"Intel Inside" wasn't about the company, it was about the intelligence agencies.

@Infinitrium

4 жыл бұрын

Ooh good point

@UCmDBecUtbSafffpMEN3iscA

3 жыл бұрын

Makes sense

@homeistheearth

3 жыл бұрын

Yeah like de decepticons that will deceive you

@johnchase1190

3 жыл бұрын

o no shit...right there in plain sight all these years

@mbahmarijan789

3 жыл бұрын

AMD been good at hiding it

Pretty sure TempleOS automatically patches this with divine microcoding.

@Scaramouche122

4 жыл бұрын

With assembler injections.

@4.0.4

4 жыл бұрын

Can't hack you remotely if there's no network stack. Big brain time.

@LeetTrance

4 жыл бұрын

@@4.0.4 sure they can, its called jumping an airgap and there's plenty of ways to pick up your signals

@KokoroKatsura

3 жыл бұрын

a n i m e n i m e

@hackmind

3 жыл бұрын

Leet Trance you’re a close but not quite right there. All the airgap attacks I’ve ever read require to install the malware via USB ports, then extraction comes through different means. To this day (as we know) code can’t be injected over the exfiltration means depicted in those attacks

I solve the security problem by storing critical sensitive information in my brain, then forgetting it.

@Walter_

3 жыл бұрын

have you read the torture vulnerability CVE?

@myron7642

3 жыл бұрын

Underrated thread

@alchemist889

3 жыл бұрын

@@Walter_ That'll get you nowhere. You'd have better luck giving me drugs.

@ChavanAr

3 жыл бұрын

security by lack of memory

@superslimanoniem4712

3 жыл бұрын

I always write my info down on physical papers in a safe. That way, at least they can't remotely compromise my info. Threat model: creepy companies

To keep your CPUs from spying on you, you just run them over

@winterdusk6313

4 жыл бұрын

That's what you do.

@CLK944

4 жыл бұрын

they glow in the dark

@shadee0_106

2 жыл бұрын

Wow! It works!

@iLinked

2 жыл бұрын

The CPU's glow in the dark

@sekarmaltum1695

2 жыл бұрын

or use computers from before 2008

"Bioluminescent" - Terry A Davis would be proud

@NewCurryofthepast

4 жыл бұрын

Fucking godless glow in the dark CIA joggers

@MrEdrftgyuji

4 жыл бұрын

You just run them over. Thats. What. You. Do.

@aesthet1k_

4 жыл бұрын

@@NewCurryofthepast "joggers"

@zayanh2823

4 жыл бұрын

R.I.P 😔😔

@xtamared

4 жыл бұрын

RIP The greatest programmer who ever lived.

When you said “alphabet” I thought you meant Google not CIA, FBI, NSA... then I realized that was a distinction without a difference.

@hyperhektor7733

3 жыл бұрын

according to snowden files Google is a slave to the NSA due to the NationaSecurity Letter "trick". Its insane that a nation with this type of legal instrument thinks still thinks its a free democracy, but on the otherhand the DDR of germany called themself also "democratic" ;d

@nagualdesign

3 жыл бұрын

😆...

@julianjaimes197

3 жыл бұрын

a t f d e a

@Midaspl

3 жыл бұрын

@@hyperhektor7733 you may laugh at DDR, but it was probably the most free country in the East block. Many people ever dreamt of visiting the East Berlin.

@hyperhektor7733

3 жыл бұрын

@@Midaspl i dont i am german, the people who got killed by the DDR never dreamed to stay ;). Sure they killed less, but it wa a full blown socialist county with all its typical downsides.

Intel's security model is actually much more advanced than Security by Obscurity. Their actual security model is called "Trust Me, Bro" and it works like this: User: Intel, how can I know your system is secure? Intel: Trust me, bro! User: Can I see the source, so I can check for myself or let someone I trust check for me? Intel: Nah, bro, just trust us!

@SyphistPrime

3 жыл бұрын

There's actually instructions in Intel CPUs that we have no documentation on and no idea what they do. They were only found by a program designed to fuzz for these hidden instructions. There was a talk done on this at either CCC or Blackhat from what I can recall. If you can find it you should check it out. It's very interesting, and just shows that even the processor itself might have spyware we doing know about.

@GoldenHat333

3 жыл бұрын

that reminds me of Saddam in south park hey relax guy you need a rest dont think about it, look over here

@logistic-bot458

2 жыл бұрын

@@SyphistPrime kzread.info/dash/bejne/faaf1aSdh8bAl7Q.html might be the video you are talking about. For anyone too lazy to search for it.

@SyphistPrime

2 жыл бұрын

@@logistic-bot458 thank you, that looks like what I was talking about.

@zane8929

2 жыл бұрын

@Brendon O'Connell III a wild Brendon O'Connell has appeared

We're living in a 60s sci-fi writer's worst nightmare.

@h.s3187

2 жыл бұрын

Yeah Such as george orwell 1984

@norbeekash2699

2 жыл бұрын

1984 is nothing compared to the level of surveillance what you have today

@HSnake5

2 жыл бұрын

Not quite. It's not compliance through force or fear, but rather through comfort and convenience.

@halphantom2274

2 жыл бұрын

Yep, Huxley's Brave New World fits better.

@OperatorKaz

2 жыл бұрын

@@halphantom2274 its a mix of both

Poor MINIX, I worry it'll go down in history as "that spy OS used by Intel" despite it's long and proud career as an educational OS.

@rohanahlawat5809

3 жыл бұрын

Oh hello Mr Intelligence agent!

@ExtraLargeWindow

3 жыл бұрын

Yeah CIA agent What you doin here eh?

