Botnet components in modern pcs

Oh yeah, I hate UEFI with a passion. The POST is supposed to execute via a 'basic' system like BIOS, not some advanced fancy-schmancy POS like UEFI which exposes more holes.

I'm sitting tight on a 2008 laptop with a Core2 and basic BIOS. Works well for what I need it to do.

yeah thats why I think the is worthless since most laptops run on Intel

Its just what else you need to watch out except CPU and if its even possible to have 100% private computer with mass produced parts

Would you guys mind trying this google search screenshot experiment. I am interested to see what happens

I'm especially interested to see if deleting your cookies or spoofing your computer config changes results.

what does it means?!?

meant to sage

I'm still trying to figure out how botnet X58 shit is. I have a Xeon X5677 with an EVGA X58 motherboard, which uses BIOS, but I've heard some say that Gulftown CPU have some sort of the management engine type stuff. I don't see anything related in the BIOS and have my doubts, but I would love to know for sure.

If those old Xeons are okay when it comes to ME stuff then they're faster than the Core2Quads and whatnot that people usually point to as the last safe stuff.

X58 mobos can be expensive though, if overclock capable, I got very lucky. The CPU are quite inexpensive

Lets do an experiment.

Look up "Egypt" on google and zoom out and screenshot your results.

I have the exact same

FIFY

I know this is going to be hard to accept, with you being a master hacker and all, but unless you can inspect the architecture of every component in your individual computer, you have no fucking clue what it is doing.

...

Look up a more controversial topic, where there is likely to be some difference. Also, there won't be any search personalization if you don't usually use Google.

Core family has the first generation of IME. It's barebones and can be excised.
The i series has the second gen onwards, which is pretty much right on the CPU die. Not gonna get rid of it easily.
Your Xeon is from 2010, so I'd expect it to have some sort of IME on it.

You fags do realize that AMT depends on BIOS support, and boards like dual socket SuperMicros have it disabled?

supermicro.com/support/faqs/faq.cfm?faq=24582

I once made a post about this
I thought it was marginally past OK.

I understand that, I did not claim to be a master hacker. I'm asking a question about IME and related tech, they are usually associated with UEFI. This platform comes later than what people generally say is at least safe from IME, but it does not use UEFI.

I guess what I'm asking is, do you want to be helpful to people who care, or do you want to accuse them of being wannabe hackers and just laugh?

AMT is just one of the programs that can run on Intel's ME. Just because the motherboard isn't compatible with AMT doesn't mean it doesn't have Intel's ME.

seems toshiba hdds doesnt have backdoor or at least that what current information shows

pic related.

Do seagate hdds have backdoors?

yes

SuperMicro boards also have jumpers to disable ME. My X9DAE does

supermicro.com/support/faqs/faq.cfm?faq=16448

Bottom left

well shit, it really is difficult to build something like that nowadays
would have go with ryZen but those fuckers made it W10 exclusive

github.com/corna/me_cleaner ?

I know it doesn't remove it completely but it's something

That's not what it does. The JPME jumper is for allowing updates to the ME firmware via the JPME1 pins.

Platform Security Processor
for AMDs Zen and upwards

and in APUs even before that same with ARMs

My Areca RAID card does full disk encryption. Good luck getting its encryption key. I'm sure the ME doesnt have drivers for it either.

That's not how it works you tard. If disabling the ME was as simple as shorting or cutting a connection somewhere then people would be doing it on their machines right now even if there wasn't a jumper on the motherboard.

...

No, but I will call you a fucking retard. When a single entity like Google or Facebook owns the capability to profile large groups of people and currate the information being provided to them, agendas will be pushed. We've already seen instances of this with both of the aforementioned companies and political agendas. This is mostly due to the nature of how they make their money. If I had enough assets, I could literally just say "alright, I want to put these ads talking about the dangers of eating carrots out to every person who frequents this particular grocery store" because I own a grocery store that competes with that one and their sales are primarily carrots.

While I used the relatively begign subject of carrots and grocery stores for the sake of analogy, you can s [cont]

ee how this gets extrapolated out to other areas. The more information they have about who you are and what you are like, the more your worldview and the worldview of people around you can be altered. Let's assume you're a proponet of gay rights (or just insert whatever cause it is that you believe in; gun rights, PETA, pot- the choice is yours). It's trivial to target the people that you interact with the most with anti-gay ads or search results and shut down your ability to exercise your right to speak. The information needed to build these associations can be gained via web traffic, GPS location, microphone data, camera data; really any sensor you can think of. [cont]

Also, don't think "well, I'm pretty neutral on pretty much everything, so I don't really care about big causes". You are important. You are an adult that votes and makes purchasing decisions on a regular basis. You affect the world around you and even if you aren't the "proponet" in the second example, you would still be one of the people surrounding them.

