>working draft in progress<
Objective: Document the research behind the reason one site was blocked in one CPU.
To begin, it was noted that the site http://www.aspireresourcesinc.com/ returned with the details:
This webpage is not availableGoogle Chrome could not load the webpage because http://www.aspireresourcesinc.com took too long to respond. The website may be down, or you may be experiencing issues with your Internet connection.Check your Internet connectionCheck any cables and reboot any routers, modems, or other network devices you may be using.Allow Chrome to access the network in your firewall or antivirus settings.If it is already listed as a program allowed to access the network, try removing it from the list and adding it again.If you use a proxy server…Check your proxy settings or contact your network administrator to make sure the proxy server is working. If you don’t believe you should be using a proxy server: Go to the Chrome menu > Settings > Show advanced settings… > Change proxy settings… > LAN Settings and deselect “Use a proxy server for your LAN”.Error code: ERR_CONNECTION_TIMED_OUT
IP address 188.8.131.52
Address type IPv4 ISP Data Research Associates Organization Data Research Associates, Inc. Timezone America/Denver (UTC-7) Local time 07:15:26 Country United States State / Region Utah City Lehi Coordinates 40.3916, -111.851
184.108.40.206 Whois Report
This is the full research report for 220.127.116.11, which is an IP address.
Peer 1 Network (USA) Inc.
75 Broad Street
New York, NY 10004
Peer 1 Network AUP Enforcement Peer 1 Network AUP Enforcement
Telephone: 16044842588 16044842588
PEER 1 Network Inc PEER 1 Network Inc
Telephone: 16044842588 16044842588
18.104.22.168 is the IP address you have a ran a report for on February, 08, 2015.
If you meant to use another IP other than 22.214.171.124, then enter above and try again.
It is 3:01 PM CET when you ran this report for 126.96.36.199 here on our website, IP-Adress.com. When it comes to 188.8.131.52, you can trust that if we have IP Whois information available for it, we will display it further below to assist in your research of this IP address. Feel free to run another search for 184.108.40.206 or a different search.
The IP Whois report for 220.127.116.11 was ran at 3:01 PM CET on February 8, 2015 and the information is provided below if available.
View comments on this 18.104.22.168 Whois IP address report below or add your own comment about 22.214.171.124.
Now you can review additional IP Whois data for 126.96.36.199 below. Things like the status of 188.8.131.52 and the server of 184.108.40.206.
Don’t forget that the server that hosts 220.127.116.11 could also host other IP addresses, so research accordingly.
18.104.22.168 Server Details
New York, NY in United States
Peer 1 Network (USA)
Research for intel manageability engine firmware recovery agent uses provided these snippets (not in particular order)
Why the firmware recovery agent is needed in the first place, I don’t know. That is, if we can trust the use of “firmware” in the name, to mean it only deals with IME firmware. The IME Firmware Recovery Agent software is installed by the IME software installation program.
You may not know that Intel still provides the IME software to mother board manufactures,
- 07-20-2012 06:47 AM#1
- Join Date
- Mar 2012
- Victoria, Australia
Intel manageability engine firmware recovery agent?
I’ve had a program appear in my notifications asking to be installed called the intel manageability engine firmware recovery agent.
Has anyone had this happen on their G75? And should I install it. I did google it, but being a technophobe had no idea if it was needed or not. I am assuming it checks for updated drivers or such for anything intel on the laptop? I really have no clue. Just not sure if I need to install it or not.
- 07-20-2012 07:46 AM#2
- Join Date
- Apr 2012
This is useless for us…. it is for IT people who want to manage a computer from a remote location
I never install it or if it was installed automatically I remove it from the Control Panel “Programs & Features”
- 07-20-2012 07:52 AM#3
- Join Date
- Mar 2012
- Victoria, Australia
I un-installed Intel Manageability Engine Firmware Recovery Agent and no agent log file appeared! At least not yet! But I have a feeling that this was the program creating it. And I remember that I got error during its update. So in a way It all make sense now. Hope this is the real deal as I got really tired trying to figure out this agent log issue….
That program surfacing along with the above posts suggest that this is a malware ie backdoor that is injected into firmware of a CPU..