@gspapp

3 жыл бұрын

Minix is good for writing your own operating system

@lepidotos

2 жыл бұрын

It's a shame, because I really like microkernels.

@iskamag

2 жыл бұрын

I mean it's the devs' fault for using a permissive license, now we all get to reap the benefits.

Builds a truly "libre" computer; installs Windows 10.

@QoraxAudio

4 жыл бұрын

Installs Google Chrome

@user-pc5sc7zi9j

4 жыл бұрын

@@QoraxAudio Installs the Epic Games launcher

@user-pc5sc7zi9j

4 жыл бұрын

@Mialisus Installs Microsoft Office

@kristiyanivanov7414

4 жыл бұрын

installs minecraft

@Gamez4eveR

4 жыл бұрын

connects to the internet

Intel Management Engine and AMD Platform Security runs at Ring -3, the most privileged ring in existence, and they are spywares indeed.

@mycelia_ow

2 жыл бұрын

This should be made illegal

@BruceCarbonLakeriver

2 жыл бұрын

@@mycelia_owTrue that!

Protection Ring: 3: User Mode 2: Drivers 1: Drivers 0: Kernel -1: Hypervisor (virtual machine) -2: System Management Mode (operating system in the CPU) -3: Intel Management Engine (remote administration in intel cpu's)

@ecu968

2 жыл бұрын

-4 matrix

@ZaHandle

2 жыл бұрын

-5 hackers in movies

@VinceSlzr

2 жыл бұрын

@@tejassingh5344 please shut up

@karolbomba6704

2 жыл бұрын

-7: its 7 because its hidden behind 7 proxies

@vaikjsf34a

2 жыл бұрын

@@tejassingh5344 -8 obama bin laden in a cave

rest in peace, terry. our greatest programmer.

@oniruddhoalam2039

4 жыл бұрын

Why?

@sjuvanet

4 жыл бұрын

Oniruddho Alam why what?

@VeryVeryBlackGuy

4 жыл бұрын

wait, is he dead?!

@reallauradee

4 жыл бұрын

@@VeryVeryBlackGuy since 2018

@eijiniizuma6184

3 жыл бұрын

@@VeryVeryBlackGuy he was run over by a train

The most secured computer is a pocket calculator

@alwaysinagoodshape5327

3 жыл бұрын

0.7734

@alwaysinagoodshape5327

3 жыл бұрын

376006 Are you sure about that?

@xyzzy-dv6te

3 жыл бұрын

@Irish Bucket List Book Scam You are an obvious troll, how can you even backdoor something with no internet access?

@gspapp

3 жыл бұрын

325200 here is a number

@simonjesusbeliever3467

3 жыл бұрын

@@xyzzy-dv6te what comment did eh say,

According to libreboot, anything from AMD's 15h architecture (Bulldozer) down should be fine, as they released the source code for them. Also, I got an ad for a schizophrenia medication at the end of this video. Fancy that.

@johnnyblack4261

4 жыл бұрын

Is this an old architechture or is it modern?

@My_Old_YT_Account

4 жыл бұрын

@@johnnyblack4261 somewhat recent

@CommieCat

4 жыл бұрын

Johnny Black 2011 and it was really not competitive. They paid out a suit for false advertising related to its performance too.

@johnnyblack4261

4 жыл бұрын

@@My_Old_YT_Account What about the most recent AMD processor, is the source code released for that?

@PhazonSouffle

3 жыл бұрын

You mean to say that prescription psychotropic drugs are advertised on youtube. Where can I get mine?

"Bioluminescent" 10/10

This takes the word "intel" to a whole new level.

@namenlosNamenlos

Жыл бұрын

Indeed.

I do believe one noted difference between Intel's ME and AMD's PSP, is that many of Intel's vulnerabilities were remotely exploitable where as AMD's required physical access. That is not an insignificant difference.

@UnitAlir

Жыл бұрын

AMD motherboards, like Intel motherboards can still be compromised mid shipping

@blkspade23

Жыл бұрын

@@UnitAlir My point was about the discovered vulnerabilities in the platforms, not about in transit compromise.

@Fabrizio_Ruffo

Жыл бұрын

I was wondering that. Because recording stuff isn't the same as transmitting stuff. The idea of every computer having a black box is different from a backdoor. Though it could be both.

@rompevuevitos222

Жыл бұрын

@@UnitAlir I mean, if someone can manage that. I think that a compromised CPU is the least of your concerns. Like, if someone has the ability to access a shipment and literally modify the CPU without even leaving any evidence (and without ruining it, for that matter). It may even be easier to swap it for something better at whatever the malicious intent was.

I remember reading somewhere, that some guy managed to get an Intel processor to run with a modified BIOS that lacks the Management Engine microcode needed for it to run; the CPU was working flawlessly, except for ANY kind of IP functions not working in any OS. I think this alone tells everything you need to know about this thing.

@JustElijahRS

2 жыл бұрын

IP as in the IP addresses?

@sylv512

2 жыл бұрын

IP stands for “Internet Protocol”

@NawidN

2 жыл бұрын

@@sylv512 I thought he meant "Intellectual Property".

@AnotherSkyTV

2 жыл бұрын

@@NawidN DRM

@ME0WMERE

Жыл бұрын

That's scary. I'm glad I'm using an AMD machine.

My grandpa worked for some part of his life in an encryption center for my country. He talked to me about stuff like this, I only vaguely remember it. I wish I was paying more attention back then.

@iskolat9180

2 жыл бұрын

The West has been doing this for decades. I think your grandfather was talking about Crypto AG which had a backdoor built into its encryption machines, so that the US, UK and West Germany could read top-secret messages of other countries.

