from the One-ring-to-bring-them-all-and-in-the-darkness-bind-them... dept.
From Damien Zammit, we have this fun little tidbit:
Recent Intel x86 processors implement a secret, powerful control mechanism that runs on a separate chip that no one is allowed to audit or examine. When these are eventually compromised, they'll expose all affected systems to nearly un-killable, undetectable rootkit attacks. I've made it my mission to open up this system and make free, open replacements, before it's too late.
The Intel Management Engine (ME) is a subsystem composed of a special 32-bit ARC microprocessor that's physically located inside the chipset. It is an extra general purpose computer running a firmware blob that is sold as a management system for big enterprise deployments.
When you purchase your system with a mainboard and Intel x86 CPU, you are also buying this hardware add-on: an extra computer that controls the main CPU. This extra computer runs completely out-of-band with the main x86 CPU meaning that it can function totally independently even when your main CPU is in a low power state like S3 (suspend).
On some chipsets, the firmware running on the ME implements a system called Intel's Active Management Technology (AMT). This is entirely transparent to the operating system, which means that this extra computer can do its job regardless of which operating system is installed and running on the main CPU.
The purpose of AMT is to provide a way to manage computers remotely (this is similar to an older system called "Intelligent Platform Management Interface" or IPMI, but more powerful). To achieve this task, the ME is capable of accessing any memory region without the main x86 CPU knowing about the existence of these accesses. It also runs a TCP/IP server on your network interface and packets entering and leaving your machine on certain ports bypass any firewall running on your system.
Yeah, and I'm sure they pinky-swear never to allow the NSA access to any computer via it. I'll be using AMD from now on, slower or not, thanks.
Related Stories
Chinese supercomputer is the world's fastest — and without using US chips.
China now has a greater share of the world's fastest supercomputers than the US.
We just got through discussing about how Intel's Hardware Rootkit is used for providing remote access services to interested third parties that may want to have some say as to what you use your machine for...
From the article:
The Sunway TaihuLight takes the top spot from previous record-holder Tianhe-2 (also located in China), and more than triples the latter's speed. The new number one is capable of performing some 93 quadrillion calculations per second (otherwise known as petaflops) and is roughly five times more powerful than the speediest US system, which is now ranked third worldwide.
[...] The previous fastest supercomputer, China's Tianhe-2, was built using US-made Intel processors. There were plans to upgrade the Tianhe-2's performance last year, but in April 2015 the US government placed an export ban on all high-performance computing chips to China.
So, while we were backloading our stuff with backdoors, the Chinese are leapfrogging us, and leave the United States government shaking the hand of executives who outsourced our technical jobs. Hope it was a good hand shake.
I am already finding a lot of datasheets for very interesting chips I use for my Arduino stuff... things like very high precision ADC's and DAC's - available in native Chinese. Most of the time an English translation ( Google translator quality ) is available. I am getting used to the idea that the new high tech is apt to require an understanding of Chinese to read it.
This is gonna be interesting to see how this plays out when China develops weaponry surpassing that controlled by the USA.
China's New Supercomputer Uses a 260-Core Chip
HPCWire received a report about Sunway TaihuLight, the world's new #1 supercomputer system on the June 2016 TOP500 list, in advance, and has some details about its architecture. The system uses the native/homegrown SW26010 "manycore" processor instead of Intel's similar Xeon Phi chips. Each SW26010 has 260 cores divided into four groups, with 64 compute cores and a single "management core" in each group. The chip reaches about 3 teraflops of peak floating point performance, and can access 8 GB [CORRECTION: 32 GB] of DDR3 memory. There are 40,960 of these chips, for a total of 10,649,600 cores (10,485,760 compute cores). The system's efficiency is around 6.05 gigaflops per Watt, over three times more efficient than the Tianhe-2 supercomputer. Although the TOP500 and Green500 lists are due to merge, the Green500 list has not been published yet. As for what the system will be used for:
Submitted via IRC for TheMightyBuzzard
Since the launch of AMD Ryzen, a small piece of hardware that handles basic memory initialization as well as many security functions has been the center of some controversy. Called the Platform Security Processor (the "PSP" for short) it is essentially an arm core with complete access to the entire system. Its actions can be considered "above root" level and are for the most part invisible to the OS. It is similar in this regard to Intel's Management Engine, but is in some ways even more powerful.
Why is this a bad thing? Well, let's play a theoretical. What happens if a bug is discovered in the PSP, and malware takes control of it? How would you remove it (Answer: you couldn't). How would you know you needed to remove it? (answer, unless it made itself obvious, you also wouldn't). This scenario is obviously not a good one, and is a concern for many who asked AMD to open-source the PSPs code for general community auditing.
Bit late to the reporting but we haven't covered it yet, so here it is. And I was so looking forward to a new desktop too. Guess this one will have to stay alive until ARM becomes a viable replacement.
Previous:
The Intel Management Engine, and How it Stops Screenshots
Intel x86 Considered Harmful
Of Intel's Hardware Rootkit
Intel Management Engine Partially Defeated
EFF: Intel's Management Engine is a Security Hazard
Malware uses Intel AMT feature to steal data, avoid firewalls
(Score: 5, Informative) by tonyPick on Monday June 20 2016, @10:24AM
See https://libreboot.org/faq/#amd, [libreboot.org] and specifically the "AMD Platform Security Processor (PSP)", which is the AMD equivalent of the AMT system.
More linkage on this topic....
http://hackaday.com/2016/01/22/the-trouble-with-intels-management-engine/ [hackaday.com]
https://www.fsf.org/blogs/community/active-management-technology [fsf.org]
(Score: 2, Insightful) by Anonymous Coward on Monday June 20 2016, @10:42AM
so. let's say I want to have a reasonable computer that does nothing of this sort. is there such a thing, or do I just need to make my own country and then make a factory there which is not under pressure by governments?
(Score: 3, Informative) by Anonymous Coward on Monday June 20 2016, @11:17AM
I believe this is one viable option. https://www.fsf.org/blogs/licensing/interested-in-a-powerful-free-software-friendly-workstation [fsf.org]
(Score: 2, Interesting) by Anonymous Coward on Monday June 20 2016, @01:49PM
Do we know for sure that IBM POWER 8 doesn't have an integrated privileged second processor, or is it just that we don't know it has one?
(Score: 2) by rleigh on Monday June 20 2016, @08:57PM
It does. It has an off-CPU "service processor" which is needed to monitor the system and bring up the POWER processor (POWER CPUs won't work without one).
http://unix.worldiswelcome.com/what-is-service-processor-and-how-to-access-it [worldiswelcome.com]
http://www.arbsol.com/marketing/POWER8_Facts_and_Features.PDF [arbsol.com]
As to whether they are used for anything nefarious, I guess it's possible but somewhat less likely. It's primarily for system management and monitoring. They are all running OpenFirmware.
I'm keeping my eye on things like https://www.raptorengineering.com/TALOS/prerelease.php [raptorengineering.com] (this claims to provide fully open firmware). It's a little pricey for me at the moment, but I'd be happy to go back to POWER for my next workstation so long as the graphics support is there. If I can run FreeBSD on it, so much the better, otherwise Linux would do.
(Score: 2) by captain normal on Monday June 20 2016, @04:22PM
Looks like pie-in-the-sky-someday to me. If...if enough people sign up and lay down enough cash, then they'll make the CPU.
When life isn't going right, go left.
