Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't know but for what it's worth my main machine is a 6000 series laptop (with Pluton) running Linux and I did not have any compatibility issues. Sure, it sucks to have some Microsoft designed hardware in my CPU but at least it not causing issues (for now).


You have two ring -3 coprocessors with unrestricted DMA, unrestricted disk I/O, and unrestricted access to your network interface. One belongs to the NSA, the other to Microsoft.

Do some traffic analysis on the upstream end of an ethernet cable plugged into that computer while it is hibernating or sleeping some time, you might not like what you what you find.


>Do some traffic analysis on the upstream end of an ethernet cable plugged into that computer while it is hibernating or sleeping some time, you might not like what you what you find.

Is this something you know for a fact, or are you extrapolating from intel ME?


It's behavior I've witnessed on my own system w/ AMD PSP. I can't definitively attribute it to PSP, but I can't attribute it definitively to anything else either.


What method did you use to do the traffic analysis? I mean, under assumption that this kind of traffic can only be sniffed at the wire level, what exactly did you do to accomplish this? I am genuinely interested.


Router running dd-wrt + tcpdump, nothing fancy.


any reference to that? I would like to read more


Reference: I've done it on my own system. I'd encourage you to do it on your own system if you're curious.


I don't have the hardware for it; what did you find?


Without divulging too much information about the specifics, a LOT more traffic than I was expecting or willing to tolerate.


Such as?


Such as outbound traffic that should not have been taking place. Like I said, not divulging more info. If you're skeptical, just try it.


Are you willing to give up the reason for your secrecy? I'm not sure what you stand to lose if you just say "I saw some traffic to NSA headquarters every 10 minutes that coincide with access entries on my SSD"


Yes. Divulging the destination on a public platform is providing more identifying information than I am comfortable sharing.

It's funny that you'd think real-world espionage by intelligence agencies would be sending that data to headquarters rather than some random commercial VPS set up as collection infrastructure that is deliberately unattributable to the organization behind the espionage.


Is this something that can be blocked at router/firewall level?


Allowlisting, yes. Keep in mind that even fairly unsophisticated malware has been observed using channels like pastebin and Twitter for exfil/c2.

Blocklisting, that's a cat and mouse game. Go look at how many different URLs and IPs are utilized for commercial telemetry in the likes of Adobe and Microsoft software if you aren't familiar.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: