Worrying security issue

A general warning that I currently set up on the three or four forums I frequently read and use. We all may have heard of the possibility to install malware and snoops already in factory, in ROM-stored drivers for HDDs and so forth. Any scanner you later install , would not be able to detect it.

This scenario here, that seems to have turned real now, is a privacy and security nightmare. Worse it cannot get. Say hello to Minix.

https://www.networkworld.com/articl...-popular-os-in-the-world-thanks-to-intel.html

One may be tempted to assume that one is safe if buying AMD instead. But who said that those who set this up for Intel, have forgotten that there is AMD as well...?

But they want to kill cahs money and force us all to set up our wealth and "money" in digital format. Yeah, they want that. Think about that next time you get your plastic card out. And learn to get some doubt on that you really act so clever when doing it. You compromise much more than jst cash money.

 

Maybe AMD has MAXIX installed on all its CPU..

but I wonder, what is the reason for this, what does Intel have to gain? Is it some NSÄ backdoor to get access with the blip of a switch? I don't really understand what use this inclusion could have on a global scale.

 

If it is not Intel's idea, then they were ordered to do so.

Point is people must be aware that no matter what they do and install in scecurity software - THEY ARE COMPROMISED AND TOTALLY, COMPLETELY, UNCONDITIONALLY EXPOSED. Even if oyu do not use, do not own computer devices yourself! No matter what you do. Whether you store those data on your HD. Or use home banking. Enter passwords for accessing shops or payment services. YOU CANNOT AVOID BEING COMPLETELY DEFENCELESS. And when you think "okay, then I go and shop in real shops, or do my bank business at the counter again" - think again. Shops and banks again - base on computers, WHICH ARE AS COMPROMISED AS YOURS.

An they have declared, waged and almost won their war on cash money as well, want you all to store your private wealth, your saved buying power, in digital format - on computers. Well, the totally messed up false-money system of ours is a disaster story in itself, but it is also playing some part on these considerations here, too.

There is no defense against this. I assume that Intel was ordered to include this, and therefore I also assume that similiar weaknesses exist in other brand sand types of hardware as well. Also AMD, as you said.

Note that the Intel chips are most likely affected since around ten years already.



There is another possibility, which I consider to be very unlikely, however. Somebody infiltrated Intel and included these vulnerabilities without their knowledge. The Iranians ran their centrifuges for months before realising that they got infiltrated by Stuxnet. And then it was too late. That malware and backdoors cna be and has been hidden in the ROMs of HDDs, was described already many years ago. Antivir software does not and cannot detect weaknesses that lay by design in the BIOS already.

The fully digital world, is the fully compromised world. People really should let sink this in. Its not about whether or not trying to defend is futile. Its about that defence is impossible. Enjoy being weak, naked, exposed and fully defenceless. You live your life at the mercy of somebody in the hidden. Hope you like it - its all you ever will be.

And here is the one-billion-dollar question: do you think we have any reason, even the tiniest, smallest reason at all, to put even only some minor trust into these states, governments, corporations or criminal clans who have imposed these weaknesses on us? Sometimes I think we are being held like cattle in mass farming, being milked for the benefit of a few hidden ones at the very top of the food chain.

Grrr, now I am grumpy again. But then, I am always grumpy these days.

While probably many want and dream of having this ability, the NSA, to my knowledge, is the only dubious organisation that has publicly announced several years ago, on boss level, that they indeed lay the claim to be able to enforce access to each and every existing computer device in the world, no matter where it is, no matter what it is, no matter who the owner is. That was the head of the NSA back then, I think it was a congressional hearing.

 

There was a vulnerability found in AMT engine (vPRO systems) which was patched later.
https://www.theregister.co.uk/2017/05/05/intel_amt_remote_exploit/
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
Basically one could access AMT service by supplying empty password field.

Regarding intel me apparently there is a "killswitch":
https://www.theregister.co.uk/2017/08/29/intel_management_engine_can_be_disabled/

Sounds like CIA/NSA requested for ability to turn intel me off for themselves.