(Score: 0) by Anonymous Coward on Monday June 20 2016, @08:43PM
They (Raptor Engineering) aren't making the CPUs, those are made by IBM. This project is for a mainboard. According to Richard Yao: "The number [of people needed to sign up] is 1500. I know because I have been talking to them about this since last year."
Personally I am super excited for Talos, and signed up. I'd love to see POWER back in the desktop space.
(Score: 2) by The Mighty Buzzard on Monday June 20 2016, @10:52AM
Well shit.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Monday June 20 2016, @03:26PM
Older processors are the key here. I believe the AM3 series of chips did not have this, and the Phenom 2 procs were pretty respectable, even today. They just dont sip the power.
(Score: 2) by bob_super on Monday June 20 2016, @05:36PM
ARM is british, so you can get a GCHQ rootkit (NSA-approved for .mil applications) in your binary blobs instead...
Or grab an FPGA board and run linux on microblaze. Enough power for nethack, but not for HD porn.
(Score: 4, Insightful) by LoRdTAW on Monday June 20 2016, @12:09PM
It would be nice if we didn't have to be treated like children but this is modern computing. I'd prefer if we had the ability to manage or disable this system but good luck getting the vendors to go down that road.
And a security processor that randomly reads memory, bypassing the MMU isn't a security processor. It's a security hole. I hope these systems are compromised, billions lost, and blows the lid off of this bullshit.
(Score: 4, Funny) by Anonymous Coward on Monday June 20 2016, @02:07PM
You know what this thing needs? Native systemd support.
(Score: 0) by Anonymous Coward on Monday June 20 2016, @12:09PM
What about Via?
The still make x86.
Could Royssia come the the rescue?
Elbrus can emulate x86.
(pls rus no backdoor)
(Score: 2) by fritsd on Monday June 20 2016, @01:34PM
That's what I thought too, but then hairyfeet came with a comment that only few of AMD's processors have this "feature".
I'll try to find the comment..
(Score: 0) by Anonymous Coward on Tuesday June 21 2016, @01:26AM
So the men in the dark suits already visited AMD, no surprise. And people wonder why the world does not trust the US or its tech... prepare for a lot of stinging (Over the Hedge) as others leapfrog. In the end, the end-users only have a choice which galactic empire their data will be owned by - US, CN, RU, other.. as each will always bake such things into their chips.
(Score: 2) by WizardFusion on Monday June 20 2016, @10:32AM
Isn't this just the same a an IP iLO or DELL iDRAC.? Fair enough, these aren't directly on the CPU, but they offer the same functionality. These both run closed source firmware blobs too.
(Score: 1) by pTamok on Monday June 20 2016, @10:54AM
When it is on the CPU die, there are fewer opportunities for hacking your way around it. It is not so easy to put a logic probe on the traces.
What is at issue here is that the person who buys the PC is not given the option of only allowing firmware they THEY approve of to run. You are in fact prevented from loading your own firmware.
As many point out, it is easily possible for a hardware switch to be built in that only allows firmware to be written if you have physical access to the PC. Both Intel and AMD have explicitly chosen NOT to implement this. By allowing the firmware to be written at any time, but requiring authentication against a key controlled only by them, it locks the person who bought the PC out from being able to run other firmware. If Intel or AMD have access to that PC via the Internet (or other means), they can write whatever firmware they like.
This is built in to the die.
Some may see some parallels with the printer driver issue that started RMS on his journey...http://www.oreilly.com/openbook/freedom/ch01.html
(Score: 2) by theluggage on Monday June 20 2016, @03:14PM
What is at issue here is that the person who buys the PC is not given the option of only allowing firmware they THEY approve of to run.
If Intel wanted to include a secret feature that let the NSA in to your computer, they'd put a secret feature in. Yeah the "lights out management" system (an idea which has been around for years) might be a good place to hide it, but there's 101 other proprietary firmware blobs to choose from.
(Score: 2) by sjames on Tuesday June 21 2016, @09:10AM
Most of those blobs are more restricted now than they used to be. At one time, a processor on a PCI card had the run of the system. Now, it is more or less firewalled to access only the memory the OS grants them access to.
(Score: 1, Funny) by Anonymous Coward on Monday June 20 2016, @06:42PM
Yeah, but can't I just jab a screwdriver in there and pop the chip out? I'm going to try it on my work computer - let you know how it goes tomorrow.
(Score: 2, Informative) by gnampff on Monday June 20 2016, @11:09AM
There is one big difference between them.
I can buy boards from other vendors than Dell or HP to not have that feature. I can choose not to install an additional card delivering this feature.
But I _cannot_ choose to buy an Intel CPU without that feature. And AMD has something comparable so more or less all x86 is infected with it.
And to make things worse lots of software is not usable on other architectures.
So for the short to medium term those of us that cannot live without the power and/or compatibility of x86 are pretty much fucked.
There is one thing left for the security conscious though. We can watch this thing closely with Wireshark and block it with pedantic firewall rules.
(Score: 4, Interesting) by The Mighty Buzzard on Monday June 20 2016, @11:37AM
Yeah but you gotta do that with a separate firewall box. Its traffic doesn't go through the networking stack of your OS, so you can't block it there; has to be an upstream firewall. Guess that's one good use for outdated machines.
My rights don't end where your fear begins.
(Score: 2) by RamiK on Monday June 20 2016, @03:17PM
Don't trust a firewall. Without the source of the firmware, you can't tell which protocols or packets to block. Either use a peripheral NIC to avoid the on-board one completely, or setup a VPN server and block everything else in the firewall.
Personally I like using the under 10$ USB3 gigabit dongles. Most have good linux support and the new ones even come with extra USB3 ports so you're not losing a port. Haven't noticed any overhead either.
compiling...
(Score: 2) by dingus on Tuesday June 21 2016, @09:27AM
The hard part would be getting access to the enterprise software that controls these things, so you can get it to send out some packets. Then you can intercept them via the controller machine and analyze them.
(Score: 0) by Anonymous Coward on Monday June 20 2016, @01:13PM
This is in the chipset, not the CPU itself. Very similar to iLO/IMM/DRAC/etc.
It does seem to be a lot of hyperventilating over features which have been integrated for a decade in some form or another, with a good portion of the features listed available since around ICH8 or 9 (2007ish?).
While it's excellent to be aware of an attack surface and explore ways to guard them, many of us already are, and you'll get nothing but eye rolling with this kind of media drama.
(Score: 2) by sjames on Tuesday June 21 2016, @09:05AM
The old school BMCs have much less ability to violate your system. At one time, they had a serial interface, a virtual USB hub, a virtiual reset and power button, and an independent network interface. If someone hacked it, they could get a serial interface or even a KVM like access to the console but they would still have to log in and have no more privilege that was assigned to the user they logged in as. They couldn't examine or modify RAM or in any way override OS controls on access.
The newer devices can read and write to main memory bypassing the CPU's page tables and can snoop on a physical keyboard.
(Score: 0) by Anonymous Coward on Monday June 20 2016, @10:48AM
I get why people are surprised by this, but I think these features are cool.
Hell, every server I look after has the same features. I wouldn't buy servers without drac/ilo.
All this news has made me want to look into this more. Maybe my work pc has this. If it does, it's not enabled. No mysterious ip addresses on the same vlan.
And speaking of vlans, you can set amt to use vlan tagging for its traffic. If you wanted you could just set this to a random vlan and forget it.
I'm probably going to turn this on if its there, and shove it on a vlan without public IPv6, and see what's possible.
