Intel CPU? Then you're running Minix

Chat about anything related to Linux Mint
User avatar
lisabonne citadel
Level 3
Level 3
Posts: 126
Joined: Fri Oct 13, 2017 5:13 am

Re: Intel CPU? Then you're running Minix

Postby lisabonne citadel » Tue Nov 21, 2017 3:19 am

I dont know but some suspicious i already had. My electricity power bill enraised a little bit, so i disable the power supply on my desktop.
If is disable, only mobo battery is on, which is highly impossible to have some ... transfer.

We living on Business world.
Multi-national business can not paying Higher taxs in US, Europe, Asia or other if will serve some purpose at backend from disguised defense department. Yes its a disguise. Unlike you pay 30 billions per year, you only pay 2 billions.

World of suckers!!

User avatar
Faust
Level 4
Level 4
Posts: 211
Joined: Thu Jul 14, 2016 3:40 am

Re: Intel CPU? Then you're running Minix

Postby Faust » Tue Nov 21, 2017 3:43 am

I'm a little confused ....
Are you thinking that the increase in electricity usage might be due to IME running on your system ?

I can assure you that if IME is getting " chatty " there will be no outward indication whatsoever .
There would be no visible increase in cpu or RAM usage , and even intensive network analysis is unlikely to pick it up .
Reliable info on this is scarce right now .... I had some links ; I'll post them later if I can find them .

What you are seeing is more likely to be due to a coin-miner than to IME activity .
There is some background info here , just as examples -
https://www.wired.com/story/cryptojacki ... g-browser/
https://qz.com/1085171/how-to-tell-if-y ... -about-it/

-
" And so it goes " - Kurt Vonnegut
The modern reality and the satirical parody are rapidly converging .

User avatar
Lucap
Level 5
Level 5
Posts: 650
Joined: Tue May 24, 2016 1:40 am

Re: Intel CPU? Then you're running Minix

Postby Lucap » Tue Nov 21, 2017 4:16 am

http://www.theregister.co.uk/2017/11/20 ... are_flaws/

AMT , TPM , Vpro and Minix gets even worse.

User avatar
Portreve
Level 5
Level 5
Posts: 830
Joined: Mon Apr 18, 2011 12:03 am
Location: Florida

Re: Intel CPU? Then you're running Minix

Postby Portreve » Tue Nov 21, 2017 6:35 pm

Does anyone know if this sort of thing is also true of AMD?

It's so darned hard to find any kind of hardware one can trust any longer. This sort of thing has just killed the crap out of any sort of "fun" I can derive from technology.

I'm not a Luddite, but this (and many other) sort of crap makes me want to completely walk away from modern technology. Computers, smart phones, just straight-up cell phones, TVs, etc., are all so commercial and profit and bottom-line driven, and what with the various movers and shakers out there having turned the U.S. Government (and other governments) into their pitbulls to enforce what should be company policies, that I just can't stand it.
Everything is in hand. With this tapestry... and with patience, there is nothing one cannot achieve.

No hamsters were harmed in the authoring of this post.

User avatar
Lucap
Level 5
Level 5
Posts: 650
Joined: Tue May 24, 2016 1:40 am

Re: Intel CPU? Then you're running Minix

Postby Lucap » Wed Nov 22, 2017 3:05 am

Recent News Articles have spoken about back doors being found in Drones and Internet of Things and the Chinese Manufactures deny it by saying it's a design feature. :D

michael louwe
Level 6
Level 6
Posts: 1179
Joined: Sun Sep 11, 2016 11:18 pm

Re: Intel CPU? Then you're running Minix

Postby michael louwe » Wed Nov 22, 2017 4:06 am

@ Portreve, .......

Portreve wrote:.

.
"AMD Confirms It Won't Opensource EPYC's Platform Security Processor Code" (July 2017)
Read more at https://hothardware.com/news/amd-confir ... TullrTl.99

Intel ME/AMT/vPro and AMD PSP have been mostly shipped with high-end Business PCs/servers, ie for the businesses to remotely manage their computers/servers at the BIOS level, eg to remotely reinstall the OS, even when the computers/servers have been switched off but still connected to the AC wall outlet.
... So, to avoid them, buy low to mid-end PCs or ARM-based devices.

The Dark side has taken over the tech industry, eg LM 18's and Win 10's Dark theme.? "Resistance is futile".

User avatar
Lucap
Level 5
Level 5
Posts: 650
Joined: Tue May 24, 2016 1:40 am

Re: Intel CPU? Then you're running Minix

Postby Lucap » Wed Nov 22, 2017 5:03 am

Lucap wrote:Recent News Articles have spoken about back doors being found in Drones and Internet of Things and the Chinese Manufactures deny it by saying it's a design feature. :D


http://www.theregister.co.uk/2017/11/22 ... _not_a_bug

Microsoft says Win 8/10's weak randomisation is 'working as intended' This bug is a feature in 11 out of 12 scenarios


Everyone is at it , so if the OS or the Hardware screws you over it's a feature. :P

User avatar
mwbworld
Level 2
Level 2
Posts: 78
Joined: Fri Aug 19, 2016 10:55 am
Location: Boston, MA

Re: Intel CPU? Then you're running Minix

Postby mwbworld » Wed Nov 22, 2017 10:55 am

Portreve wrote:It's so darned hard to find any kind of hardware one can trust any longer. This sort of thing has just killed the crap out of any sort of "fun" I can derive from technology.