It is also suggested that this Manageability Engine Firmware Recovery Agent is creating log files. Most have reported as empty. However, we have noted when preforming a search for a lost txt file unusual log files. These log files would sometimes be empty and other time show a location and a password. The passwords were always incorrect, but plain text. The files did not raise significant redflags, other than they were labeled logs and had passwords, though incorrect. The anomaly was marked for research at another time and not acted upon at that moment.
With this knowledge, the next question was what data could be transfer by using this backdoor?
What is Intel Manageability Engine Firmware Recovery Agent?
Intel Active Management Technology (AMT) is hardware-based technology for remotely managing and securing PCs out-of-band. Intel AMT is hardware and firmware technology that builds certain functionality into business PCs in order to monitor, maintain, update, upgrade, and repair PCs. Intel AMT is part of the Intel Management Engine, which is built into PCs with Intel vPro technology. AMT is not intended to be used by itself; it is intended to be used with a software management application. It gives a management application (and thus, the system administrator who uses it) better access to the PC down the wire, in order to remotely and securely do tasks that are difficult or sometimes impossible when working on a PC that does not have remote functionalities built into it.
It is a bootstrap giving access to PCs that do not have remote functionalities that creates logs, some blank some with very limited and specific text. Could the blank logs actually have hidden text?
In concluding we researched “firmware controller data flow”.
Abstract: Burst mode data transfer in emerging wavelength division multiplexing (WDM) and code division multiplexing (CDM) PONs faces major challenges in electronics design. We develop an embedded software solution to enable optical line terminals (OLT) and Optical network terminals (ONT) to process Burst mode data flow smoothly. Our solution implements three important components on an FPGA platform. The first consists of a PCI interface that allows the OLT/ONT unit to communicate with a PC. The second is the PowerPC that manages and controls the data flow. Finally, a burst mode transceiver examines data transaction, synchronization and error correction
Given the sporadic nature of the log files seen was the logs being “burst” out?
Flow control mechanism in a data processing pipeline
US 8526303 B2ABSTRACTHerein described are at least a system and a method for regulating data flow in a data pipeline that may be used in a video processing system. The system comprises a processor, one or more data buffers, and one or more processing stations. The one or more data buffers may be used to buffer corresponding processing stations. Each of the one or more processing stations may comprise a switching circuitry that is used to inhibit data transmission when a hold signal is received from the processor. The processor may send the signal in response to a feedback control signal generated by the one or more processing stations. The method may comprise determining if the processing time of a processing station exceeds a specified time. The method further comprises generating a feedback control signal to a processor if the specified time is exceeded.
Not to be confused with Control flow.
In data communications, flow control is the process of managing the rate of data transmission between two nodes to prevent a fast sender from overwhelming a slow receiver. It provides a mechanism for the receiver to control the transmission speed, so that the receiving node is not overwhelmed with data from transmitting node. Flow control should be distinguished from congestion control, which is used for controlling the flow of data when congestion has actually occurred. Flow control mechanisms can be classified by whether or not the receiving node sends feedback to the sending node.
Flow control is important because it is possible for a sending computer to transmit information at a faster rate than the destination computer can receive and process it. This can happen if the receiving computers have a heavy traffic load in comparison to the sending computer, or if the receiving computer has less processing power than the sending computer.
It is possible that flow control would also be utilized to prevent a sending computer that bursts large data from malfunction or detection under normal means.
That concludes this session of research:
A netstat was preformed. Noted was programs engaged when should be listening. When those programs were stopped the suspect website went back to being timed out in Utah.
Mark Shuttleworth, founder of the UbuntuLinux distribution, has described proprietary firmware as a security risk, saying that “firmware on your device is the NSA‘s best friend” and calling firmware “a trojan horse of monumental proportions”. He has pointed out that low-quality, closed source firmware is a major threat to system security: “Your biggest mistake is to assume that the NSA is the only institution abusing this position of trust – in fact, it’s reasonable to assume that all firmware is a cesspool of insecurity, courtesy of incompetence of the highest degree from manufacturers, and competence of the highest degree from a very wide range of such agencies”.
