http://undeadly.org/cgi?action=article&sid=20070628134608&mode=expanded

    Various developers are busy implementing workarounds for serious
bugs in Intel's Core 2 cpu.

    These processors are buggy as hell, and some of these bugs don't
just cause development/debugging problems, but will *ASSUREDLY* be
exploitable from userland code.

    As is typical, BIOS vendors will be very late providing
workarounds / fixes for these processors' bugs. Some bugs are
unfixable and cannot be worked around. Intel only provides detailed
fixes to BIOS vendors and large operating system groups. Open Source
operating systems are largely left in the cold.

[...]

    As I said before, hiding in this list are 20-30 bugs that cannot
be worked around by operating systems, and will be potentially
exploitable. I would bet a lot of money that at least 2-3 of them are.

    For instance, AI90 is exploitable on some operating systems (but
not OpenBSD running default binaries).

    At this time, I cannot recommend purchase of any machines based on
the Intel Core 2 until these issues are dealt with (which I suspect
will take more than a year). Intel must be come more transparent.

    (While here, I would like to say that AMD is becoming less helpful
day by day towards open source operating systems too, perhaps because
their serious errata lists are growing rapidly too).



E ho scoperto anche che ho una specie di rootkit hardware nel mio
laptop!
Si chiama Intel Advanced Management Technology:

http://marc.info/?l=openbsd-misc&m=118302016430106&w=2

Intel Advannced Management Technology - Rootkit's for everyone

intel just released a new x86 cpu, one new addition avaiding the news
is the AMT (Active Management Technology)

AMT is a technology intended to facilitate survailance, maintenance
and control computers remotely.

AMT allows for the following funcitons among others:

* Monitor and control (filter) the network traffic - before/under the
running operatingsystem

* sending out patches to computers - even if they are turned off.

* Control, upgrade, change, add and remove software

* isolate and shutdown computers infected with viruses

* control on/off of the power supply

* re-route hdd access to a location on the network

* re-route mouse, keyboard, screen and other extras to a location on
the network

AMT is based on functions in the chipset that allows chipsets to
communicate with other chips out-of-band from the CPU, options include
LAN, serial interfaces or a direct ethernet interface.

Ergo, there is a microcontroller in the MCU that is always on (as long
as the system has power through the power supply) and can recieve and
perform instructions even though the system appears to be turned off.

The microcontroller is floating in a software environment that
implements a huge number of service functions and gives customers the
option to add their own functions

[...]

one of the most important parts is the feature or function to
communicate with the machine through a separate TCP/IP stack, in other
words, even if there is a firewall or other security countermeasures
in place protecting the operatingsystems TCP/IP stack, there is a side
channel into the system.

So AMT gives systemowners and administrators brand new ways to monitor
and control a large number of PC's. AMT will be shipped with a XML
(SOAP) based system for managing and administrating AMT clients.

But at the same time, the hair on my arms and raise thinking of what
would happend should this technology be used for evil purposes.

How easy would it be to detect and protect oneself from the rootkits
that will sneak into AMT.

Rutkowskas Blue Pill is in theory dangerously close. There are
security functions in AMT to ensure this will not happend, namely
Kerberos and Active Directory based authentication, further on the
built in sidechannel TCP/IP stack offers TLS based communication.


--
Joe