Just another reason to Disable the Intel ME:
[url=https://finance.yahoo.com/m/a73f9f98-fefe-3542-b49b-612531bc29ce/ss_intel%3a-we%27ve-found-severe.html]Severe Security Flaws[/url] in the Intel ME. Keep in mind, they have to have Local Access. But I believe it is just a matter of time before they find this is not the case and its broader. :) .
Severe Security Flaws in the Intel ME.

Keep in mind, they have to have Local Access. But I believe it is just a matter of time before they find this is not the case and its broader. :)


.

My Opinion is no more important or right than yours. But if your using the LATEST drivers, go back to the prior set.

Piss Poor tech support blame all issues on drivers and assumes that your an idiot. Find a set that you know worked and see if the problem exists still.

""Don't f with it if it ain't broken!""
Constantly updating drivers is a good way to F'up the whole system.

If the driver has an issue, don't be a fool, remove it.

Just because you can, does not mean you should.

#1
Posted 11/22/2017 05:52 PM   
November 21, 2017 Intel Patches CPU Bugs Impacting Millions of PCs, Servers | Threatpost | The first stop for security news [url]https://threatpost.com/intel-patches-cpu-bugs-impacting-millions-of-pcs-servers/128962/[/url]
November 21, 2017
Intel Patches CPU Bugs Impacting Millions of PCs, Servers | Threatpost | The first stop for security news
https://threatpost.com/intel-patches-cpu-bugs-impacting-millions-of-pcs-servers/128962/

Stability forms the keystone of true performance. Accept no substitute.

Never buy, update or ask anything until after you have done a search. Discovery is curiosity's reward.

Some use a PC to play fantasy games. Others use one to learn what real games are being played.

Help others to help you. Please post complete system specs. in your forum signature.

linuxmint-17.3-mate-64bit, 4.4.0-103-lowlatency | SABERTOOTH 990FX R2.0 (UEFI 2901, 2016/08/05), CSM-->UEFI and *Legacy OpROM (*allows for the custom partitioning of SSDs & HDDs that will also work intact with up-to-date Vishera-capable PC-BIOS-based motherboards), no 'Secure' Boot or HPET | IOMMU Enabled | FX-8370, amd64-microcode_3.20160316.3_amd64 | CLP0587 with 1 x Venturi HP-14 PWM | KVR16E11K4/32 | STRIX-GTX960-DC2OC-4GD5 (nVidia 384.98). Resume from S3 works correctly in all regards. Hibernate does not. | GL2450HM, DVIDDMM10, ARMUNONB | 220-G2-0850-XR | GH22LP20 (LightScribe), IDE100RND36, PEX2IDE | PEXMSATA3422 (Firmware: 2.3.0.1065) with 2 x SMS200S3/120G in RAID 0 and 2 x ST3000DM001 in RAID 0 | 1 x ST6000DM001 (SB950), 1 x ST6000DM001 (ASM1062) | S252BU33R (Firmware Version: 101.01.01.09) with 2 x ST2000LM003, JU-P40511-S1 (uPD720201), JU-H40711-S1 (VIA VL811+) | CM 690 II Advanced, HP-12 PWMs, HP-14 PWMs, FAN7X10TX3 | ST0026Z | Asus PCE-AC55BT (Intel 7260) PnP | Y-BF37 (Sleep key), SM50F76959

#2
Posted 11/22/2017 06:00 PM   
. :) [quote]If the INTEL-SA-00086 Detection Tool reported your system being vulnerable, please check with your system manufacturer for updated firmware.[/quote] Which Means, Millions will not get a fix as this will be updated via a MOTHERBOARD | System manufacturer ME Firmware update. Its one thing to find the problem, another to get user Awareness of the problem, and another to get multiple manufactures spanning millions of devices to each issue their own FIX for those items. .
.

:)

If the INTEL-SA-00086 Detection Tool reported your system being vulnerable, please check with your system manufacturer for updated firmware.
Which Means, Millions will not get a fix as this will be updated via a MOTHERBOARD | System manufacturer ME Firmware update.

Its one thing to find the problem, another to get user Awareness of the problem, and another to get multiple manufactures spanning millions of devices to each issue their own FIX for those items.


.

My Opinion is no more important or right than yours. But if your using the LATEST drivers, go back to the prior set.

Piss Poor tech support blame all issues on drivers and assumes that your an idiot. Find a set that you know worked and see if the problem exists still.

""Don't f with it if it ain't broken!""
Constantly updating drivers is a good way to F'up the whole system.

If the driver has an issue, don't be a fool, remove it.

Just because you can, does not mean you should.