"Saying I don't care about privacy because I have nothing to hide is like saying I don't care about free speech because I have nothing to say."

Don't be dumb. You can run whatever you want on it. You're just falling for shitty MS propaganda.
m.theregister.co.uk/2016/09/02/windows_intel_kaby_lake_amd_zen

wat

Arm has had a 'management engine' for awhile, though I don't think it's quite the same.

Define "good," because I haven't had any luck finding any AM3+ boards without UEFI which means no Bulldozer or Piledriver based FX processors. AM3 was launched in 2009 so at least there are some out there.

No it doesn't you fucking tard. TrustZone is just a function that allows the processor to switch between secure and non-secure states to keep programs running in the non-secure state from reading the memory used by programs running in the secure state. If you look at pic related you'd see that the secure monitor that changes the processor between states is running at the same privilege level as the secure kernel. The only way TrustZone can be a problem is if you have a locked down device that only allows the manufacturer's blobs to run in the secure state (supposedly common for smartphones with custom ROMs but I've never looked into it to confirm if that's true as I don't own one).

Also, who calls ARM processors ARMs? That's fucking retarded.

yeah I thought its just my shitty shop but it seems there are none

i might just go with zen even with that PsP shit in it, since every fucking thing I want to buy has some kind of security flaw

Couldn't a VM with obfuscation between the computer and virtualized environment theoretically defeat an ME? Use user input to generate a psuedorandom key that then is used to hide where the mouse it actually going, what keys are being hit, what information is actually being processed, etc...

what about GIGABYTE 970A-DS3P and GIGABYTE 78LMT-USB3 ?

relevant to topic

Intel puts CPU and WiFi radio together on same chip
archive.is/3HwXD

There are no what? AM3 and AM3+ are different sockets despite the only difference in the name being the +.
Okay configurations:

Not okay:

From what I've heard, Gigabyte's Hybrid EFI is still a full UEFI implementation (just a shitty one).

AM3+ mobos without it

what about W7? reading how you need to do some mumbo jumbo to even install it on UEFI boards

Not sure, I haven't used a motherboard with UEFI and I replaced Windows 7 with Linux for regular use over a year ago so I don't keep up with security concerns involving Windows 7 anymore.

Picture related is Holla Forums

repeat

Does this completely stop the ME from running or are exploits leveraging the ME still theoretically possible?

You're just mad because Linux will make shitting on the streets obsolete.

...

Botnet processors? What are you freetards blabbering on about this time? What could a "botnet" processor possibly do?

youtube.com/watch?v=ez3o8aIZCDM
Even HDA is botnet

Ask the significance of any data being shared to a """ botnet """ and freetards throw an autistic fit

"J-JUST BECAUSE! THEY CAN'T DO THAT! I'M TOTALLY NOT A PARANOID RETARD OR ANYTHING ((((((THEY))))))) HAVE REASON TO MONITOR ME REEEEEE WINFAGS GET OUT OUT OUT"

kek this.

Throws Holla Forums ( or /g/ ) into a frenzy.

what are you?

a Google-apologist or something?

Neural Network?
Net Neutrality?
Non-Niggers?

Net Neutrality

fuck that is scary

Keep sucking that big government/corporate cock user. I'm sure it will reward you some day.

I have been wondering
Just how safe is yandex?

only read bad stuff about duckduck

okay then. we knew Intel's shit was broken for what, 10 years now? read up on Rutkowska's work for example

Yeah because a processor has anything to do with your data. Fucking retard.

proofs?

reuters.com/article/us-usa-cyberspying-idUSKBN0LK1QV20150216

How fucked am I?

they have options doesnt mean they use it
unless you are goverment agency or army then they spy on you 100%

No hard drives have backdoors. It's possible for an attack to install malicious firmware on your hard drive but that isn't a backdoor. The government isn't running around autopwning machines left and right because they wouldn't survive the shitstorm if they ever got found out.