(Score: 5, Insightful) by pTamok on Monday June 20 2016, @11:04AM
Remote management is great, useful, and cool. When YOU control it.
If you can't load modified firmware onto the hardware (you are locked out), but somebody else can (anyone with the supplier's signing key, or any other signing key that may or may not be in the hardware), how much control do you actually have?
(Score: 0) by Anonymous Coward on Tuesday June 21 2016, @02:00AM
Who says the end user doesn't control it? You? Some dumb fuck who read shit and is now spreading FUD?
Some douche read well known, public info on wikipedia, started posting about it to tech news web sites. And all of you idiots reacted and now claim the sky is falling.
Just because it's there doesn't mean the government already controls your computer. Hell, if you have it, and you have not locked it down, then you actually deserve to have your machine compromised. Like all those fucking retards who turned IPMI on, left it exposed to the internet, with a default password.
Honestly, this would be a problem if it was hidden, but the technical details are in plain view for anyone.
And like I said above, you can probably configure AMT onto a separate VLAN, which doesn't go anywhere, and the problem would most likely be solved.
(Score: 0) by Anonymous Coward on Tuesday June 21 2016, @09:41AM
Now whose the dumb fuck spreading nonsense?
Tell us how to turn it off then, this should be fun...
(Score: 5, Insightful) by DannyB on Monday June 20 2016, @01:48PM
It's like the government mandating that security cameras be installed into every private home.
But then some people come along and say it's not a big deal. In fact, it's very handy, because the government graciously allows the home owner to also make remote use of the cameras to look inside their own home.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 1, Insightful) by Anonymous Coward on Monday June 20 2016, @04:07PM
There are security cameras in every private home, and every private pocket. You paid for your phone yourself and the government didn't even have to mandate anything.
(Score: 3, Interesting) by DannyB on Monday June 20 2016, @04:26PM
You're right. And something else about that occurred to me in the last few weeks.
You once could remove the batteries from your phone. Not anymore.
Gee, I wonder why?
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 3, Interesting) by bob_super on Monday June 20 2016, @05:27PM
You're not paranoid enough: We're now allowed to use cell phones in airplanes... soon there won't be an "Airplane mode" way to allegedly disconnect from the world.
And your phone "always listening" is touted as a feature (because a push-to-talk button was obviously too expensive).
Sweet dreams, in your Faraday cage.
(Score: 0) by Anonymous Coward on Monday June 20 2016, @06:38PM
Note: airplane mode still allows one to make emergency calls, so it's not actually disabling the cell connection.
(Score: 2) by linuxrocks123 on Monday June 20 2016, @05:34PM
You can't remove the batteries from some phones because a recent fad is phones being as thin as possible, and the standard battery-phone interface was making that more difficult.
I can still remove the battery from my phone. I also have A PHYSICAL KEYBOARD! WHY WOULD ANYONE WANT A SUPER-POWERFUL COMMUNICATION-ORIENTED COMPUTER WITHOUT A DAMN KEYBOARD? I also have an SD card slot! YAY! My phone also has quadband GSM, and I think every UMTS/HSPA band there is, too, but I'm not sure. It's got a hell of a lot of them anyway.
It has Android 2.3, which isn't ideal, but, well, at least it was rootable. The phone was manufactured 2012-2013 -- they just used a then-ancient Android build for some reason. It's not a popular phone so the only upgrade path was random uploads to XDA Developers, and I decided not to risk it. Everything I use works with Android 2.3, and some things -- Google Maps Navigation in particular -- actually work better with Android 2.3. Knock on wood things keep working.
The biggest pain is no LTE, which is a bigger pain for me than most because they added LTE but not 3G where I live, so I'm stuck with EDGE. But I mostly need lots of data when traveling anyway, so not a big deal. EDGE works fine for navigation. Battery, well, it usually lasts the whole day but heavy use even for 30 minutes can change that. I haven't replaced the battery and have had it for 3 years now, so maybe I should do that soon.
It's a Huawei U8730. It's also called the T-Mobile myTouch Q 2, note the 2, but there's another phone with almost exactly the same branded name, so, if you want it, look for Huawei U8730. I bought it for a little over $100 in 2013; it's $40 or less now on eBay. If mine breaks, I may very well get another one.
(Score: 5, Insightful) by Runaway1956 on Monday June 20 2016, @11:26AM
http://www.theforbiddenknowledge.com/hardtruth/intel_microsoft_tracking.htm [theforbiddenknowledge.com]
Intel & Microsoft Are Tracking You Online
As Well As Your ISP
Whenever you turn on your computer, you are leaving a trail of your data information. This trail links you to documents, your tastes and web surfing habits, plus where you live and other information. Intel unveiled it's Pentium III chip which employees a Processor Serial Number ( PSN ). The encoded 96 bit number hard-wired chip traces any online communications to it's mother computer. The dreaded COOKIES on many web sights are embedded into your PC without your knowledge that can find out your password, name and web sights you have visited. Microsoft admitted that Windows 98 generates a fingerprint unique to identify you known as GUID. This GUID is generally hidden in Office 97 Word, Excel, and Power Point programs. What makes this most disturbing is every time you visit www.microsoft.com, this program scans your PC automatically and gathers information without your knowledge. It's not enough that Intel & Microsoft make billions in sales to it's customers, but even after they have dipped into your pocket they now have the technology to dip into your privacy and your PC without you even knowing it. A Web security guru named Richard Smith stated a web sight & your ISP has copy logs of everything you view, download, send via e-mail plus even talks in the various chat rooms you frequent. Your ISP in most cases will gladly hand over any information to law enforcement and not put up much of a fight. When two or five agents walk into a Internet Service Providers place of business and demand information of certain customers, even without a search warrant, that is pretty intimidating (that's why they get away with it) and the ISP will gladly work with them to avoid all the legal hassles. In One case in September 1999, Michael Rostoker, a San Jose engineer and patent attorney was arrested for trying to pay $150,000 to engage in sex with a 13 year old Vietnamese girl. Officials seized e-mail between Rostoker and the girl by serving a search warrant on Rostoker's e-mail provider, Hot Mail.
The e-mail, the affidavit states, shows that the two have engaged in sex on several occasions. Now my point is that what ever you send over the Net via e-mail, whether it is criminal or not, ( Including cyber sex) it is being recorded and accessed by legal or illegal means.
Most people are so naive when they surf the Internet or engage in IRC, Chat Rooms, Sending of e-mail or files to one another. John Catlett, president of Junk busters Corporation in Green Brook, NJ stated, " Many people feel that surfing the web is anonymous as watching television or reading the paper, it's more like wandering around a trade show and leaving your name tag on it for others to view. " The White House and many government agencies collect your internet address every time you visit one of their web sites with out your knowledge. They claim the collected data purpose is for catching hackers and terrorists, who then can be tracked to their ISP provider. This may be one purpose, but the main purpose is collecting and building a government profile on it's citizens. With a little persistence you can find out a person's identify and history within hours. Now their are many sites like http://www.anonymizer.com/that [anonymizer.com] can mask your identity, but Michael Lambert, a security expert stated, " If your not going to show me who you really are, then why should I let you surf or visit a certain web site? " Many web sites take the ISP address of these anonymous identity services and block out anyone who tries and enter their site.
(Score: 0) by Anonymous Coward on Monday June 20 2016, @06:18PM
They make the world safe for women and see men as bags of shit.