#3
Posted 11/22/2017 06:07 PM   
19 October 2017 Purism Now Shipping Their Laptops With Intel ME Disabled - Phoronix [url]https://www.phoronix.com/scan.php?page=news_item&px=Librem-Laptops-ME-Disabled[/url]
19 October 2017
Purism Now Shipping Their Laptops With Intel ME Disabled - Phoronix
https://www.phoronix.com/scan.php?page=news_item&px=Librem-Laptops-ME-Disabled

Stability forms the keystone of true performance. Accept no substitute.

Never buy, update or ask anything until after you have done a search. Discovery is curiosity's reward.

Some use a PC to play fantasy games. Others use one to learn what real games are being played.

Help others to help you. Please post complete system specs. in your forum signature.

linuxmint-17.3-mate-64bit, 4.4.0-103-lowlatency | SABERTOOTH 990FX R2.0 (UEFI 2901, 2016/08/05), CSM-->UEFI and *Legacy OpROM (*allows for the custom partitioning of SSDs & HDDs that will also work intact with up-to-date Vishera-capable PC-BIOS-based motherboards), no 'Secure' Boot or HPET | IOMMU Enabled | FX-8370, amd64-microcode_3.20160316.3_amd64 | CLP0587 with 1 x Venturi HP-14 PWM | KVR16E11K4/32 | STRIX-GTX960-DC2OC-4GD5 (nVidia 384.98). Resume from S3 works correctly in all regards. Hibernate does not. | GL2450HM, DVIDDMM10, ARMUNONB | 220-G2-0850-XR | GH22LP20 (LightScribe), IDE100RND36, PEX2IDE | PEXMSATA3422 (Firmware: 2.3.0.1065) with 2 x SMS200S3/120G in RAID 0 and 2 x ST3000DM001 in RAID 0 | 1 x ST6000DM001 (SB950), 1 x ST6000DM001 (ASM1062) | S252BU33R (Firmware Version: 101.01.01.09) with 2 x ST2000LM003, JU-P40511-S1 (uPD720201), JU-H40711-S1 (VIA VL811+) | CM 690 II Advanced, HP-12 PWMs, HP-14 PWMs, FAN7X10TX3 | ST0026Z | Asus PCE-AC55BT (Intel 7260) PnP | Y-BF37 (Sleep key), SM50F76959

#4
Posted 11/22/2017 06:18 PM   
Owners of older Intel machines whose ME & AMT can no longer be patched may react to the above revelations by thinking that it's time to switch to a recent AMD platform. Anyone who is considering such an investment might want to read and do some research into the following: [i]"...The technologies in question are the Intel Management Engine (ME) and the AMD Platform Security Processor (PSP). Both serve effectively the same purpose; to ensure that the physical owner of the machine never has full control of said machine. These technologies, in turn, are used to implement various forms of remote control and Digital Rights Management (DRM) technologies..."[/i] Apr 4 17:06:23 CEST 2016 Uncorrectable freedom and security issues on x86 platforms [url]http://mail.fsfeurope.org/pipermail/discussion/2016-April/010912.html[/url] (Page 8) [i]"...PLATFORM SECURITY PROCESSOR..."[/i] UEFI_PlugFest_AMD_Security_and_Server_innovation_AMD_March_2013.pdf [url]http://www.uefi.org/sites/default/files/resources/UEFI_PlugFest_AMD_Security_and_Server_innovation_AMD_March_2013.pdf[/url] AMD Secure Processor (Built-in technology) [url]https://www.amd.com/en-us/innovations/software-technologies/security[/url] Petition · Advanced Micro Devices - AMD: Release the source code for the secure processor (PSP) · Change.org [url]https://www.change.org/p/advanced-micro-devices-amd-release-the-source-code-for-the-secure-processor-psp[/url] UPDATE: (No confirmation from AMD yet) [i]"With the latest AGESA update for Ryzen-based systems, AMD is reportedly allowing the Platform Security Processor (PSP) to be disabled. The AMD PSP akin to Intel's Management Engine..."[/i] 7 December 2017 AMD Reportedly Allows Disabling PSP Secure Processor With Latest AGESA - Phoronix [url]https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-Disable-Option[/url] -- AFAIK the only auditable computing platform that isn't completely out-of-reach is this one: Raptor Engineering::Talos™ II Secure Workstation [url]https://www.raptorcs.com/TALOSII/[/url] The above workstation won't be running Windows. Microsoft PowerPoint - HC28.POWER9-Thompto-IBM-final.pptx - HC28.23.921-.POWER9-Thompto-IBM-final.pdf [url]https://www.hotchips.org/wp-content/uploads/hc_archives/hc28/HC28.23-Tuesday-Epub/HC28.23.90-High-Perform-Epub/HC28.23.921-.POWER9-Thompto-IBM-final.pdf[/url]
Owners of older Intel machines whose ME & AMT can no longer be patched may react to the above revelations by thinking that it's time to switch to a recent AMD platform. Anyone who is considering such an investment might want to read and do some research into the following:

"...The technologies in question are the Intel Management Engine (ME) and the AMD Platform Security Processor (PSP). Both serve effectively the same purpose; to ensure that the physical owner of the machine never has full control of said machine. These technologies, in turn, are used to implement various forms of remote control and Digital Rights Management (DRM) technologies..."

