Interesting question... Really! We know that ME is one, crucial (has influence over protocol stack) for network to work with INTEL CORE families. Not sure about INTEL ATOM, since they're more simplistic, many of them (I should say most of them, exception is certainly Broxton/BXT) are ordered CPUs (I am sure BXT is OOO (Out Of Order) pipeline design, thus, considerably faster).

Now... In regards what here is said, TOR browser (I have one installed on my PC/notebook - Tor Browser 6.0.8) is very secure, I should say. But, there is always possibility that bare basic ME will do something very nasty to your computer/to you. INTEL is NOT to be TRUSTED (my extensive experience with INTEL)! For example, send some unwanted IP messages to somebody else you do NOT want these messages to be sent/seen (NSA, for sake of argument).

Let us think about the given scenario. You open TOR browser, then start sending/posting messages. ME is copying them, also sending with other destination address. If it happens immediately, it also will go via the same service... But, also, ME CAN change socket layer info, I do agree. It MUST have for this a lot embedded logic in itself, thus unpacking enveloped info from IP headers deeper in the message. It can understand that this is intended for TOR, but also it needs to have thousands of TOR network addresses somehow embedded to conclude this, which is impossible in real time. So, it might send EVERY message somewhere else simply changing socket layer service. I agree.

Now, even if you do NOT know anything about this, one billion ME driven PCs World Wide will do that, sending roughly billion of messages to NSA servers every second. This is something NSA needs to process very fast. These are gazillion/zettabytes to be processed every day... :-)))

If you know about networking services, you can, for sake of security, simply add small HW device (firewall) between your PC and WiFi router, which will target ONLY wanted by you external net addresses (after you configure it).

If this is NOT enough, The Best solution, very soon, is coming to the theater near you: WIN10 ARM based mobile and server PCs (they have NOTHING lookalike ME magic, so none of this above will come to play).  ;-)


On Fri, Dec 23, 2016 at 9:36 PM, Timothy Pearson <> wrote:
Hash: SHA1

On 12/23/2016 02:13 PM, wrote:
> Hi,
> Seeing that many of you know a lot about Intel's ME I wanted to ask a
> couple of things if its ok.
> * Is the ME network accessible on all Intel chips or only the vPro ones
> with AMT?
> * I saw an interesting take on this in the link below, instead of the
> usual FUD surrounding this topic whenever its mentioned. What is your
> take on what he says?

Honestly I'd be far more concerned about the claim that the signing keys
are not only known, but actively traded among criminals.  That means
that we are no longer just looking at state-level attacks on ME-enabled
systems, and we have a much larger problem than first assumed by the
majority of the security community.

- --
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
Version: GnuPG v1
Comment: Using GnuPG with Mozilla -