the loads of fucking networking that needs to be done. Good fucking luck with that NSA in a decent corporate network, there's no way random outbound connections are going to be allowed.

Edit2: This is the exact definition of FUD fyi. Literally spreading fear, uncertainty and doubt about fucking computer processors.

lol?
fud would be if i had said that intel will use it for itself to steal our coins.

i know that it is for management. but everything can be used by good and bad guys you know? and its just another place to hide code - not used today but maybe in the future.

[Lauda]

AMT isn't new (been around for a couple of years). It's a feature for management. Not that complicated. Of course you should have freaking access. Ever heard of Wake on LAN? Seriously. It's like you guys have never even looked at enterprise management for systems.

Hell, even SCCM has AMT shit built into it.

Edit: This doesn't even include the loads of fucking networking that needs to be done. Good fucking luck with that NSA in a decent corporate network, there's no way random outbound connections are going to be allowed.

Edit2: This is the exact definition of FUD fyi. Literally spreading fear, uncertainty and doubt about fucking computer processors.

lol?
fud would be if i had said that intel will use it for itself to steal our coins.

i know that it is for management. but everything can be used by good and bad guys you know? and its just another place to hide code - not used today but maybe in the future.

You obviously didn't understand that part.
He's actually right about that.

[ShadowOfHarbringer]

fud

no its not fud.
i doubt intel or nsa would use it to get your coins, but i dont see any reason why an attacker couldnt use it (we are talking about money secured by home pc's)

its not easy for an attacker to get access (as its encrypted). but once the keys leaked (and i am sure they will) its only a matter of time

http://www.intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html?_ga=1.228067549.152289045.1416188825

intel claims to even have access if the pc is powerd down

AMT isn't new (been around for a couple of years). It's a feature for management. Not that complicated. Of course you should have freaking access. Ever heard of Wake on LAN? Seriously. It's like you guys have never even looked at enterprise management for systems.

You have no idea what you are talking about.

Nobody should have access to my machine without me knowing AND without me having the ability to disable it. AND i should always know exactly what my machine is doing, creating another PC within my PC that is separate and not under my control is simply UNACCEPTABLE from security standpoint.

This is just Intel creating a trojan in all machines which either will be or already is being used by somebody to hack you. End of story.

[VectorChief]

The push towards fully open hardware platforms is the only way to combat this situation. As soon as lowRISC board becomes available I'll definitely be getting one. The whole compute ecosystem needs to become open and transparent starting with the instruction set.

[bluefirecorp]

AMT isn't new (been around for a couple of years). It's a feature for management. Not that complicated. Of course you should have freaking access. Ever heard of Wake on LAN? Seriously. It's like you guys have never even looked at enterprise management for systems.

Hell, even SCCM has AMT shit built into it.

Edit: This doesn't even include the loads of fucking networking that needs to be done. Good fucking luck with that NSA in a decent corporate network, there's no way random outbound connections are going to be allowed.

Edit2: This is the exact definition of FUD fyi. Literally spreading fear, uncertainty and doubt about fucking computer processors.

lol?
fud would be if i had said that intel will use it for itself to steal our coins.

i know that it is for management. but everything can be used by good and bad guys you know? and its just another place to hide code - not used today but maybe in the future.

No. If someone has that level access already, you've already been pwn'd. Next we're going to be talking about how nvidia is going to be stealing bitcoins because you could flash the firmware with a rootkit.

fud

no its not fud.
i doubt intel or nsa would use it to get your coins, but i dont see any reason why an attacker couldnt use it (we are talking about money secured by home pc's)

its not easy for an attacker to get access (as its encrypted). but once the keys leaked (and i am sure they will) its only a matter of time

http://www.intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html?_ga=1.228067549.152289045.1416188825

intel claims to even have access if the pc is powerd down

AMT isn't new (been around for a couple of years). It's a feature for management. Not that complicated. Of course you should have freaking access. Ever heard of Wake on LAN? Seriously. It's like you guys have never even looked at enterprise management for systems.

You have no idea what you are talking about.

Nobody should have access to my machine without me knowing AND without me having the ability to disable it. AND i should always know exactly what my machine is doing, creating another PC within my PC that is separate and not under my control is simply UNACCEPTABLE from security standpoint.