Apr 4 17:06:23 CEST 2016
Uncorrectable freedom and security issues on x86 platforms
http://mail.fsfeurope.org/pipermail/discussion/2016-April/010912.html

(Page 8) "...PLATFORM SECURITY PROCESSOR..."

UEFI_PlugFest_AMD_Security_and_Server_innovation_AMD_March_2013.pdf
http://www.uefi.org/sites/default/files/resources/UEFI_PlugFest_AMD_Security_and_Server_innovation_AMD_March_2013.pdf

AMD Secure Processor (Built-in technology)
https://www.amd.com/en-us/innovations/software-technologies/security

Petition · Advanced Micro Devices - AMD: Release the source code for the secure processor (PSP) · Change.org
https://www.change.org/p/advanced-micro-devices-amd-release-the-source-code-for-the-secure-processor-psp

UPDATE:

(No confirmation from AMD yet)

"With the latest AGESA update for Ryzen-based systems, AMD is reportedly allowing the Platform Security Processor (PSP) to be disabled. The AMD PSP akin to Intel's Management Engine..."

7 December 2017
AMD Reportedly Allows Disabling PSP Secure Processor With Latest AGESA - Phoronix
https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-Disable-Option

--

AFAIK the only auditable computing platform that isn't completely out-of-reach is this one:

Raptor Engineering::Talos™ II Secure Workstation
https://www.raptorcs.com/TALOSII/

The above workstation won't be running Windows.

Microsoft PowerPoint - HC28.POWER9-Thompto-IBM-final.pptx - HC28.23.921-.POWER9-Thompto-IBM-final.pdf
https://www.hotchips.org/wp-content/uploads/hc_archives/hc28/HC28.23-Tuesday-Epub/HC28.23.90-High-Perform-Epub/HC28.23.921-.POWER9-Thompto-IBM-final.pdf

Stability forms the keystone of true performance. Accept no substitute.

Never buy, update or ask anything until after you have done a search. Discovery is curiosity's reward.

Some use a PC to play fantasy games. Others use one to learn what real games are being played.

Help others to help you. Please post complete system specs. in your forum signature.

linuxmint-17.3-mate-64bit, 4.4.0-103-lowlatency | SABERTOOTH 990FX R2.0 (UEFI 2901, 2016/08/05), CSM-->UEFI and *Legacy OpROM (*allows for the custom partitioning of SSDs & HDDs that will also work intact with up-to-date Vishera-capable PC-BIOS-based motherboards), no 'Secure' Boot or HPET | IOMMU Enabled | FX-8370, amd64-microcode_3.20160316.3_amd64 | CLP0587 with 1 x Venturi HP-14 PWM | KVR16E11K4/32 | STRIX-GTX960-DC2OC-4GD5 (nVidia 384.98). Resume from S3 works correctly in all regards. Hibernate does not. | GL2450HM, DVIDDMM10, ARMUNONB | 220-G2-0850-XR | GH22LP20 (LightScribe), IDE100RND36, PEX2IDE | PEXMSATA3422 (Firmware: 2.3.0.1065) with 2 x SMS200S3/120G in RAID 0 and 2 x ST3000DM001 in RAID 0 | 1 x ST6000DM001 (SB950), 1 x ST6000DM001 (ASM1062) | S252BU33R (Firmware Version: 101.01.01.09) with 2 x ST2000LM003, JU-P40511-S1 (uPD720201), JU-H40711-S1 (VIA VL811+) | CM 690 II Advanced, HP-12 PWMs, HP-14 PWMs, FAN7X10TX3 | ST0026Z | Asus PCE-AC55BT (Intel 7260) PnP | Y-BF37 (Sleep key), SM50F76959

#5
Posted 11/22/2017 07:01 PM   
. Nice. .
.

Nice.


.

My Opinion is no more important or right than yours. But if your using the LATEST drivers, go back to the prior set.

Piss Poor tech support blame all issues on drivers and assumes that your an idiot. Find a set that you know worked and see if the problem exists still.

""Don't f with it if it ain't broken!""
Constantly updating drivers is a good way to F'up the whole system.

If the driver has an issue, don't be a fool, remove it.

Just because you can, does not mean you should.

