Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.misc > #12562

Re: Neutralize ME firmware on SandyBridge and IvyBridge platforms

From Sylvia Else <sylvia@not.at.this.address>
Newsgroups comp.misc
Subject Re: Neutralize ME firmware on SandyBridge and IvyBridge platforms
Date 2016-11-30 13:27 +1100
Message-ID <ea6rnoF962aU1@mid.individual.net> (permalink)
References <hkirRoa+3O6LLCz9+UEw1gy/@dont-email.me>

Show all headers | View raw

On 29/11/2016 10:27 PM, Rich wrote:
> http://hardenedlinux.org/firmware/2016/11/17/neutralize_ME_firmware_on_sandybridge_and_ivybridge.html
>
> Quoting from the URL above:
>
>     Author: persmule Mail: persmule@tya.email, persmule@gmail.com 00 ME:
>     Management Engine
>
>     First introduced in Intel's 965 Express Chipset Family, the Intel
>     Management Engine (ME) is a separate computing environment physically
>     located in the (G)MCH chip (for Core 2 family CPUs which is separate
>     from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which
>     is integrated with northbridge).
>
>     The ME consists of an individual processor core, code and data caches, a
>     timer, and a secure internal bus to which additional devices are
>     connected, including a cryptography engine, internal ROM and RAM, memory
>     controllers, and a direct memory access (DMA) engine to access the host
>     operating system's memory as well as to reserve a region of protected
>     external memory to supplement the ME's limited internal RAM. The ME also
>     has network access with its own MAC address through the Intel Gigabit
>     Ethernet Controller integrated in the southbridge (ICH or PCH).
>
>     The Intel Management Engine with its proprietary firmware has complete
>     access to and control over the PC: it can power on or shut down the PC,
>     read all open files, examine all running applications, track all keys
>     pressed and mouse movements, and even capture or display images on the
>     screen. And it has a network interface that is demonstrably insecure,
>     which can allow an attacker on the network to inject rootkits that
>     completely compromise the PC and can report to the attacker all
>     activities performed on the PC. It is a threat to freedom, security, and
>     privacy that can't be ignored.
>
>     ...
>

Unfortunately, as long as Intel want this stuff on their processors, 
there's going to be an arms race with those who don't. What works now 
won't work in the future.

Sylvia.

Back to comp.misc | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Neutralize ME firmware on SandyBridge and IvyBridge platforms Rich <rich@example.invalid> - 2016-11-29 11:27 +0000
  Re: Neutralize ME firmware on SandyBridge and IvyBridge platforms Sylvia Else <sylvia@not.at.this.address> - 2016-11-30 13:27 +1100
    Re: Neutralize ME firmware on SandyBridge and IvyBridge platforms arnold@skeeve.com (Aharon Robbins) - 2016-12-01 03:41 +0000
      Re: Neutralize ME firmware on SandyBridge and IvyBridge platforms Michael Black <et472@ncf.ca> - 2016-12-01 23:28 -0500
        Re: Neutralize ME firmware on SandyBridge and IvyBridge platforms arnold@skeeve.com (Aharon Robbins) - 2016-12-02 11:25 +0000
          Re: Neutralize ME firmware on SandyBridge and IvyBridge platforms Michael Black <et472@ncf.ca> - 2016-12-02 19:08 -0500

csiph-web