XPost: comp.os.linux.advocacy, misc.news.internet.discuss

followups trimmed to: comp.misc

In comp.misc Sn!pe <snipeco.2@gmail.com> wrote:

My pet rock Gordon asserts that every networked device has
a backdoor. and the Therefore, anything viewable in clear
on that device is insecure quality of message encryption is moot.

Well I would say Gordon could be correct. I say that due to
Intel ME and probably AMD SE:

https://en.wikipedia.org/wiki/Intel_Management_Engine

--
[t]csh(1) - "An elegant shell, for a more... civilized age."
- Paraphrasing Star Wars

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.os.linux.advocacy, misc.news.internet.discuss

snipeco.2@gmail.com (Sn!pe) wrote:

My pet rock Gordon asserts that every networked device has a backdoor.

Make computing safe again!

<https://www.spielezar.ch/products/34316-genzo_theme_large_default/the-army-painter-precision-side-cutter.webp>

Therefore, anything viewable in clear on that device is insecure and the quality of message encryption is moot.

Nobody wants the data cattle to have access to strong encryption.

--
1. Hitchhiker 13: (17) "Funny," he intoned funerally, "how just when you
think life can't possibly get any worse it suddenly does."

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.os.linux.advocacy, misc.news.internet.discuss

% <pursent100@gmail.com> wrote at 15:18 this Friday (GMT):

Sn!pe wrote:

My pet rock Gordon asserts that every networked device has a backdoor.
Therefore, anything viewable in clear on that device is insecure and the
quality of message encryption is moot.

meet me half way

Where would that be?
--
user <candycane> is generated from /dev/urandom

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 11 Oct 2024 14:52:47 -0000 (UTC), John McCue wrote:

Well I would say Gordon could be correct. I say that due to
Intel ME and probably AMD SE:

The Intel ME can be disabled in the motherboard BIOS. Whenever
I build a new machine it is one of the first things that I
disable.

Also, the Linux kernel can be configured and built without
the MEI driver by disabling CONFIG_INTEL_MEI, which is located
here:

drivers/misc/mei

However, it is almost certain that most distros, and all of the
mainstream distros, have it enabled by default.

If you a Linux distro lackey, as most users are, then your
motherboard and your kernel both include Intel ME and therefore
you have no one to blame but your stupid, idiot, self.


--
Systemd: solving all the problems that you never knew you had.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.os.linux.advocacy

On Fri, 11 Oct 2024 14:52:47 -0000 (UTC), John McCue wrote:

Well I would say Gordon could be correct. I say that due to
Intel ME and probably AMD SE:

The Intel ME can be disabled in the motherboard BIOS. Whenever
I build a new machine it is one of the first things that I
disable.

Also, the Linux kernel can be configured and built without
the MEI driver by disabling CONFIG_INTEL_MEI, which is located
here:

drivers/misc/mei

However, it is almost certain that most distros, and all of the
mainstream distros, have it enabled by default.

If you a Linux distro lackey, as most users are, then your
motherboard and your kernel both include Intel ME and therefore
you have no one to blame but your stupid, idiot, self.


--
Systemd: solving all the problems that you never knew you had.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Farley Flud <ff@linux.rocks> wrote:

On Fri, 11 Oct 2024 14:52:47 -0000 (UTC), John McCue wrote:

Well I would say Gordon could be correct. I say that due to
Intel ME and probably AMD SE:

The Intel ME can be disabled in the motherboard BIOS. Whenever
I build a new machine it is one of the first things that I
disable.

No. The interface that makes the ME visible to the operating system
can be disabled, but the ME is still down there doing whatever
undocumented things it does. If it wasn't, the processor would never
be able to load the microcode in the first place.

Also, the Linux kernel can be configured and built without
the MEI driver by disabling CONFIG_INTEL_MEI, which is located
here:

drivers/misc/mei

Yes, this keeps the operating system from being able to talk to the
ME... but it doesn't stop the ME from doing whatever it does.
--scott

--
"C'est un Nagra. C'est suisse, et tres, tres precis."

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.os.linux.advocacy, misc.news.internet.discuss

snipeco.2@gmail.com (Sn!pe) wrote:


/!\ The following should be read with a mix of panic and a smile; you
decide, what to apply to which parts.

ISTM that a secure payload would need to be encrypted on a stand-alone machine, air-gapped and never to be connected online.

There are many ways even air-gapped systems can or do leak data, that
may leak the keys or partial information about them.

IMO every system that exists on the same side of the singularities as we
do *is* connected with the rest. It just may be harder to get the data
you want.

