Jump to content
Phishing Emails & YouTube Messages - Fake Giveaway Read more... ×
Search In
  • More options...
Find results that contain...
Find results in...

David89

Member
  • Content Count

    220
  • Joined

  • Last visited


Reputation Activity

  1. Agree
    David89 reacted to mark_cameron in Suggestions for our iMac Pro repair   
    That's nonsense. And would be illegal in the UK.
     
    I buy a car and only the manufacturer has the parts I need to fix it. But has no idea how to supply it plus can't recommend any third party service repairs. Mainly as they don't like third party repairs.
     
    As for that Rufus video response. He's got an annoying voice and needs to change it.
     
    It's a simple non warranty repair.
     
    What's hard to understand?
     
  2. Like
    David89 reacted to Space Reptile in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    @LAwLz i actually talked to someone who works as cybersec tech about these exploit(s) and according to him they dont even matter 
    you can do what these exploits claim to enable on ANY SYSTEM w/ the priviliges they require remotely , does not matter what OS , what vendor or what year 

    as "real" as these exploits might be , they dont make it any easier nor enable someone to do more than he already can 


    also CTS and that other lab are shady as shit , unknown firm w/ next to no record and plenty of connections to stock manipulation and FUD 
    also breaking many standards for reporting and publishing of this kind (weird wp , 24 deadline , claiming AMD stock should be 0$ and AMD @ chapter 11) 
  3. Agree
    David89 got a reaction from Notional in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    Interesting. Anyone noticed, that Gadi Evron was in the same military unit, as the other guys from CTS...?
    Also, that BOTH Ido Li On and Yaron Luk-Zilberman contradicted Gadi Evron, who said "I can confirm they have a PoC on everything."
     
    I'm still going with my first assessment of the whole ordeal: Gadi Evron was part of the whole thing from the beginning...
     
    And Trail of Bits right away said, it's no where near as bad, as they say.
  4. Informative
    David89 got a reaction from VicBar in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    Personally, i REALLY would like to know, how and why Dan Guido has said anything at all. Many other Security Experts are saying that pretty much all of that is - at least until now - absolute bullcrap.
     
     
    BTW, The much bigger question is: IF there is some merit to the PSP being vulnerable (read: Same problem as Intels ME, that STILL haven't been fixed fully, mind you!) - how can it be possible to bypass the Windows 10 VSM, that Microsoft praised as one of the absolute killer security features? By design it should be impossible to run unprotected code, that isn't hashed correctly by the LSASS.
     
    Having to need physical access to the machine is a must in all of those cases, so even IF there are real flaws in the System from "the inside" - what do they matter if the attacker has physical access to your machine?
  5. Agree
    David89 got a reaction from Notional in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    Interesting. Anyone noticed, that Gadi Evron was in the same military unit, as the other guys from CTS...?
    Also, that BOTH Ido Li On and Yaron Luk-Zilberman contradicted Gadi Evron, who said "I can confirm they have a PoC on everything."
     
    I'm still going with my first assessment of the whole ordeal: Gadi Evron was part of the whole thing from the beginning...
     
    And Trail of Bits right away said, it's no where near as bad, as they say.
  6. Agree
    David89 reacted to AncientNerd in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    Because I somehow read your post that I responded to as
    rather than your actual statement of 
    which is a completely different meaning and makes me seem a bit pedantic as a result, sorry!
  7. Like
    David89 reacted to AncientNerd in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    Yes...and No. Here's the thing, software/firmware has bugs, live with it. Some of the bugs are in Security subsystems. There is a three part trade-off to all projects, time-resources-quality (or doneness). You can get perfect or near perfect quality if you have infinite time and resources, but your company will go out of business. You can have impossibly short deadlines with infinite resources and bad quality.
     
    Basically at some point you have to "shoot the engineer and ship the product", i.e., an engineer (no matter what kind of engineer) wants everything absolutely perfect and will work on a project until nothing is wrong including low probability issues.  On the other hand sometimes you also have to "Shoot marketing and keep the product in Engineering" because marketing will ship the product with fatal flaws to get "something to market now". And on the third hand sometimes you have to "Shoot the Product, because it is a lost cause and will never be finished", if you don't do that it can kill the company. I have worked for two companies who couldn't learn the third lesson and are no more because they couldn't learn that lesson. 
     
    So, the question that needs to be answered (and only AMD can really answer) is "how many resources are these flaws worth?". My (admittedly educated guess), is lots due to the high profile that they have gotten. So inside AMD I would guess there are multiple near "infinite resource" projects going on to fix these right now.
  8. Like
    David89 reacted to AncientNerd in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    I just managed to read through this whole massive thread and want to make one point that I don't think anyone has made yet.
     