Talking about security, why this forum still runs on HTTP?

 

The article doesn't seem to go into what the OS is there for, which leads me to believe it's a benign reason that wouldn't fit into the hysteria of the article. It doesn't really even say if the OS is active.

But CPU manufacturers are trying to make their CPUs more rounded so they can do more tasks. If the OS is in the CPU it could potentially mean the CPU could be the PC.

I don't know why anyone would have confidence in cash money and not electronic. They're essentially the same thing in this day and age. Cash is just bits of paper referencing the money in the database. Money only has power if people say it does, otherwise it's just a figment of our imaginations.

 

btw intel me was hacked by researchers using USB JTAG.
https://twitter.com/h0t_max/status/928269320064450560

There is a team which is working on creating security/privacy oriented laptops that have intel me neutralized and runs coreboot:
https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/

 

The article says the -3 ring is >>unaccessible<< for everybody, and thus examination of what stuff in there does, from where, and why, might prove to be a bit difficult. Hard to find out what the browser is doing if you cannot have a look at it working. If it does nothing - then why was a whole sub-0 ring operation system even being installed, on a core of its own? It is my understanding that all this is not about the usual virtualization layer modern CPUs come with.

Heck, I did not even know that rin -3 exiosted, the lowest I ever have heard of, was -1.

Note that Google, which by all means is not really a dwarf when it comes to the internet and server farms, acitvely works on getting rid of all this. Which means in the end they are replacing hardware, necessarily. Plenty of it. And expensive one.

In the following screens, they epxlain a bit more the background. Note that between -1 and -3 ring, there is a -2 ring. Here is where vendors "value-add" content later on. Minix on -3 ring is even deeper than just that. And they do not want anybody to know that.

https://schd.ws/hosted_files/osseu17/84/Replace UEFI with Linux.pdf

 

Interesting article from a technical point of view, but in my experience many so called security concerns are often accompanied by an unjustified level of paranoia.

 

Jeezus...If I wasn't paranoid enough already! Interesting post, thx @Skybird

In fact, I was still smiling from ear to ear after driving the Porshe RSR,Corvette C7R, and Ferrari 458 GT2 on Black Cat County and was just dropping by to to shout out at @Lord Kunos for his creation (you and Aris have been fairly quiet lately btw) and then I read this.

As mentioned already though, it is common knowledge the powers that be have "full" access to our lives, but It would be very interesting to know if AMD has the same program in their cpu's, and what this program does exactly....Until then, it is pure speculation.

 

Glad I have stock in tinfoil hats.

 

A user in another forum:

>>The Sony Rootkit farce in the 1990s was just like this, an injection of foreign code into Windows, undetectable, omnipotent, both malevolent and inviting other malware to join its party and share its invisibility cloak while they had total domination of the computer. When exposed by Mark Russonovich, Sony lost billions of dollars, both in fines, damages and business. <<

I admit I had to google for it, before I remembered it. But then the parallels really struck me.

And I repeat, Google has embarked on replacing its plenty of IT infrastructure and according OS to get rid of this - that much they rate it as tinfoil hat conspiracy that they invest real heavy money and resources just to get rid of this paranoia of theirs.

 

There is a company having a certain value protecting their system integrity.

There are humans claiming this surrenders their "buying power".

One case is tinfoil, one is not.

It's still interesting that you think paper money has any more value than electronic. If they decide to crush your buying power, don't worry, it will be all across the board. Paper or electronic.

 

It's not known if/what NSA like agencies can do with features like intel me/AMT for their spying purposes however vulnerability has been shown to be exploited by researchers, meaning that at least hackers could use it for their own purposes (if hackers/researchers can then NSA/CIA for sure too). You can't audit/review intel me, so looking for ways of "killing" it sounds pretty normal.

 

Oh, I don't.

