Re: [qubes-users] Anyone disabled the Intel ME yet?

2017-09-24 Thread cooloutac
On Sunday, September 24, 2017 at 8:24:44 PM UTC-4, cooloutac wrote:
> On Thursday, September 21, 2017 at 12:08:41 PM UTC-4, Hugo Costa wrote:
> > On Thursday, 21 September 2017 07:23:01 UTC+1, Alex  wrote:
> > > Replying to this thread to report that somebody DID ACTUALLY find an
> > > exploitable vulnerability in the latest IME 11+, and they will be
> > > sharing nothing less that this UNSIGNED CODE EXECUTION vuln at blackhat
> > > europe 2017.
> > > 
> > > Abstract here:
> > > https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
> > > 
> > > Title is pretty scary, but we'll see if it's actually that dangerous...
> > > 
> > > -- 
> > > Alex
> > 
> > Was going to post the same. 2 Russian researchers that a couple weeks ago 
> > found out a way to clean some modules on Intel ME now have found a 
> > significative exploit that allows them to actually run code on a piece of 
> > hardware with direct access to the network. The scary thing is - it's 
> > impossible to detect.
> 
> and thats prolly just what we know about lol.

I feel like cause I live in nyc that you just expect this type of stuff from 
your friends and neighbors hahaha.  maybe not the same means but the same ends. 
 but ya hardware level stuff is scary,  cause that means real security means 
alot of money, so poor people are screwed.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/758bb5df-6fa7-4b27-8aa8-ae4ef2bf52d4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Anyone disabled the Intel ME yet?

2017-09-24 Thread cooloutac
On Thursday, September 21, 2017 at 12:08:41 PM UTC-4, Hugo Costa wrote:
> On Thursday, 21 September 2017 07:23:01 UTC+1, Alex  wrote:
> > Replying to this thread to report that somebody DID ACTUALLY find an
> > exploitable vulnerability in the latest IME 11+, and they will be
> > sharing nothing less that this UNSIGNED CODE EXECUTION vuln at blackhat
> > europe 2017.
> > 
> > Abstract here:
> > https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
> > 
> > Title is pretty scary, but we'll see if it's actually that dangerous...
> > 
> > -- 
> > Alex
> 
> Was going to post the same. 2 Russian researchers that a couple weeks ago 
> found out a way to clean some modules on Intel ME now have found a 
> significative exploit that allows them to actually run code on a piece of 
> hardware with direct access to the network. The scary thing is - it's 
> impossible to detect.

and thats prolly just what we know about lol.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c993f589-1ef2-40d3-823e-88f6de5313ac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Anyone disabled the Intel ME yet?

2017-09-21 Thread Hugo Costa
On Thursday, 21 September 2017 07:23:01 UTC+1, Alex  wrote:
> Replying to this thread to report that somebody DID ACTUALLY find an
> exploitable vulnerability in the latest IME 11+, and they will be
> sharing nothing less that this UNSIGNED CODE EXECUTION vuln at blackhat
> europe 2017.
> 
> Abstract here:
> https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
> 
> Title is pretty scary, but we'll see if it's actually that dangerous...
> 
> -- 
> Alex

Was going to post the same. 2 Russian researchers that a couple weeks ago found 
out a way to clean some modules on Intel ME now have found a significative 
exploit that allows them to actually run code on a piece of hardware with 
direct access to the network. The scary thing is - it's impossible to detect.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f3a80dc-0bfa-4e07-a5ee-16606b435275%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Anyone disabled the Intel ME yet?

2017-09-18 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

alexclay...@gmail.com:
> Has anyone here successfully disabled the Intel ME yet?
> 
> http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
> 
> I'm hoping a future release of Qubes integrates this into the
> install process for us. Or be downloadable as a package like
> Anti-Evil Maid?

https://github.com/corna/me_cleaner

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJZwEIxXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfNg8P/R29hIUOrlolKVQXjgQ27MX0
oWClVtfGX7+geO+mU3WYY0UQYeOCWyRJIxOrbsySrKf0WcqN2H0NwpxcJrHXYI8Z
mm1CVcC8VZcR7hMARHLWz61EFfBbSUL+azP1elPZQ/yuB1If3NpyR9PSM8Nrhs0v
Mdh9N2HdhYfxV6YNPhcUo1bVsaP9Z3X8/8T/whybN6KaMiF4y573wXqXwSc/lNsN
P5bpBH1GcAZI2BfH29dt1TU+t94pELekdAtZKDFW4riSLhhWW9nfDPThupqJ2kps
MXhFJxREXsUPpXOf6vc+JI667+8s1Cb4jfXovKPGgIG/4dh3qFIIyc9p/0q6pLca
UBN7V2GBkkpdpyRX/QhHHcbw+Ri2SKul/2LRMVZ7d/nqwRfHchxGmYKFIjFjYVdx
1bfVc8wgnX1WZGOg0EvEgx0vG8H0+DU+Yw5Wyuv4jO4UfILJ/FTBxa1KyMWv6xvS
lf9tjL28k+HBiwzDs5MCdV9rUJ9W0q/zySntZItI/7wd8UPC0YadzqwxF74xh/d4
SLy9rL/1aMwhpvd+rCFipn1B3wIlY/y/VPq3FpLsPrAjoesbZ1BeUmQ9wdvumTn3
sSwcUfUnt1N6mWWtPYtSPYQyD1A4r9I2RFEuq8YuLEyG3BveC9RanApNE5CboBFA
JKyVN0I7q5dmd0bk4IEm
=UlBw
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170918220121.GA1088%40mutt.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Anyone disabled the Intel ME yet?

2017-09-18 Thread alexclaytor
I see, thank you for the explanation. I had no idea ME versions were that 
fragmented. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/affa89af-208f-4ecc-8430-4e27a3e60935%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Anyone disabled the Intel ME yet?

2017-09-18 Thread Alex
On 09/18/2017 10:33 PM, alexclay...@gmail.com wrote:
> Has anyone here successfully disabled the Intel ME yet?
> 
> http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
> 
> I'm hoping a future release of Qubes integrates this into the install
> process for us. Or be downloadable as a package like Anti-Evil Maid?
> 
> Thoughts?
> 
This is an extremely risky and highly ad-hoc procedure that cannot be
easily automated. As you can understand from the article, newer ME
versions manage the boot process so some level of functionality is
required just to have a working computer.

Being an opaque component, different versions have highly variable level
of built-in functionality and architecture position, so while some ME
versions on some chipsets could just be zapped away, others have to be
patched, reflashed, bypassed or replaced to be disarmed.

Hence, the operations to "disarm" ME still resemble more surgery than
patching; our only hopes are that Intel will give a simple way of
disabling the unneeded "services" (i.e. network services?) with
something reasonable like a hardware jumper of some sort. They will be
able to give the HAP guarantees to their customers without impairing
security for everybody else...

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/338cf7e2-e5ee-eafd-4187-6d829f2dbb01%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature