If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
If you're on an Intel machine that you've purchased in the past 2-3years
Shadow wrote:
http://www.alexrad.me/discourse/why-...creenshot.html If you're on an Intel machine that you've purchased in the past 2-3 years, that computer almost certainly has an Intel Management Engine. You might not know what that is, and that's okay. You may also be unaware that the operating system on your computer could be leveraging features in the Intel Management Engine when consuming DRM Media. What is the Intel Management Engine? It's a coprocessor sitting on the same die as your CPU(s). Crossposting this to comp.sys.intel would have been a useful thing to do. So I have done that. Here is a description for Intel Active Management Technology http://en.wikipedia.org/wiki/Intel_A...ent_Technology It seems to have first become available on retail computers sold starting in Q1 2009. Basically, any Core i-something will have this. Motherboards based on Core2 (socket 775) or older (socket 478) will not have this junk. Also - the spyware process or processor is not built into the CPU. It's in a chip thats part of the motherboard chipset: ------------ Until the release of Nehalem processors, the ME was usually embedded into the motherboard's northbridge, following the Memory Controller Hub (MCH) layout. With the newer Intel architectures (Intel 5 Series onwards), ME is included into the Platform Controller Hub (PCH). According to an independent analysis by Igor Skochinsky, it is based on an ARC core, and the Management Engine runs the ThreadX RTOS from Express Logic. According to this analysis, versions 1.x to 5.x of the ME used the ARCTangent-A4 (32-bit only instructions) whereas versions 6.x to 8.x use the newer ARCompact (mixed 32- and 16-bit instruction set architecture). Starting with ME 7.1, the ARC processor can also execute signed Java applets. The ME state is stored in a partition of the SPI flash, using the Embedded Flash File System (EFFS). ------------- See also: ------------ Known vulnerabilities and exploits A Ring -3 rootkit was demonstrated by Invisible Things Lab for the Q35 chipset; it does not work for the later Q45 chipset as Intel implemented additional protections.[22] The exploit worked by remapping the normally protected memory region (top 16 MB of RAM) reserved for the ME. The ME rootkit could be installed regardless of whether the AMT is present or enabled on the system, as the chipset always contains the ARC ME coprocessor. (The "-3" designation was chosen because the ME coprocessor works even when the system is in the S3 state, thus it was considered a layer below the System Management Mode rootkits.[23]) For the vulnerable Q35 chipset, a keystroke logger ME-based rootkit was demonstrated by Patrick Stewin.[24][25] Another security evaluation by Vassilios Ververis showed serious weaknesses in the GM45 chipset implementation. In particular, it criticized AMT for transmitting unencrypted passwords in the SMB (small business) provisioning mode when the IDE redirection and Serial over LAN features are used. It also found that the "zero touch" provisioning mode (ZTC) is still enabled even when the AMT appears to be disabled in BIOS. For about 60 euros, Ververis purchased from Go Daddy a certificate that is accepted by the ME firmware and allows remote "zero touch" provisioning of (possibly unsuspecting) machines, which broadcast their HELLO packets to would-be configuration servers. -------------- Alost every day I find a new reason to smile at the fact that I'm STILL running Windows 98 (on PC's with socket 478 or 775 CPU's) while everyone else is getting the **** hacked out of them - one way or another (or hundreds of other ways). |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
What Linux distro to use for old Intel machine, that fits on CDs? | Robert Heller | Homebuilt PC's | 22 | July 5th 08 05:38 PM |
What Linux distro to use for old Intel machine, that fits on CDs? | raylopez99 | Homebuilt PC's | 35 | July 3rd 08 01:10 AM |
What Linux distro to use for old Intel machine, that fits on CDs? | Robert Heller | Homebuilt PC's | 0 | June 28th 08 01:38 PM |
Free Rootkit with Every New Intel Machine | Intel Guy | Intel | 2 | June 16th 07 07:02 PM |
Fastest Intel Chip that can be purchased today | ajb | Intel | 6 | September 26th 06 08:53 AM |