Topic: Using Intel CPU and Motherboard ? Your Bitcoins may be in actual danger. (Read 5053 times)

For the hyper-paranoid, would using non-intel big endian machines also help mitigate these risks? Specifically for everyday usage, since bitcoin is nonexistent on big endian architecture?

If one must use x86 Intel, how old should the chip be? Pre-Bitcoin (Gavin recommended this at one point), pre-2006, pre-something else?

Hello ,
- I have  a 3g modem and my connection is so bad i'm not in danger ? 
- Is there any software for windows to track internet uses or block a unkown request
 like i can set only chrome to connect to my internet and block others
- How Intel can use our computer when it's off can they run sound can they download private keys ?
- I want to know with what language most hardware are programmed .
- Before 2009 intel CPU were safe ?
- Can i use intel active managment like a remote desktop or Intel have the acces for it self ?

Thanks  for this important thread & All respect to you.

From hardware side:

- No Lenovo or HP laptops
- No Intel (take AMD)
- If you already have intel (i do too, unfortunately), install a non-Intel networking card
- Install OpenWrt in your router. But first, buy only routers that support OpenWrt. List: http://wiki.openwrt.org/toh/start

If you adhere to above rules, there probability of attack should be diminished by something around 99,9% (lucky guess).

Also, if you have Windows + Intel, you are pretty much screwed up. Linux does not have driver support for activating of Intel AMT from EXEcutable file, so it is relatively safe to run binaries not worrying that some of them will contain a trojan which will install itself into AMT. Remember: Intel AMT has its own memory and can run code ! Its a PC within your PC

From social side: I have no idea. But i will look it up sooner or later.

Faced with compromised hardware and Ken Thompson hacks and panopticon-style electronic spying, can anyone offer any suggestions on how to at least somewhat mitigate these threats? Besides boycotting the bad actors, what particular companies or products or organizations should one support? I know RMS uses a mips lenovo laptop with gnewsense, but that's not a feasible solution to most individuals or companies, including mine. What realistic and pragmatic alternatives should I consider?

I keep trying to explain this to you. There could be a possibility of a vulnerability there. There might not be. Fretting over what 'theoretically could be hacked' is just being paranoid.

More analogies because my other ones seem to slip over your head...

You buy a car. It doesn't have locks on it. You don't really need to worry about locks because you park in a decent parking garage with security. You start freaking out because the car manufacture might have a key to start your car and drive away with your stuff in the car (man, that camera in my backseat is expensive!).

However, you don't account for the fact that it is in a parking garage with a security team and the fact that it doesn't even have freaking locks to it! Anyone with access to the parking garage can get into it, hotwire it, and drive away. Yet you're just freaking out about your car manufacture stealing YOUR car with everything in it.

In this analogy: The parking garage is your internal network. Hotwiring is actually exploiting a vulnerability at the OS layer (which is where your actual data is anyway), and driving away is getting out the network undetected.


Eh, I much rather have a system where I can remotely enable on thousands of machines on my network rather than having to run around to every single machine on the network. Actually, in the next 4-8 weeks, I'm going to have to work with a team to reimage ~4k devices for rebuilding a network. I'm honestly hoping some of them have AMT or some other protocol for remote management so we can save a bit of time.

This one:
http://theinvisiblethings.blogspot.com/2013/08/thoughts-on-intels-upcoming-software.html

Another (trying to hack it):
[PDF] https://ruxconbreakpoint.com/assets/2014/slides/bpx-Breakpoint%202014%20Skochinsky.pdf

It is currently widely known - so it is not a secret known only to tinfoil-hats.
However, nobody cares (or too many people have Intel onboard, so they don't want to believe).

The world is fubar, I can guarantee that every skype call is recorded on servers, if you bother to read through the useless stuff on the term of use you see that you give the company right to upload all your data basically. This goes for google, facebook, apple etc... The internet is under huge control by the people who leads it (aka the big companies who owns everything, the things they dont own they buy by giving the owner an offer he cant refuse).

Because it's freaking pointless. Right now, someone could bust in your door, point a gun to your head, and steal all your bitcoin / your data / everything about you. You don't see people baring up their doors, windows, etc... everywhere because it's not really happening.

No one's really freaking out about it because it's not going to happen.

Edit: Actually, in this situation, Intel DID bar up the windows as best as they could. They even tried to toss away the key. People don't believe intel tossed away the key. But they DO recommend you change the locks on the windows and doors.

OP is freaking about his house getting hit by a nuke. A fucking nuke directly on his house.

Yeah im pretty sure people don't care enough to do anything about it.

