The Active Management Technology ( #AMT ) application, part of the Intel “vPro” brand, is a #Web server and application code that enables #remote #users to #power on, power off, view information about, and otherwise manage the #PC. It can be used remotely even while the PC is powered off ( via #Wake-on-Lan ). Traffic is encrypted using #SSL / #TLS libraries, but recall that all of the major SSL/TLS implementations have had highly publicized vulnerabilities. The AMT application itself has known #vulnerabilities, which have been #exploited to develop #rootkits and #keyloggers and #covertly gain #encrypted #access to the management features of a PC. Remember that the ME has full access to the PC’s RAM. This means that an #attacker exploiting any of these vulnerabilities may gain access to everything on the PC as it runs: all open #files, all running #applications, all #keys pressed, and more.
ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) include an ME application for audio and video DRM called “Protected Audio Video Path” (PAVP). The ME receives from the #host operating system an encrypted #media #stream and encrypted key, decrypts the key, and sends the encrypted media decrypted key to the #GPU, which then #decrypts the media. PAVP is also used by another ME application to draw an #authentication PIN pad directly onto the screen. In this usage, the PAVP application directly controls the graphics that appear on the PC’s screen in a way that the host #OS cannot detect. ME firmware version 7.0 on PCHs with 2nd Generation Intel Core #i3 / #i5 / #i7 (Sandy Bridge) CPUs replaces PAVP with a similar DRM application called “Intel Insider”. Like the AMT application, these DRM applications, which in themselves are defective by design, demonstrate the #omnipotent #capabilities of the ME: this #hardware and its proprietary firmware can access and #control everything that is in RAM and even everything that is shown on the #screen.
The Intel Management Engine with its #proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and #mouse movements, and even #capture or #display #images on the screen. And it has a network interface that is demonstrably #insecure, which can allow an attacker on the network to #inject #rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a #threat to #freedom, #security, and #privacy that can’t be ignored.
Before version 6.0 (that is, on systems from 2008/2009 and earlier), the ME can be disabled by setting a couple of values in the SPI flash memory. The ME firmware can then be #removed entirely from the flash memory space. Libreboot does this on the Intel 4 Series systems that it supports, such as the Libreboot X200 and Libreboot T400. ME firmware versions 6.0 and later, which are found on all systems with an Intel #Core i3/i5/i7 CPU and a PCH, include “ME Ignition” firmware that performs some hardware #initialization and power management. If the ME’s boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.
Due to the signature verification, developing free #replacement firmware for the ME is basically impossible. The only entity capable of replacing the ME firmware is Intel. As previously stated, the ME firmware includes proprietary code licensed from third parties, so Intel couldn’t release the source code even if they wanted to. And even if they developed completely new ME firmware without third-party proprietary code and released its source code, the ME’s boot ROM would reject any modified firmware that isn’t signed by Intel. Thus, the ME firmware is both hopelessly proprietary and #tivoized.
Even when Intel does cooperate, they still don’t provide source code. They might provide limited #information (datasheets) under #strict #corporate #NDA ( #non-disclosure #agreement ), but even that is not guaranteed. Even ODMs and IBVs can’t get source code from Intel, in most cases (they will just integrate the blobs that Intel provides).
In summary, the Intel #Management #Engine and its applications are a #backdoor with #total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the Libreboot project strongly recommends avoiding it entirely. Since recent versions of it can’t be removed, this means avoiding all #recent #generations of Intel hardware.
Recent Intel graphics chipsets also require firmware blobs
Intel is only going to get #worse when it comes to user freedom. Libreboot has no support recent Intel platforms, precisely because of the problems described above. The only way to solve this is to get Intel to #change their #policies and to be more #friendly to the free software #community. Reverse engineering won’t solve anything long-term, unfortunately, but we need to keep doing it anyway. Moving forward, Intel hardware is a non-option unless a #radical change happens within Intel.
