Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

David89

Member
  • Content Count

    220
  • Joined

  • Last visited

Awards


This user doesn't have any awards

2 Followers

About David89

  • Title
    Junior Member
  • Birthday November 23

Profile Information

  • Gender
    Male
  • Location
    Germany

System

  • CPU
    AMD R5 1600 @ 3,95 GHz
  • Motherboard
    ASRock AB350 Pro4
  • RAM
    G.Skill Aegis DDR4-3000@2933
  • GPU
    MSI Radeon RX 480 ARMOR 8G OC
  • Case
    Cooler Master Silencio 650
  • Storage
    A lot
  • PSU
    FSP Group AURUM GOLD 400
  • Display(s)
    Acer K272HUL Ebmidpx 27.0" 2560x1440
  • Cooling
    Thermalright HR-02 Rev.A
  • Keyboard
    Logitech G410 Atlas Spectrum
  • Mouse
    Roccat Kone XTD
  • Sound
    Creative A250, Roccat Kave XTD 5.1 Digital
  • Operating System
    Arch Linux, Windows 8.1, Windows 10

Recent Profile Visitors

526 profile views
  1. David89

    56 Cores in ONE SYSTEM! - HOLY $H!T

    Meh. Another one of those Intel Videos. 56 Cores are great and such, but they are getting actually boring. I'd really like to see EPYC in one of those Videos. Although i get, that there is no Motherboard on AMDs side, that can compete with that. Still. A comparison between the Opteron Piledriver and EPYC would also be...uh...Epic.
  2. Interesting. Anyone noticed, that Gadi Evron was in the same military unit, as the other guys from CTS...? Also, that BOTH Ido Li On and Yaron Luk-Zilberman contradicted Gadi Evron, who said "I can confirm they have a PoC on everything." I'm still going with my first assessment of the whole ordeal: Gadi Evron was part of the whole thing from the beginning... And Trail of Bits right away said, it's no where near as bad, as they say.
  3. And that's exactly why there are different stages of severity of Bugs. This whole thing is just not a security issue. Those are some very nasty and bad bugs - but you can't to anything with them, unless you actually got in to the system with some security holes. They need to be fixed, yes, but they are rather low on the priority list. Although, as we have come to know AMD, i'm pretty sure there is a new AGESA in a few Weeks, that completely fixes those issues.
  4. 1) I have it disabled and don't have any devices relating to the PSP in Device Manager, or even DMESG on Linux. Nothing. Enabled there are a few things that hint at the PSP. 2) IMHO that's a design flaw with X86. Has been the case with many, many things over the years. Intel ME, many TPM devices, DRM functions or even Kinibi.
  5. Man. Those guys are absolutely laughable. Hey, maybe i should search for some random fourth stage attacks, that haven't been fixed for years. For those who do not know what the stages are: Although you could even argue, that those are stage six attacks, since you are corrupting "something" (be it the ASMedia Controller or the PSP) I also just had a bit of a play with deactivating the PSP in my UEFI. That works and there is no PSP and TPM Device anymore. Edit: Even Trail of Bits says, those attacks are not viable. https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/
  6. the FRACK? Are you for real? The whole reason why "we" defend AMD is because THE ONLY thing that may be a real problem for AMD is the ASMedia Shit - and even that is probably not even AMDs fault. It's about the "HOW" this is going down. If there are security flaws - so be it. But that whole smear campaign against AMD is an absolute shitshow, because Intel has the same vulnerabilities in their ME. That's btw one big reason why many thousands signed an open letter to AMD to make their PSP OpenSource to prevent this kind of stuff. The rest of all of those "vulnerabilities" are present on EVERY FRACKING system! Holy mother of Jesus are you dense. Btw, for a good read about why you are already FUC**D big time when code is running at those kinds of levels: https://blogs.msdn.microsoft.com/oldnewthing/20060508-22/?p=31283 I'm done here.
  7. First of all: Dan Guido said that himself. Second: You just disqualified yourself from EVERY viable discussion with that kind of statement. How old are you? 14? Third: I'm a Sysadmin, so i do actually know a few things about computers. I may not be a security expert, but i do know my way around secure systems. Let's assume those vulnerabilities are real. For Ryzenfall 1-4 the first step is to get through the VSM, which was introduced with Windows 10. After that, you'll need to get access to the LSASS (Local Security Authority Subsystem Service), which has also been reworked with Windows 10 (split in different and isolated threads that can't be accessed directly) and makes it pretty much impossible to gain any access to anything hardware related without any Admin rights. Now, even if you have full Admin rights: You need a driver that has write access to the PSP. After that you have to get the right Bios hashes for the bios in question. Same applies to Fallout 1-3 - only difference is that it uses the Bootloader of the SP. ALL of that implies however, that you've cracked the Microsoft VSM, which would give you access to EVERY system and not only AMD based ones. And you even need Admin rights to put Chimera to "use" - you'd also need physical access, because you have to restart Windows without the Driver Protection. Which is the case for all of those attacks, btw. So: you need physical access to ALL of those attacks, UNLESS someone has already deactivated the driver protection on that system. So: 3 of those attacks need a bios flash. The rest of those need drivers. Ever tried to install drivers remotely on Windows? Ever tried to install - even signed but not vendor correct - drivers? Basically, if you go through all of that trouble, EVERY System is vulnerable, not just an AMD one. Still: There are NO technical details inside the Whitepaper from CST, so all of that are just assumptions based on what the results "should" be.
