Kaydol

Flood göndermek, insanların floodlarını okumak ve diğer insanlarla bağlantı kurmak için sosyal Floodlar ve Flood Yanıtları Motorumuza kaydolun.

Oturum aç

Flood göndermek, insanların floodlarını okumak ve diğer insanlarla bağlantı kurmak için sosyal Floodlar ve Flood Yanıtları Motorumuza giriş yapın.

Şifremi hatırlamıyorum

Şifreni mi unuttun? Lütfen e-mail adresinizi giriniz. Bir bağlantı alacaksınız ve e-posta yoluyla yeni bir şifre oluşturacaksınız.

3 ve kadim dostu 1 olan sj'yi rakamla giriniz. ( 31 )

Üzgünüz, Flood yazma yetkiniz yok, Flood girmek için giriş yapmalısınız.

Lütfen bu Floodun neden bildirilmesi gerektiğini düşündüğünüzü kısaca açıklayın.

Lütfen bu cevabın neden bildirilmesi gerektiğini kısaca açıklayın.

Please briefly explain why you feel this user should be reported.

Intel suffers massive data breach involving confidential company and CPU information revealing hardcoded backdoors.

Intel suffered a massive data breach earlier this year and as of today the first associated data has begun being released. Some users are reporting finding hardcoded backdoors in the intel code.

Some of the contents of this first release:

– Intel ME Bringup guides + (flash) tooling + samples for various platforms

– Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)

– Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES

– Silicon / FSP source code packages for various platforms

– Various Intel Development and Debugging Tools – Simics Simulation for Rocket Lake S and potentially other platforms

– Various roadmaps and other documents

– Binaries for Camera drivers Intel made for SpaceX

– Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform – (very horrible) Kabylake FDK training videos

– Intel Trace Hub + decoder files for various Intel ME versions

– Elkhart Lake Silicon Reference and Platform Sample Code

– Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.

– Debug BIOS/TXE builds for various Platforms

– Bootguard SDK (encrypted zip)

– Intel Snowridge / Snowfish Process Simulator ADK – Various schematics

– Intel Marketing Material Templates (InDesign)

– Lots of other things

[https://twitter.com/deletescape/status/1291405688204402689](https://twitter.com/deletescape/status/1291405688204402689)

Benzer Yazılar

Yorum eklemek için giriş yapmalısınız.

35 Yorumları

  1. torrent: magnet:?xt=urn:btih:38f947ceadf06e6d3ffc2b37b807d7ef80b57f21&dn=Intel%20exconfidential%20Lake%20drop%201 the torrent link
    Edit: The Link dose work

  2. Welp, looks like it’s time to install Coreboot on my PCs.

  3. Once my 2012 rig dies, my next computer is just gonna be 15 Raspberry Pis duct taped together.

  4. Heads up: you can disable all remote network access to Intel ME by installing a 3rd party NIC and using that instead of the integrated NIC.

  5. Now apply this to encryption that has a backdoor in it for the government…do you really think this information will stay private. This is the reason you say FUCK YOU to the government when they come asking for something like this.

  6. >Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.

    For those unfamiliar – verilog is a hardware description language for building logic circuits. It’s similar(ish) to C, but everything “executes” concurrently (cuz it’s not a programming language, really, it describes logic inside processors).

    Think of it as the text-based blueprints for CPUs.

    I haven’t looked at the data, so no idea what part of the xeon platforms had their verilog dumped (which is likely what OP was talking about being unsure of)… But that’s likely some high value intellectual property.

  7. [ ] Tell me about ME flashing.

    [x] Tell me about the hardcoded backdoors.

    [ ] any news on AMD backdoors?

    [ ] goodbye.

  8. I wonder if Apple probably knew about all this and that’s why they are making the jump to ARM

  9. Before I was kinda glad I didn’t waste money, and now I’m so glad I didn’t get the intel processor I wanted when I rebuilt a few months back.
    Security risk, after security risk, after security risk… And none of them have been minor…

  10. Wanted to apologiese if anyone felt mislead by the title, I should have said “revealing possible backdoors” as mentions to them have been found in the comments of code.

  11. Link to the Data if anyone wants it [https://t.me/exconfidential/590](https://t.me/exconfidential/590)

  12. > Some users are reporting finding hardcoded backdoors in the intel code.

    From what I can see, they only found comments using the word “backdoor”, such as the one here: https://twitter.com/deletescape/status/1291422841834016770

    But this could mean anything, so let’s not jump to conclusions.

  13. May not be a breach, exactly:

    “We are investigating this situation, but this does not appear to be the result of a network breach,” a spokesperson for Intel said. “The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.”

    https://www.theregister.com/2020/08/06/intel_source_code_leak/

  14. Great example of why we shouldn’t allow congress to mandate encryption back-doors be built into hardware.

  15. Anyone have the password for Boot_Guard_KBL_ACM_3698_SDK_ES_QS_PV_Rev1_0.zip ?
    its not Intel123 or intel123 or “i accept”

  16. The fully open-sourced Talos II workstation is looking better and better… PowerPC64 is cool as shit too.

    https://raptorcs.com/TALOSII/

  17. This is not toooooo bad.

    * Bad actors are always attacking Intel and may have already been using some of these vulns. Now at least the “good guys” have a better chance of finding them, and hopefully mitigating them.
    * Companies and governments will hopefully put more pressure on Intel to be more transparent.
    * On the other hand, most people don’t update their firmware or whatnot, so this is just going to create another way for old machines to be hacked.

    Even the creator of Minix didn’t know they were using it in the firmware. Imagine one day waking up to find your old toy OS is one of the most widely used in the world.

  18. I’m kinda a neophyte with this stuff, but is the problem that Intel is super bad at security, or that they’re the biggest manufacture and therefore have the largest attack surface? Like would we expect AMD chips to have similar flaws?

  19. Seems like Intel is getting its comeuppance for years of bad behavior. Karma is a bitch.

  20. That was quite predictable. This is the reason I deactivated Intel ME in my server by modifying the BIOS ROM using this software:
    https://github.com/corna/me_cleaner

  21. so…Intel ME is pretty much the backdoor software shit right?

  22. I am surprised that people are surprised that there are backdoors. Why wouldn’t there be? Shit like that is NDA’d so far up your ass you’d be coughing blood if you ever spoke anything about it publicly.

  23. Reading this 24 hours after my Ryzen 9 was delivered feels nice.

  24. **Aggressively eats popcorn while using AMD Ryzen CPU**

    ​

    Just kidding. This is bad on so many levels. I am a network engineer and most of the gear I use everyday has Intel CPUs embedded in them. This is a bad day for everyone. Also, fuck Intel ME.

  25. Are you fucking kidding me, they were breached because their password was Intel123?!

    Edit: I added the ?! the password was just Intel123 or intel123

  26. And that’s why having root kit processesors inside the main CPU for “security” really means hackers can steal your information now or install bootloaded code that can operate in ring 0. NICE ONE

  27. In one hand, I second the “well, fuck” sentiment portrayed by the other commenter, but on the other hand I hope this leads to more understanding about the internals of the Intel ME. Last few years have shown that it’s a tremendous security liability, and the best way to mitigate this is if we all get a better understanding of how it works.

  28. Hah torrent and everything.

    Anyway i’m sure intel are a reputable company who we’ll find out has been saying “no!” to their government when they ask for fascist stuff.