I hear you. I built my own desktop to make it more linux friendlly/secure but there's still nonsense like that. And since I used an intel processor (to avoid some of the compatibility proprietary driver stuff), I'm no doubt affected by the latest security hole caused by this in intel that they just announced.

I'm thinking that this is the only secure tech left! and no doubt there will turn out to be some security back door in that! :evil:
- Michael

User avatar
Portreve
Level 5
Level 5
Posts: 830
Joined: Mon Apr 18, 2011 12:03 am
Location: Florida

Re: Intel CPU? Then you're running Minix

Postby Portreve » Wed Nov 22, 2017 2:19 pm

mwbworld wrote:
Portreve wrote:It's so darned hard to find any kind of hardware one can trust any longer. This sort of thing has just killed the crap out of any sort of "fun" I can derive from technology.


I hear you. I built my own desktop to make it more linux friendlly/secure but there's still nonsense like that. And since I used an intel processor (to avoid some of the compatibility proprietary driver stuff), I'm no doubt affected by the latest security hole caused by this in intel that they just announced.

I'm thinking that this is the only secure tech left! and no doubt there will turn out to be some security back door in that! :evil:

From here, it's pen and paper and my employer can mail me my schedule.
Everything is in hand. With this tapestry... and with patience, there is nothing one cannot achieve.

No hamsters were harmed in the authoring of this post.

felemur
Level 4
Level 4
Posts: 386
Joined: Sun Sep 20, 2015 2:22 pm

Re: Intel CPU? Then you're running Minix

Postby felemur » Fri Nov 24, 2017 12:08 pm

You can download a Linux utility from Intel to check and see if your system is vulnerable:

https://downloadcenter.intel.com/download/27150

Here is the Intel security bulletin:

https://www.intel.com/content/www/us/en ... tware.html

I ran the utility, and it worked.

EDIT: How to Use:

1) go to the page listed above, choose the Linux download, download & upack
2) open your terminal, change to the directory that has the unpacked .py files
3) at the command line: sudo ./intel_sa00086.py – put in your password when asked, and it lets you know in a second.

BTW - Well done Intel for getting out a utility fast, and considering Linux users

dark
Level 2
Level 2
Posts: 85
Joined: Wed Feb 22, 2017 3:02 pm

Re: Intel CPU? Then you're running Minix

Postby dark » Fri Nov 24, 2017 2:41 pm

It wouldn't surprise if those who have access to Minix/IME used it for mining bitcoins or other crypto currencies using your CPU, GPU and electricity.

User avatar
CaptainKirksChair
Level 3
Level 3
Posts: 174
Joined: Sat Feb 18, 2017 9:29 pm

Re: Intel CPU? Then you're running Minix

Postby CaptainKirksChair » Fri Nov 24, 2017 5:16 pm

That’s right. A web server. Your CPU has a secret web server that you are not allowed to access, and, apparently, Intel does not want you to know about.

I remember when I installed VisualStudio on my Windows computer in 2005 or thereabouts, and a web server (IIS) was included. It was in the inetpub folder on the root of the C: drive. The number of security patches from Microsoft increased by 30%-40% easily. They were patching that piece of junk IIS so often and most were critical updates. I disabled the services associated with it so it wouldn't run at boot. One update turned the service back on. I removed VisualStudio and installed VB6. I don't code anymore but I remember the IIS fiasco well. Gibson Research has a long history of finding IIS security problems.

And now Intel has included a non-user serviceable web server on it's CPUs. I guess those that don't learn from history are condemned to repeat it -- at our expense.

User avatar
phd21
Level 14
Level 14
Posts: 5020
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Intel CPU? Then you're running Minix

Postby phd21 » Fri Nov 24, 2017 5:53 pm

Hi "Pjotr", and Everone Else,

This is interesting news which I too read about a little while ago ...

My ancient underpowered Dell OptiPlex 780 has options in the Bios to disable IME which I did when I first got it, before I knew of this current news.

Obviously, all manufacturers should provide the option to turn this off, or new bios updates to turn this off.

...
Phd21: Mint KDE 17.3 & 18.2, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,3gb Ram,160gb hdd, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

earthlingkc
Level 2
Level 2
Posts: 90
Joined: Fri Oct 14, 2016 2:22 pm

Re: Intel CPU? Then you're running Minix

Postby earthlingkc » Tue Dec 05, 2017 7:52 pm

This thread needs to be renamed to "BIOS with IME has a severe security flaw".

I have a couple laptops that are vulnerable according to the Intel python script, can't be shutoff in BIOS and no BIOS updates available anymore. Is there something Ubuntu/Mint can do to mitigate the risk at least some?

dark
Level 2
Level 2
Posts: 85
Joined: Wed Feb 22, 2017 3:02 pm

Re: Intel CPU? Then you're running Minix

Postby dark » Wed Dec 06, 2017 11:51 am

earthlingkc wrote:This thread needs to be renamed to "BIOS with IME has a severe security flaw".

