rough translation from swedish to english of: http://strombergson.com/kryptoblog/?p=311
<begin> Intel Advannced Management Technology - Rootkit's for everyone intel just released a new x86 cpu, one new addition avaiding the news is the AMT (Active Management Technology) AMT is a technology intended to facilitate survailance, maintenance and control computers remotely. AMT allows for the following funcitons among others: * Monitor and control (filter) the network traffic - before/under the running operatingsystem * sending out patches to computers - even if they are turned off. * Control, upgrade, change, add and remove software * isolate and shutdown computers infected with viruses * control on/off of the power supply * re-route hdd access to a location on the network * re-route mouse, keyboard, screen and other extras to a location on the network AMT is based on functions in the chipset that allows chipsets to communicate with other chips out-of-band from the CPU, options include LAN, serial interfaces or a direct ethernet interface. <image> http://softwarecommunity.intel.com/UserFiles/en-us/figure_1(1).gif </image> Ergo, there is a microcontroller in the MCU that is always on (as long as the system has power through the power supply) and can recieve and perform instructions even though the system appears to be turned off. The microcontroller is floating in a software environment that implements a huge number of service functions and gives customers the option to add their own functions translators note: does anyone remember the bios resident virus of mid to late 90's? end translators note. <image> http://softwarecommunity.intel.com/UserFiles/en-us/figure_2(1).gif </image> one of the most important parts is the feature or function to communicate with the machine through a separate TCP/IP stack, in other words, even if there is a firewall or other security countermeasures in place protecting the operatingsystems TCP/IP stack, there is a side channel into the system. translators note: rant goes here end translators note. <image> http://softwarecommunity.intel.com/UserFiles/en-us/figure_3.gif </image> So AMT gives systemowners and administrators brand new ways to monitor and control a large number of PC's. AMT will be shipped with a XML (SOAP) based system for managing and administrating AMT clients. But at the same time, the hair on my arms and raise thinking of what would happend should this technology be used for evil purposes. How easy would it be to detect and protect oneself from the rootkits that will sneak into AMT. Rutkowskas Blue Pill is in theory dangerously close. There are security functions in AMT to ensure this will not happend, namely Kerberos and Active Directory based authentication, further on the built in sidechannel TCP/IP stack offers TLS based communication. For those that want to know more about AMT <link 1> there are several pages on intel's website <link 2>. There is also a developerskit (SDK) for AMT available free of change on intels site <link 3> link 1 http://www.intel.com/technology/manage/iamt/ link 2 : http://www.intel.com/business/vpro/index.htm link 3 : http://www.intel.com/cd/ids/developer/asmo-na/eng/321157.htm On 6/27/07, Rui Miguel Silva Seabra <[EMAIL PROTECTED]> wrote:
On Wed, Jun 27, 2007 at 04:25:08PM -0300, Leonardo Rodrigues wrote: > http://www.geek.com/images/geeknews/2006Jan/core_duo_errata__2006_01_21__full .gif > "Show stopper" "Potentially Catastrophic" Those are some warm and fuzzy > words =) > > Geez, that's a whole lot of bugs... I never imagined that processors > could be so "bugged". > Theo says that AMD is getting less helpful towards open source OS. > Well, that's great. We only have 2 big proc developers for i386, and > now those two are turning out crap products with diminishing > documentation =( > > I wonder where this road will lead us. If you really want to know... http://strombergson.com/kryptoblog/?p=311 I'd really love to read a translation of that document, but it seems to say something along the lines of... Basically, the new Celeron seems to have a separate memory and process manager that can hide the thread and memory that does ... stuff. But the chip is creepier than that. If I am understanding Strvmbergson correctly, this chip is the first step in a brave new world where you have no clue what really goes on when you buy a chip. About Strombergson: Strvmbergson is one of Sweden's foremost experts on hardware design (ASIC) and keeps a couple of software patents too (trie sorting ip addresses for routing i.e). -- Or not. Today is Pungenday, the 32nd day of Confusion in the YOLD 3173 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...? [demime 1.01d removed an attachment of type application/pgp-signature]
-- -- JPL