#6
Posted 11/23/2017 01:34 AM   
[i]"...Most systems with Intel ME are impacted, but if in doubt, there is a new binary utility from Intel for both Windows and Linux to check your system's state..."[/i] 23 November 2017 Intel Releases Linux-Compatible Tool For Confirming ME Vulnerabilities - Phoronix [url]https://www.phoronix.com/scan.php?page=news_item&px=Intel-ME-Linux-Vuln-Checker[/url] -- Acer: Support Information Dell Client: Support Information Dell Server: Support Information Fujitsu: Support Information HPE Servers: Support Information Intel® NUC, Intel® Compute Stick, and Intel® Compute Card: Support Information Lenovo: Support Information Panasonic: Support Information Intel® Management Engine Critical Firmware Update (Intel SA-00086) [url]https://www.intel.com/content/www/us/en/support/articles/000025619/software.html[/url] -- An article whose included links supply more background: May 2, 2017 Intel AMT Vulnerability Shows Intel’s Management Engine Can Be Dangerous [url]http://www.tomshardware.com/news/intel-amt-vulnerability-me-dangerous,34300.html[/url]
"...Most systems with Intel ME are impacted, but if in doubt, there is a new binary utility from Intel for both Windows and Linux to check your system's state..."

23 November 2017
Intel Releases Linux-Compatible Tool For Confirming ME Vulnerabilities - Phoronix
https://www.phoronix.com/scan.php?page=news_item&px=Intel-ME-Linux-Vuln-Checker

--

Acer: Support Information
Dell Client: Support Information
Dell Server: Support Information
Fujitsu: Support Information
HPE Servers: Support Information
Intel® NUC, Intel® Compute Stick, and Intel® Compute Card: Support Information
Lenovo: Support Information
Panasonic: Support Information

Intel® Management Engine Critical Firmware Update (Intel SA-00086)
https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

--

An article whose included links supply more background:

May 2, 2017
Intel AMT Vulnerability Shows Intel’s Management Engine Can Be Dangerous
http://www.tomshardware.com/news/intel-amt-vulnerability-me-dangerous,34300.html

Stability forms the keystone of true performance. Accept no substitute.

Never buy, update or ask anything until after you have done a search. Discovery is curiosity's reward.

Some use a PC to play fantasy games. Others use one to learn what real games are being played.

Help others to help you. Please post complete system specs. in your forum signature.

linuxmint-17.3-mate-64bit, 4.4.0-103-lowlatency | SABERTOOTH 990FX R2.0 (UEFI 2901, 2016/08/05), CSM-->UEFI and *Legacy OpROM (*allows for the custom partitioning of SSDs & HDDs that will also work intact with up-to-date Vishera-capable PC-BIOS-based motherboards), no 'Secure' Boot or HPET | IOMMU Enabled | FX-8370, amd64-microcode_3.20160316.3_amd64 | CLP0587 with 1 x Venturi HP-14 PWM | KVR16E11K4/32 | STRIX-GTX960-DC2OC-4GD5 (nVidia 384.98). Resume from S3 works correctly in all regards. Hibernate does not. | GL2450HM, DVIDDMM10, ARMUNONB | 220-G2-0850-XR | GH22LP20 (LightScribe), IDE100RND36, PEX2IDE | PEXMSATA3422 (Firmware: 2.3.0.1065) with 2 x SMS200S3/120G in RAID 0 and 2 x ST3000DM001 in RAID 0 | 1 x ST6000DM001 (SB950), 1 x ST6000DM001 (ASM1062) | S252BU33R (Firmware Version: 101.01.01.09) with 2 x ST2000LM003, JU-P40511-S1 (uPD720201), JU-H40711-S1 (VIA VL811+) | CM 690 II Advanced, HP-12 PWMs, HP-14 PWMs, FAN7X10TX3 | ST0026Z | Asus PCE-AC55BT (Intel 7260) PnP | Y-BF37 (Sleep key), SM50F76959

#7
Posted 11/24/2017 01:30 AM   
[i]"...Various Intel representatives over the years took my words seriously, told me I was crazy, denied that the problem could exist, and even gave SemiAccurate rather farcical technical reasons why their position wasn’t wrong. Or dangerous... ...When Intel told us that a version of AMT could be used to bare metal image a dead machine over a cellular connection, we turned white. We explained to them why SemiAccurate thought this was a bad idea and they respectfully disagreed... ...This brings us to a very ugly point. Intel has put AMT and it’s variants into every device they make. Some you can’t see because it is fused off but off is a very strong term. There are several features that AMT provides that are present in consumer systems even though the ‘technology’ isn’t there. This is one of the arguments that SemiAccurate has had with Intel security personnel over the years, we have begged them to offer a SKU without the AMT hardware for just this very reason. Intel didn’t, the pressure to lock corporate customers in to their silicon was too high. With this exploit, every Intel box for 9+ years is now vulnerable because you couldn’t buy a box without it even if you wanted to other than a few older 4S servers..."[/i] May 1, 2017 Remote security exploit in all 2008+ Intel platforms - SemiAccurate [url]https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/[/url] Coming soon... How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine - Black Hat Europe 2017 | Briefings Schedule [url]https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668[/url]
"...Various Intel representatives over the years took my words seriously, told me I was crazy, denied that the problem could exist, and even gave SemiAccurate rather farcical technical reasons why their position wasn’t wrong. Or dangerous...