(Score: 3, Informative) by Runaway1956 on Monday June 20 2016, @11:32AM
http://courses.ischool.berkeley.edu/i224/s99/GroupG/psn_outline.html [berkeley.edu]
DebateTopic : Intel recently issued a new CPU (Pentium III) with a unique ID number that could be used for intellectual property protection, marketing, etc. The ID number can be configured to be visible or invisible to applications, including Web browsers.
Resolved : The chip should be shipped with the ID number visible as the default.
(Score: 0) by Anonymous Coward on Monday June 20 2016, @11:58AM
Is there a list somewhere of CPU models with this feature?
(Score: 2, Informative) by Anonymous Coward on Monday June 20 2016, @12:11PM
All of them in the last 8 years. The only thing "recent" about this is in the mind of the author, which knows jack shit about what he is talking about in the first place. Intel ME/AMT is available on all platforms that support Intel TXT since at least the Intel Core 2.
Same for AMD. The management sideband on the NIC exists since Centrino and even earlier, it is called "ASF", btw. It would sit idle when you didn't add a BMC, but...
(Score: 4, Informative) by TheRaven on Monday June 20 2016, @12:29PM
sudo mod me up
(Score: 1, Insightful) by Anonymous Coward on Monday June 20 2016, @12:37PM
It is a government mandated backdoor.
Same thing on AMD, and cellphones.
"Lawful intercept"
Don't like it: your only option is a revolution and torture of those involved.
(Brought to you by the same people who make sure girls are not brides!)
(Score: 2) by Azuma Hazuki on Monday June 20 2016, @08:13PM
Oh fuck, Mikee actually said something I agree with. This is it, fellas, the final sign of the apocalypse.
I am "that girl" your mother warned you about...
(Score: 5, Interesting) by pTamok on Monday June 20 2016, @01:03PM
You are correct in saying that the useful features of remote management are documented. If you are running a lot of servers and/or desktops, of course you would love the ability to remotely manage a PC, even when the primary O/S is not available.
However, that is not the point, and you are doing a nice piece of misdirection there. The issue is that you do not have control over the implementation of the remote management capability.
You do not know if Intel have shared their firmware signing key with the NSA. Or indeed, the NSA have exfiltrated the remote signing key without Intel knowing about it. Or if there are other signing keys.
And Intel have not provided a mechanism where you can load firmware that you have audited it yourself. Nor have they provided a mechanism whereby firmware writing could be under hardware control - by dip switch or jumper.
Don't get me wrong - of course remote management is useful. It is well known, and, as you say, well documented.
But the implementation works in such a way so as to make it very difficult to assure that your PC has not had a back door inserted. It breaks the principles of security management.
And finally, people are waking up to that.
(Score: -1, Flamebait) by Anonymous Coward on Monday June 20 2016, @01:26PM
He's a shill.
All communications equipment are required to have "lawful intercept" capabilities.
This is to catch pedos.
USA/Europe/UK are anti-man CUNT tries.
They are opposed to the God of Deuteronomy
Remeber: opposing men taking young female children as brides is a death sentence: (Dt 13:6 hebrew) (elohim means judges/rulers/gods/etc)
Men are permitted to rape2own female children: (Dt 22:28-29 hebrew)
Enticing others to follow something else is a death sentence: (Dt 13:6 hebrew)
That means it is our duty to kill the feminists / stormcucks / whiteknightnationalists in europe and other areas who oppose man+girl.
(Score: 0) by Anonymous Coward on Monday June 20 2016, @02:39PM
"I have the right to do anything," you say--but not everything is beneficial. - 1 Corinthians 6:12a
Also, no. Those were old testament laws for the Israelites that no longer apply.
(Score: -1, Troll) by Anonymous Coward on Monday June 20 2016, @05:09PM
>Also, no. Those were old testament laws for the Israelites that no longer apply.
For those who worship the God of Deuteronomy, they apply.
For people like yourself who have rejected the God of Deuteronomy and entice us to follow another judge/ruler/god the rule tat applies is for us to kill you where you stand.
Jesus is a "High priest in the order of Melchizedek": a worshiper of El (before "El" simply became an epithat).
Deuteronomy is the book of Law of He who commands armies.
El had an egalitarian wife/consort, Ashera.
The God of Deuteronomy smashed both, took "El" as an epathat, and ruled for a time.
Then your feminist Jesus tried to re-establish the priesthood of El and the position of women.
(Score: 0, Offtopic) by kurenai.tsubasa on Monday June 20 2016, @05:36PM
Wow. Please tell me that this somehow involves Atlantis? What was Lillith up to at the time?
(Please mod offtopic. I just have to know more about this conspiracy theory!)
(Score: 0) by Anonymous Coward on Monday June 20 2016, @06:42PM
In Deuteronomy the man is master / owner of the woman and men may rape young girls to own them.
(Dt 22, 28-29). The worst crime in the woman's world.
Deuteronomy is superior to New Testament
In one book you have the man on top. Even with girl children.
->Stone adulteress
->Man can have many brides
->'Married' Man screwing female not his, but not claimed by other man (ie: unmarried, unbetrothed) not adultery. Woman/girl has no claim on the man: only he has claim on the woman/girl
->Rape young girls (female children), ok, man pays father, keeps girl (pedophile rape, worst crime ever according to feminists (aka christians))
->Man is master of woman
In the other, bottom rail on top! (Ain't that shucks massa? Ha Ha!)
->Don't stone adulteress
->Man looking at a woman is "adultery" now
->Better a millstone (english translation, felt to be a condemnation of man+girl by americans and the english)
->Man dies for woman
->No male nor female, all one in christ, etc etc
(Score: 1) by kurenai.tsubasa on Monday June 20 2016, @11:18PM
So, is your position one of some kind of paganism? I notice gender binary and gender conflict seem to be underpinning this dichotomy between El/Jesus and this God of Deuteronomy. Would I be correct to interpret your belief system as a Wiccan system where El/Jesus represents the feminine Goddess and this Deuteronomy chap represents the male God?
Furthermore, are you implying that the world was created by the Goddess then?
At least please tell me you've read more than just Deuteronomy here. If you are what I suspect you are, please troll harder, because right now it looks like you're operating from a Dianist Wiccan framework and posting as you imagine the masculine to be at its core.
(Score: 0) by Anonymous Coward on Tuesday June 21 2016, @08:27AM
Previously the Canaanite pantheon included El as the high god and Ashera as his consort.
There was gender egalitarianism reflected here, to some degree.
When this religion was defeated, gender egalitarianism went out the window.
Man was now master.
This is the history, going backwards:
Hebrews (Deuteronomy) - Singular Worship male God. Rape of female child (yes read the hebrew) = man keeps her, pays father some money. Man can execute adulterous women. Man owns the woman (he is ba'al (master, owner) of the woman): it says it explicitly if you read the hebrew. No punishment for man who has sex with unmastered(unmarried) women not his wife. Can have asmany women as he pleases (including young girls - female children). All explicit in the hebrew for those who bother to read it.
Assyrians/Northerners - Pantheon, but male god (marduk) has taken the throne and killed the high goddess. Rape of female = father of female can rape your wife or daughter or have you marry the raped female.
Sumer and friends - Pantheon with Female godesses in equal power with man - Man who rapes a girl is executed. Man who has sex with with women not his wife is thrown out of the house without his posessions and exiled from the house. Woman who has sex with men not her husband while husband is at war is accepted back by the husband when he comes back. Matralineal decent
Around Sumer and Previous: women have multiple husbands.