FIAT/Paper money, banknotes - are uncovered certificates of debt with zero intrinsic value. Which means their bartering value inevitably shifts towards their intrinsic value over time: to zero. Still you can take movable property and hide it from plunderers and blackmailer, digital value you cannot hide - you got handcuffed and locked and turned defenseless so that they can rape you any time they want. Banks can dictate the fees. Credit card companies can make profits for services which are unneeded, for they enforce these on people,sicne there would not be an alternative to digital payment. Finance ministries need to just press a button and milk whatever they want from you.

And this is what it is abiout: they want to prevent people defendign their property and savings from teh state confiscating it to keep its regime of debts and spendign more and more alive a little bit longer. It is about expropriation - and making people defenseless against that. Plundering, plain and simple. Rogoff shamelessly openly and frankly says so, claims that states should be given the totalitarian power to plunder people at will and to render people completely helpless to this abuse. And they applaud this bastard! Needless to say: the more debts a state has the more he applauds this "theory". Its a crime. A crime.

In the end, it is a massive attack on private property rights.

I pretty much run by Austrian economics rules and thinkings, and classical national economy theory. Names like Rogoff and Keynes are just criminal offenders to me, offenders of the worst of the bad kinds, imposters and alchemists, who blind the people with a show of claimed professionality that is just fireworks in the nightly sky. In the end, they ar (Nobel did not found it, it was he Swedish central bank). They compare to science like astrology would compare to astro-physics. That throw around with graphs and tables, does not mean that you understand your matter or that your self-invented schematics mean anything. But they give politicians what they want: a card blanche for spending more and more in debts to bribe their voters, and that is why they get protection and support from highest political levels.

I recommend to take a deep look into India. Ondia has banned most of it dbank notes and for the most prohoibited private possession of gold. We have had that in the past in Europe, too. Now look into the econoym over the past 12 months. Its in a dive, investing has stalled, orivate indebtness has mounted intot he sky, the economy is in stagnation and great danger to dive. The claimed reason - fighitng tax evasion and organised crime - has been revealaed as a claim only: tx evasion is as high as always, and organise crime makes even more profits now, since it now offers, vor a fee, the service to wash black money in other ways. The whole coup by the giovernment has achieved right the opposite of what they claimed it was beign tried for. Great!

The other half of the core problem is the fractional reserve system. But that all leads to far and doe snot really belong to this forum. I just wanted to gie a warnign about that those of you running intel-based systems, are compromised. And nobody knows by whom, why and what is being made of it. And that is hardly reassuring, but worrying, since your most vitla interests, even banking in a bank at the counter, is compromised as well. Everythign you do on your system, or let somebody else do in your name on his system - YOU CANNOT EVADE. To want in this context a digital money system, is an additional climax of madness.

Sorry for this post. These things are important, an they bring me up into arms in no time nowadays. The world I live in, is a mental asylum, and the inmates of the locked high security wing have taken over the management.

Back to racing.

 

Google is so stinking rich though, that they can afford to take actions like that on the off chance it may become an issue down the road. It doesn't necessarily mean they think it's malicious, it could be done as a security precaution in the unlikely case people other than Intel could use the feature to access google data. It could also be the case they were due an upgrade and used this information to harass Intel for better prices.

A company like Intel have far to much to lose trying to spy on their customers. I don't see any reason to get worried until someone comes out with proof this software is doing something malicious and even then they'll need to prove the OS can be accessed by third parties because in general I'm sure I'm of no interest to the higher ups of elites in control of global economies.

In general these kind of things don't worry me. The people at the top of society know full well how tenuous their position is. The angry mob has never had so much power.

 

https://en.wikipedia.org/wiki/XKeyscore
Suits this topic:

 

Id say blame it on ISIS (Isreali Secret Intelligence Services)

https://www.google.com.au/amp/www.z...ael-inside-a-history-of-intels-r-d-in-israel/



Now time to run and hide before my PC self destructs lol.

 

For me I just assume nothing on the internet is fully private or secure so only put on things that arent a problem if someone gets the data. Sure there is online banking etc but in most cases if using the banks official apps and sites they are secure enough and they will cover any thefts etc if they happen. If someone has critical data they need private I see how they would worry about security more then me and in many cases so much of it would be a proper nightmare.