Yes, I Know IT ! 🎓 is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Yes, I Know IT ! 🎓 @YesIKnowIT

The blogosphere suddenly became aware of the existence of Intel ME "spying at you" to paraphrase some catchy titles. If some authors seem to discover that technology, the truth is it is here for almost 10 years!

So, in order for you to make your own educated opinion, I tried to summarize the facts concerning Intel ME and the current state of the community knowledge about that technology.

itsfoss.com/fact-intel-minix-c



· Web · 40 · 30
@yesiknowit I first learned of Intel ME at the Manchester Free Software group about four years ago. When I bought my current laptop I was fully aware of how bad the situation was, but there wasn't really any alternative for the types of development I was expecting to do (like building OS images).

It does look like progress is being made though and perhaps in the near future it will be possible to disable ME. But I think this is going to be a cat and mouse game, and the next generation of hardware on-CPU backdoors - like the AMD ARM5 one - will be a lot harder to deal with.

@bob @YesIKnowIT
To end the cat and mouse game we should vote for open source hardware. A
Maybe was right.

@bob @YesIKnowIT
I wonder if someone has wiresharked the network traffic outside the box to see some shady ME related traffic?

@YesIKnowIT
This should also probably include info about me_cleaner and the HAP bit.

@thufir_hawat I didn't mention that in the article as there is still a slight risk of bricking your computer using me_cleaner.

But if you used it successfully, don't hesitate to share your own configuration!

@YesIKnowIT
Oh. I just thought that mentioning that would at least end it on a brighter note and make the reader feel less hopeless.

@YesIKnowIT Now at least we know what the "INTEL INSIDE" stood for: "INTELligence agency INSIDE your hardware"...

#IntelME

@YesIKnowIT @TheGibson

Then there's this from a while back...

Deep dive into Intel Management Engine disablement
puri.sm/posts/deep-dive-into-i

cc @Purism

@ulfur @Purism @YesIKnowIT was trained on this in 2007/08. Intel sponsored thing for our company. We saw the threat then and did not implement, actively disabled it on all new machines

@mdfrg @ulfur @Purism @YesIKnowIT

Bios level, and it wasn't truly disabled there. As with all security threats there were layers blocking it's communication, and we left it (not configured). This became less possible with later iterations of the product. But creative acling at each VLAN got the job done.

It was not easy.

@TheGibson @YesIKnowIT @Purism @ulfur
Will a mb work if we just fry the fucker? Or dosconnect manually? I know my worked with some chips destroyed after electric spike so it's not like all or none.

More importantly, are there any "safe" mobos on the market?

@mdfrg @ulfur @Purism @YesIKnowIT it was less "disabling" and more like a Nancy Kerrigan.

And people also forget about the processors embedded in every static storage device: SD cards, USB sticks, &c. From Bunnie Huang: "a full 32-bit ARM core is used as the controller between the FLASH device and the SD card interface" http://www.bunniestudios.com/blog/?p=898
An even better quote from Bunnie Huang: "every flash memory disk ships with a reasonably powerful microcontroller to run a custom set of disk abstraction algorithms" http://www.bunniestudios.com/blog/?p=3554 /cc @YesIKnowIT

@YesIKnowIT excellent summary. Thanks for writing this!

@YesIKnowIT
Well done, thank you for this insight!

@YesIKnowIT its availability and a use case of recovering crashed servers was an active selling point for many corporate grade Dell servers (and I expect a few others) about 10 years ago, although on the single big server my employers (a smaller business) could afford I have never managed to get it to work correctly anyway (and don't want to experiment on busy in production server so have shut off as much of it as I can)