20 votes

Reddit - Well respected Silicon expert, would not be surprised if there were government mandated backdoors in Intel/AMD chips



Trending on the Web

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

The processor could act as a

The processor could act as a virtual host and load your OS on it as a guest computer with its own operating system. Your OS would really have no way of knowing this. So they could literally know everything you are doing on your computer, including keystrokes, etc and it would be totally transparent to you.

This could work even when you are not online, and it could buffer data as needed to be sent when the PC goes online.

It makes me wonder about the name of the project XKeyFactor or whatever, it made me think that they might actually have insight all the way down to key logging.

The kind of backdoor he thinks is possible

is described here: http://steveblank.com/2013/07/15/your-computer-may-already-b...

If I understand this, avoiding this sort of backdoor would be essentially impossible with Windows or Apple, because they control the operating system updates via which the microcode patching that Blank describes would happen.

Using very old hardware would be one way to get around this. The technology Blank describes was introduced with the Pentium 6, so a Pentium 4 laptop for example (super cheap these days) would be immune.

Running linux is another good idea. A hack to the microcode at the chip level can't do anything if it can't get the information out over your internet connection. There's no way to know what's going on with Microsoft and Apple (on OS X you can install something that blocks any connection to any internet address you don't explicitly approve, but it's a pain to use that) but with Linux there are a lot of freedom-loving geeks out there who know what's going on with Linux right down to the chip level, and it's all open source. Pick one of the simplest Linux distributions, and run only open source software.

For the same reason, if you care in the *slightest* about privacy don't go near Microsoft Windows, Word, Outlook, Excel, etc.. Blank links to this:
http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-c...
The gist of it is that thanks to Microsoft, the NSA had access to the plain text even of things the user encrypted -- a backdoor that let the NSA see a copy of what you were encrypting *before* it was encrypted. Saves them the trouble of having to break the encryption! If you're using *anything* from Microsoft, you might as well be sending all your passwords directly to the NSA.

Botton line: If you use anything from Microsoft you are automatically giving up privacy. It's safe to assume the same about Apple. Linux is open source, and you can get open source software to do your browsing, email, spreadsheets, word processing, etc. Older hardware is somewhat safer. Learn to use open-source encryption, such as pgp http://en.wikipedia.org/wiki/Pretty_Good_Privacy or maybe http://www.gnupg.org/ (I haven't used the latter).

I was thinking "someone should bundle all this ..." and a quick search turned up that someone has:
http://en.wikipedia.org/wiki/The_Amnesic_Incognito_Live_System
(Just the first one I found. There are very likely others as well.)

Want as much privacy as anyone can practically achieve these days while still using the internet? Buy an old pentium 4 laptop and remove the hard drive, run this OS off of a CD (http://en.wikipedia.org/wiki/Live_CD) so the operating system isn't modifiable, use a keychain flash drive for storage so you can easily remove all data, and you've got a system that's about as private as it's possible to manage these days, using Tor for all connections, etc.

Some enterprising liberty geek could have a business selling pre-configured laptops like this, and since you can get P4 laptops these days for a few hundred dollars you could sell the laptops pretty cheap and still make good money. Distributing updates just means distributing new bootable CDs. Moving to a new machine just means unplugging the key drive and plugging it in to a different laptop. Sweet.

The NSA will probably visit me just for suggesting something that subversive.

That was like music to my

That was like music to my ears

Thankyou my friend for the info, you've made me bookmark my own post :)

I've been using Linux since...

...the late 1990s but I dual-boot with Windows because most of my friends and family have fallen for the FUD created by Microsoft and companies dependent on Microsoft so I need Windows for certain tasks. That list has gotten very small over the last couple years.

I've used a lot of Linux distros (there are hundreds) but because Red Hat was the simplest in the late 90s, that's what I went with. When Red Hat stopped making a desktop version of their Linux OS, I went with the community version called Fedora Core. Then Red Hat took over that project and under their sponsorship it has become, in my opinion, the most innovative distro in existence. It's basically a testbed for all the latest versions of open-source software, which is fun for the initiated, but can sometimes be buggy for awhile and if you don't understand what you're doing you can lose your system. So, even though I think Fedora is the best distro, I'd recommend Ubuntu Linux for newbies.

