When it comes to Intel Management Engine, I actually think it’s not a threat if you neutralize it. I mean to just set the HAP bit on it. Because if that isn’t enough then that means all computers in the world which use Intel CPU can be accessed by NSA but if NSA had this much power then it seems obvious that they aren’t using it and why wouldn’t they use it?

There’s a github project to neutralize/disbale Intel ME: https://github.com/corna/me_cleaner Disable is overwriting intel ME as much as possible with zeros, leaving only a little remaining to be able to boot the computer. The newer the intel chips are, the less likely it is to be able to disable it. But all chip sets can be neutralized which means to set the HAP bit which is an official feature. In theory we can’t actually trust the HAP bit to really disable intel ME permanently. It’s more like asking Intel to do what they have promised because it’s proprietary. But I think it really does permanently disable it because otherwise NSA would be abusing this power.

That’s why I think the newer laptop models are better because it’s probably not necessary to disable, it’s enough to just neutralize withthe HAP bit. And with a newer modern laptop they can have open source Embedded Controller firmware which is better than proprietary Embedded Controller firmware.

I’m interested to hear what you think as well.

      • yetAnotherUser@discuss.tchncs.de
        link
        fedilink
        arrow-up
        0
        ·
        2 months ago

        I genuinely believe the NSA et al is targeting those who attempt to avoid all targeting more than the average person. It’s difficult to avoid being tracked, it’s nearly impossible to additionally blend in with an unsuspicious façade. Might as well become a secret agent if you’re capable of avoiding the NSA’s gaze.

    • moonpiedumplings@programming.dev
      link
      fedilink
      arrow-up
      0
      ·
      2 months ago

      Crowdstrike didn’t target anyone either. Yet, a mistake in code that privileged, resulted in massive outages. Intel ME runs at even higher privileges, in even more devices.

      I am opposed to stuff like kernel level code, exactly for that reason. Mistakes can be just as harmful as malice, but both are parts of human nature. The software we design should protect us from ourselves, not expose us to more risk.

      There is no such thing as a back door that “good guys” can access, but the bad guys cannot. Intel ME is exactly that, a permanent back door into basically every system. A hack of ME would take down basically all cyber infrastructure.