Basically, all Intel hardware from year 2010 and beyond will never be supported by Libreboot. The Libreboot project is actively #ignoring all modern Intel hardware at this point, and focusing on #alternative platforms.
Why is the latest AMD hardware unsupported in Libreboot?
It is extremely unlikely that any post-2013 #AMD hardware will ever be supported in Libreboot, due to severe security and freedom #issues; so #severe, that the Libreboot project recommends avoiding all modern AMD hardware. If you have an AMD based system affected by the #problems described below, then you should get rid of it as soon as possible.
AMD Platform Security Processor (PSP)
This is basically AMD’s own version of the Intel Management Engine. It has all of the same basic security and freedom issues, although the #implementation is wildly different.
The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013), and controls the main #x86 core #startup. PSP firmware is cryptographically signed with a strong key similar to the Intel ME. If the PSP firmware is not present, or if the AMD signing key is not present, the #x86 cores will not be #released from #reset, rendering the system #inoperable.
The PSP is an ARM core with TrustZone #technology, built onto the main CPU die. As such, it has the ability to #hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, #login data, #browsing #history, #keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM “features” to work as intended), which means that it has at minimum MMIO-based access to the #network controllers and any other PCI/PCIe peripherals installed on the #system.
In theory any #malicious entity with access to the AMD signing key would be able to install persistent #malware that could not be eradicated without an external flasher and a known good PSP image. Furthermore, multiple security vulnerabilities have been demonstrated in AMD #firmware in the #past, and there is every #reason to assume one or more zero day vulnerabilities are lurking in the PSP firmware. Given the extreme privilege level (ring -2 or ring -3) of the PSP, said vulnerabilities would have the ability to #remotely #monitor and control any PSP enabled machine completely outside of the user’s #knowledge.
A reliable way to avoid Intel and AMD’s universal backdoors is to use computers with such spyware effectively removed or disabled like the ones certified to Respect Your Freedom (RYF).
Pleroma, the Elixir-based fediverse communication platform, has finally pushed out a 1.0 stable release. This is the culmination of many months of hard work from about a dozen or so active contributors, all poking and prodding at the underlying codebase and discussing the best pa
Pleroma, the Elixir-based fediverse communication platform, has finally pushed out a 1.0 stable release. This is the culmination of many months of hard work from about a dozen or so active contributors, all poking and prodding at the underlying codebase and discussing the best path forward.
The end game for us is to teach you (yes, all of you) how to build a resilient and safe federated Social Web. we don’t have all the answers, but we have a basic roadmap for getting from here to that point. Kaniini, one of Pleroma's developers
This release includes numerous fixes and improvements; one of the highlights includes the capability to create and vote on Mastodon-compatible federated polls.
There's a lot of exciting developments in store for future releases. Although they haven't been officially defined as milestones yet, the Pleroma devs are taking stock of what developments need to happen next - there's possibly some talk about adding federated groups, and Kaniini has expressed an interest in implementing Object Capabilities (OCAP) as a security improvement to Pleroma's ActivityPub implementation. In time, this might replace the HTTP-Signatures method that most ActivityPub implementations currently use. Kaniini has a Patreon available here, if you're interested in supporting them in this effort.
After a bit more than one year of work, the Godot developers and contributors are delighted to get their new release out the door, Godot 3.1! It brings much-requested improvements to usability and many important features. Godot 3.1 is more mature and easy to use, and it does away with many hurdles introduced in the previous versions.
#COI - #Chat Over #IMAP - is a universal chat protocol that is #Free, #Open, Easy, #Safe and does not require #developers to build or maintain a server. COI uses an #email address and any IMAP server as its infrastructure. This means it can already connect 3.8 billion users - anyone with an email address. https://www.coi-dev.org/
My response to a dangerous turd of an article by Bart van der Sloot (co-founder of Amsterdam Privacy Week – sponsored by Palantir and Google – and docent teaching “Privacy and Big Data” at Tilburg University)
Mr. Sloot attempts to reframe privacy as a “science” and shame those who work to protect it for having a “pro-privacy agenda” & not being “neutral”. He also calls for “new rules” to disallow such biased behaviour.
