Yeah, after HP, Dell and others were caught with total bullshit running in their BMC's too. Old hat, everyone half-serious was already firewalling that.

You are blowing this a bit out of proportion. She made an exploit in 2009 against TPM and it involved also ME, that's a bit different than getting full control. I also didn't find any "ring -3" rootkit.

Botnets are handled by business-oriented criminals with skills and all, not by script kiddies. They are after money, not after random disruption. Script kiddies are in general out of serious hacking scene since at least decades.

As I said above, botnets are the IT equivalent of swarms of mooks, their traffic isn't exactly complex to detect, the issue is that their numbers are huge and you don't own their devices so you can't realistically shut them down or force a random chinese manufacturer to not fucking use "0000" as default root password on SSH.

If botnets were using ME, it would be found out pretty quickly that ME is involved, and shit would start flying for Intel.

I know the powers they wield, an admin with a ME/AMT management console can do pretty much all he wants on a target PC. And the providers of that stuff is Intel.
MS can push updates you can't avoid anymore on win10, that means they can insta-pwn all win10 devices if they so choose. With other OS they could just push updates, so they could still pwn your PC as long as you had your updates enabled.

Besides, any software company can do the same, they can push updates on your PC, and if you agree you give the updater root access anyway.

Note that I'm not saying they are necessarily using it for evil.

I can. Using blobs and secured shit with signatures and stuff isn't necessarily to hide evil intent. There is many people that still genuinely thinks that closed-source is safer, especially in companies.
Usually closed-source and proprietary blobs are used to hide half-assed features and copyright infringement from the eyes of experts that would call them out.

Broadly irrelevant, when you get caught by secret police these excuses are not going to save you.

Last time I checked "side-channel signalling" was EM interference generated by devices, which is kinda fucking short-ranged, so I'd say you are getting a bit carried away.

Well the Skylake USB debugging gives us an example, or the existing ME rootkits. Most of your arguments have been addressed by SystemCrasher already, so I will not repeat those here.

So you say that his efforts are futile? I wonder why nobody of the thousands who were in the audience or watched the live stream pointed this out.

If you look at Patrick Stewin's talk (btw. another very nice and smart person), he implemented basically undetectable exfiltration through deliberately introducing packet jitter. Combine this with advertising networks' ability to target users by IP range, you don't even need to control anything on the ISP side of things.

Exploit doesn't work if you install latest BIOS. What kind of additional proof do you want?

First you say "these firmwares NEVER get any update to patch vulnerabilities",
then I pointed out that the ME firmware actually got an update,
then you claim that "the OEM rarely gives a fuck",
then I point out how this is fixed in the latest BIOS,
then you say the fix is not distributed to everyone automatically.

How is that not moving the goalposts?

Also note that since Windows 8, BIOS updates are distributed through Windows Update as long as vendors choose this path.
You want proof of that too? We know it because this already caused problems. One widely reported issue is with Minix-PC Z64W being updated by a Techvision UEFI firmware and bricked, because both manufacturers neglected to update the default OEM ID string in the AMI BIOS.

Note that you don't get individual updates on previous Windows versions any longer, only cumulative updates.
So if they bundle a backdoor in the latest round of security fixes, you will be pwned through the backdoor if you install it. And if you don't install it you will be pwned through known public vulnerabilities.

About forced BIOS updates in forced Windows updates on the one hand, and attacks on old Windows versions on the other hand: Both are defeated on non-networked machines, and both are defeated on machines on which Windows is removed and especially if it was never activated and never run.

For those of us who use only LInux, the main danger from Windows is efforts to hardware-lock machines to it, thus the importance of things like ME cleaner. Who cares if some future version of Windows 10 won't boot. So you need dedicated hardware if you really need that 4K netflix-so what? Keeping Trump's Gestapo from monitoring your communications or turning on cameras and microphones remotely is far more important.