...When Intel told us that a version of AMT could be used to bare metal image a dead machine over a cellular connection, we turned white. We explained to them why SemiAccurate thought this was a bad idea and they respectfully disagreed...

...This brings us to a very ugly point. Intel has put AMT and it’s variants into every device they make. Some you can’t see because it is fused off but off is a very strong term. There are several features that AMT provides that are present in consumer systems even though the ‘technology’ isn’t there. This is one of the arguments that SemiAccurate has had with Intel security personnel over the years, we have begged them to offer a SKU without the AMT hardware for just this very reason. Intel didn’t, the pressure to lock corporate customers in to their silicon was too high.

With this exploit, every Intel box for 9+ years is now vulnerable because you couldn’t buy a box without it even if you wanted to other than a few older 4S servers..."


May 1, 2017
Remote security exploit in all 2008+ Intel platforms - SemiAccurate
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/

Coming soon...

How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine - Black Hat Europe 2017 | Briefings Schedule
https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668

Stability forms the keystone of true performance. Accept no substitute.

Never buy, update or ask anything until after you have done a search. Discovery is curiosity's reward.

Some use a PC to play fantasy games. Others use one to learn what real games are being played.

Help others to help you. Please post complete system specs. in your forum signature.

linuxmint-17.3-mate-64bit, 4.4.0-103-lowlatency | SABERTOOTH 990FX R2.0 (UEFI 2901, 2016/08/05), CSM-->UEFI and *Legacy OpROM (*allows for the custom partitioning of SSDs & HDDs that will also work intact with up-to-date Vishera-capable PC-BIOS-based motherboards), no 'Secure' Boot or HPET | IOMMU Enabled | FX-8370, amd64-microcode_3.20160316.3_amd64 | CLP0587 with 1 x Venturi HP-14 PWM | KVR16E11K4/32 | STRIX-GTX960-DC2OC-4GD5 (nVidia 384.98). Resume from S3 works correctly in all regards. Hibernate does not. | GL2450HM, DVIDDMM10, ARMUNONB | 220-G2-0850-XR | GH22LP20 (LightScribe), IDE100RND36, PEX2IDE | PEXMSATA3422 (Firmware: 2.3.0.1065) with 2 x SMS200S3/120G in RAID 0 and 2 x ST3000DM001 in RAID 0 | 1 x ST6000DM001 (SB950), 1 x ST6000DM001 (ASM1062) | S252BU33R (Firmware Version: 101.01.01.09) with 2 x ST2000LM003, JU-P40511-S1 (uPD720201), JU-H40711-S1 (VIA VL811+) | CM 690 II Advanced, HP-12 PWMs, HP-14 PWMs, FAN7X10TX3 | ST0026Z | Asus PCE-AC55BT (Intel 7260) PnP | Y-BF37 (Sleep key), SM50F76959

#8
Posted 11/29/2017 11:13 AM   
. Man is the NSA gonna be mad when someone fixes this. .
.

Man is the NSA gonna be mad when someone fixes this.


.

My Opinion is no more important or right than yours. But if your using the LATEST drivers, go back to the prior set.

Piss Poor tech support blame all issues on drivers and assumes that your an idiot. Find a set that you know worked and see if the problem exists still.

""Don't f with it if it ain't broken!""
Constantly updating drivers is a good way to F'up the whole system.

If the driver has an issue, don't be a fool, remove it.

Just because you can, does not mean you should.

#9
Posted 11/29/2017 01:33 PM   
lol
lol

Stability forms the keystone of true performance. Accept no substitute.

Never buy, update or ask anything until after you have done a search. Discovery is curiosity's reward.

Some use a PC to play fantasy games. Others use one to learn what real games are being played.

