Intel CPU? Then you're running Minix

Chat about anything related to Linux Mint
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
lisabonne citadel

Re: Intel CPU? Then you're running Minix

Post by lisabonne citadel »

I dont know but some suspicious i already had. My electricity power bill enraised a little bit, so i disable the power supply on my desktop.
If is disable, only mobo battery is on, which is highly impossible to have some ... transfer.

We living on Business world.
Multi-national business can not paying Higher taxs in US, Europe, Asia or other if will serve some purpose at backend from disguised defense department. Yes its a disguise. Unlike you pay 30 billions per year, you only pay 2 billions.

World of suckers!!
Faust

Re: Intel CPU? Then you're running Minix

Post by Faust »

I'm a little confused ....
Are you thinking that the increase in electricity usage might be due to IME running on your system ?

I can assure you that if IME is getting " chatty " there will be no outward indication whatsoever .
There would be no visible increase in cpu or RAM usage , and even intensive network analysis is unlikely to pick it up .
Reliable info on this is scarce right now .... I had some links ; I'll post them later if I can find them .

What you are seeing is more likely to be due to a coin-miner than to IME activity .
There is some background info here , just as examples -
https://www.wired.com/story/cryptojacki ... g-browser/
https://qz.com/1085171/how-to-tell-if-y ... -about-it/

-
Lucap
Level 6
Level 6
Posts: 1038
Joined: Tue May 24, 2016 1:40 am

Re: Intel CPU? Then you're running Minix

Post by Lucap »

http://www.theregister.co.uk/2017/11/20 ... are_flaws/

AMT , TPM , Vpro and Minix gets even worse.
User avatar
Portreve
Level 13
Level 13
Posts: 4882
Joined: Mon Apr 18, 2011 12:03 am
Location: Within 20,004 km of YOU!
Contact:

Re: Intel CPU? Then you're running Minix

Post by Portreve »

Does anyone know if this sort of thing is also true of AMD?

It's so darned hard to find any kind of hardware one can trust any longer. This sort of thing has just killed the crap out of any sort of "fun" I can derive from technology.

I'm not a Luddite, but this (and many other) sort of crap makes me want to completely walk away from modern technology. Computers, smart phones, just straight-up cell phones, TVs, etc., are all so commercial and profit and bottom-line driven, and what with the various movers and shakers out there having turned the U.S. Government (and other governments) into their pitbulls to enforce what should be company policies, that I just can't stand it.
Flying this flag in support of freedom 🇺🇦

Recommended keyboard layout: English (intl., with AltGR dead keys)

Podcasts: Linux Unplugged, Destination Linux

Also check out Thor Hartmannsson's Linux Tips YouTube Channel
Lucap
Level 6
Level 6
Posts: 1038
Joined: Tue May 24, 2016 1:40 am

Re: Intel CPU? Then you're running Minix

Post by Lucap »

Recent News Articles have spoken about back doors being found in Drones and Internet of Things and the Chinese Manufactures deny it by saying it's a design feature. :D
michael louwe

Re: Intel CPU? Then you're running Minix

Post by michael louwe »

@ Portreve, .......
Portreve wrote:.
.
"AMD Confirms It Won't Opensource EPYC's Platform Security Processor Code" (July 2017)
Read more at https://hothardware.com/news/amd-confir ... TullrTl.99

Intel ME/AMT/vPro and AMD PSP have been mostly shipped with high-end Business PCs/servers, ie for the businesses to remotely manage their computers/servers at the BIOS level, eg to remotely reinstall the OS, even when the computers/servers have been switched off but still connected to the AC wall outlet.
... So, to avoid them, buy low to mid-end PCs or ARM-based devices.

The Dark side has taken over the tech industry, eg LM 18's and Win 10's Dark theme.? "Resistance is futile".
Lucap
Level 6
Level 6
Posts: 1038
Joined: Tue May 24, 2016 1:40 am

Re: Intel CPU? Then you're running Minix

Post by Lucap »

Lucap wrote:Recent News Articles have spoken about back doors being found in Drones and Internet of Things and the Chinese Manufactures deny it by saying it's a design feature. :D
http://www.theregister.co.uk/2017/11/22 ... _not_a_bug
Microsoft says Win 8/10's weak randomisation is 'working as intended' This bug is a feature in 11 out of 12 scenarios
Everyone is at it , so if the OS or the Hardware screws you over it's a feature. :P
mwbworld

Re: Intel CPU? Then you're running Minix

Post by mwbworld »

Portreve wrote: It's so darned hard to find any kind of hardware one can trust any longer. This sort of thing has just killed the crap out of any sort of "fun" I can derive from technology.
I hear you. I built my own desktop to make it more linux friendlly/secure but there's still nonsense like that. And since I used an intel processor (to avoid some of the compatibility proprietary driver stuff), I'm no doubt affected by the latest security hole caused by this in intel that they just announced.