We had leaking CRTs which could be read over a distance, AM leaks using
rhythms of loops while computing, blinking drive LEDs, RPM modulated
fans, ultrasonic connections between laptops in exams, and additionally
we are in the

__ __ ___ _ _ _____ __ ___ _ _ _
| \/ |_ _| \| |_ _\ \/ / |_ _|_ _ __(_)__| |___| |
| |\/| || || .` || | > < | || ' \(_-< / _` / -_)_|
|_| |_|___|_|\_|___/_/\_\ |___|_||_/__/_\__,_\___(_)


era and I definitely will not bet that ARM and RISCV chips or even FPGAs
don't come "pre-infected" in a comparable way. So who knows which
Gremlins in other chips are able to play e.g. modem over power-line and whatnot.

So better assume that every system that is not made exclusively from
logic gates[0] you've baked yourself in your kitchen already comes
infected with spy hard- and software. And thinking about this shouldn't
stop without a look at the power supply[1]. Some leaks still may exist
no matter what you use to build the gates, but at least the foreign
gremlins would stay outside.


TL;DR:
__ __ _ _ _ _ _ _
\ \ / /__( )_ _ ___ __| |___ ___ _ __ ___ __| | | | |
\ \/\/ / -_)/| '_/ -_) / _` / _ \/ _ \ ' \/ -_) _` |_|_|_|
\_/\_/\___| |_| \___| \__,_\___/\___/_|_|_\___\__,_(_|_|_)

____________


[0]: Jeri Makes Integrated Circuits
<https://hackaday.com/2010/03/10/jeri-makes-integrated-circuits/#more-22290>

Transistor Fabrication: So Simple A Child Can Do It
<https://hackaday.com/2010/05/13/transistor-fabrication-so-simple-a-child-can-do-it/>

LLTP - Light Logic Transistorless Processor
<https://hackaday.io/project/172413-lltp-light-logic-transistorless-processor>

Mechanical Logic Gates With Amplification
<https://hackaday.com/2024/09/20/mechanical-logic-gates-with-amplification/>

[1]: Charging An Electric Supercar With Lemons, Kids, And The Sun
<https://hackaday.com/2018/06/29/charging-an-electric-supercar-with-lemons-kids-and-the-sun/>

--
3. Hitchhiker 1: (25) "The point is, you see," said Ford, "that there
is no point in driving yourself mad trying to stop yourself going mad.
You might just as well give in and save your sanity for later."

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Scott Dorsey <kludge@panix.com> wrote:

Farley Flud <ff@linux.rocks> wrote:

The Intel ME can be disabled in the motherboard BIOS. Whenever
I build a new machine it is one of the first things that I
disable.

No. The interface that makes the ME visible to the operating system
can be disabled, but the ME is still down there doing whatever
undocumented things it does. If it wasn't, the processor would never
be able to load the microcode in the first place.

Indeed. Wikipedia summarises potentially more effective ways of
disabling some IME functions using me_cleaner. Installation is
risky though so I haven't tried it myself.

https://en.wikipedia.org/wiki/Intel_Management_Engine#Disabling_the_ME

--
__ __
#_ < |\| |< _#

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.os.linux.advocacy, misc.news.internet.discuss

On 11-Oct-24 10:17 pm, Sn!pe wrote:

My pet rock Gordon asserts that every networked device has a backdoor. Therefore, anything viewable in clear on that device is insecure and the quality of message encryption is moot.

An initial question is what exactly is meant by "backdoor". Any
networked device that is capable of remote update by the vendor can
presumably be updated by the vendor to do anything that any device on
your network can do. But this does not imply that anyone else can do
that. Of course it does mean that you security depends on the security
of the vendor, which is an unknown quantity. This is partly why the few remotely updatable devices that I do own are fire-walled off from the
rest of my internal network.

Few networked devices accept incoming connections, for the simple reason
that they're unlikely to get past a gateway router. Most work by making outgoing connections to the vendor's server. The better implementations
require an authenticated server certificate, which makes impersonation
of the vendor pretty much impossible. Without a certificate the
intending intruder may engage in something like a DNS cache poisoning
attack, but they have become more difficult over the years.

If one is to worry about back-doors, the main vulnerability is the
router itself, and this has indeed been a problem in the past,
especially where the ISP has the ability to update firmware or change
settings, because now one is dependent on the security of the ISP, which
is not always been up to the task.

Commercially supplied routers have a bad record of vulnerabilities. I
use a small single board computer as a gateway instead.

Sylvia.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.os.linux.advocacy, misc.news.internet.discuss

On 14-Oct-24 11:35 am, % wrote:

Sylvia Else wrote:

On 11-Oct-24 10:17 pm, Sn!pe wrote:

My pet rock Gordon asserts that every networked device has a backdoor.
Therefore, anything viewable in clear on that device is insecure and the >>> quality of message encryption is moot.

An initial question is what exactly is meant by "backdoor". Any
networked device that is capable of remote update by the vendor can
presumably be updated by the vendor to do anything that any device on
your network can do. But this does not imply that anyone else can do
that. Of course it does mean that you security depends on the security
of the vendor, which is an unknown quantity. This is partly why the
few remotely updatable devices that I do own are fire-walled off from
the rest of my internal network.