Help others to help you. Please post complete system specs. in your forum signature.

linuxmint-17.3-mate-64bit, 4.4.0-103-lowlatency | SABERTOOTH 990FX R2.0 (UEFI 2901, 2016/08/05), CSM-->UEFI and *Legacy OpROM (*allows for the custom partitioning of SSDs & HDDs that will also work intact with up-to-date Vishera-capable PC-BIOS-based motherboards), no 'Secure' Boot or HPET | IOMMU Enabled | FX-8370, amd64-microcode_3.20160316.3_amd64 | CLP0587 with 1 x Venturi HP-14 PWM | KVR16E11K4/32 | STRIX-GTX960-DC2OC-4GD5 (nVidia 384.98). Resume from S3 works correctly in all regards. Hibernate does not. | GL2450HM, DVIDDMM10, ARMUNONB | 220-G2-0850-XR | GH22LP20 (LightScribe), IDE100RND36, PEX2IDE | PEXMSATA3422 (Firmware: 2.3.0.1065) with 2 x SMS200S3/120G in RAID 0 and 2 x ST3000DM001 in RAID 0 | 1 x ST6000DM001 (SB950), 1 x ST6000DM001 (ASM1062) | S252BU33R (Firmware Version: 101.01.01.09) with 2 x ST2000LM003, JU-P40511-S1 (uPD720201), JU-H40711-S1 (VIA VL811+) | CM 690 II Advanced, HP-12 PWMs, HP-14 PWMs, FAN7X10TX3 | ST0026Z | Asus PCE-AC55BT (Intel 7260) PnP | Y-BF37 (Sleep key), SM50F76959

#10
Posted 11/29/2017 08:29 PM   
30 November 2017 System76 Will Begin Disabling Intel ME In Their Linux Laptops - Phoronix [url]https://www.phoronix.com/scan.php?page=news_item&px=System76-Disable-ME-Laptop[/url]
30 November 2017
System76 Will Begin Disabling Intel ME In Their Linux Laptops - Phoronix
https://www.phoronix.com/scan.php?page=news_item&px=System76-Disable-ME-Laptop

Stability forms the keystone of true performance. Accept no substitute.

Never buy, update or ask anything until after you have done a search. Discovery is curiosity's reward.

Some use a PC to play fantasy games. Others use one to learn what real games are being played.

Help others to help you. Please post complete system specs. in your forum signature.

linuxmint-17.3-mate-64bit, 4.4.0-103-lowlatency | SABERTOOTH 990FX R2.0 (UEFI 2901, 2016/08/05), CSM-->UEFI and *Legacy OpROM (*allows for the custom partitioning of SSDs & HDDs that will also work intact with up-to-date Vishera-capable PC-BIOS-based motherboards), no 'Secure' Boot or HPET | IOMMU Enabled | FX-8370, amd64-microcode_3.20160316.3_amd64 | CLP0587 with 1 x Venturi HP-14 PWM | KVR16E11K4/32 | STRIX-GTX960-DC2OC-4GD5 (nVidia 384.98). Resume from S3 works correctly in all regards. Hibernate does not. | GL2450HM, DVIDDMM10, ARMUNONB | 220-G2-0850-XR | GH22LP20 (LightScribe), IDE100RND36, PEX2IDE | PEXMSATA3422 (Firmware: 2.3.0.1065) with 2 x SMS200S3/120G in RAID 0 and 2 x ST3000DM001 in RAID 0 | 1 x ST6000DM001 (SB950), 1 x ST6000DM001 (ASM1062) | S252BU33R (Firmware Version: 101.01.01.09) with 2 x ST2000LM003, JU-P40511-S1 (uPD720201), JU-H40711-S1 (VIA VL811+) | CM 690 II Advanced, HP-12 PWMs, HP-14 PWMs, FAN7X10TX3 | ST0026Z | Asus PCE-AC55BT (Intel 7260) PnP | Y-BF37 (Sleep key), SM50F76959

#11
Posted 11/30/2017 09:18 PM   
Related: Security Researcher Christopher Domas explains and demonstrates the exploitable flaws in x86 code and the chips which run it. - GeForce Forums [url]https://forums.geforce.com/default/topic/1030417/pc-components/security-researcher-christopher-domas-explains-and-demonstrates-the-exploitable-flaws-in-x86-code-and-the-chips-which-run-it-/[/url]
Related:

Security Researcher Christopher Domas explains and demonstrates the exploitable flaws in x86 code and the chips which run it. - GeForce Forums
https://forums.geforce.com/default/topic/1030417/pc-components/security-researcher-christopher-domas-explains-and-demonstrates-the-exploitable-flaws-in-x86-code-and-the-chips-which-run-it-/

Stability forms the keystone of true performance. Accept no substitute.

Never buy, update or ask anything until after you have done a search. Discovery is curiosity's reward.

Some use a PC to play fantasy games. Others use one to learn what real games are being played.