Instagram ranked worst for young people’s mental health .
I am very aware of the toxic side of IG and look forward to establishing Pixelfed Labs . The goal is to get the community involved in solving these tough issues through discussions, proposals and implementations.
We can build better alternatives if we work together!
Usuarios independentistas y de izquierdas denuncian que Twitter España les quita Seguidores y Retweets
Los rumores de que Twitter ha comenzado a censurar a los usuarios políticamente inconvenientes han llegado a España, aunque es algo que en Estados Unidos ya se venía denunciando desde 2016. Según varios diarios estadounidenses, Twitter mantiene una “lista blanca” de cuentas favoritas y una “lista
It will be an offence to view terrorist material online just once – and could incur a prison sentence of up to 15 years – under new UK laws.
The Counter-Terrorism and Border Security Bill was granted Royal Assent yesterday, updating a previous Act and bringing new powers to law enforcement to tackle terrorism.
But a controversial inclusion was to update the offence of obtaining information "likely to be useful to a person committing or preparing an act of terrorism" so that it now covers viewing or streaming content online.
The rules as passed into law are also a tightening of proposals that had already been criticised by human rights groups and the independent reviewer of terrorism legislation, Max Hill.
Originally, the proposal had been to make it an offence for someone to view material three or more times – but the three strikes idea has been dropped from the final Act.
The law has also increased the maximum penalty for some types of preparatory terrorism offences, including the collection of terrorist information, to 15 yearsʼ imprisonment.
Under Section 58(1) of the 2000 Act, it was an offence to collect or make a record of information that is likely to be useful to a person committing or preparing an act of terrorism.
But the government argued in the impact assessment for the 2019 Act (PDF) that this "would not capture a situation where a person viewed such material over the internet without obtaining a permanent access to it", such as by streaming or viewing it online.
It said that the existing laws didnʼt capture the "nuance" in "changing methods" for distribution and consumption of terrorist content – and so added a new clause into the 2019 Act (PDF), making it an offence to "view (or otherwise access) any terrorist material online".
This means that, technically, anyone who clicked on a link to such material could be caught by the law – and rights groups are concerned about the potential for abuse.
In the summer, when the proposals were for multiple clicks, terrorism law reviewer Max Hill (no relation to your correspondent) told the Joint Committee on Human Rights that the "the mesh of the net the government is creating... is far too fine and will catch far too many people".
He also pointed out that the offence could come with a long sentence as the draft bill also extends the maximum penalties to 15 yearsʼ imprisonment.
Corey Stoughton of rights campaigner Liberty echoed these concerns, and said the law should not cover academics and journalists, but should also exempt people who were viewing to gain a better understanding of the issues, or did so "out of foolishness or poor judgement".
The UNʼs special rapporteur on privacy, Joseph Cannataci, has also slammed the plans, saying the rule risked "pushing a bit too much towards thought crime".
At an event during his visit to the UK, Cannataci said "the difference between forming the intention to do something and then actually carrying out the act is still fundamental to criminal law… here youʼre saying: ʼYouʼve read it three times so you must be doing something wrongʼ."
The government said the law still provides for the existing "reasonable excuse defence", which includes circumstances where a person "did not know, and had no reason to believe" the material acccessed contained terrorist propaganda.
"Once a defendant has raised this defence, the burden of proof (to the criminal standard) to disprove this defence will rest with the prosecution," the Home Officeʼs impact assessment said. ®
@polyplacophora @farlopito @fdroidorg Hi! Thank you for supporting us with a paid account. It means a lot. The process of publishing our app on F-droid has already started. We need to make a few steps before doing this. In the next couple of months it should be done. Your patience is greatly appreciated.