Trust me, folks...there's nothing to be afraid of. Firefox and Chrome are both available and LibreOffice will read all of your MS Office files. Plus, there's an application that has a list of thousands of other open-source applications to add simply by selecting them and clicking a button. No going to Websites or hunting for stuff on Google if you don't want, it's all right there on your desktop. Start the app, search by keyword, select, click a button ... done.

Also, in order to dual-boot (run Windows and Linux on the same machine), use Windows' "Shrink" feature to create, say, a 20GB partition on your HDD, download Ubuntu, burn it to a CD/DVD, put it in your drive, reboot and install. Ubuntu (and pretty much all other Linux distros) will detect Windows and install a bootloader, which will add a menu to let you choose between Linux and Windows at startup. You can leave all your songs, photos and documents on Windows, because Linux can see across partitions and safely access all your Windows files. Want to listen to a song stored on Windows? Start the music player on Linux and point it at your music folder on Windows. That simple.

Enjoy

Work for pay, pay for freedom
Fuck 'em all, we don't need 'em

Now that I think about it...

...I wouldn't use Ubuntu.

Ubuntu has become the most popular Linux distro because they've been willing to use closed-source software to make their distro a bit more convenient. See, distros like Fedora won't include closed-source technologies at all, which means no MP3 codec or the ability to play much of the video formats (don't worry ... you can EASILY add the ability to hear and see anything on Fedora. If you choose to install Fedora, give me a holler and I'll assist you).

Ubuntu very well may be the most popular distro because TPTB wanted it that way.

If you install Fedora, go with the next to the latest version and it will be quite stable. Always stay one version behind the latest if you don't know what you're doing. Other than a couple easy to remedy "problems" Fedora is as easy to install and operate as Ubuntu. And Windows, for that matter.

Work for pay, pay for freedom
Fuck 'em all, we don't need 'em

Cyril's picture

Intel in bed with NSA (suspicions)

Relevant cryptography folks threads excerpts, round and relayed via cryptome (7/13/2013):

Intel in bed with NSA:

http://cryptome.org/2013/07/intel-bed-nsa.htm

Note:

the discussion is about an Intel implementation of a random number generator; these are critical in cryptography to prevent from attacks where the attacker has significant computing power and/or insider knowledge about the implementation, during encryption/decryption.

"Cyril" pronounced "see real". I code stuff.

http://Laissez-Faire.Me/Liberty

"To study and not think is a waste. To think and not study is dangerous." -- Confucius

i can see why the nsa wouldnt

i can see why the nsa wouldnt want a room full of hackers (blackhat) leaning towards liberty......you'd think they'd send a representative or something to condition hackers into the illusion that they support them

The ? effect

Hackers don't go to Blackhat...

Hackers don't go to Blackhat,

but if they did, they wouldn't say anything. Blackhat is for big IT douchey sales people to whore themselves to each other. It's like comdex used to be 15 years ago.

Hackers go to Defcon. That starts Friday, (tomorrow).

ahhhh, that explains the

ahhhh, that explains the cheering, not all hope is lost then

Thanks for educating me on this, really appreciated

Cyril's picture

Yes, You can bet.

Yes, You can bet.

"Cyril" pronounced "see real". I code stuff.

http://Laissez-Faire.Me/Liberty

"To study and not think is a waste. To think and not study is dangerous." -- Confucius

Vital Discovery

This possibility is vital to discover. Personally, I don't want any of my hardware or software including an "open door" policy that allows unfettered snooping by a governmental agency.

Due to the illegally massive spying by the NSA, we'll be seeing intense pressure on designers to PROVE the integrity of their systems through some type of verifiable audit.

couldnt agree with you more,

couldnt agree with you more, although i was thinking of knowledgeble tinkerers, opening the things to see for themselves for the sake others, but now you have me thinking, is something like this even discoverable IF it IS implemented

edit
notice the end of the first comment, DRM, apparently goes beyond the previous attempt to get the foot in the door....."COPYRIGHT", i do not trust it, as i do not trust "cybercrime" and "terrorism".......they to me meet the classic symptoms of conditioning