Intel ME (Mossad Entrance)

@alchemist889

3 жыл бұрын

Where were these Intel chips designed?

@glowiever

3 жыл бұрын

Intel-aviv Mossad Entrance

@dacho707

3 жыл бұрын

@@glowiever based

@deoxal7947

3 жыл бұрын

@Saudi King Volintine Ander of Arabia I keep asking for a source but you dumb dumbs never provide one because it doesn't exist

@689finalmessage5

3 жыл бұрын

@DSW22 Were the panama papers the time some journalist exposed tax evading companies and got killed by the CIA?

"There isn't much you can do about it" Reminds me if that line where a recalcitrant computer is threatened with a fire axe "I'll give you a reprogramming you won't forget". Almost anyone can disable IME. The clever thing is to disable it without disabling the rest of the CPU

@Misha-dr9rh

2 жыл бұрын

@@idiosyncraticname h2o

@DJ_Level_3

2 жыл бұрын

@@idiosyncraticname Desolder it and throw it in the trash can

@GladiusTR

2 жыл бұрын

You wrote the one who didn't understand the original comment, don't be rude to the guy clearing up for you

@DJ_Level_3

2 жыл бұрын

@@GladiusTR ...I think we were all joking around? At least that's how I took it

@Plons0Nard

2 жыл бұрын

It was Zaphod Beeblebrox using that reprogramming threat to Eddy, the shipboardcomputer of the starship Heart of Gold. Yes, I know my classics 😊👍🏻🤝🏻🇳🇱

USA : accusing tiktok for collecting users data Also USA : **looks away**

@dhruvakhera5011

2 жыл бұрын

the us government is a very big hypocrite if you see their moves

@boss_boy_

2 жыл бұрын

Honestly I’m not that bothered with the feds monitoring google or whatever. Bad opinion, I know, but from what I understand about courts, they can’t use what they find by monitoring your internet in courts, as they weren’t obtained with a warrant. All they can really do is just watch. Besides, the FBI and NSA are _terrible_ at acting on intelligence. The CIA were monitoring the 9/11 hijackers, and still did nothing with info that would have stopped a war. They don’t care. Unless your working for foreign intelligence or are an internationally wanted criminal, they’re probably going to ignore you. Again though, I understand why people are upset, and I’m not saying that the anger they feel is wrong, but more that your data will be secure with them due to the sheer mass of drunk texts and disturbing pHub searches they have to sift through before hand.

@corsomaximahu69

2 жыл бұрын

@@boss_boy_ facts

@ffwast

2 жыл бұрын

@@boss_boy_ bold of you to assume they wanted to stop an event that got them more authority and money.

@MegaKopfschmerzen

2 жыл бұрын

@@boss_boy_ They also brazenly prosecute innocents and fabricate, or at the very least frame evidence.

The solution is clearly to design my own motherboard, so I can be sure there aren't more hidden mics than usual

@chaos0987654321

6 ай бұрын

"I got a $5 wrench that says you will put theose microphones in" t. NSA

Aw man, time to build a room sized transistor computer out of soldered logic gates to run linux and avoid getting spied. Jokes aside, great video

@ujjvalw2684

Жыл бұрын

not a bad idea

@useranonymous9274

Жыл бұрын

“Siri logic gates put in room with solder how?”

@ff-qf1th

7 ай бұрын

DO IT. DO IT YOU COWARD (encouraging)

There are already some senators who like to use something like this to get access to every piece of encrypted data on a consumer device if necessary... So they want to force all vendors to build something like this kind of spyware into all devices. This means that buying any device in the US will be equal to buying a full access backdoor to your own data.

@Scaramouche122

4 жыл бұрын

@@gvonc33 no shit человек

@monad_tcp

4 жыл бұрын

@@gvonc33 Its funny because the US gov think others won't use it against them. What's the basic moral principles of don't do to others what you don't want them doing to yourself. US gov be like: we can spy on you, but don't spy on us

@Tokagawa89

4 жыл бұрын

@@gvonc33 great logic. Doesn't justify it.

@sirzorg5728

4 жыл бұрын

It only ever has been about power.

@jackjhonson5757

3 жыл бұрын

I would rather buy Chinese

That's it, I'm dusting off my commodore 64.

@kittenknee7502

3 жыл бұрын

I never stopped using mine.It never caught a virus in 30 years,and has never given away any personal data without my express permission. My very first tablet phone ......attempted to share files with a laptop in the next room when it first powered up.After much research I identified the data as geoLocations.Why would it give this data to another UNRELATED UNIDENTIFIED computer?We need transparency from GOOGLE as to WHO can and DOES read this info.Bear in mind....the laptop in my house......was not the concern. It is the other computers/networks it was sharing these geolocations with......and WHY.

nope kernel runs on ring 0 on the main processor, rings 0 to 3 are actually implemented on the main processor (the one not of the Intel ME ) as a protection mechanism. So if the IME has some power over the main processor and not viceversa it would be fair to call the "ring on which it runs" ring -1.

@juxuanu

4 жыл бұрын

I was having similar thoughts.

@connorkadel8198

4 жыл бұрын

Technically it operates on Ring -3, as System Managent Mode (a state of elevated control over the CPU) operates at Ring -2 since it can only operate while the computer is turned on. Because the ME is active even while your computer is turned off, it is considered to be the most privileged controller in your computer.

@monad_tcp

4 жыл бұрын

ring -1 is the hypervisor

@vasilis23456

4 жыл бұрын

Kind of except with Intel Vt-x the kernel runs on ring 0, the hypervisor runs on ring -1 and is virtualized, so then I guess the management engine is ring -2.

@s1gm4_4c4d3my

4 жыл бұрын

@@vasilis23456 I mean... from the perspective of being inside the virtual machine I guess so, I just consider ring 0 to be"where" a kernel not in a virtual machine runs.

