Intel Management Engine is very scary!

https://en.wikipedia.org/wiki/Intel_Active_Management_Technology

http://www.intel.com.au/content/www/au/en/architecture-and-technology/intel-active-management-technology.html

http://www.networkworld.com/article/3085494/security/intel-management-engines-security-through-obscurity-should-scare-the-out-of-you.html

https://www.slideshare.net/codeblue_jp/igor-skochinsky-enpub

http://hackaday.com/2016/11/28/neutralizing-intels-management-engine/

http://boards.4chan.org/pol/thread/117886401/intel-me

Intel Active Management Technology (AMT) is hardware and firmware technology for remote out-of-band management of personal computers, in order to monitor, maintain, update, upgrade, and repair them. Out-of-band (OOB) or hardware-based management is different from software-based (or in-band) management and software management agents.

The Intel Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets. According to an independent analysis by Igor Skochinsky, it is based on an ARC core, and the Management Engine runs the ThreadX RTOS from Express Logic. 

The ME state is stored in a partition of the SPI flash, using the Embedded Flash File System (EFFS). The ME has its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system.

The ME has full access to memory without the parent CPU having any knowledge, it has full access to the TCP/IP stack, and full access to every peripheral connected to the computer. It also runs when the computer is hibernating. It doesn't matter if you're using Windows, Linux, Mac OS X or any other operating system. If you have an i3, i5, i7 or current Xeon CPU then you're completely owned by the intelligence community. 

Update 1/5/2017 - Intel confirms remotely exploitable security hole in the ME:
http://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
http://www.theregister.co.uk/2017/05/05/intel_amt_remote_exploit/
To scan your network for potentially vulnerable systems, scan ports 623, 624, and 16992 to 16993 (as described in Intel’s own mitigation document); 
for example nmap -p16992,16993,16994,16995,623,664 192.168.1.0/24