Researched : how to scan for injectable firmware
General Description The Sequencing SAR ADC component gives you the ability to configure and use the different operational modes of the SAR ADC on PSoC 4. You have schematic and firmware level support for seamless use of the Sequencing SAR ADC in PSoC Creator designs and projects. You also have the ability to configure up to 8 analog channels that are automatically scanned with the results placed in individual result registers. An optional “Injection channel” may also be enabled by firmware to occasionally scan a signal that does not need to be scanned at the same rate as other channels.
ndss-2013 < The PDF file to above
VID Chip maker AMD has patched holes across its firmware lines that could allow hackers to inject malware.
Czech programmer Rudolf Marek reported the holes in the Trinity, Richland, Kaveri, and Kabini silicon series ahead of a disclosure at the Chaos Communications Congress.
AMD’s System Management Unit (SMU) firmware code within x86 processors did not run adequate checks prior to execution, allowing Marek to inject his own commands.
Marek told attendees to ask their mainboard vendors to push the fixed AGESA to BIOSes.
“Tell your vendors for a fixed AGESA (AMD Generic Encapsulated Software Architecture),” Marek said during the talk aimed at encouraging more of the low-level security analysis.
“This is the only way to push vendors to update BIOSes for older platforms.”
Marek did not describe particular attack scenarios created by the lack of a protected code along with further firmware errors.
It took roughly a year to fix the flaws in an exchange he described as “responsible and helpful”.
Fault Injection on Firmware Level
Software-implemented fault injection (SWIFI) is an established method to emulate hardware faults in computer systems. Existing approaches either extend the operating system by special drivers, modify the runtime environment, or change the application under test.
The FutureSOC project on novel SWIFI approaches investigates new ideas for adding fault injection as standard dependability assessment tool in modern server environments. One approach relies on the Extensible Firmware Interface (EFI), the BIOS-successor available in latest X86 systems as provided by the FutureSOC lab. Our approach extends the firmware of these systems in order to a) make fault injection completely transparent to the operating system, and to b) support a larger variety of fault types. No modifications to the operating system or the application code are needed.
Our prototype is available for free use in non-commerical usage scenarios. Below you can find installation and configuration instructions. Binaries are provided for download at the end of the page.
In case of further questions, please contact Peter Tröger.
“We don’t think it would take much to turn her into a device to spy on and potentially interact with children. You would be well advised to make sure that she is switched off when not explicitly in use and make sure that the mobile device is secured with a strong PIN, also kept and patched up to date. In the longer term the manufacturer should apply a PIN for the Bluetooth pairing process, but we don’t think that can be done without a product recall.”
A source came forward noting that during the Libya campaign they were approached to carry the campaign on to Syria. They stated that they declined, stating that the campaign was to go to Yeman next. That there was significant want and pull to have an campaign there. They noted that the people asking for the campaign to come to Syria was saying how very much it was needed in Syria and showing pictures of protests, but the protests being pictured out of Syria was not exhibiting a likely anti-corruption campaign. The photos were of women and children with balloons and smiling, not at all looking stressed or down-trodden. The source went on to say the photos had a look and feel like a PR company that had been campaigning against Iran on a Chinese Democracy and anti-Iran centric IRC servers. They also noted that while training an individual on IRC they noted a PR company making changes in obscure African countries wikipedias that were anti-Iran.
The source noted that after they said, no the campaign would not go towards Syria that Syria was not ready or in need for a campaign. They said they were told, “Fine , we are dedicated and will do this on our own.” It was at that time they noted the Yemen campaign ground to a halt due to US involvement, US strikes, and US propping of the Yemen government.
I read with interest your latest analysis and forecast about al-Qaida.
Now al-Zawahiri has offered to “answer questions” he receives by
mid-January via the Internet. He is behaving like (setting himself up
as?) a mufti, who dispenses fatwas regarding any question from
believers–or perhaps, non-believers. This new tack may signal that he is
elevating himself to a position rivaling other internationally consulted
muftis, even though he is not a normative mufti. It is part of what you
have identified as the “ideological” battlefield.
In regard to your assumption of al-Qaida’s “devolution” (possibly a type
of failure), I would like to provide a few working principles from the
study of religion and violence, particularly in heterodox movements, which
may be of some interest:
From Cathy Wessinger (U.S., Loyola University, New Orleans): the concept
of a “fragile millennial group”
From Ian Reader (United Kingdom, U. of Manchester): the concept of “the
pragmatics of failure” (derived from his primary analysis of Aum
A number of scholars have intensively studied new religious movements,
especially the problems a relative few present, since the Jonestown
incident and have developed some applicable principles, among which are
Wessinger’s and Reader’s.