So this was a 10 minute commercial for System 76

@cestarianinhabitant5898

3 жыл бұрын

To be honest they deserve the exposure, it's a good company.

@EnderCrypt

3 жыл бұрын

its quite a good company, though i am a bit dissapointed by the touchpad starting to fail fairly quickly

@enermaxstephens1051

3 жыл бұрын

@@EnderCrypt I think they'll replace it for free

@misaroorasim

2 жыл бұрын

@@EnderCrypt that would definitely be covered by warranty

@SergeantExtreme

2 жыл бұрын

There's also Purism as well. Purism also makes computers that do not contain the Intel ME.

Minix is free and open source thoe, the book for Minix form Prof. Tanenbaum has all the source code at the end of the book. The Intel ME runs a propietary fork of Minix I wouldn’t call it pure Minix.

@null7879

4 жыл бұрын

In fact, what people often call “ME” is really Minix/ME, or, as I have taken to calling it, ME plus Minix.

@computer-love

4 жыл бұрын

yeah i've looked into minix before and it seems like a very interesting concept, unfortunately development has been at a standstill for almost 2 years now

@MrJoseklon

4 жыл бұрын

christian murray awww shit i lost it lol

@monad_tcp

4 жыл бұрын

ME is just an appliance over the kernel. also, isn't Minix BSD license?

@deoxal7947

4 жыл бұрын

He said that basically verbatim

about the last phrase of the video: unfortunately the computer started being developed in a elite group in universities and in the military, only later it became widespread in 1st world countries specially, so: this kinds of backdoor is really worrysome (is that the right word?) but for me it isn't that surprising, i didn't knew it was intel ME a spyware all along but the concept of a intentional backdoor in all consumer hardware wasn't a new thing to me

@MpSniperM1911

3 жыл бұрын

@Irish Bucket List Book i think the best way to have your privacy is to do everything from the very start, even acquiring the minerals, sand and oil if possible, and also never using their stuff basically

@henrikpersson5420

2 жыл бұрын

That's not why things are like they are today. 2001 and the Brotherman bill is the reason. :) Computers haven't always been insecure, but with an increase in disobedience they have been tightening their grip. Win 11 for instance requires a camera and Bluetooth connectivity. Covid might've been a ploy to limit real life interraction and normalise digital channels that can be monitored. Now the virus is real, but how it came to be and the restrictions on the other hand might've been manufactured to have a certain effect.

@maxthexpfarmer3957

2 жыл бұрын

@@MpSniperM1911 How are they going to hide spyware in the oil? It's going to be burned anyway.

I found it heartwarming to know that Intel is so passionate about end-user experience. Silently. Watching. Always. 👁️👄👁️

"There isn't much you can do about it": A. I've thought of a cryptographic method that you could use to insulate your system's storage and memory from the ME. It's kinda complicated, and I dunno if any x86 os even supports it. However it is possible. B. Use ARM. ARM mfgs get to see the HDL. So, if ARM was hiding anything mfgs would know and word would get out. ARM's business model is inherently safer than Intel's & AMD's. C. If your protecting a nuclear ICBM silo in your backyard, you could use a high performance FPGA. An FPGA is like a programmable microchip. With an FPGA, you can design a CPU exactly how you like it. You don't actually need to design it yourself though. Just use an open source RISC-V core like the "Rocket Chip" or something. I think it's important to note that the ME can't just record all of your data. If the FBI (or CIA if you're a foreigner), or someone who reverse engineered the ME were after you, they could leverage the engine to to collect data from you. It's not as if this is happening to people and nobody knows about it though. The data would need to be exfiltrated somehow, and somebody would notice that.

@vrc7net

4 жыл бұрын

If you want to learn more about this I recommend Bunny Huangs Talk about "Open Source is Insufficient to Solve Trust Problems in Hardware" (you can find it on youtube). Even your own custom FPGA cannot be trusted completely. Of course, unless you are some really high profile target no one will bother to attack your custom chip, but I still think it's quite an interesting topic.

@prodbypo_

4 жыл бұрын

arm is also the future so thats pretty cool

@monad_tcp

4 жыл бұрын

or just plug an offboard LAN card

@monad_tcp

4 жыл бұрын

also, FPGAs also have firmware what sneaky business you are doing anyway?

@monad_tcp

4 жыл бұрын

"a method that you could use to insulate your system's storage and memory from the ME. It's kinda complicated, and I dunno if any x86 os even supports it. " a PlayStation4 would be such an example.

If anyone out there is paranoid now, then buy a USB/PCIE network adapter, and abstain from using the integrated ethernet adapter on your motherboard (same goes for onboard wifi, if your motherboard supports it.) Why? Because Intel ME doesn't know how to use anything except for the integrated adapter(s), and therefore it will be unable to communicate with the outside world. That obviously doesn't fully disable ME, but it essentially neuters it.

@Foused87

Жыл бұрын

@Lucas Budde Mior that's a question

let's bring that templeOS back bois

@dhruvakhera5011

2 жыл бұрын

i have amog OS vm on my pc 😂

Me: "I should upgrade my old Q6600 file server, it still works but starting to show it's age." This video: "It's fine."

It has been running the whole time on my computer and I didn't even know. Terrifying!

@SuperMassiveMax

3 жыл бұрын

Same.

I recently bought a Dell precision 7540 and Intel ME disabled from the factory was the default option. I was pleasantly surprised to see that but this is Enterprise Dell so it makes sense. Also, because it's Enterprise Dell you don't get shafted. 4 SODIMM slots and 4 m.2 slots are in there. No funny business of "you opened it to add more ram so your warranty is void" or "you didn't order a second harddrive so we didn't soldier the other m.2 connector to the board" or anything like that. Built in gigabit Ethernet as well. It makes me sad though because laptops like this probably won't be around for much longer.