Help others to help you. Please post complete system specs. in your forum signature.

linuxmint-17.3-mate-64bit, 4.4.0-103-lowlatency | SABERTOOTH 990FX R2.0 (UEFI 2901, 2016/08/05), CSM-->UEFI and *Legacy OpROM (*allows for the custom partitioning of SSDs & HDDs that will also work intact with up-to-date Vishera-capable PC-BIOS-based motherboards), no 'Secure' Boot or HPET | IOMMU Enabled | FX-8370, amd64-microcode_3.20160316.3_amd64 | CLP0587 with 1 x Venturi HP-14 PWM | KVR16E11K4/32 | STRIX-GTX960-DC2OC-4GD5 (nVidia 384.98). Resume from S3 works correctly in all regards. Hibernate does not. | GL2450HM, DVIDDMM10, ARMUNONB | 220-G2-0850-XR | GH22LP20 (LightScribe), IDE100RND36, PEX2IDE | PEXMSATA3422 (Firmware: 2.3.0.1065) with 2 x SMS200S3/120G in RAID 0 and 2 x ST3000DM001 in RAID 0 | 1 x ST6000DM001 (SB950), 1 x ST6000DM001 (ASM1062) | S252BU33R (Firmware Version: 101.01.01.09) with 2 x ST2000LM003, JU-P40511-S1 (uPD720201), JU-H40711-S1 (VIA VL811+) | CM 690 II Advanced, HP-12 PWMs, HP-14 PWMs, FAN7X10TX3 | ST0026Z | Asus PCE-AC55BT (Intel 7260) PnP | Y-BF37 (Sleep key), SM50F76959

#12
Posted 12/02/2017 10:03 PM   
12/02/2017 Dell also sells laptops with Intel Management Engine disabled - Liliputing [url]https://liliputing.com/2017/12/dell-also-sells-laptops-intel-management-engine-disabled.html[/url]
12/02/2017
Dell also sells laptops with Intel Management Engine disabled - Liliputing
https://liliputing.com/2017/12/dell-also-sells-laptops-intel-management-engine-disabled.html

Stability forms the keystone of true performance. Accept no substitute.

Never buy, update or ask anything until after you have done a search. Discovery is curiosity's reward.

Some use a PC to play fantasy games. Others use one to learn what real games are being played.

Help others to help you. Please post complete system specs. in your forum signature.

linuxmint-17.3-mate-64bit, 4.4.0-103-lowlatency | SABERTOOTH 990FX R2.0 (UEFI 2901, 2016/08/05), CSM-->UEFI and *Legacy OpROM (*allows for the custom partitioning of SSDs & HDDs that will also work intact with up-to-date Vishera-capable PC-BIOS-based motherboards), no 'Secure' Boot or HPET | IOMMU Enabled | FX-8370, amd64-microcode_3.20160316.3_amd64 | CLP0587 with 1 x Venturi HP-14 PWM | KVR16E11K4/32 | STRIX-GTX960-DC2OC-4GD5 (nVidia 384.98). Resume from S3 works correctly in all regards. Hibernate does not. | GL2450HM, DVIDDMM10, ARMUNONB | 220-G2-0850-XR | GH22LP20 (LightScribe), IDE100RND36, PEX2IDE | PEXMSATA3422 (Firmware: 2.3.0.1065) with 2 x SMS200S3/120G in RAID 0 and 2 x ST3000DM001 in RAID 0 | 1 x ST6000DM001 (SB950), 1 x ST6000DM001 (ASM1062) | S252BU33R (Firmware Version: 101.01.01.09) with 2 x ST2000LM003, JU-P40511-S1 (uPD720201), JU-H40711-S1 (VIA VL811+) | CM 690 II Advanced, HP-12 PWMs, HP-14 PWMs, FAN7X10TX3 | ST0026Z | Asus PCE-AC55BT (Intel 7260) PnP | Y-BF37 (Sleep key), SM50F76959