This is just Intel creating a trojan in all machines which either will be or already is being used by somebody to hack you. End of story.

Shut the fuck up. Seriously. Obviously, YOU have no idea of what you're talking about. To get 0-level access, you already NEED that level access from the start. Chips don't ship enabled. You can turn off the feature in most modern day BIOSes. Jesus fuck. This shit isn't new, it's not something that's actively being exploited in the wild. If it were, then it'd be a simple fucking fix of disabling it in BIOS (well, actually UEFI now because your BIOS is technically vulnerable to the same fucking shit).

Telling someone who's literally professional in this shit that they know nothing about it... Seriously, get fucked.

[ShadowOfHarbringer]

fud

no its not fud.
i doubt intel or nsa would use it to get your coins, but i dont see any reason why an attacker couldnt use it (we are talking about money secured by home pc's)

its not easy for an attacker to get access (as its encrypted). but once the keys leaked (and i am sure they will) its only a matter of time

http://www.intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html?_ga=1.228067549.152289045.1416188825

intel claims to even have access if the pc is powerd down

AMT isn't new (been around for a couple of years). It's a feature for management. Not that complicated. Of course you should have freaking access. Ever heard of Wake on LAN? Seriously. It's like you guys have never even looked at enterprise management for systems.

You have no idea what you are talking about.

Nobody should have access to my machine without me knowing AND without me having the ability to disable it. AND i should always know exactly what my machine is doing, creating another PC within my PC that is separate and not under my control is simply UNACCEPTABLE from security standpoint.

This is just Intel creating a trojan in all machines which either will be or already is being used by somebody to hack you. End of story.

Shut the fuck up. Seriously. Obviously, YOU have no idea of what you're talking about. To get 0-level access, you already NEED that level access from the start. Chips don't ship enabled. You can turn off the feature in most modern day BIOSes.

You must be an Intel fanboy, because you are fucking useless. Try reading sources before commenting, because you sound as truly and completely half-wit person.

- It has been already proven by a security researcher that the feature is NOT completely disabled after switching it off in BIOS
- There is currently no way to completely disable the feature in a way which can be verified
- There is currently NO way to reverse engineer what exactly is the AMT even doing, because it's all encrypted to the fucking root

Please fix yourself and be smarter, because i really fucking hate talking to stupid people.

[Lauda]

You must be an Intel fanboy, because you are fucking useless. Try reading sources before commenting, because you sound as truly and completely half-wit person.

- It has been already proven by a security researcher that the feature is NOT completely disabled after switching it off in BIOS
- There is currently no way to completely disable the feature in a way which can be verified
- There is currently NO way to reverse engineer what exactly is the AMT even doing, because it's all encrypted to the fucking root

Please fix yourself and be smarter, because i really fucking hate talking to stupid people.

Who is this so called 'security researcher' and why should I trust him? Whos to say that he's not an AMD fanboy?
Please provide links from multiple sources.

[bluefirecorp]

You must be an Intel fanboy, because you are fucking useless. Try reading sources before commenting, because you sound as truly and completely half-wit person.

- It has been already proven by a security researcher that the feature is NOT completely disabled after switching it off in BIOS
- There is currently no way to completely disable the feature in a way which can be verified
- There is currently NO way to reverse engineer what exactly is the AMT even doing, because it's all encrypted to the fucking root

Please fix yourself and be smarter, because i really fucking hate talking to stupid people.

Who is this so called 'security researcher' and why should I trust him? Whos to say that he's not an AMD fanboy?
Please provide links from multiple sources.

I'm not a fanboy of any CPU at this point in my life. It's all the same to me anymore, just another layer of abstraction.

The articles state it's all theoretical and we don't know what's happening. Assuming the worst and telling everyone to start building their own chips is absolutely insane. Hell, you trust random third parties as your CAs for PKI. You trust others for transmitting data over the internet.

If someone wanted data, I think compromising a root CA / watching network traffic would be a fuckton easier than somehow installing a rootkit on a CPU that transmits data pass your firewalls magically. How would anyone even be able to trigger an attack in the first place? Scheduled in the rootkit to turn on a certain date. Fuck, do you know how many times I've had to replace a CMOS battery in my lifetime. Shit isn't magic. It's tech.