Few networked devices accept incoming connections, for the simple
reason that they're unlikely to get past a gateway router. Most work
by making outgoing connections to the vendor's server. The better
implementations require an authenticated server certificate, which
makes impersonation of the vendor pretty much impossible. Without a
certificate the intending intruder may engage in something like a DNS
cache poisoning attack, but they have become more difficult over the
years.

If one is to worry about back-doors, the main vulnerability is the
router itself, and this has indeed been a problem in the past,
especially where the ISP has the ability to update firmware or change
settings, because now one is dependent on the security of the ISP,
which is not always been up to the task.

Commercially supplied routers have a bad record of vulnerabilities. I
use a small single board computer as a gateway instead.

Sylvia.

i have nothing to hide so i don't do anything

Not even information that could be used in identity theft?

Sylvia.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.os.linux.advocacy, misc.news.internet.discuss

On Fri, 11 Oct 2024 15:17:35 +0100, Sn!pe wrote:

My pet rock Gordon asserts that every networked device has a backdoor.

Is Gordon a networked device? How did it communicate that message to you?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.os.linux.advocacy, misc.news.internet.discuss

Lawrence D'Oliveiro <ldo@nz.invalid> wrote at 06:18 this Monday (GMT):

On Fri, 11 Oct 2024 15:17:35 +0100, Sn!pe wrote:

My pet rock Gordon asserts that every networked device has a backdoor.

Is Gordon a networked device? How did it communicate that message to you?

A networked rock?
--
user <candycane> is generated from /dev/urandom

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.os.linux.advocacy, misc.news.internet.discuss

% <pursent100@gmail.com> wrote at 19:58 this Friday (GMT):

% wrote:

candycanearter07 wrote:

% <pursent100@gmail.com> wrote at 15:18 this Friday (GMT):

Sn!pe wrote:

My pet rock Gordon asserts that every networked device has a backdoor. >>>>> Therefore, anything viewable in clear on that device is insecure and >>>>> the
quality of message encryption is moot.

meet me half way

Where would that be?

the north arctic

no , the north atlantic , sorry

On it.
--
user <candycane> is generated from /dev/urandom

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.os.linux.advocacy, misc.news.internet.discuss

On Mon, 14 Oct 2024 21:21:41 +0100, Sn!pe wrote:

candycanearter07 <candycanearter07@candycanearter07.nomail.afraid>
wrote:

Lawrence D'Oliveiro <ldo@nz.invalid> wrote at 06:18 this Monday (GMT):

On Fri, 11 Oct 2024 15:17:35 +0100, Sn!pe wrote:

My pet rock Gordon asserts that every networked device has a
backdoor.

Is Gordon a networked device? How did it communicate that message to
you?

A networked rock?

Gordon is a primary node on the Extranet but he and I have a direct P2P telepathic link for a shorter ping.

So he is a networked device. And according to his statement, every
networked device has a backdoor. Therefore Gordon has a backdoor.

Is Gordon still to be trusted?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.os.linux.advocacy, misc.news.internet.discuss

Sn!pe <snipeco.1@gmail.com> wrote:

Of course, he's as solid as a rock; not that we worry about lack
of privacy. As everybody should know, privacy is utterly dead
and security is naught but an illusion.

And a rock feels no pain. And an island never cries.
--scott


--
"C'est un Nagra. C'est suisse, et tres, tres precis."

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.os.linux.advocacy, misc.news.internet.discuss

Sn!pe <snipeco.2@gmail.com> wrote at 01:03 this Wednesday (GMT):

Scott Dorsey <kludge@panix.com> wrote:

Sn!pe <snipeco.1@gmail.com> wrote:

Of course, he's as solid as a rock; not that we worry about lack
of privacy. As everybody should know, privacy is utterly dead
and security is naught but an illusion.

And a rock feels no pain. And an island never cries.
--scott

True, that, although Gordon is quite empathetic. To expect
sympathy is going a bit far though, he's seen it all before.
Anyway, he is my rock. ≈:o)

Pet rocks are always cute :)
--
user <candycane> is generated from /dev/urandom

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.os.linux.advocacy, misc.news.internet.discuss

On Wed, 16 Oct 2024 18:10:04 -0000 (UTC)
candycanearter07 <candycanearter07@candycanearter07.nomail.afraid> wrote:

Sn!pe <snipeco.2@gmail.com> wrote at 01:03 this Wednesday (GMT):

Scott Dorsey <kludge@panix.com> wrote:

Sn!pe <snipeco.1@gmail.com> wrote:

Of course, he's as solid as a rock; not that we worry about lack
of privacy. As everybody should know, privacy is utterly dead
and security is naught but an illusion.

And a rock feels no pain. And an island never cries.
--scott

True, that, although Gordon is quite empathetic. To expect
sympathy is going a bit far though, he's seen it all before.
Anyway, he is my rock. ≈:o)

Pet rocks are always cute :)

Petroc is a popular name is some areas.


--
Bah, and indeed Humbug.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)