I'm not a fanboy of any CPU at this point in my life. It's all the same to me anymore, just another layer of abstraction.

The articles state it's all theoretical and we don't know what's happening. Assuming the worst and telling everyone to start building their own chips is absolutely insane. Hell, you trust random third parties as your CAs for PKI. You trust others for transmitting data over the internet.

If someone wanted data, I think compromising a root CA / watching network traffic would be a fuckton easier than somehow installing a rootkit on a CPU that transmits data pass your firewalls magically. How would anyone even be able to trigger an attack in the first place? Scheduled in the rootkit to turn on a certain date. Fuck, do you know how many times I've had to replace a CMOS battery in my lifetime. Shit isn't magic. It's tech.

Pretty much, this is tin-foil hat-ness of people spreading FUD. We should watch it, but we shouldn't jump up and down saying it's unsafe and to migrate away from it. Technically, even the article points it out itself:



Edit: If you want me to, I can go completely tin-foil mode and tell you of every theoretical vulnerability there is and how pretty much almost any entity (everyone from a terrorist organization to a government entity to even freaking me) could be watching your every move.

Edit2: Wow, I just read part of that reddit thread. /u/ShadowOfHarbringer got absolutely fucking destroyed by those that actually know security.

Who is this so called 'security researcher' and why should I trust him? Whos to say that he's not an AMD fanboy?
Please provide links from multiple sources.

You must be an Intel fanboy, because you are fucking useless. Try reading sources before commenting, because you sound as truly and completely half-wit person.

- It has been already proven by a security researcher that the feature is NOT completely disabled after switching it off in BIOS
- There is currently no way to completely disable the feature in a way which can be verified
- There is currently NO way to reverse engineer what exactly is the AMT even doing, because it's all encrypted to the fucking root

Please fix yourself and be smarter, because i really fucking hate talking to stupid people.

No. If someone has that level access already, you've already been pwn'd. Next we're going to be talking about how nvidia is going to be stealing bitcoins because you could flash the firmware with a rootkit.


Shut the fuck up. Seriously. Obviously, YOU have no idea of what you're talking about. To get 0-level access, you already NEED that level access from the start. Chips don't ship enabled. You can turn off the feature in most modern day BIOSes. Jesus fuck. This shit isn't new, it's not something that's actively being exploited in the wild. If it were, then it'd be a simple fucking fix of disabling it in BIOS (well, actually UEFI now because your BIOS is technically vulnerable to the same fucking shit).

Telling someone who's literally professional in this shit that they know nothing about it... Seriously, get fucked.

The push towards fully open hardware platforms is the only way to combat this situation. As soon as lowRISC board becomes available I'll definitely be getting one. The whole compute ecosystem needs to become open and transparent starting with the instruction set.

You have no idea what you are talking about.

Nobody should have access to my machine without me knowing AND without me having the ability to disable it. AND i should always know exactly what my machine is doing, creating another PC within my PC that is separate and not under my control is simply UNACCEPTABLE from security standpoint.

This is just Intel creating a trojan in all machines which either will be or already is being used by somebody to hack you. End of story.

You obviously didn't understand that part.
He's actually right about that.

lol?
fud would be if i had said that intel will use it for itself to steal our coins.

i know that it is for management. but everything can be used by good and bad guys you know? and its just another place to hide code - not used today but maybe in the future.

Russia already has SPARC64 and VLIW based CPUs, used for military purposes.

http://mcst.ru/r_1000
http://mcst.ru/elbrus_2c_plus

http://elbrus.ru/files/535269/0e0cd8/50586f/000000/2014-04-19_161043.png
http://elbrus.ru/files/535269/9f0cd8/50606f/000000/2014-04-19_161108.png

So it seems that there is no sense to use ARM.

AMT isn't new (been around for a couple of years). It's a feature for management. Not that complicated. Of course you should have freaking access. Ever heard of Wake on LAN? Seriously. It's like you guys have never even looked at enterprise management for systems.

Hell, even SCCM has AMT shit built into it.

Edit: This doesn't even include the loads of fucking networking that needs to be done. Good fucking luck with that NSA in a decent corporate network, there's no way random outbound connections are going to be allowed.

Edit2: This is the exact definition of FUD fyi. Literally spreading fear, uncertainty and doubt about fucking computer processors.

no its not fud.
i doubt intel or nsa would use it to get your coins, but i dont see any reason why an attacker couldnt use it (we are talking about money secured by home pc's)

its not easy for an attacker to get access (as its encrypted). but once the keys leaked (and i am sure they will) its only a matter of time

http://www.intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html?_ga=1.228067549.152289045.1416188825

intel claims to even have access if the pc is powerd down