Pretty much, this is tin-foil hat-ness of people spreading FUD. We should watch it, but we shouldn't jump up and down saying it's unsafe and to migrate away from it. Technically, even the article points it out itself:

Traditional CPU backdooring

Of course they could, no question about it. But one can say that Intel (as well as AMD) might have been having backdoors in their processors for a long time, not necessarily in anything related to SGX, TPM, TXT, AMT, etc. Intel could have built backdoors into simple MOV or ADD instructions, in such a way that they would automatically disable ring/page protections whenever executed with some magic arguments. I wrote more about this many years ago.

The problem with those “traditional” backdoors is that Intel (or a certain agency) could be caught using it, and this might have catastrophic consequences for Intel. Just imagine somebody discovered (during a forensic analysis of an incident) that doing:

MOV eax, $deadbeef
MOV ebx, $babecafe
ADD eax, ebx

...causes ring elevation for the next 1000 cycles. All the processors affected would suddenly became equivalents of the old 8086 and would have to be replaced. Quite a marketing nightmare I think, no?

Edit: If you want me to, I can go completely tin-foil mode and tell you of every theoretical vulnerability there is and how pretty much almost any entity (everyone from a terrorist organization to a government entity to even freaking me) could be watching your every move.

Edit2: Wow, I just read part of that reddit thread. /u/ShadowOfHarbringer got absolutely fucking destroyed by those that actually know security.

[sethminer14]

Yeah im pretty sure people don't care enough to do anything about it.

[bluefirecorp]

Yeah im pretty sure people don't care enough to do anything about it.

Because it's freaking pointless. Right now, someone could bust in your door, point a gun to your head, and steal all your bitcoin / your data / everything about you. You don't see people baring up their doors, windows, etc... everywhere because it's not really happening.

No one's really freaking out about it because it's not going to happen.

Edit: Actually, in this situation, Intel DID bar up the windows as best as they could. They even tried to toss away the key. People don't believe intel tossed away the key. But they DO recommend you change the locks on the windows and doors.

OP is freaking about his house getting hit by a nuke. A fucking nuke directly on his house.

[sickhouse]

The world is fubar, I can guarantee that every skype call is recorded on servers, if you bother to read through the useless stuff on the term of use you see that you give the company right to upload all your data basically. This goes for google, facebook, apple etc... The internet is under huge control by the people who leads it (aka the big companies who owns everything, the things they dont own they buy by giving the owner an offer he cant refuse).

[ShadowOfHarbringer]

You must be an Intel fanboy, because you are fucking useless. Try reading sources before commenting, because you sound as truly and completely half-wit person.

- It has been already proven by a security researcher that the feature is NOT completely disabled after switching it off in BIOS
- There is currently no way to completely disable the feature in a way which can be verified
- There is currently NO way to reverse engineer what exactly is the AMT even doing, because it's all encrypted to the fucking root

Please fix yourself and be smarter, because i really fucking hate talking to stupid people.

Who is this so called 'security researcher' and why should I trust him? Whos to say that he's not an AMD fanboy?
Please provide links from multiple sources.

This one:
http://theinvisiblethings.blogspot.com/2013/08/thoughts-on-intels-upcoming-software.html

Another (trying to hack it):
[PDF] https://ruxconbreakpoint.com/assets/2014/slides/bpx-Breakpoint%202014%20Skochinsky.pdf

It is currently widely known - so it is not a secret known only to tinfoil-hats.
However, nobody cares (or too many people have Intel onboard, so they don't want to believe).

[bluefirecorp]

However, nobody cares (or too many people have Intel onboard, so they don't want to believe).

I keep trying to explain this to you. There could be a possibility of a vulnerability there. There might not be. Fretting over what 'theoretically could be hacked' is just being paranoid.

More analogies because my other ones seem to slip over your head...

You buy a car. It doesn't have locks on it. You don't really need to worry about locks because you park in a decent parking garage with security. You start freaking out because the car manufacture might have a key to start your car and drive away with your stuff in the car (man, that camera in my backseat is expensive!).