Assumption: Al-Qaida is a millennial movement.
Millennialism (millenarianism, chiliasm) is “a belief in an
imminent transition to the millennial kingdom (i.e., the collective
salvation)”; it is a belief that “has the power to draw people together
to found new religious movements” that promise to reveal esoteric
knowledge about what is ultimately real and ultimately true.
Among the categories of millennial movements,
Al-Qaida is both “nativist” and “revolutionary.”
- It is nativist because its ultimate concern is to
defend the Muslim religion and the Muslim lands against cultural and
physical alien invasion.
- It is revolutionary because it possesses and
acts according to a theology that legitimates violence (in order to attain
the collective salvation/millennial kingdom).
- It expresses the millennial kingdom in terms of a “caliphate” or “caliphates.”
- Revolutionary millennial movements are also political, because the collective salvation
is to be achieved on earth via a destruction of the status quo and a total
transformation of the world. A hopelessly corrupted world will thus be
rendered new, clean, and pure.
The fragility thesis applies when a millennial movement fails to meet its
unrealistic expectations, either because of external persecution or
internal stresses or a combination of both.
The group may then seek to
attain its collective salvation through other means, i.e., by legitimizing
violence against perceived scapegoats or by self-destructing as a witness
to the evil state of the status quo world.
An example of the former is
Aum Shinrikyo, which suffered humiliation in its foray into politics and
which fell short of meeting its unrealistic recruitment goals.
An example of the latter is
Jonestown, which conceived of no other option after its
continued existence in its Guyana refuge was threatened by exposure of its
practices and when Jones’ mental and physical health was deteriorating.
It is also possible that the Branch Davidians at Waco became a fragile
millennial group after they were assaulted by the FBI, believing that
Armageddon was occurring and that the “saints” were to be sacrificed, as
related in their version of Revelation. That may be why they set fires in
Mt. Carmel (recently verified by additional sources). In so doing, they
“witnessed” to the satanic evil of the opposing forces.
The point is that if al-Qaida/the International Jihad believes that its
expectations are not achievable, but that victory (of necessity) always
belongs to Allah, it may redefine “victory” and seek another mode of
enacting its self-identification as “the saved sect and victorious
It can do so in a variety of ways, some violent and some
Reader has proposed a “pragmatics of failure” thesis to account
for Aum’s turn to killing outsiders. First, Aum adopted a compassionate
doctrine from Tibetan Buddhism called “poa” that prescribed rituals to
deliver karmic merit to those who had died, and then it reinterpreted
“poa” to mandate the killing of the spiritually inferior souls in order to
prevent them from amassing further karmic demerits in this life. It could
not save all souls in the world, so it concentrated on saving itself and
accumulating more karmic merit for its victims.
However, it is also possible that achieving the millennial kingdom or
“mission” of the movement may be sought through peaceful means, such as
“routinization.” It is possible, for example, that a group that begins as
a revolutionary movement may seek to join the political process or seek
legimate status as a party or a church. The Bahai faith was one such
In al-Qaida’s worldview, since Allah cannot fail, He will reveal to the
movement the modes of victory. What those modes may be may vary greatly
from self-destruction (group martyrdom or “witness”), religious
justification for the intensification of terrorism, or alternatives to
violence in order for the “truth” to prevail.
I am not suggesting that al-Qaida shares your view of their “devolution.”
Apparently, the leadership believes they have many options and that Allah
is gaining in victory over the infidels and apostates. However, should
they begin to believe that their efforts are futile, then we may expect
the movement to seek other modes to achieve their unrealistic goals. The
clue to any quantum shift will first appear in the group’s religious and
what the “mufti”–al-Zawahiri–issues as fatwas should be deciphered
by those who understand his worldview and religious emphasis. They may
signal a shift to other modes of achieving “victory,” whether it is
redefined in catastrophic or relatively irenic terms.
In this year’s challenge, you’ll get to match wits with an Artificially Intelligent agent, exploit a target machine, and do some detailed packet capture and file analysis, all with the goal of unraveling the mysteries of the Ghosts of Hacking Past, Present, and Future to save old Ebenezer Scrooge from certain doom.