#13
Posted 12/07/2017 11:22 PM   
(Text quoted in near-full given this issue's importance. Check the article for relevant links.) [i]"As promised earlier, the researchers from the Russian security firm Positive Technologies have revealed how they managed to hack Intel’s Management Engine chip, running the MINIX OS, which has become famous overnight. At the BlackHat Europe conference in London, the researchers Mark Ermolov and Maxim Goryachy disclosed (PDF) stack buffer overflow bugs (CVE-2017-5705, CVE-2017-5706, CVE-2017-5707) in Intel ME 11. These could give an attacker “deep level access to most data and processes being run on the device,” and turn on the so-called ‘God Mode’ capabilities. The attacker can run unsigned code, take control of peripherals and components, or even compromise a turned-off computer, on the Intel-inside machines shipped since 2015. The machine would function as usual, without the user and the OS having any knowledge of what’s happening. Last month, Intel talked about the vulnerabilities in a security advisory and also released patches to fix them. But it would be the manufacturers who have the responsibilities to push those patches timely. According to the researchers, these security patches would become ineffective if an attacker with a write access to ME-region manages to downgrade the firmware of the Intel ME chip. He would be able to exploit the bugs. This could possibly expand the list of affected devices as Intel started putting ME chips way back in 2007. However, to get into a target machine, an attacker would require physical access, or he would have to steal the remote login credentials. For instance, if the target machine is a part of a corporate network managed by an IT admin. There isn’t any security software that could safeguard users from the vulnerability as the ME chip operates outside the reach of anti-malware tools, even the operating system. Thankfully, there are some PC manufacturers who are willing to pull the plug on the ME chip for their users..."[/i] December 8, 2017 Hackers Turn On "GOD MODE" To Hack Intel ME Chip #BlackHatEurope [url]https://fossbytes.com/intel-me-chip-god-mode-hack-black-hat-europe/[/url]
(Text quoted in near-full given this issue's importance. Check the article for relevant links.)

"As promised earlier, the researchers from the Russian security firm Positive Technologies have revealed how they managed to hack Intel’s Management Engine chip, running the MINIX OS, which has become famous overnight.

At the BlackHat Europe conference in London, the researchers Mark Ermolov and Maxim Goryachy disclosed (PDF) stack buffer overflow bugs (CVE-2017-5705, CVE-2017-5706, CVE-2017-5707) in Intel ME 11.

These could give an attacker “deep level access to most data and processes being run on the device,” and turn on the so-called ‘God Mode’ capabilities.

The attacker can run unsigned code, take control of peripherals and components, or even compromise a turned-off computer, on the Intel-inside machines shipped since 2015. The machine would function as usual, without the user and the OS having any knowledge of what’s happening.

Last month, Intel talked about the vulnerabilities in a security advisory and also released patches to fix them. But it would be the manufacturers who have the responsibilities to push those patches timely.

According to the researchers, these security patches would become ineffective if an attacker with a write access to ME-region manages to downgrade the firmware of the Intel ME chip. He would be able to exploit the bugs.

This could possibly expand the list of affected devices as Intel started putting ME chips way back in 2007. However, to get into a target machine, an attacker would require physical access, or he would have to steal the remote login credentials. For instance, if the target machine is a part of a corporate network managed by an IT admin.

There isn’t any security software that could safeguard users from the vulnerability as the ME chip operates outside the reach of anti-malware tools, even the operating system. Thankfully, there are some PC manufacturers who are willing to pull the plug on the ME chip for their users..."


December 8, 2017
Hackers Turn On "GOD MODE" To Hack Intel ME Chip #BlackHatEurope
https://fossbytes.com/intel-me-chip-god-mode-hack-black-hat-europe/

Stability forms the keystone of true performance. Accept no substitute.

Never buy, update or ask anything until after you have done a search. Discovery is curiosity's reward.

Some use a PC to play fantasy games. Others use one to learn what real games are being played.

Help others to help you. Please post complete system specs. in your forum signature.

linuxmint-17.3-mate-64bit, 4.4.0-103-lowlatency | SABERTOOTH 990FX R2.0 (UEFI 2901, 2016/08/05), CSM-->UEFI and *Legacy OpROM (*allows for the custom partitioning of SSDs & HDDs that will also work intact with up-to-date Vishera-capable PC-BIOS-based motherboards), no 'Secure' Boot or HPET | IOMMU Enabled | FX-8370, amd64-microcode_3.20160316.3_amd64 | CLP0587 with 1 x Venturi HP-14 PWM | KVR16E11K4/32 | STRIX-GTX960-DC2OC-4GD5 (nVidia 384.98). Resume from S3 works correctly in all regards. Hibernate does not. | GL2450HM, DVIDDMM10, ARMUNONB | 220-G2-0850-XR | GH22LP20 (LightScribe), IDE100RND36, PEX2IDE | PEXMSATA3422 (Firmware: 2.3.0.1065) with 2 x SMS200S3/120G in RAID 0 and 2 x ST3000DM001 in RAID 0 | 1 x ST6000DM001 (SB950), 1 x ST6000DM001 (ASM1062) | S252BU33R (Firmware Version: 101.01.01.09) with 2 x ST2000LM003, JU-P40511-S1 (uPD720201), JU-H40711-S1 (VIA VL811+) | CM 690 II Advanced, HP-12 PWMs, HP-14 PWMs, FAN7X10TX3 | ST0026Z | Asus PCE-AC55BT (Intel 7260) PnP | Y-BF37 (Sleep key), SM50F76959

#14
Posted 12/08/2017 12:19 PM   
Scroll To Top