However, you don't account for the fact that it is in a parking garage with a security team and the fact that it doesn't even have freaking locks to it! Anyone with access to the parking garage can get into it, hotwire it, and drive away. Yet you're just freaking out about your car manufacture stealing YOUR car with everything in it.

In this analogy: The parking garage is your internal network. Hotwiring is actually exploiting a vulnerability at the OS layer (which is where your actual data is anyway), and driving away is getting out the network undetected.

- It has been already proven by a security researcher that the feature is NOT completely disabled after switching it off in BIOS

Eh, I much rather have a system where I can remotely enable on thousands of machines on my network rather than having to run around to every single machine on the network. Actually, in the next 4-8 weeks, I'm going to have to work with a team to reimage ~4k devices for rebuilding a network. I'm honestly hoping some of them have AMT or some other protocol for remote management so we can save a bit of time.

[MarketNeutral]

Faced with compromised hardware and Ken Thompson hacks and panopticon-style electronic spying, can anyone offer any suggestions on how to at least somewhat mitigate these threats? Besides boycotting the bad actors, what particular companies or products or organizations should one support? I know RMS uses a mips lenovo laptop with gnewsense, but that's not a feasible solution to most individuals or companies, including mine. What realistic and pragmatic alternatives should I consider?

[ShadowOfHarbringer]

Faced with compromised hardware and Ken Thompson hacks and panopticon-style electronic spying, can anyone offer any suggestions on how to at least somewhat mitigate these threats? Besides boycotting the bad actors, what particular companies or products or organizations should one support? I know RMS uses a mips lenovo laptop with gnewsense, but that's not a feasible solution to most individuals or companies, including mine. What realistic and pragmatic alternatives should I consider?

From hardware side:

- No Lenovo or HP laptops
- No Intel (take AMD)
- If you already have intel (i do too, unfortunately), install a non-Intel networking card
- Install OpenWrt in your router. But first, buy only routers that support OpenWrt. List: http://wiki.openwrt.org/toh/start

If you adhere to above rules, there probability of attack should be diminished by something around 99,9% (lucky guess).

Also, if you have Windows + Intel, you are pretty much screwed up. Linux does not have driver support for activating of Intel AMT from EXEcutable file, so it is relatively safe to run binaries not worrying that some of them will contain a trojan which will install itself into AMT. Remember: Intel AMT has its own memory and can run code ! Its a PC within your PC

From social side: I have no idea. But i will look it up sooner or later.

[rikfredsy]

Faced with compromised hardware and Ken Thompson hacks and panopticon-style electronic spying, can anyone offer any suggestions on how to at least somewhat mitigate these threats? Besides boycotting the bad actors, what particular companies or products or organizations should one support? I know RMS uses a mips lenovo laptop with gnewsense, but that's not a feasible solution to most individuals or companies, including mine. What realistic and pragmatic alternatives should I consider?

From hardware side:

- No Lenovo or HP laptops
- No Intel (take AMD)
- If you already have intel (i do too, unfortunately), install a non-Intel networking card
- Install OpenWrt in your router. But first, buy only routers that support OpenWrt. List: http://wiki.openwrt.org/toh/start

If you adhere to above rules, there probability of attack should be diminished by something around 99,9% (lucky guess).

Also, if you have Windows + Intel, you are pretty much screwed up. Linux does not have driver support for activating of Intel AMT from EXEcutable file, so it is relatively safe to run binaries not worrying that some of them will contain a trojan which will install itself into AMT. Remember: Intel AMT has its own memory and can run code ! Its a PC within your PC

From social side: I have no idea. But i will look it up sooner or later.

Hello ,
- I have  a 3g modem and my connection is so bad i'm not in danger ? 
- Is there any software for windows to track internet uses or block a unkown request
 like i can set only chrome to connect to my internet and block others
- How Intel can use our computer when it's off can they run sound can they download private keys ?
- I want to know with what language most hardware are programmed .
- Before 2009 intel CPU were safe ?
- Can i use intel active managment like a remote desktop or Intel have the acces for it self ?

Thanks  for this important thread & All respect to you.