Summary Of The Intel Managment Engine And Why You Should Care. -

Smaug's Smokey Hole

no corona
kiwifarms.net
Such as if it were part of an agreement with the NSA to build backdoors in to all CPUs sold commercially? Or they wouldn't have to actually build in the backdoors themselves, so they'd have deniability, but just include certain "features" that could be exploited remotely. The NSA could design their own exploits.
The NSA wouldn't design potentially necessary backdoors in non-Intel network gear though. The PRC is in charge of that and assuming collusion between those two is illuminati levels of paranoia.
 
  • Thunk-Provoking
Reactions: Dingo

AnOminous

Really?
True & Honest Fan
Retired Staff
kiwifarms.net
The NSA wouldn't design potentially necessary backdoors in non-Intel network gear though. The PRC is in charge of that and assuming collusion between those two is illuminati levels of paranoia.
You don't need to even touch the physical/network layer if you have access to all memory of all running processes.
 
  • Informative
Reactions: Dingo

AnOminous

Really?
True & Honest Fan
Retired Staff
kiwifarms.net
  • Like
Reactions: Dingo

Smaug's Smokey Hole

no corona
kiwifarms.net
You don't need to even touch the physical/network layer if you have access to all memory of all running processes.
That also means knowing where that memory is located at all times. Even if virtual address space is a non-concern it's not a fixed address to hook into and different operating systems, including different version of operating systems, will have differences in how their network stack is implemented, going lower than that and who knows how a particular piece of hardware works on the other side of the drivers abstraction layer.

If the NSA paid them a billion dollars in 2008 to implement it and allowed Intel to market it to their customers as a feature then it seems likely that they would also enable their customers to use that same feature if they installed a fiber optic NIC from another manufacturer.

There's no doubt agencies like NSA have an interest in it, but IME is IPMI in proprietary form.
 

AnOminous

Really?
True & Honest Fan
Retired Staff
kiwifarms.net
If the NSA paid them a billion dollars in 2008 to implement it and allowed Intel to market it to their customers as a feature then it seems likely that they would also enable their customers to use that same feature if they installed a fiber optic NIC from another manufacturer.
A vulnerability isn't automatically useful. The NSA didn't directly install some kind of password cracker into DES for instance, they just sneakily introduced weaknesses into it to increase its vulnerability to attacks that could be devised and improved at leisure. If you want to use these for years or decades into the future, you don't want some kind of smoking gun that explicitly turns the CPU into some kind of magic box for remote exploitation, because someone is going to find that eventually.
 
  • Agree
Reactions: 3119967d0c

Smaug's Smokey Hole

no corona
kiwifarms.net
A vulnerability isn't automatically useful. The NSA didn't directly install some kind of password cracker into DES for instance, they just sneakily introduced weaknesses into it to increase its vulnerability to attacks that could be devised and improved at leisure. If you want to use these for years or decades into the future, you don't want some kind of smoking gun that explicitly turns the CPU into some kind of magic box for remote exploitation, because someone is going to find that eventually.
But you suggested externally designed additions to the CPU by the NSA and I don't think that's possible with how sensitive the design process is. There's a reason why CPUs go over 4ghz and GPUs struggles at 2ghz.

Either way, I was talking about IME and the potential problems with using non-Intel NICs.
 

AnOminous

Really?
True & Honest Fan
Retired Staff
kiwifarms.net
But you suggested externally designed additions to the CPU by the NSA and I don't think that's possible with how sensitive the design process is. There's a reason why CPUs go over 4ghz and GPUs struggles at 2ghz.
I didn't suggest anything specific, although I suppose that could happen too. The NSA isn't chumps and they've been doing this forever. They'd just say whatever final product there is should include whatever. Or shouldn't do X that would make it more secure, like they did with DES.
 
  • Agree
Reactions: Dingo

Smaug's Smokey Hole

no corona
kiwifarms.net
I didn't suggest anything specific, although I suppose that could happen too. The NSA isn't chumps and they've been doing this forever. They'd just say whatever final product there is should include whatever. Or shouldn't do X that would make it more secure, like they did with DES.
But DES is software, and old, hardware is so different. A lot of the things in modern CPUs are still laid out by hand and it is finely tuned to the specific node/process used. Just to compare it with something, in GPUs that's not true and they have much lower clock speeds as a result. If the NSA designed a black block to bolt onto the design it would wreck the performance or even the manufacturing of the chip. Anything done would be done internally.

And like I said, IME is IPMI in a different form. I'm not defending IME but like IPMI it is useful and it is easier to make one chip with that feature implemented instead of designing a consumer/corporate line of identical CPUs with different silicon, if the north bridge hadn't moved in to the processor itself it would make sense though.
 

BrunoMattei

Vincent Dawn
True & Honest Fan
kiwifarms.net
The gist I get from skimming this thread is that unless you're an ultra paranoid tech-geek then someone somewhere is waiting to leak pictures of your butthole.
 
  • Thunk-Provoking
Reactions: Smaug's Smokey Hole
Tags
None