So if you know history, then you know it is not "well yea, they had to keep property.. bla bla bla, wasn't for male domination". Men being able to rape female children and not suffer punishment but instead keep the girl was an _innovation_ ment to bring happiness and power to men. Just as the change from matralineal decent to patralineal decent, and the execution of anyone worshiping the old goddess cults, and the right of the man to execute a woman he _owns_ who has had sex with another.
It was for male domination (it was good).
---
Since the 1800s, however, england has dragged us back to the stone age and women again rule:
Today:
A man who has sex with women not the wife is ejected from the house, the woman keeps it etc (just like in sumer).
Women may have multiple partners, no punishment. (just like in sumer)
Men may NOT have female children as brides.
Men may NOT have multiple females.
Men may NOT rape female children.
Men were executed for rape of female children and unmastered women (England, America), though now it is "merely" forever in prison.
Boys do NOT inherit the property, instead whomever the woman marries gets 1/2 etc.
It's all back to near sumer level.
Martrachy.
Will men be granted an invasion from the north and again a strong Male War and Storm God to wash away the cunts and their supporters?
I only pray to He that such may be.
Living with no girl child to own is no living at all.
(Score: 0) by Anonymous Coward on Tuesday June 21 2016, @08:32AM
Previous to Deuteronomy, also previous to the Assyrians, the religion in the region was more egalitarian, and before that martrical with women respected and held high, and men more as dogs.
We have returned to that tradition in the west.
I would pray that the dogs would realize their position and rip to shreds their owners.
(Like the Assyrians and then Deuteronomist did)
(Score: 2) by Azuma Hazuki on Monday June 20 2016, @08:18PM
Kurenai, the person you're talking to is MikeeUSA, a.k.a. Mikhail Kvaratskhelia, a.k.a. FizzBuzz (when I found him on IRC). He's not usually this blatant about the religious roots of his insanity, but he seems to be a self-admitted lolicon and worse.
And he hates me to death: lesbian, feminist, egalitarian, anti-human-trafficking activist, defender of women and especially girls, and oh, I probably have a bigger dick than he does despite it being a clitoris :D
I am "that girl" your mother warned you about...
(Score: 1) by kurenai.tsubasa on Monday June 20 2016, @11:06PM
Fully aware, wouldn't have encouraged the AC if I didn't think it was him :)
Mental illness can be quite interesting when rationalized and reinforced with Bible passages, at least when it's not being an imminent threat to life, limb, and property which I assume he's not. So, MikeeUSA makes for an interesting study!
(Score: -1, Flamebait) by Anonymous Coward on Tuesday June 21 2016, @08:37AM
Don't know you, but yes, If I ran things you would be executed on the spot, and every single woman and man who was your ally.
---
Remeber: opposing men taking young female children as brides is a death sentence: (Dt 13:6 hebrew) (elohim means judges/rulers/gods/etc)
Men are permitted to rape2own female children: (Dt 22:28-29 hebrew)
Enticing others to follow something else is a death sentence: (Dt 13:6 hebrew)
That means it is our duty to kill the feminists / stormcucks / whiteknightnationalists in europe and other areas who oppose man+girl.
---
>Self admitted lolicon and worse.
When men ruled, men took female children as brides.
See: Deuteronomy (hebrew), or pre-cuntified USA:
>In the United States, as late as the 1880s most States set the minimum age at 10-12, (in Delaware it was 7 in 1895).[8] Inspired by the "Maiden Tribute" female reformers in the US initiated their own campaign[9] which petitioned legislators to raise the legal minimum age to at least 16, with the ultimate goal to raise the age to 18. The campaign was successful, with almost all states raising the minimum age to 16-18 years by 1920.
> I probably have a bigger dick than he does despite it being a clitoris :D
Last time women ruled it took thousands of years to finally overthrow and destroy their societies
(infact it took foreign invasion: The Assyrians did it)
That may be the case here again as smug cunts like you rule over males as if the males were dogs.
You have infiltrated all the western governments and constantly enact laws to disarm the male populance that isn't in service to you as law enforcement.
It will be very difficult to destroy your way of life.
I hope for a nuclear war; another invasion from the north (over the polar ice caps).
Two cuntified cunttries can destroy eachother. I pray.
And I pray you survive it for a time, just to be burned alive.
(Score: 1) by kurenai.tsubasa on Tuesday June 21 2016, @02:05PM
Ah, I see. Instead it's derpa derpa llama jihad.
Anyway. Thank you for your candor.
(Score: 0) by Anonymous Coward on Tuesday June 21 2016, @08:03PM
Deuteronomy predates Islam by a millenia.
(Score: 2) by Azuma Hazuki on Tuesday June 21 2016, @04:30PM
Hah. I'd love to see you try, Mikee. Every single time you reply to me you get more and more and more shrill, which just shows how completely petrified you are of me.
You're weak, and you hate it, so you want to use society's machinery to make yourself feel better at the expense of others. Well, tough titty; as long as I draw breath on my own two feet that's not happening. Fear the poonani! Fear it I say! Uwahahahahahaha~!
I am "that girl" your mother warned you about...
(Score: 0) by Anonymous Coward on Tuesday June 21 2016, @08:06PM
No idea who you are. You seem like a very self-important cunt however; like the majority of your species.
(Score: 3, Insightful) by Azuma Hazuki on Tuesday June 21 2016, @08:38PM
We're the same species, dipshit, much as I hate to admit that.
You owe all the men on this site an apology too; you assume they're all violent paedophiles like you are and that only fear of the law is keeping them from, in your ever-so-eloquent prose, "rape2own" behaviors. That's solipsistic as hell, not to mention incredibly insulting. You're saying the same thing fundie Muslims do: "men are animals, rape-beasts, dangerous bundles of Id."
Now i'll give you some credit for self-awareness there, but to assume every single member of almost half the world's population is as disgusting and evil as you? That's way beyond the pale.
I am "that girl" your mother warned you about...
(Score: 0) by Anonymous Coward on Wednesday June 22 2016, @10:54AM
>You're saying the same thing fundie Muslims do: "men are animals, rape-beasts, dangerous bundles of Id."
No, I am saying that the God of Deuteronomy wills men to be ba'al (master, owner) of the females.
And hence rape of female children is not wrong (Dt 22:28-29 hebrew), it is not "merely animalistic": it is the man taking his rightful position as owner. "Marital rape", of-course, also is not wrong. The man taking multiple females, including young female children, as his posessions is not wrong. Nor is beating a disobedient cunt, nor is executing an adulterous one. This is what should be done.
The ruler of a country is not, by definition, an "animal".
The ruler of a town is not by definition, an "animal".
Women would have it that the ruler of a girl child or any female is an "animal" however.
If only that were the case, if only men were animals such as a lion or a jaguar; cunts like you would meet the fate you are given in Deuteronomy: execution.(Dt 13:6 hebrew). Instead males are today (again as long ago in sumer) quite like an animal such as obedient dog.
What you are saying, however, is that the majority of males on this website acquiesce to the female version of what is right and good. Which is likely true because most techies, and most western males are faggots (that is: weak and useless, like an old woman). They should be executed along with you for their enticement to follow your woman's system of law and rulers, rather than that of Deuteronomy.
May you die, you fucking cunt.
(Score: 2) by Azuma Hazuki on Wednesday June 22 2016, @04:20PM
Thanks, I needed the laugh :)
Mikee...poor, poor Mikee. This world is Hell for you, isn't it? And that's where you're going when this is all over, along with your "God of Deuteronomy." Anyone who does the research can tell that guy either doesn't exist or is some kind of evil spirit, which makes you anything from deluded to demoniac.
In any case, you're not going to get fear or even anger from me; no, you just get a combination of amusement and pity. The more you post, the more everyone can see what kind of pathetic, half-developed walking abortion of a man you are. And of course, I don't doubt someone else besides me is screenshotting everything you say and may or may not be trying to see if you're employed and by whom, the better to send them said screenshots...
I am "that girl" your mother warned you about...
(Score: 0) by Anonymous Coward on Thursday June 23 2016, @08:42AM
It is a woman's world, England and America made it that way.
The world is safe for democracy (the rule of the majority; the rule of women)
I would much rather burn in hell with the God of the book of Deuteronomy than be anywhere near the heaven of the god that women have enthroned.
I will know who to blaim.
Those who entice others to follow a god/ruler/judge other than that of Deuteronomy, the punishment demanded to be meted out by any who happen to be witness, is well know.
(Score: 2) by Azuma Hazuki on Thursday June 23 2016, @04:24PM
I'm actually curious: what makes you think Deuteronomy has any power? No, don't say "but it SHOULD." What would have made it have ANY power, EVER? Yahweh isn't real, and even if he were. no civilized group of people would follow that insanity. Not to mention, according to Judges 1:19 the "God of Deuteronomy" would be stopped cold by a single M1-Abrams tank :)
This is actually kind of interesting; your mind very obviously does not flow along normal contours. I'd love to try and trace the chain of logic here.
I am "that girl" your mother warned you about...
(Score: 0) by Anonymous Coward on Saturday June 25 2016, @07:39AM
It speaks to the heart of Men.
(Score: 2) by Azuma Hazuki on Saturday June 25 2016, @03:08PM
So because you like something it's true? LOL, fucking wow. And since when were you a man, capital letter or not, anyway? You're a weak, angry, frightened little boy who's fixated on little girls 'cause you're too weak to handle actual women.
I am "that girl" your mother warned you about...
(Score: 0) by Anonymous Coward on Saturday June 25 2016, @10:59PM
How does one make a law "true"?
By following it and by killing those opposed.
As for your other questions.
I've had two prayer answered when I prayed directly to the War God of Deuteronomy, in the knowledge that he was and is the war God of the ancient state.
A very specific prayer came true in nearly the same very specific way (about a month after the prayer was given), and it wasn't for anything "good". It was for the death of a particular feminist somewhere in the world by way of a motorcycle assasination, and for her brother's legs to be shot up as a warning to him. but for him not to be killed: only the woman to be killed. In the prayer a Mac-10 was mentioned, in reality an AK was used. Everything else was the same: motorcycle attack, killing of the woman, shooting of the brother who was driving her to work as a police officer in the legs.
Another less specific prayer, but with a desired result, also was answered a week after it was given, with a result that fixed the problem. Again not for anything "good".
I do not often pray specifically to the God of Deuteronomy, as he asks in his law system for people not to say his name in vain. For daily prayers it is just to "God".
I like young girls for their capacity to be young girls rather than old women.
It is not surprising your quips about men vs males etc, but makes no difference to me as I care about the hebrew, not english corruption (a culture and thus a language ruled by women). I am very happy when your kind is killed, I have prayed for such things, such things have happened, I am very grateful for the Men who carry out such operations: they do the work of the greatest God, and hopefully will again put your civilization type back under the dirt.
(Score: 2) by Azuma Hazuki on Sunday June 26 2016, @04:12AM
You idiot, you're praying to a demon! Do you actually think that Yahweh bastard is anything approaching God?!
You may be hosting one of more of these entities yourself; if you ask me it explains a hell of a lot about you. At this rate you're gonna die infested with evil peoples' shades, as that is what demons are. You've turned yourself into a giant flaming beacon for the evil dead to latch onto and exert their influence. Oh, jeez, you complete moron...get yourself to a competent medium and get these bastards out of your etheric field, for the love of fuck. If this is actually the case you may be the single worst case of entity attachment I've ever seen...
I am "that girl" your mother warned you about...
(Score: 0) by Anonymous Coward on Monday June 27 2016, @01:32PM
>You idiot, you're praying to a demon! Do you actually think that Yahweh bastard is anything approaching God?!
If the God of Deuteronomy, YHWH, is a demon, then still I gladly pray to him.
I agree with what is written in his law. I agree with men having female children as brides, with men raping female children and simply keeping them and paying the father the bride price.
(That is: I agree with the God of Deuteronomy's opinion on the worst crime in america/UK/Australlia/Canada/europe/any-white-country: pedophile rape of a female child. It is no crime. The man keeps the cute girl, as a person over whom he is master, for the rest of his and her life)
I agree with the notion that the man is 'ba'al' of the female: that is he is the master. He is not simply "man" or "male" as you christians/english and others demand.
I agree that those who entice us to follow some other ruler/judge/god/etc than that of Deuteronomy should be killed.
I am not a gnostic like most christians today are.
>god
In hebrew, the word used for "god" is elohim.
Which means ruler/judge/gods/angels etc
The meaning is one who has power.
If a "demon" is ruling, in hebrew there is no difference from a god.
Demons are a christian invention.
As I said before, even if YHWH was a demon, currently consigned to hell, I would follow him there, and would wish for his eventual return to the throne.
Barring that, at-least a Reconquista of earth.
>You may be hosting one of more of these entities yourself; if you ask me it explains a hell of a lot about you. At this rate you're gonna die infested with evil peoples' shades, as that is what demons are. You've turned yourself into a giant flaming beacon for the evil dead to latch onto and exert their influence. Oh, jeez, you complete moron...get yourself to a competent medium and get these bastards out of your etheric field, for the love of fuck. If this is actually the case you may be the single worst case of entity attachment I've ever seen...
This is the worst case of insanity I've ever read. The only ether that exists is ethernet.
The fact of the matter is men like: engineering, weapons, books, schematics, cute young girls. Inherently. That is men inherently drawn to wield power.
A cunt wouldn't understand, except when she's torturing her previous "male" with prison for the non-payment of child-support.
I am very glad those two prayers I mentioned were answered. I was surprised that they were answered. I was astounded as to the quickness of one and the meticulousness of the other: down to everything except for the choice of weapon; it was all the same. I celebrated.
Furthermore if women who are "mediums" all oppose men having female children and men being the master, then I agree with the opinion registered of old that they should all be killed (I'm sure you know the chapter and verse).
Marry female children.
Kill feminist.
(Score: 2) by Azuma Hazuki on Monday June 27 2016, @04:57PM
Hey, dumbass, your "elohim" could be stopped cold by an M1-Abrams tank according to Judges 1:19.
I am "that girl" your mother warned you about...
(Score: 0) by Anonymous Coward on Tuesday June 28 2016, @12:23PM
Sorry, Judges is outside of Deuteronomy, and thus not a book of Law that I am interested in.
Instead it is a story book.
Furthermore I do not chase whomever appears to be the victor at any particular time. I like the God of Deuteronomy because I agree with the laws existent in Deuteronomy, as read in the hebrew. Whether they are ascendant or have been cast down, it does not change. Wherever the God of Deuteronomy is, that is fine. I believe, as stated in Deuteronomy, that people such as yourself who entice us to follow another power, that people such as yourself should be killed. I believe, as stated in Deuteronomy, that if a man rapes a female child who has not been given away to a man yet, that he simply keep that female child as a female of his, pays her father the stated price in currency, and keeps the girl thereafter. I agree with that response to the pedophillic rape of an innocent young girl: that the man who has raped that female child keeps her. I agree that anyone who entices us to follow something other should be killed on the spot. I would be happy if every person like yourself, including yourself, was physically cut down in a painful execution: that is by a sword: that is you limbs chopped off in furtherance of your death as you try to shield yourselves from the blows. I believe that is how they did it then.