I'm thinking that this is the only secure tech left! and no doubt there will turn out to be some security back door in that! :evil:
User avatar
Portreve
Level 13
Level 13
Posts: 4882
Joined: Mon Apr 18, 2011 12:03 am
Location: Within 20,004 km of YOU!
Contact:

Re: Intel CPU? Then you're running Minix

Post by Portreve »

mwbworld wrote:
Portreve wrote: It's so darned hard to find any kind of hardware one can trust any longer. This sort of thing has just killed the crap out of any sort of "fun" I can derive from technology.
I hear you. I built my own desktop to make it more linux friendlly/secure but there's still nonsense like that. And since I used an intel processor (to avoid some of the compatibility proprietary driver stuff), I'm no doubt affected by the latest security hole caused by this in intel that they just announced.

I'm thinking that this is the only secure tech left! and no doubt there will turn out to be some security back door in that! :evil:
From here, it's pen and paper and my employer can mail me my schedule.
Flying this flag in support of freedom 🇺🇦

Recommended keyboard layout: English (intl., with AltGR dead keys)

Podcasts: Linux Unplugged, Destination Linux

Also check out Thor Hartmannsson's Linux Tips YouTube Channel
User avatar
felemur
Level 5
Level 5
Posts: 537
Joined: Sun Sep 20, 2015 2:22 pm
Location: In the middle of 1000's of acres of corn & soy fields in a house full of cats.

Re: Intel CPU? Then you're running Minix

Post by felemur »

You can download a Linux utility from Intel to check and see if your system is vulnerable:

https://downloadcenter.intel.com/download/27150

Here is the Intel security bulletin:

https://www.intel.com/content/www/us/en ... tware.html

I ran the utility, and it worked.

EDIT: How to Use:

1) go to the page listed above, choose the Linux download, download & upack
2) open your terminal, change to the directory that has the unpacked .py files
3) at the command line: sudo ./intel_sa00086.py – put in your password when asked, and it lets you know in a second.

BTW - Well done Intel for getting out a utility fast, and considering Linux users
dark

Re: Intel CPU? Then you're running Minix

Post by dark »

It wouldn't surprise if those who have access to Minix/IME used it for mining bitcoins or other crypto currencies using your CPU, GPU and electricity.
User avatar
CaptainKirksChair
Level 4
Level 4
Posts: 457
Joined: Sat Feb 18, 2017 9:29 pm

Re: Intel CPU? Then you're running Minix

Post by CaptainKirksChair »

That’s right. A web server. Your CPU has a secret web server that you are not allowed to access, and, apparently, Intel does not want you to know about.
I remember when I installed VisualStudio on my Windows computer in 2005 or thereabouts, and a web server (IIS) was included. It was in the inetpub folder on the root of the C: drive. The number of security patches from Microsoft increased by 30%-40% easily. They were patching that piece of junk IIS so often and most were critical updates. I disabled the services associated with it so it wouldn't run at boot. One update turned the service back on. I removed VisualStudio and installed VB6. I don't code anymore but I remember the IIS fiasco well. Gibson Research has a long history of finding IIS security problems.

And now Intel has included a non-user serviceable web server on it's CPUs. I guess those that don't learn from history are condemned to repeat it -- at our expense.
phd21
Level 20
Level 20
Posts: 10103
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Intel CPU? Then you're running Minix

Post by phd21 »

Hi "Pjotr", and Everone Else,

This is interesting news which I too read about a little while ago ...

My ancient underpowered Dell OptiPlex 780 has options in the Bios to disable IME which I did when I first got it, before I knew of this current news.

Obviously, all manufacturers should provide the option to turn this off, or new bios updates to turn this off.

...
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
earthlingkc
Level 3
Level 3
Posts: 128
Joined: Fri Oct 14, 2016 2:22 pm

Re: Intel CPU? Then you're running Minix

Post by earthlingkc »

This thread needs to be renamed to "BIOS with IME has a severe security flaw".

I have a couple laptops that are vulnerable according to the Intel python script, can't be shutoff in BIOS and no BIOS updates available anymore. Is there something Ubuntu/Mint can do to mitigate the risk at least some?
dark

Re: Intel CPU? Then you're running Minix

Post by dark »

earthlingkc wrote:This thread needs to be renamed to "BIOS with IME has a severe security flaw".