@j.k.4479

2 жыл бұрын

Do you know if Dell does the same thing for their Alienware brand?

@smoothbraindetainer

2 жыл бұрын

@@j.k.4479 Definitely not. Dell's entire consumer line has gone to crap. Stay far away

@fgsaramago

2 жыл бұрын

Actually, the Intel ME exists supposedly to cater to network administratirs so the enterprise is where it would make sense to have it enabled

@SergeantExtreme

2 жыл бұрын

Not true. Many more companies are waking up to this kind of thing. Purism is a great example of a company that sells good computers with the Intel ME disabled by default.

@oventree

Жыл бұрын

as far as i know the actual ME firmware in those ME disabled dells isn't stripped of all the extra modules that aren't necessary to bring up the CPU, so you'd probably want to run ME cleaner as well. however even with a stripped and neutralized ME there's still the SA-00086 vulnerability in a lot of intel's older chips that is apparently present in one of the core modules needed to start your computer. and as far as i know it can't even be patched with an ME firmware update.

Wowie, thanks! Before, I wasn't really concerned because I thought "Sure, take my data, you won't be able to do shit with it anyway", but now the thought that someone at AMD could simply brick my PC remotely suddenly won't leave my head.

@theundefinedx0018

2 жыл бұрын

Not sure if you're being serious, but "Sure, take my data, you won't be able to do shit with it anyway" is a very concerning argument. What if you do have something to hide? Why wouldn't you want that option? The Jews in Amsterdam sure would have liked to have that right to privacy in 1939 to not have their religion be written down in the local government's administration. Like Edward Snowden said: "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.". en.wikipedia.org/wiki/Nothing_to_hide_argument

@vaikjsf34a

2 жыл бұрын

@@theundefinedx0018 good quote :)

Intel inside means a whole other thing now

*puts blanket over priceless jewel* "Now they'll never know where to look!"

I worked IT in my college and I remember my boss making us go to every single computer in our inventory and install that Intel firmware patch. I didn't realize how truly bad it was.

thankfully there are some groups that are working on open source CPU designs. once they become ussble we can move our sensitive info there !

@gameappreciation

2 күн бұрын

Did this go anywhere in 2 years?

@ali32bit42

2 күн бұрын

@@gameappreciation well yes. not quite industry ready yet but performance had massive improvements. look up risk V or risk 5

@gameappreciation

2 күн бұрын

@@ali32bit42 Ohh exciting

Unlike intel ME, though, most AMD systems allow you to disable AMD's PSP. But then you don't have the on-board TPM to do secure boot with, which may or may not matter to you.

@ThylineTheGay

3 жыл бұрын

How?

@ARitzCracker

3 жыл бұрын

@@ThylineTheGay In the case of my laptop, there's a bios setting literally called "AMD Platform Security"

@ThylineTheGay

3 жыл бұрын

@@ARitzCracker oh

@TheMohawkNinja

2 жыл бұрын

Intel is the same way. You can disable it in the BIOS, or just uninstall the ME driver.

@averagegeek3957

2 жыл бұрын

@@TheMohawkNinja I haven't seen the BIOS setting you are talking about, but the most that could do would be preventing the ME from being visible to the OS (because it has to be visible to the OS for firmware updates). The ME still boots up and has all its privileges regardless of how the BIOS is configured or what driver is installed on the OS. I imagine the same to be true for AMD's PSP.

A bit beside the point, but I feel like you kind of missed the mark on the example about security by obscurity. Windows does not have more viruses created for it than Linux because it's closed source. It has more viruses created for it because it has a sigificantly larger userbase than Linux, and that userbase is also generally less tech savvy. The same goes for OSX, but not quite on the same scale

@effsixteenblock50

4 жыл бұрын

@TheMagzuz Yep. Malware authors are naturally more apt to write for the OS with the most market share. He also didn't mention that a not insignificant portion of the windows code base is no longer closed source.

@sterkriger2572

4 жыл бұрын

effsixteenblock50 macOS as far as I know isn’t too

@tacticaltux4231

3 жыл бұрын

Sure, the desktop space is heavily sided towards a higher Windows usage, but Linux dominates the server market, which can be a much more lucrative target for some than the end users. Linux is a very prime target for this reason, and so the argument of "less users" doesnt really make sense with server computing taken into account.

@PhirePhlame

3 жыл бұрын

THIS. Mac OS didn't really have much of a malware problem until it started catching on. Of course, Apple advertising that Macs don't get viruses probably didn't help, as virus makers tend to take such claims as challenges. If Linux starts to also go mainstream, so too will Linux malware.

@PhirePhlame

3 жыл бұрын

@@tacticaltux4231 But server admins are generally much more proficient and wary than your average end user, which makes it significantly harder to even get into one in the first place.

IME doesn't just have ring 0 privileges, it actually runs in ring -2

@ME0WMERE

Жыл бұрын

or really -3, as it can run while your computer is turned off

Some time ago (months) I watched a video about China making a CPU. I remember commenting that I didn't trust them to *not* install a hardware backdoor... Guess I shoulda been looking closer to home. So has Intel and AMD said anything about _why_ these systems are installed?

@TheMohawkNinja

2 жыл бұрын

It allows IT departments to remotely manage the BIOS. Think of it has low-level RDP. Intel ME at least doesn't really bypass firewall rules. So long as you block the couple of ports it uses, you are fine.

@ahmadanime7586

2 жыл бұрын

@@TheMohawkNinja how can I do that?