It is true that currently, your cuntry, the cuntry that makes the world safe for women, has bombed, invaded, and killed every pro-marry-female-children man-as-master culture nearly out of existence.
I wonder, however, the men who run these machines, and who maintain and design them, why do they do it for a civilization that hates them, denys them what is good, and would happily put them in prison as a thanks for all their years of service after one act of defiance to the pro-female-ascendancy creed of your amalgam of peoples.
I know that, were I myself in any position to do so, I would betray you, woman, the very second I could be assured that much damage would be done and the tide could start to flow in the opposite direction.
Men should have female children as brides.
Men should be free to rape ungiven young girls and keep them.
Man should be master, and the female a slave of his.
I hope that day comes anew and that you are killed.
--
Also the fact that my opensource software project has reached release 90 and has over 100 weapons suggests against your notion that I am a "dumbass".
What have you done for software-libre lately, cunt?
(Score: 2) by Azuma Hazuki on Tuesday June 28 2016, @05:19PM
You really want me dead so badly? Shut your fucking yap and come find me and do it then. Your proxying isn't as foolproof as you think; it's not hard to figure out where you're posting from. Imagine what your boss would think if he sees all this crap you're spewing!
That assumes you're employed of course; I wouldn't be surprised if you're another worthless drain on society living off the dole.
I am "that girl" your mother warned you about...
(Score: 0) by Anonymous Coward on Tuesday June 28 2016, @06:58PM
>You really want me dead so badly? Shut your fucking yap and come find me and do it then.
I have no idea who you are. I want you and people who are like you to be dead (those who entice us to follow something other than Deuteronomy: that is; those who are against men keeping female children whom they have raped as brides, those who are against the man as ba'al (master) of the female). One without the other would be pointless.
>Your proxying isn't as foolproof as you think; it's not hard to figure out where you're posting from. Imagine what your boss would think if he sees all this crap you're spewing!
There is this statement.
>That assumes you're employed of course; I wouldn't be surprised if you're another worthless drain on society living off the dole.
And then there is this statement.
Wouldn't you know, if it were so easy?
You also didn't answer my question about your "dumbass" quip:
--
Also the fact that my opensource software project has reached release 90 and has over 100 weapons suggests against your notion that I am a "dumbass".
What have you done for software-libre lately, cunt?
(Score: 2) by TheRaven on Monday June 20 2016, @03:11PM
If you're running an x86 chip, then worth worrying about this shows remarkable misplaced priorities. The x86 instruction set includes a large number of instructions that are too complex to implement as pure hardware (along with some other features, such as transactional memory). These are implemented in microcode. You can update the microcode yourself, however the microcode (effectively firmware) is machine code for an instruction set that (unlike the ARC32 that TFA gets worked up about) is completely undocumented outside of Intel and changes between revisions. This means that, whereas you could disassemble the ARC32 code and figure out what it is doing, it is basically impossible for anyone outside of Intel to know what the microcode is doing.
If you look at the errata sheet for any recent generation of Intel chip, you'll see over a hundred known bugs in the microcode (most patched, some worked around by disabling features), many of which are security critical. I recall several microcode bugs that have allowed unprivileged code to overwrite kernel-owned memory that happens to be in the cache (including one in Haswell). If, hypothetically, Intel were to provide the NSA with access to the details of some of these vulnerabilities, then it would be fairly simple for them to write attacks that could run in the browser and gain full kernel privilege.
But, by all means, get worked up about the simple processor with a well-documented ISA that can turn on and off the black box on your desk.
sudo mod me up
(Score: 2, Informative) by pTamok on Monday June 20 2016, @05:33PM
You are doing a remarkably good job of misdirection here.
Yes, there are microcode bugs, and yes, the microcode is updateable too.
1) The bugs will vary across processors, making the vulnerability different from processor to processor, unlike this one-size-fits-all solution. Of course, the NSA could well have a stockpile of vulnerabilities for all the different processors out there.
2) The fact that the same issue affect microcode as well means that really, people should also be looking at the microcode update mechanism as well. The fact there is another problem vulnerability that is potentially just as bad does not warrant ignoring the first vulnerability. Two wrongs do not make a right. It even points up that more work should be being done on formally verifiable hardware under owner control.
I am well aware of the capabilities of microcode update. I worked with someone who rewrote VAX microcode to enable faster processing of geological data for oil drilling. The ability to rewrite microcode is very powerful. It is reasonable that updating the microcode should be capable of being under the control of the person who bought the hardware, just as remote management should be.
(Score: 1) by cpghost on Monday June 20 2016, @07:25PM
Very insightful comments here... one can see that you do have a sense of what security is all about.
Just to add one thing: suppose you have to deploy Intel-based hardware in a security-sensitive environment. It doesn't matter what kind of environment it is (governmental, R&D, healthcare, utilities, ...), all kinds of remote management to the hardware must be cut off. Currently, with wireless capabilities of the chips, you need to implement TEMPEST-level isolation just to be somewhat safe. Even if you put your sensitive hardware deep inside your premises, radio waves travel far, and can be inadvertently relayed by repeaters, so be careful.
The best way to prevent all those kinds of headaches is to really avoid cutting-edge x86 architecture altogether, and stick to either older x86 hardware, non-x86 hardware, or go with newer ARM cores that you have (had) audited yourself. And don't forget non-CPU hardware too that may have been especially TAO-ed for you by NSA & Co.
Cordula's Web. http://www.cordula.ws/
(Score: 0) by Anonymous Coward on Thursday June 23 2016, @08:34AM
Why does no one execute the people that put in these backdoors?
Do they not deserve to be killed?
(Score: 2) by Phoenix666 on Monday June 20 2016, @02:48PM
OK, nothing to worry about then. Especially since the government just gave itself the right to remotely own any computer whenever it wants.
Washington DC delenda est.
(Score: 2) by DannyB on Monday June 20 2016, @02:49PM
Remote management may be useful. It also may be useful for the government to mandate that every private home has internet security cameras installed that run secret firmware; and then the government graciously allows the home owner to make use of those cameras to remotely monitor their own home. Useful? May be. But that doesn't make it a GOOD thing.
It's not secret
Two things. First, something that is not generally well known to the general population, is of huge public interest, and then suddenly explodes into the press, might as well have been a secret. The fact that it was obscurely documented is irrelevant. The fact that a lot of people passionately interested in technology did not know about this should say something about just how secret this is. Some of these are people who follow every tiny announcement and development of motherboards, processors, etc and yet did not know about this non-secret secret.
Second, even if it were widely published, having well known mandated internet security cameras to be installed in every home doesn't make it a GOOD thing even if it isn't a secret. In Orwell's 1984, the Telescreens weren't a secret either.
These non-secret engines of invasion, running secret undocumented firmware cannot be a good thing. If it were good for you and something you would want, it would have been widely advertised, loudly. The fact that it was published in an obscure way doesn't mean it wasn't really a secret.
“But look, you found the notice, didn’t you?” “Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: -1, Troll) by Anonymous Coward on Monday June 20 2016, @12:34PM
WHEN YOUR OWN PROCESSOR HAS YOU CUCKED!!!
