> My first thought was that it seems increasingly clear that Stallman has been right all along.
The problem is that being philosophically right doesn't always mean being practically right. In order to create the perfect Stallman-esque machine, one would have to design everything from the logic chips up from scratch, because in the end, no third party can be trusted. He says this himself about the Loongson system he uses daily; he considers it a compromise but one heavily weighted in his favor.
In short, Stallman has been right all along, but there's little we can do about it from a practical standpoint.
tldr: Intel's remote management capabilities are obscurely baked into every chipset. The ME has out of band access to the network card and main memory. Since ME also has its own flashable memory in principle a machine could be compromised in a nearly undetectable way. The presentation shows that a lot of interesting details of ME have been brought to light but it has also withstood a first round of attacks. No rootkit has yet been shown to be practical.
Wow. SPARC and Java, two things you wouldn't ever expect Intel hardware to ship with! The mention of SOAP-based protocols is also rather surprising, since they have rather high overhead, and this means ME is not just a little 8051-class MCU but almost a fully-featured PC itself...
The amount of complexity - and the opportunities to hide things in that - has increased so much compared to earlier PCs that in some ways I think the development of computer systems is headed on a rather treacherous path. When systems are so complex that no single person can understand them entirely, it's easier to make them behave against their owner's will.
Take a look at the PDF version on recon.cx linked by jesrui— it's substantially different from the slideshare version in a few places, notably that it talks about a third generation (Bay Trail TXE) which uses SPARC and drops the pesky Huffman coder entirely in favor of LZMA.
The ME is on _every_ CPU, and you can't easily disable it (there are ways, but it's unclear how much really shuts down, and you might lose power management features).
vPro is merely the larger ME firmware: The small one is 1.5-2MB, the vPro one is 5-7. A non-vPro mainboard probably comes without a SOAP-capable webserver (although I wonder what they need 1.5MB of code for), but the chip to run it is all there.
What, SPARC and Java in Intel motherboards? Is this some elaborate gag on Sun/Oracle? I hope they'll demo it by running Solaris there for good measure.
"Can be active even when the system is hibernating or turned off (but connected to mains)"
On top of the security issues, it seems Intel owes a lot of people some reimbursements for their share of the power bill. Unfortunately, I suspect this theft of electricity will be quietly swept under the rug and forgotten about.
[+] [-] ollybee|11 years ago|reply
My first thought was that it seems increasingly clear that Stallman has been right all along.
[+] [-] morganvachon|11 years ago|reply
The problem is that being philosophically right doesn't always mean being practically right. In order to create the perfect Stallman-esque machine, one would have to design everything from the logic chips up from scratch, because in the end, no third party can be trusted. He says this himself about the Loongson system he uses daily; he considers it a compromise but one heavily weighted in his favor.
In short, Stallman has been right all along, but there's little we can do about it from a practical standpoint.
[+] [-] jesrui|11 years ago|reply
[+] [-] jcr|11 years ago|reply
https://www.youtube.com/watch?v=Y2_-VXz9E-w
[+] [-] WhitneyLand|11 years ago|reply
[+] [-] bhouston|11 years ago|reply
[+] [-] venomsnake|11 years ago|reply
After the sony hack ... lets say that I feel less secure about anything.
[+] [-] logicallee|11 years ago|reply
[+] [-] userbinator|11 years ago|reply
The amount of complexity - and the opportunities to hide things in that - has increased so much compared to earlier PCs that in some ways I think the development of computer systems is headed on a rather treacherous path. When systems are so complex that no single person can understand them entirely, it's easier to make them behave against their owner's will.
[+] [-] lambda|11 years ago|reply
[+] [-] nine_k|11 years ago|reply
[+] [-] walterbell|11 years ago|reply
[+] [-] icarusmad|11 years ago|reply
[1]: http://en.wikipedia.org/wiki/ARC_International
[+] [-] userbinator|11 years ago|reply
Look at slide 50.
[+] [-] wiml|11 years ago|reply
[+] [-] wyager|11 years ago|reply
It's absolutely horrifying. There's no way this is secure.
[+] [-] cm3|11 years ago|reply
[+] [-] sounds|11 years ago|reply
Intel chips up to (I think) 2006 would happily boot without the ME enabled ("ME optional").
Intel's newer chipsets have a watchdog in the ME hardware which will reset the main CPU if the ME is not initialized by the BIOS ("ME mandatory").
Combined with the as-of-yet unbroken RSA signature on any ME firmware, this has some pretty astounding implications.
[+] [-] pgeorgi|11 years ago|reply
vPro is merely the larger ME firmware: The small one is 1.5-2MB, the vPro one is 5-7. A non-vPro mainboard probably comes without a SOAP-capable webserver (although I wonder what they need 1.5MB of code for), but the chip to run it is all there.
[+] [-] astrange|11 years ago|reply
[+] [-] lambda|11 years ago|reply
[+] [-] gweinberg|11 years ago|reply
[+] [-] cm3|11 years ago|reply
[+] [-] Maakuth|11 years ago|reply
[+] [-] lambda|11 years ago|reply
[+] [-] pdkl95|11 years ago|reply
On top of the security issues, it seems Intel owes a lot of people some reimbursements for their share of the power bill. Unfortunately, I suspect this theft of electricity will be quietly swept under the rug and forgotten about.