@ilearncode7365

2 жыл бұрын

@@ahmadanime7586 This, they say that it allows users to remote manage their computers even when the computer is off and no OS is running, but Ive never heard of anyone actually using this claimed feature.

@impoppy9145

2 жыл бұрын

@@TheMohawkNinja "Block the couple of ports it uses" why so many uneducated ppl are talking about things they don't understand in this day and age? Don't talk about things you don't understand. This remote access is " allegedly " designed for IT professionals to have FULL CONTROL. AKA they can turn on and off the laptop, access the bios AND reinstall the corrupted OS. HOW TF ARE YOU GOING TO FIREWALL THIS ?? EVEN IF YOU REMOVE THE HARDDRIVE THEY STILL CAN ACCESS BRUH.

@TheMohawkNinja

2 жыл бұрын

@@impoppy9145 Okay, if you understand so much, then explain to me how you can ignore external hardware firewall rules from the local BIOS? Because if that's something you can easily do, we can just throw LITERALLY ALL OF CYBERSECURITY out the fucking window.

Fun fact: If you somehow remove the Intel Management Engine, and the cpu doesn't see an Intel ME, the CPU will force the pc to shut itself off in exactly 30 minutes, regardless of what you're doing. One of my laptops has a corrupted ME configuration so it is very hard to work on Edit: found out from the guy that replied to me that modern intel cpus require me so yeah have fun removing it on the 12900k

@invalid_user_handle

2 жыл бұрын

What happens when you remove the Intel ME depends on the CPU. More recent ones actually _require_ some parts of the Intel ME to be intact, or else the CPU simply won't work at all.

@alexander1989x

2 жыл бұрын

Luckly there is a way to reflash and restore the ME on forums like WinRaid. Had my laptop doing the same thing due to a tripped Intel Anti-Theft and had to remove that module and reflash the bios with a IME patch.

Well, at least AMD says PSP can be disabled. Not that anybody trusts vendors in such things, but it can still be true (in theory).

@quadrupledamage

4 жыл бұрын

at least they attempt to give you the illusion of being able to turn off the spyware :)

@longnamedude3947

4 жыл бұрын

You can turn off AMD PSP? That's news to me, I thought both Intel ME & AMD PSP were hardcoded to never be switched off when shipped with hardware? By the way, you can get Intel CPU's without Intel ME, I know, I have one. Intel ME - Level 4 Disabled, basically no information seems to be available about it anywhere that I can find, but it is completely removed from the CPU, it also means lots of consumer features are totally non-operational with no ability to enable them.

@GhostSamaritan

4 жыл бұрын

@@longnamedude3947 Yeah I was installing something and it said I needed to install Intel MEI drivers but the drivers refused to install. Maybe not the same thing but semi-related, I guess?

@xL1PEx

4 жыл бұрын

@Kohina closest thing right now: github.com/PSPReverse/PSPTool

@brunettebird57

4 жыл бұрын

It can't be disabled, as it controls the DRAM initialization. It's a fake choice.

Gives a whole new depth to the logo "Intel inside".

I hope RISC-V will solve the Intel/AMD problem.

Anyone worried about Intel ME block you can block port range 16992:16995 on your router. Because ME network traffic runs on TCP/IP you can still block it. You just can't block it with the device that has ME.

@wearefromserbia9714

11 ай бұрын

first time hearing about this

Idk. about that whole disabling ME thing. I have have a friend who worked for Google and he said thay've meddled with it and even they are having a hard time disabling ME for good. They got it disabled only temporarily. Also he told me that ME being truly disabled in those laptops sold by companies like system76 is bullshit. But he says a lot of things so I wouldn't take his word as a granted truth.

@archygrey9093

3 жыл бұрын

I tend to believe him, the me has privileges over the bios so bios changes might stop it communicating but it will still be there and functional

@SFSAtlas

2 жыл бұрын

@@archygrey9093 my firmware has an option to disable ME and AMT and it disables the firmware modules so that the ME can't access anything

@theodiscusgaming3909

2 жыл бұрын

System76 does remove the more sus stuff from the ME but some of it still remains

@SFSAtlas

2 жыл бұрын

@schmobbing Probably not, but the switch doesn't harm

@the.scarlet_witch.official

2 жыл бұрын

Purism does the same thing to their products too i think

7:43 "AMD has the same thing build into the motherboards" Shows an image with the PSP clearly on the SoC. Also, you can disable the PSP in the bios on AMD laptops (at least on my Lenovo Ideapad 5 15"). If they're doing something truly nefarious obviously that disable toggle won't actually do anything though.

@evandex08

2 жыл бұрын

My lenovo ideapad slim 3 also had the option to turn off PSP

@pokepe12

2 жыл бұрын

Is there a possibility that the option doesn't actually do anything and is just there to provide false security?

@TheObsesedAnimeFreaks

2 жыл бұрын

Intel's ME is also a system management tool, and not there for any malicious purpose. it's probably not necessary but it is there.

@My1xT

2 жыл бұрын

@@TheObsesedAnimeFreaks but it could as well have backdoors

@TheObsesedAnimeFreaks

2 жыл бұрын

@@My1xT it most likely does not. Why would they want or need to build backdoors into it.

This rabbit hole goes deeper than I ever thought.

Really like your style of narration. This little background noice makes it even better, I'm kinda sinking into your space

Coreboot still can't remove the entire management engine. Also, ARM probably already has a similar management engine, at least on the Raspberry Pi, the GPU has VideoCore IV which can control the CPU.

@charliekahn4205

3 жыл бұрын

Maybe you could use an OS without an ME driver, maybe one that just returns null.