PREP THAT BULL!
(Score: 0) by Anonymous Coward on Monday June 20 2016, @01:53PM
But surely they will be blocked by a firewall running on another system? So just make sure your firewall doesn't run on Intel chips, and you should be fine, right?
(Score: 0) by Anonymous Coward on Monday June 20 2016, @02:37PM
Don't most routers have the firewall turned on? Mine does, you can even watch what IP addresses are being accessed from lan computers.
(Score: 3, Interesting) by DannyB on Monday June 20 2016, @03:14PM
Do you suppose they might have very well considered how to exfiltrate data to the mother ship, and also to receive new instructions from the overlords? Do you really think your firewall will stop them?
Maybe you can communicate very slowly by manipulating unusual features of ordinary TCP/IP packets that flow in and out through your firewall? TCP/IP seems to allow for 'extensions' as I recall. And has various option bits.
Incoming TCP/IP packet sequence numbers within a single connection could be manipulated. There are probably other ways to talk to these hidden computers within your processor without your firewall being aware of it. Especially if the one communicating with this hidden processor has vast resources and the ability to control your network connection from just outside your firewall, like maybe at your ISP.
If they can manipulate your very microprocessor like this, how do you know that they don't already have control of your firewall? Or at least, most people's firewall.
Here's another plan. Suppose this hidden processor notices that you connect to Soylent every day. So at times when you're not using your computer, it also initiates what looks like an ordinary HTTPS connection to Soylent, let's say, while you're asleep. Your custom made, carefully controlled firewall, probably has Soylent whitelisted. So it passes this connection normally. But suppose there is something recognizable about the connection, indicating it should be intercepted before it ever reaches Soylent? Now this hidden processor can secretly communicate with the mother ship at night.
But my HTTPS connection to Soylent is over SSL you protest!
We've already heard about horrible compromises of the Certificate Authority systems for MitM attacks in recent years. DigiNotar. TrustWave. Root signing certificates being issued to supposed 'firewall' companies so that their firewall could intercept and successfully MitM all SSL traffic at the border?
Well, now the microprocessor is compromised! In every SSL server! Could it recognize that you're running a particular implementation of SSL? (How many are there?) Recognize it by a unique sequence of x86 instructions it executes? Steal the private signing key for the domain certificate. Exfiltrate it to the mother ship. Now all traffic to that server can be MitM'ed without anyone being the wiser. No more need to compromise the CA system.
If you had control of a secret microprocessor within everyone's processor, what could you do? Let your imagination run wild? And the fact that this all runs secret firmware should tell you plenty.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 1) by pTamok on Monday June 20 2016, @03:15PM
It also runs a TCP/IP server on your network interface and packets entering and leaving your machine on certain ports bypass any firewall running on your system.
But surely they will be blocked by a firewall running on another system? So just make sure your firewall doesn't run on Intel chips, and you should be fine, right?
You are right: but you had better make sure that firewall is under your control. If you ever move the PC so that, for example, it uses a public Wi-Fi network; or your PC uses a cellphone modem+SIM to provide mobile data service, then traffic is not going though the firewall controlled by you. Oops.
And why should you need a firewall in the first place? Why isn't there a hardware jumper to disable firmware writing; and why can't you load your own firmware?
(Score: 2, Insightful) by DannyB on Monday June 20 2016, @03:23PM
Just turn your computer off.
That won't help you either. This secret processor running secret firmware still has power when your computer is turned off. It could still access the network. It may be able to power up your computer to a various extent. I'm a software guy and don't know much about motherboards, but could something that could control all of the pins of your Intel chip be able to power up the motherboard without starting the fan? Maybe not even starting the hard drive? For a very brief period? Or maybe just power it up to the extent that it can access the ethernet port, use the camera and microphone? Maybe WiFi hardware that can connect to a parked van on the street?
Don't say this is paranoid. No matter what kind of paranoid idea I come up with in the last ten years, reality always has proven that it is already worse than I thought. How many years again has this secret processor been inside our processors?
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 1) by kurenai.tsubasa on Monday June 20 2016, @06:31PM
And here I thought I was just reducing my power consumption by a tad with my habit of turning off my computer's power strip at night, when I was actually protecting myself from the lizard people!
Kidding aside, computers for a while now have had various wake features such as wake on lan or wake on timer from "powered off." I'm not a hardware person either, but that means that some part of the mobo is already powered after you've "power off" your computer, no? At any rate, one thing that comes up when looking for advice to minimize power consumption is that pretty much every device is never really "off" these days as long as it's plugged in. Hence, turning the power strip off is the only way to completely prevent a device from sipping on power.
My phone doesn't have a fan and is quite capable. I'm thinking what you've listed for the most part are valid concerns. I want to say they're far-fetched but as you've observed, all the crazy conspiracy ideas that were tossed around 10 years ago turned out not to be that crazy after all.
Something I could see as feasible. Given an on-board ethernet port, I suppose this thing could turn on, establish an ethernet link without turning the computer's link light on, do a very basic DHCP request to get an address, and begin executing a program designed to read from some secret ram where it's been storing juicy details and send the details down the pipe but with the "evil bit" set before deactivating. The switch might also detect the "evil bit" and fail to turn on its own link light. Or maybe it negotiates that with an evil frame or something.
Better check the dnsmasq logs.
I suppose it could use a protocol other than IP. Imagine that the chip is looking for DHCP responses (or v6 router advertisements). When it gets one, it stores the MAC address of the next hop along with which interface. When the home router DHCPs up to the cable modem, it stores the cable modem's MAC address along with which interface is the next hop. Then the desktop computer, when its secret chip activates, could send the snooped info to which ever MAC address it logged as being its DHCP/IPv6 router upstream. Then the router turns around and does the same thing.
From there, the ISP could take over getting the info to the lizard people.
(Score: 0) by Anonymous Coward on Tuesday June 21 2016, @01:32AM
With Intel - supposedly since 2006 (Core 2 Duo), with AMD - supposedly since 2013.
(Score: 0) by Anonymous Coward on Monday June 20 2016, @05:01PM
Linus knew security patches like that were futile!
Securi-boos Bitched The Fuck OUT!!!!
AHHAHAHAH!
(Score: 0) by Anonymous Coward on Monday June 20 2016, @05:58PM
would it be feeding a troll to point out how i would like to hack you up with a machete?
(Score: 0) by Anonymous Coward on Tuesday June 21 2016, @08:24AM
Why do you want to hack with machete?
(Score: 3, Interesting) by Rich on Monday June 20 2016, @05:43PM
Can the AMT be triggered by network traffic on the chipset alone? And if so, are there default triggers? Otherwise it'd hardly make a difference whether they intrude into AMT or just own you via BIOS/SMT on the main CPU. I once did read a completely unbacked rumour that something happened in 2008, which would probably mean around or past AMT 4.
Here's one more for the paranoid: Both Macbooks and Thinkpads have a little H8 CPU to control power management. Once, when having a look at the schematic of one of those to get an idea why it might have failed, I noted that this sits on a local bus (could be I2C, I don't precisely remember) but is wired to the battery connector as well to read out the battery information. Smells of buffer overflow via tweaked battery identifier to own the H8 - and then straight on to AMT :)
(Score: 0) by Anonymous Coward on Monday June 20 2016, @06:21PM
>Can the AMT be triggered by network traffic on the chipset alone? And if so, are there default triggers?
Yes.