I have a couple laptops that are vulnerable according to the Intel python script, can't be shutoff in BIOS and no BIOS updates available anymore. Is there something Ubuntu/Mint can do to mitigate the risk at least some?


Isn't Minix/IME a firmware inside Intel CPU itself that can bypass the Bios itself?

You can try to secure your PC's behind pfSense by blacklisting Intel servers that may be used to remote into Minix/IME. Same with AMD which has similar Secure Processor thing going on.

michael louwe
Level 6
Level 6
Posts: 1179
Joined: Sun Sep 11, 2016 11:18 pm

Re: Intel CPU? Then you're running Minix

Postby michael louwe » Wed Dec 06, 2017 12:55 pm

@ earthlingkc, .......

earthlingkc wrote:This thread needs to be renamed to "BIOS with IME has a severe security flaw".

I have a couple laptops that are vulnerable according to the Intel python script, can't be shutoff in BIOS and no BIOS updates available anymore. Is there something Ubuntu/Mint can do to mitigate the risk at least some?

.
Please refer to this link for more info about how to configure Intel AMT/ME/vPro ... https://www.howtogeek.com/56538/how-to- ... t-crashes/

Both end-to-end computers have to be configured for Intel AMT/ME/vPro before an IT Admin is able to remotely manage an off-site computer, even if it has been switched off, on condition it is still connected to the AC wall outlet and router.
... So, it is only such already-configured computers which are vulnerable to the bug and needs to be patched asap. Computers that are not configured for Intel AMT/ME or has it disabled are likely not vulnerable to the bug.

You can disable Intel ME/AMT at the BIOS -1 Level by pressing Ctl+P during startup. This will take you to the Intel MEBx setup.

User avatar
Lucap
Level 5
Level 5
Posts: 650
Joined: Tue May 24, 2016 1:40 am

Re: Intel CPU? Then you're running Minix

Postby Lucap » Thu Dec 07, 2017 5:26 am

Intel Management Engine pwned by buffer overflow

http://www.theregister.co.uk/2017/12/06 ... _overflow/

The duo say they found a locally exploitable stack buffer overflow that allows the execution of unsigned code on any device with Intel ME 11, even if the device is turned off or protected by security software.

lmuserx4849
Level 4
Level 4
Posts: 489
Joined: Wed Dec 17, 2014 2:55 am

Re: Intel CPU? Then you're running Minix

Postby lmuserx4849 » Thu Dec 07, 2017 5:34 am

lwn.net article: Replacing x86 firmware with Linux and Go

They describe the problem and some potential solutions. If you like all things linux and enjoy tech, I highly recommend subscribing to lwn.

The problem, Minnich said, is that Linux has lost its control of the hardware. Back in the 1990s, when many of us started working with Linux, it controlled everything in the x86 platform. But today there are at least two and a half kernels between Linux and the hardware. Those kernels are proprietary and, not surprisingly, exploit friendly. They run at a higher privilege level than Linux and can manipulate both the hardware and the operating system in various ways. Worse yet, exploits can be written into the flash of the system so that they persist and are difficult or impossible to remove—shredding the motherboard is likely the only way out.

He used to give a talk with the title: "If you trust your computer, you're crazy", due to all of that proprietary code running on our systems. He hopes that this talk will give folks ways to deal with some of those problems, "so we can stop being crazy and maybe get a little sane".

User avatar
ArtGirl
Level 4
Level 4
Posts: 228
Joined: Sat Apr 15, 2017 1:16 pm
Location: UK

Re: Intel CPU? Then you're running Minix

Postby ArtGirl » Thu Dec 07, 2017 5:57 am

lmuserx4849 wrote:lwn.net article: Replacing x86 firmware with Linux and Go

They describe the problem and some potential solutions. If you like all things linux and enjoy tech, I highly recommend subscribing to lwn.

The problem, Minnich said, is that Linux has lost its control of the hardware. Back in the 1990s, when many of us started working with Linux, it controlled everything in the x86 platform. But today there are at least two and a half kernels between Linux and the hardware. Those kernels are proprietary and, not surprisingly, exploit friendly. They run at a higher privilege level than Linux and can manipulate both the hardware and the operating system in various ways. Worse yet, exploits can be written into the flash of the system so that they persist and are difficult or impossible to remove—shredding the motherboard is likely the only way out.

He used to give a talk with the title: "If you trust your computer, you're crazy", due to all of that proprietary code running on our systems. He hopes that this talk will give folks ways to deal with some of those problems, "so we can stop being crazy and maybe get a little sane".


Very clear article. Thanks for the link to the site. :)
LM 18.1 Cinnamon 64-bit
Radeon R9 255, Mesa 17.2.4/opengl 3.0, kernel 4.11.0-14
Haswell, lenovo erazer x310, intel i7-4790, 16 gig ram
Ugee 2150/Krita 3.3.2


Image


Return to “Chat about Linux Mint”