That's not a backdoor you dipshit.

idk fam, I booted up my backdoor today and after I entered my backdoor on the backdoor I plugged ina USB backdoor. Wavy backdoors appeared all up and down the right hand side of the backdoor so I quick powered everything off. I think I am backdoored. How can I backdoor the backdoor?

people dont care about truth, even with faced with truth they will just go with "fake news" and hoax sot that their "bubble of everything is fine" wont die

lel

what are chances of your computer getting attacked?
read that in 2015 there were 4,5mil PCs attacked with uefi that really doesnt seem that big when I read later that for examp,le 30 000 were from Oil company

dump

Sure. A video of zuckerberg fapping to people's fb profiles wouldn't be a problem for them at all.

So are all Skylake processors untouchable because botnet? What do I do when I need a cpu upgrade, AMD motherboards are crap. If I put the botnet cpu in a computer I don't connect to the internet, would it be ok?

unfortunately no they have their own radiot hat goes through 3G

What do I do then?

there is no escape from botnets

...

Honestly the botnet is getting so bad that nothing sounds unreasonable to expect from them.

From a security standpoint, the biggest addition Sandy Bridge will deliver will be the ability to remotely kill and restore a lost or stolen PC via 3G, Marek said. Previously, that capability, which delivers a "poison pill" that can remotely wipe the PC's hard drive, was only available via Ethernet or Wi-Fi. Now, if that laptop has a 3G connection, the PC can be protected, Marek said.

pcmag.com/article2/0,2817,2369110,00.asp

falling for falling for it

s m h fam

Your problem is that you don't know how to separate fact from bullshit. Holla Forums is filled with bullshit and it's intended to be this way. You are actively and intentionally being fed pieces of falsehoods i.e. you are being lied to.

Poes law

That's right

That shit depends on you having a PCIe 3G modem and if I remember correctly a motherboard that supports that feature as well. If you don't like it you can get a laptop without that feature and/or without a 3G modem. Is it to much to ask for people to discuss actual security issues instead of LARPing and misrepresenting things because they don't actually understand computer security? It seems most imageboards now days are just full of LARPing shitposters and retards instead of people actually interested in the topic at hand.

Welcome to Holla Forums, enjoy your stay.

I've been telling this to Holla Forums few years ago. No one believed me. Windows 8 task scheduler had this on detail and it can't be disabled!

Don't forget about SD card slots. Only one company produces them (while others just franchise the technology bc. patents). Even SD cards got CPU/microcode inside them. Creator of Novena platform hacked it long time ago.

Yes. Especially the samsung ones. Look at the graph.

Be careful of SSHD meme tho. Those
hard drives have built-in mind which decides whether to put files in the SSD part or HDD (by tallying the frequency of I/O read of files, basically a botnet with highly sophisticated tiny microcontroller)

You basically know nothing about microcode patches and microcontrollers.
Even a 'processor' contains another 'processor' inside (mostly the botnets).
For example your tiny SIM cards have proprietary CPU in them. Its only be a matter of time until our food contains nanobotnets.

Toshiba are good but HGST is the king. pic related.

this and that 3G botnet only runs with proprietary microcodes that cannot be disabled unless you're libreboot BIOS. keep in mind not all of them have it. all intel anti-theft + ime + vpro shit have the inescapable 3G botnet

either get an old ass Pentium or pre-core2do if you want to go /fucko/.

...

shame about hitachi

afaik hitachi drives are discontinued now

there was something with factories and WD, didnt toshiba took over the hitachi factories?

Western Digital bought out Hitachi, but is still keeping the name HGST along with it's facilities. The latest backblaze report shows HGST is still the top tier HDD.

backblaze.com/blog/hard-drive-failure-rates-q3-2016/

i don't reach that conclusion after reading the link you posted. apparently backblaze said they don't see a significant difference in failure rates between consumer and enterprise drives so they go with whatever's cheapest. they didn't upgrade to new HGST drives, they went with higher density seagate drives. so obviously that's more cost effective for them, and they said the failure rate so far for the seagate drives is suggests they'll be competitive with the HGST drives.

I don't know exactly how they configure their drives but if they used raid-0 to get an 8tb volume with the 2tb HGST, failure rate would be 1 - (.9931)^4 = 2.73%. Compared to Seagate 8tb @ 1.46%.

With the lowest failure rate 4tb HGST, 0.3%, failure rate would be about 0.6%.

Of course, they don't use raid-0, but for volume to volume comparison that seems more fair to compare failure rates that way.