I have a couple laptops that are vulnerable according to the Intel python script, can't be shutoff in BIOS and no BIOS updates available anymore. Is there something Ubuntu/Mint can do to mitigate the risk at least some?
Isn't Minix/IME a firmware inside Intel CPU itself that can bypass the Bios itself?

You can try to secure your PC's behind pfSense by blacklisting Intel servers that may be used to remote into Minix/IME. Same with AMD which has similar Secure Processor thing going on.
michael louwe

Re: Intel CPU? Then you're running Minix

Post by michael louwe »

@ earthlingkc, .......
earthlingkc wrote:This thread needs to be renamed to "BIOS with IME has a severe security flaw".

I have a couple laptops that are vulnerable according to the Intel python script, can't be shutoff in BIOS and no BIOS updates available anymore. Is there something Ubuntu/Mint can do to mitigate the risk at least some?
.
Please refer to this link for more info about how to configure Intel AMT/ME/vPro ... https://www.howtogeek.com/56538/how-to- ... t-crashes/

Both end-to-end computers have to be configured for Intel AMT/ME/vPro before an IT Admin is able to remotely manage an off-site computer, even if it has been switched off, on condition it is still connected to the AC wall outlet and router.
... So, it is only such already-configured computers which are vulnerable to the bug and needs to be patched asap. Computers that are not configured for Intel AMT/ME or has it disabled are likely not vulnerable to the bug.

You can disable Intel ME/AMT at the BIOS -1 Level by pressing Ctl+P during startup. This will take you to the Intel MEBx setup.
Lucap
Level 6
Level 6
Posts: 1038
Joined: Tue May 24, 2016 1:40 am

Re: Intel CPU? Then you're running Minix

Post by Lucap »

Intel Management Engine pwned by buffer overflow

http://www.theregister.co.uk/2017/12/06 ... _overflow/
The duo say they found a locally exploitable stack buffer overflow that allows the execution of unsigned code on any device with Intel ME 11, even if the device is turned off or protected by security software.
lmuserx4849

Re: Intel CPU? Then you're running Minix

Post by lmuserx4849 »

lwn.net article: Replacing x86 firmware with Linux and Go

They describe the problem and some potential solutions. If you like all things linux and enjoy tech, I highly recommend subscribing to lwn.
The problem, Minnich said, is that Linux has lost its control of the hardware. Back in the 1990s, when many of us started working with Linux, it controlled everything in the x86 platform. But today there are at least two and a half kernels between Linux and the hardware. Those kernels are proprietary and, not surprisingly, exploit friendly. They run at a higher privilege level than Linux and can manipulate both the hardware and the operating system in various ways. Worse yet, exploits can be written into the flash of the system so that they persist and are difficult or impossible to remove—shredding the motherboard is likely the only way out.

He used to give a talk with the title: "If you trust your computer, you're crazy", due to all of that proprietary code running on our systems. He hopes that this talk will give folks ways to deal with some of those problems, "so we can stop being crazy and maybe get a little sane".
ArtGirl

Re: Intel CPU? Then you're running Minix

Post by ArtGirl »

lmuserx4849 wrote:lwn.net article: Replacing x86 firmware with Linux and Go

They describe the problem and some potential solutions. If you like all things linux and enjoy tech, I highly recommend subscribing to lwn.
The problem, Minnich said, is that Linux has lost its control of the hardware. Back in the 1990s, when many of us started working with Linux, it controlled everything in the x86 platform. But today there are at least two and a half kernels between Linux and the hardware. Those kernels are proprietary and, not surprisingly, exploit friendly. They run at a higher privilege level than Linux and can manipulate both the hardware and the operating system in various ways. Worse yet, exploits can be written into the flash of the system so that they persist and are difficult or impossible to remove—shredding the motherboard is likely the only way out.

He used to give a talk with the title: "If you trust your computer, you're crazy", due to all of that proprietary code running on our systems. He hopes that this talk will give folks ways to deal with some of those problems, "so we can stop being crazy and maybe get a little sane".
Very clear article. Thanks for the link to the site. :)
Lucap
Level 6
Level 6
Posts: 1038
Joined: Tue May 24, 2016 1:40 am

Re: Intel CPU? Then you're running Minix

Post by Lucap »

http://www.theregister.co.uk/2017/12/13 ... ased_lock/

Intel to slap hardware lock on Management Engine code.
Locked

Return to “Chat about Linux Mint”