@charliekahn4205

3 жыл бұрын

@PC del Pueblo you still need software capable of accessing the ME hardware to take advantage of the ME.

All modern intel CPUs released before 10th gen and after 2008 now have CSME vulnerability that allows remote code execution. CVE-2019-0090, enjoy

I'm old enough to remember when this was called a conspiracy theory.

Ever heard of the talpiot program, or unit 8200? The rabbit hole you just opened goes a lot deeper than you may be willing to go...

Still waiting for affordable OpenPower PCs

@Arctic740

4 жыл бұрын

how about ARM?

@longnamedude3947

4 жыл бұрын

POWER10 fingers crossed. Got my eyes on the Raptor Computers stuff.

@bitnatures

4 жыл бұрын

@@Arctic740 is there open source arm processors? I thought most had proprietary blobs.

@rodrigosouto9502

4 жыл бұрын

RISC-V seems promising too

@censoredterminalautism4073

4 жыл бұрын

I'm am too poor to consider even that, but you could look for older used machines running different architectures, if you want to maximize security. There are a few different options. Maybe if you're lucky you can get your hands on one of the old POWERs for not that much. I haven't researched this at all, but maybe it's a possible affordable option. New hardware is not necessary.

"Bioluminescent government agents" Instasubbed.

@thomaspayne6866

3 жыл бұрын

God damn I’m the only one who doesn’t understand what this means

@xavier6130

3 жыл бұрын

Search "Temple OS" and go down the rabbit hole. (The actual phrase is "Glow in the dark CIA n***ers" if I remember correctly.)

i personally solved my security info breach by taking enormous amounts of bendagryl and ayahuasca to the point of developing multiple personalitys, then i personally programmed each personality to be switched on very specific triggers, and every personality has limited info available to them so it functions as a patch of the torture vulnerability

Thank you, man. I subscribed to your channel!

You had *ONE* job! Just make freakin' processors!!!

Watched this a while ago, but I just realized you called MINIX closed source. MINIX is an open source microkernel licensed under the BSD license. However, Intel made a derivative that is fully proprietary.

@vaikjsf34a

2 жыл бұрын

I thought that making open source closed source is a violation of GPL?

@4n0ngaming

2 жыл бұрын

@@vaikjsf34a MINIX is licensed under the BSD license. GPL and BSD are two different licenses and the BSD license allows you to make closed source software out of the open source software.

@Marc-rw3dd

2 жыл бұрын

Uh, he mentioned pretty clearly that minx is open source, but the important parts of that we need to see that was implemented by Intel is proprietary

@sylv512

2 жыл бұрын

this is why you don’t use a cuck license

@4n0ngaming

2 жыл бұрын

@@sylv512 honestly idk if GPL/copyleft is better than cuck licenses. The BSDs are in much better shape than Linux because corporations aren't influencing them as much

I stg your videos are insanely interesting and they are literally about my lifes biggest interest

In case you thought the NSA/CIA/Government agencies weren’t in bed with US Corporation, this should clear it all up. We’ve become somewhat like China while trying to defeat them and I pray we don’t go further in that direction.

You should've given us a reference as to what hardware is free from the x86 backdoor. For those interested, you can still get relatively recent AMD CPUs that don't ship with PSP; the first instance of a PSP ARM core implementation is with the late 16h family Puma micro-architecture (2014), so anything from Jaguar (2013) and beyond should be safe.

@newsciencestuff5540

11 ай бұрын

Like Ryzen laptops?

@newsciencestuff5540

10 ай бұрын

@@_brugman damn bro

This is why my next build will use a SiFive RISC CPU and I'll just have to wait for gaming on RISC to catch up before I can stay up to date on games

Very interesting# Had been wondering why you never hear about Ring 0 being used in the OS. Now it's clear. Thank you.

CPU that has spyware and it's in everyday. This is your daily dose of Recommendation

I've been sceptical about this subject. If there is a spyware, well, it has to transmit some sort of data to the desired control center. Me and a few of my colleagues, monitored network and systems with both Linux and Windows OS to make sure there is something going on.. But as much as I loved to prove this theory, we couldn't find any results ..

@DarkNight4090TI

2 жыл бұрын

Isn’t the data saved in ur hardware?

@ThePennitentOne

2 жыл бұрын

@@DarkNight4090TI and as long as it stays there is not really a problem though

@theundefinedx0018

2 жыл бұрын

Isn't the problem here that the firmware could be overwritten/hacked by some malicious party/individual that could send it over internet? I also don't think Intel would be a prime suspect for spyware, but they do allow the possibility to have that happen to be larger than having no ME or having an open-source ME.

@ThePennitentOne

2 жыл бұрын

@@theundefinedx0018 Yes but that requires that attacker to already have code-execution on the machine and would act more like a priv-esc so while this is still really bad, malicious code running on their machine is generally already game-over for the victim. At least that’s how I see it, not really any expert or anything

@dertydan

2 жыл бұрын

Yeah this is making a big leap imo

Embedded microcontrollers should provide a secure hardware level of security when used with open source Linux, but at a reduced level of computing speed. Raspberry Pi, Nvidia Jetson NANO and other similar embedded systems (SoC) with GPU built in on the ARM Coretex system architecture don't have the management engine hardware built into them. This would be a good alternative for secure computing. Would the use of a Linux virtual machine running on Intel or AMD also provide a good level of security? Great video and information!

this is why i have a 2007 imac(2008 was the year intel me was introduced)

This just gives a whole new meaning to they are always watching you.

The real question is what is the total available byte length for preloaded code in ME. Since memory inside the processing chip has a premium, I believe it would be relatively small. That could give us more realistic bounds of what it can do with all the data it can "see" passing through it..