8tb drives allow them to provide more storage at lower cost. To achieve the same size storage array they need to use at least double drives with the HGST (and the article mentions they were replacing mostly the 2tb HGST, which means 4x drives). And the array failure rate usually scales something like (failure rate)^(n-p) (depends how they're configured) then there's an obvious advantage to decreasing the number of drives, in terms of reduced array failure. Not to mention reduced power cost, reduced heat, and increased capacity to enable selling to more customers.

tbh i would go with the high density 8tb seagate drive (or even higher density drives if the failure rate and cost were competitive).

No, it didn't.

Except hard drives don't have backdoors, as addressed earlier in this thread.

Except you can easily remove the 3G modem card.

A majority of the posters in this thread don't know shit.

everytime.

They did it to Russia to spy on them.

I don't know what your definition of backdoor is, but a hacked firmware can give you the data it want to when you ask it to load data.

In the first point the burden of proof is on the poster, the second and third point were already made earlier in the thread, and the fourth should be obvious to anyone who knows what "microcode" and "firmware" mean.

Hard drives don't come with that malicious firmware from the factory. Saying "hard drives have backdoors" completely misrepresents the situation.

Seriously, a remote kill switch is the least of your worries. Using a machine with a cellular modem card or cell phone (as the modem has DMA in almost every model) if you want to be secure from your phone company or state actors is fucking retarded and you deserve everything you get. Seriously, there have been multiple talks and demonstrations at Defcon, CCC, and elsewhere. External cellular modems can be a slight improvement as they won't have DMA but will still result in your phone company (and the government if they get a warrant or the NSA automatically grabs that data) having a record of your movements for the past 1-2 years.

Based T-Mobile shitting all over everybody else when it comes to IP and text retention.

Why even bother going online at all any way.
Holla Forums, this is depressive. The internet ruined computers. I want sneakernet to come back.
I want this ride to end.

normalfags destroyed it!

...

Let's mesh net! Fuck 'em they can have the "internet".

Intel Management Engine (ME)
Intel Small Business Advantage
Intel Anti-Theft

Any AMD analogues are also botnet (I think the AMD version of AMT is called PSP or something).

All these are bundled together as a part of Intel vPro, which is present on most "Core" series processors, including the old ones like the Core2Duo and Core2Solo from ~2006, as well as the newer Core i3, i5, and i7 processors. The botnet on the old (pre-2011 or so) processors can be removed by installing Coreboot or Libreboot, since the code that runs the Management Engine is located in the SPI chip where the BIOS runs from and flashing the chip with a new BIOS program that does not contain the Management Engine code will remove it. Newer versions, however, cannot be removed, as altering the BIOS will brick the computer.

That's about it for botnet features. AES new instructions (AES-NI) isn't dangerous (it can't affect the quality of the final encryption key/encrypted data), and RDRAND isn't dangerous so long as it isn't the sole source of entropy for the random number generator IIRC Linux's RNG uses RDRAND as well as other sources of entropy, so it's safe. Windows could well be just using RDRAND to generate random numbers for its entropy pools though, which could be dangerous if the RDRAND instruction is backdoored to generate non-trivially guessable but still non-random numbers. Of course, if you're using Windows you have bigger concerns than weak encryption.

TPM isn't botnet because all it does is store and generate keys generated by software programs. Unless you have a botnet software program running on your computer, it isn't a problem.

Depending on how you use your computer, Intel Identity Guard may or may not be botnet. It requires you to consciously install software for it to function (there's no secret ROM running closed source code that does who-knows-what like with the Management Engine), so as long as you don't install the user mode program that interacts with Identity Guard and as long as you use open source software, the hardware feature won't even be used.

Even if it is used, the information produced by Intel's Identity Guard cannot identify you personally or report on your activities, it can only notify whatever website you're visiting that the computer you are using is the same computer as you were using when you visited it earlier. This is the case because Identity Guard works by generating a shared key with the website and using said key to produce a one-time password. This proves that you are using the same computer each time you visit the website. Like I said, this may or may not be botnet depending on your use case. If you previously used the same computer to log into any web service connected to your identity using Identity Guard (again, you have to install software to get it to work, or else the feature is completely unused), and you are now using the computer in an anonymous fashion, then your anonymity is compromised, because the website/FBI/NSA can determine that the computer that just posted confidential information to a website was the same computer that logged into user's bank account an hour ago, and therefore user is the likely suspect for who posted the information.

If you never log into any services connected to your personal identity, but are still for whatever reason using Identity Guard (again, you can disable it by just not installing the program that uses the feature), then your pseudanymity is preserved (the website/FBI/NSA can't tell that it was you that posted the confidential information), but they can tell that the computer that the information was posted on was the same computer that previously visited Rule34.com to download Yuri pictures.

This may or may not be dangerous, depending on your expectations of anonymity. It's probably safest to just disable the feature, which again can be done by just not installing the program that uses it in the first place. Identity Guard doesn't have any kind of BIOS/chipset ROM that uses it, so without the userspace program that uses the feature it is powerless.

This post has a lot of misunderstandings behind it. First off, the Intelligence Community does not need to force Intel to give up Manageability Engine keys (or AMD's PSP keys for that matter). Both the keys and the toolchain, as well as the source code are traded underground. I know that at least up to firmware version 8 is traded underground, and version 11 (the latest) is available without difficulty to people who know how to find it. I have access to version 8's signing keys myself, being in that scene, but all my computers use version 11 so I haven't cared to mess with it. It's certainly not common but it is absolutely something that FVEY and related contractors (Raytheon, Leidos, half the people you'll see at ISS, etc) will be able to get their hands on, if they haven't already.

Second, the abilities of the Manageability Engine are greatly over-exaggerated. It cannot be used to access all your data remotely. That only works if you have all AMT features enabled, and you have a special device called a BMC card plugged into your computer and connected to the network. BMC cards can include 3G/4G or WiMax support, which is where the myth that vPro CPUs have a 3G backdoor comes from. I have an enterprise ThinkPad that proudly boasts having WiMax support, requiring extensive configuration. It was expensive. If you don't have a BMC card (and you do not), then it is not possible to remotely control your system. Even if you did have a BMC, simply having the signing keys and toolchain for the ME would not be sufficient to get in. An attacker would need either a 0day, or your credentials. Having the signing key allows nothing more than writing malicious firmware over SPI and allowing it to persist. It's just a little more powerful than the UEFI kits cr4sh can write, and just as easily detectable by reading your flash chip. But it's not like you're analyzing your microcode (of which there are likely signing keys being traded as well), which can also be installed on a large number of systems, considering the BIOS functions to load the latest microcode it has into the CPU.

Thirdly, you don't have to worry about the ME hiding Intel-provided backdoors because it is not impossible to reverse engineer ME firmware. The firmware is huffman coded, which can be decoded with some manual effort, and then you have ARCompact bytecode with Java-based modules. Intel can be a nasty company, but they aren't going to risk everything with overt backdoors that simply exfiltrate your memory over the network. Plus you could easily block that with a separate firewall. Even if it is sent out-of-band with regards to the kernel's networking stack, it's still sent over the same physical NIC, just with a different IP and MAC.

The ME is absolutely not what you have to worry about in these threat models. It is only a way for malware to hide itself from forensic analysis, not a mystical way to remotely contact any system which runs it, absent a BMC card.

If you have to have something to worry about, worry about 0days. They are much more dangerous and valuable than something which, at best, provides a persistent infection that is trivial to detect offline. There are RCEs for every major httpd. There are LPEs that even work on grsecurity (at least one that I know of), and dozens that work on vanilla Linux. There are at least two traded ring 0 RCEs for Windows, one of which I have, and there are probably a couple ring 0 RCEs in Linux's Netfilter (conntrack, anyone?). Secure your OS, use sandboxes and mandatory access controls (SELinux or AppArmor or RBAC), keep up to date, read security mailing lists, be wary of red herrings, use grsecurity + PaX, and most importantly, understand your own threat model.

I can say with absolute confidence that the Intel Manageability engine is not a threat in the least to the integrity of the Tor network. Especially not when each and every one of you are running a browser which can be exploited with images and CSS. Sandbox your shit.

Good info here even though it's a reddit copypasta. Only thing he got wrong was that the on-board NIC can be used for comms by AMT in systems equipped with it. Most aren't unless they are pro or enterprise class.

Yes, that's what they could do 6 years ago. It's quite possible that the situation today is even worse.

You don't have a clue what you're talking about, do you?

fucking hell I dont really want to buy intel but what choice do I have when I dont want garbage performance

If only. If normies can't immediately understand something then they won't be outraged over it. Even when all the NSA shit came out that all our electronic communication is being intercepted, monitored, and stored, how long did the shitstorm last? A week? If that.

why modern with any of this when your ISP has all the logs to fuck your shit up anyway?

Quit using the term botnet wrong and maybe people will answer you seriously.

When you're using a VPN or Tor, the only logs your ISP have are that you're using a VPN or Tor. They don't know where you're visiting, what you're doing, or what the traffic is. If you use a VPN and Tor at the same time, they don't even know that you're using Tor.