  8. No. I don't, because either i completely misunderstood how the PSP and UEFI work, or i am right in that those are separated "enough" so that this can't be exploited in that way. Also, at least on my board i have to have the UEFI Network stack enabled to flash over the Internet, which i don't and as a Sysadmin it is standard policy in many companies to also turn that feature off. Timeline ======== 09-28-17 - Vulnerability reported to AMD Security Team. 12-07-17 - Fix is ready. Vendor works on a rollout to affected partners. 01-03-18 - Public disclosure due to 90 day disclosure deadline. Everyone's attention moved to Meltdown and Spectre, because the PSP was already fixed.
  9. Please prove me wrong with data. I'm sorry, but i give a crap about your statement if you can't back it up with something else than one guy on Twitter saying he had access to the technical reports. And i don't care if he has 13 years of experience, he's still only one guy. And you repeating your claim won't make it right. Those "many other security experts" are still (it's around 23:20, 13th March of 2018, Euro Time) only that one guy. Where as at least four (!) said, that it's highly unlikely to be having any impact. And why are you so hellbent on making sure everyone believes ONE source?
  10. Not only did they violate standard procedure, they made an extremely bad choice to be in the same bed with a shady companie that has a known history of manipulating stock markets with false claims. I'm not that optimistic though. The only real positive thing is, that AMD's PSP doesn't have the Network stack built in, like Intel's ME. Even if AMDs PSP is as pitted as swiss cheese, it won't matter, because they are not vulnerable from the outside. Edit: About Dan Guido - he specifically states, he has been paid by CST and "all 13 Flaws have been confirmed", while others already laid waste to some of those flaws, because they are simply not flaws "per se".
  11. Personally, i REALLY would like to know, how and why Dan Guido has said anything at all. Many other Security Experts are saying that pretty much all of that is - at least until now - absolute bullcrap. BTW, The much bigger question is: IF there is some merit to the PSP being vulnerable (read: Same problem as Intels ME, that STILL haven't been fixed fully, mind you!) - how can it be possible to bypass the Windows 10 VSM, that Microsoft praised as one of the absolute killer security features? By design it should be impossible to run unprotected code, that isn't hashed correctly by the LSASS. Having to need physical access to the machine is a must in all of those cases, so even IF there are real flaws in the System from "the inside" - what do they matter if the attacker has physical access to your machine?
  12. No. It doesn't, especially not if the Whitepaper is as badly written as that. Especially considering what background "Viceroy" (the company behind CST) has. They have a background of manipulating stock and are currently under investigation from many around the world. Most notably Germany for crashing the ProSieben stock last week. Can you do something else, or is throwing swear words and bad mouthing people everything you can do? Have you studied that somewhere? I'd like to know that course, maybe i can jump down to your standard. Many at /r/AMD are everything but biased. They heavily favour AMD - me included - which COULD be bias, but most definitely isn't. Same goes for AdoredTV. "Bias" is something extremely unreasonable, but "we" (those, who favour AMD over Intel under many, many circumstances) have reasons for it. Which makes it - by definition - unbiased. @Topic: It's absolute BS. https://www.moneyweb.co.za/in-depth/investigations/viceroy-unmasked/ Their Office is made up from stock photos and green screen. Basically, if you've got Admin rights on a PC, you can do everything you want with that thing. No shit...
  13. Yeah, sorry, i just realized, i accidentally switched charts. But: https://www.techspot.com/review/1474-ryzen-vs-older-budget-cpus/ https://www.techspot.com/review/1546-intel-2nd-gen-core-i7-vs-8th-gen/ Therefore, i still don't think going with an 4460 is a good choice. (Unless you absolutely do not want to spend the money for DDR4...)
  14. Edit: Yes, yes, i realized i switched charts.
  15. David89

    AMD Q4 Earnings Report & Zen 2 Will Have Spectre Fix

    I'll fire that right back: You can't be serious, right? Intel did everything in their power to make the best of the situation - yes, that is the only thing in your post i agree with. Intel knew about the Problem for at least 8 Months and they did absolutely nothing. They didn't make Microcode updates before hand, they where caught "off guard". Intel made Microcode Updates that bricked computers. Intel tried to sling mud against other manufactures. Intel tried to cover things up. And the worst of all: Intel tried to make the patches Optional. Linus Torvalds doesn't explode like that without any reason. The Kernel Patches Intel supplied where absolute pieces of impudence. Intel is probably the most childish company on this god damn planet - they can't take responsibility unless forced to as has been proven many many times over the years. IMHO it's even worse than Volkswagen, but since nearly every Computer runs with an Intel "thing" inside, nobody seems to care as Intel's PR Department is rather good in covering things up. Intel does damage control, but those are no solutions to their abominable business practices. Even the google researchers said, that with a Ryzen, they couldn't replicate the attack - unless you set Kernel Parameters in Linux, which on most distributions are turned off by default. And Spectre 1 is easily fixed with a Software Update.
×