For those of you who have been living under a rock the Intel Management Engine is a separate processor on Intel motherboards that has access to your RAM and network to allow remote administration of your computer in business environments. Totally not the NSA's wet dream or anything. The irony of course is it seems to have been used by the Chinese in the South China sea dispute.
Intel ME runs even when the main processor is powered off, and while this feature looks pretty shady, Intel built ME to provide remote administration capabilities to companies that manage large networks of thousands of computers. In the ME component stack, AMT provides a remote management feature for Intel vPro processors and chipsets. The AMT SOL is a Serial-over-Lan interface for the Intel AMT remote management feature that exposes a virtual serial interface via TCP. Because this AMT SOL interface runs inside Intel ME, it is separate from the normal operating system, where firewalls and security products are provisioned to work. Furthermore, because it runs inside Intel ME, the AMT SOL interface will remain up and functional even if the PC is turned off, but the computer is still physically connected to the network, allowing the Intel ME engine to send or receive data via TCP.
What's preventing you from turning it on given that you already had full priveleges in order to install such malware in the first place? Maybe you'd have to support a bunch of different BIOSes in your malware...
kys
literally kys
Lucas Walker
Please look more new.
Parker Scott
is this your first day here, user?
Andrew Williams
Microsoft and Intel work for the cianiggers, tbh. Can't trust any of them.
Nicholas Wilson
Needless to say that they won't report anything about the Mossad or the alphabet soup niggers. So expect this to be just the tip of the iceberg.
Mason Williams
Good, fuck Intel. Hopefully this starts to get traction as soon as they start to promote their new CPUs. Intel are the worst kikes imaginable for technology.
Hudson Jackson
How horrifying.
AFAIK you have to download and install the IME before it can be active on your PC. It doesnt even come harcoded in chips or motherboards.Mobos have the option to disable IME features though
Colton Murphy
its okay when OUR alphabet soup spies on you, for your safety, to protect you, you should be worried about those russians/chinks.
Ryan Torres
You have to go back.
Wyatt Brooks
...
Hudson Russell
Thank you fellow Torfag
Isaiah Thomas
...
Jeremiah Martinez
WHO COULD HAVE SEE THIS COMING? THIS IS SO OUT OF LEFT FIELD! NOBODY AT ALL COMMENTED THAT THIS TYPE OF THING COULD HAPPEN WITH BACKDOORS! OH, IF ONLY SOMEONE HAD TOLD US!
Luke Davis
If you say so CIA nigger shill. But it's not the Russians/Chinks who kidnap civilians out of their jurisdiction and hold them captive indefinitely without a trial on a large scale all across the world, just because they can.
Juan Thompson
What do you have to do in order for the CIA to give you a free trip to a black site?
Adrian Edwards
Intel ME runs MINIX C code even if you are not using a C-based OS. You can't escape this as long as there is C on your computer.
Jeremiah Williams
Oh, OK. So obviously not all their processors have it and I just have to buy one of the others, right?
Nathan Morris
no, all their processors have it, except for old ones from before they put it on every one. the newest ones without anything like that are some of the amd fx chips.
Kevin Adams
Every CPU made since 2008 has it installed. Intel says it's disabled by default and the vulnerability is not important if the computer is not connected to the Internet (no shit) or if IME isn't enabled; we don't know if it can be remotely activated, however. Currently the only ways to be safe from this vulnerability are: Which means nothing since 99 % of motherboards won't ever receive an update. Some hacker from an open source project (libreboot?) Found a way to disable it by deleting chunks of the firmware. I could swear I read about this somewhere, but I can't remember or find a link to the website it was posted on.
Gabriel Flores
you can disable ME with this script, it works on wide range of hardware, especially if its a bit older, only problem is you need external SPI flasher to properly do it github.com/corna/me_cleaner
Eli Sullivan
Aside from that, how can one cripple the AMT? I've been told that using a PCIe network card can prevent it from phoning home.
Frankly I don't care if it eavesdrops, as long it can't communicate with (((them))).
Lucas Carter
aside from that script you can disable integrated network card I think and use external usb card, but to be sure you really need to completely fuck up the firmware inside the flash chip with this script or use very old platform that you can libreboot or that doesnt have ME integrated on it