@johnbergamini3567

2 жыл бұрын

Probably not. Even if the ME has a small, but highly "invasive" instruction set, presumably, that small "invasive" instruction set could and would co-opt the more powerful general processor instruction set and do anything an unpossessed Intel machine might do. It might be slower...and that would be a "tell".

FYI, Minix isn’t a BSD, it’s its own OS written by a famous computer scientist (in CS circles) Andrew Tannenbaum. Lots good debates between him and Linus Torvalds back in the late 90s/early 2000s on OS architecture (especially monolithic kernel vs microkernel).

Finally a reason to make me feel good to still b stuck with a old P45 chipset as main pc xD

Thank you for this detailed explanation!

Don't forget you can use hardware firewalls to at least control where your data goes. I've been wanting to get one to block Microsoft's forced updates as well

*To be clear,* System76 have *not* _successfully disabled the Intel Management Engine_ (9:42), only certain resources: _Disabling all functionality of the Intel ME is not possible. Methods for disabling runtime components vary between versions. System76 Open Firmware disables runtime components of the Intel ME using the most capable method possible._

Thank you for talking about this!

exactly. at this point we got to make our own chips from scratch.

It was always suspect when virtually all computers worldwide can only have an AMD or Intel CPU at the same time computers gained importance to everyday life at home or work. #phucked

I found out about all this when it was first implement on our work tablets back in 2012. Wanna know how I worked out the capabilities of IME? I searched the Patent applications registry and found the applications by Intel. All capabilities were listed

The nice thing about the newer management engines is that you can actually control them yourself if you've got a newer vPro Intel CPU since it has a more advanced glowCPU (aka management engine) that can be used to perform actions on your PC remotely without having to be a federal agent to do so. You could actually install a completely different OS on your computer remotely on the new ones.

MINIX3 is not closed source - and as MEI has no storage on its own and doesn't sign the IFD (up to Skylake), you actually can control what segments you want to load. The structure is directly visible.

Don't store anything cool on something connected to the internet

I decided a different route than buying S76, which was simply unplugging the machine. It’s brought a lot of piece of mind, reduction in carbon footprint & more free time (aided by unemployment).

@sherdil3717

2 жыл бұрын

Get a real job

@cloudthief8918

2 жыл бұрын

@@sherdil3717 get a life. you really don't have better things to do than insult others online?

@sherdil3717

2 жыл бұрын

@@cloudthief8918 its was a joke (because he said he was unemployed)

Very useful for rebooting by lan also serial console over lan was useful. I remember it was enables and disabled in BIOS. I mean that after you disable the feature in BIOS then it was not discoverable on the LAN and did not respond to any packets.

One can only wonder what the recent Chinese x86 CPUs do in the context of Intel ME and AMD PSP. It’s probably worse in a domestic Chinese context but makes you wonder a few things.

Doesn't provide Purism a similar service to this with their laptops and NUCs besides System 76? It would also be interesting what exists on ARM chips similar to this. Because I would not assume that ARM chips are safe either considering the amount of chips inside of phones which couldn't be potentially be spied on if they were.

@evmanbutts

4 жыл бұрын

Arm is even less secure.

@sterkriger2572

4 жыл бұрын

evmanbutts actually it is

@thomaspayne6866

3 жыл бұрын

ARM? Someone above mentioned ARMs “trustzone hypervisor”.

9:24 The most powerful intel CPU without the iME is the Xeon x5450

I remember using Minix on Intel 8088's back in the day when networking with PC XT's

Security by obscurity works but only when the device or software itself is obscure. For example, a completely custom, home-made OS will be inherently secure via obscurity simply because the only person with access to that OS is the person who made it. Trying to maintain obscurity for software or hardware that's readily distributed doesn't work because people still know it exists.

"it can bypass firewall configurations due to its dedicated network configuration" - this blips my "BS" radar. It can talk out the network port without the OS on that machine being able to use its own firewall to intercept it, sure. But the next firewall (perimeter equipment) WILL see that traffic, implied in your statement is that it can tunnel out through anything.

@ReptilianLepton

2 жыл бұрын

What steps actually would need to be taken to secure a network specifically against outgoing (or internal inter-device) traffic originating from ME/PSP doing nefarious things? Obviously _AMT_ is extensively documented but surely locking down the ports AMT happens to use would not be of much value against ME itself. So, in this context, what does a glowie packet look like?

@snap-off5383

2 жыл бұрын

@@ReptilianLepton Dunno, you'd have to white-list only and log to see where it wants to talk and what info you can garner about those places to sift them out. Then there would be information from those you catch that could be used to fingerprint them.

Those Pre-2008 CPUs are looking better and better. Might have to pull out some old lemons, delid, over-clock the olden goldies.

*This took "Intel inside" To a whole new meaning*

iirc wiki says its ring -3 cba checkin

@nicokulmann8398

4 жыл бұрын

i did check (obviously its more metaphorical than real) The ME is colloquially categorized as ring −3, below System Management Mode (ring −2) and the hypervisor (ring −1), all running at a higher privilege level than the kernel (ring 0)

@MentalOutlaw

4 жыл бұрын

ah good to know, I thought it was ring 0 from my research, wish I could pin your comment.

@SimGunther

4 жыл бұрын

@@MentalOutlawThere is a special "ring -4" discovered by Chris Domas that pertains to special RISC based CPUs controlling the model specific registers in some x86 based CPUs.

@jamesm5192

4 жыл бұрын

@@MentalOutlaw If channels like yours continue to spread awareness about AMD releasing their source, then there's a chance for widespread security: libreboot.org/amd-libre.html

@linuxinside6188

4 жыл бұрын

@@SimGunther There are many hidden registers in x86 .