    It looks to me like all of these take some form of signed driver. Now I have been writing driver code in one form or another for going on 30 years now, and frankly once I have a driver installed I own part of that system. So depending on what driver is compromised (and they didn't seem to specify), the fact that they were able to make persistent changes is not a surprise. In fact I would be surprised if they couldn't make persistent and possibly damaging changes, heck I can think of three or four driver level places off the top of my head that if I wrote replacements for those drivers and got them signed I would be able to read or write anything on the system regardless of the upper level security settings, and if I wrote into the device's firmware (say a network card) my changes would be persistent and could be made invisible to security. Yes, writing it to the Secure Processor on the CPU gives it some additional panache but really? This is just one more case of "if you have a malicious device driver your screwed", which has been true since computers were created.
  9. Agree
    David89 reacted to Notional in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    https://www.realworldtech.com/forum/?threadid=175139&curpostid=175169
     
    For those who are unaware of "chicken bits": (electronics) A bit on a chip that can be used to disable one of the features of the chip if it proves faulty or negatively impacts performance. 
     
    Now for the great part about the interview:
     
    Considering that scummy scam company, Viceroy, got their hands on this paper as one of the first, and the entire paper is written in a very manipulative way, it's hardly difficult to figure out who paid for this.
     
    At the end of the day Asmedia and AMD needs to fix any and all security holes, just like every one else. But this is blown way way out of proportion, and the incentive to do so, is clear as day: Stock market manipulation. 
     
    Anyone who is taking these security issues seriously, requiring elevated admin privileges, as a consumer, is being a useful idiot for this investment conspiracy.
  10. Agree
    David89 got a reaction from Notional in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    Man. Those guys are absolutely laughable.
     
    Hey, maybe i should search for some random fourth stage attacks, that haven't been fixed for years. For those who do not know what the stages are:
    Although you could even argue, that those are stage six attacks, since you are corrupting "something" (be it the ASMedia Controller or the PSP)
     
    I also just had a bit of a play with deactivating the PSP in my UEFI. That works and there is no PSP and TPM Device anymore.
     
    Edit: Even Trail of Bits says, those attacks are not viable. https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/
     
  11. Like
    David89 reacted to cj09beira in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    i am not wrong thought, to call this as a meltdown level exploit is lying way too much, meltdown and spectre don't need anywhere near as much privileges, and can even be run through a web page, this is much harder to exploit, the document and the company behind it are at the very least shady, this is not the work of a security company, in my eyes right now they have less legitimacy than wccftech.
     
  12. Like
    David89 reacted to laminutederire in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    Want to have a chance to contest claims of researchers at the LHC? Here you go: Link to one of the papers about it. They present their methods and working hypothesis, as well as detailed results and the explanation on why their results prove significance of their hypothesis. If you are knowledgeable enough, you can assess the quality if the results and their validity yourself. That's the point. It can be disproved because there is a thought path presented that can be possibly attacked. In our case, we do not have anything to go on except the words of the publishers and some other people.
     
    They could be saying it's real because it's real, because it isn't but they think it is, because it isn't but they have something to gain by saying the opposite etc.. maybe they say it's true because some part is true but they haven't assessed or left out purposely the part where it's wrong.
    Thing is it is just a matter of opinion right now. Your opinion is that they are to be trusted, it may be even reasonable to do so, but they aren't necessarily to be trusted so you could believe otherwise.
     
    Remains that the way things were handled are absolutely not satisfying and the way their paper is written is unprofessional enough to question reasonably their claimed results, independently of everything else. That's why I think it is not true until I can see proof of it. Amd or whatever could say it's garbage and researchers could say it is genius, I'd still wait until something concrete would be published.
  13. Like
    David89 reacted to Jito463 in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    I'm going to stop explaining myself to you now, because you seem more intent on "winning" than on discussing the issue.  I already know what you're talking about, and I believe you know what I meant, you're just trying to win on an argument of semantics.
  14. Like
    David89 reacted to leadeater in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    Those additional things all require a malicious firmware replacement and/or a signed driver (by AMD or Asmedia, going by 'requires vendor signing') to get the firmware on to the chip or to talk to the chip to exploit it.
     
    These are all risks for any system that has co-processors and logic chips like this.
     
    The general issue is basically everything in this research paper requires malicious modification of the technologies involved which requires other mechanisms to be broken, like getting your malicious driver signed by AMD/Asmedia or being able to modify an existing driver that is already signed while also not invalidating it's digital signature. The details on that is very unclear, but what is clear is there are requirements that almost always put this outside the bounds of the AMD technologies being referenced as having a security vulnerability with them themselves.
     
    To simplify my point it's like getting an HDD with an infected OS installed on it then plugging it in to a computer, turning that system on then saying the computer is infected.
     
    To be very clear I'm not saying you can't exploit these AMD systems, what I'm saying is these sound like they are not vulnerabilities with said systems themselves. The only parts that look like potential candidates for actual vulnerabilities are these signed driver requirements, but like I said no details on how they are doing it. Those signed drivers are the attack vectors in to the chips, but don't go thinking that is unique to AMD. If you break in to any chipset or platform security module you get the same types of access from any manufacturer, we should be more worried about the ability to break in to them.
     
    https://www.anandtech.com/show/12525/security-researchers-publish-ryzen-flaws-gave-amd-24-hours-to-respond
    https://safefirmware.com/amdflaws_whitepaper.pdf
    https://safefirmware.com/amdflaws_whitepaper.pdf
     
    Summary: Masterkey requires a bios flash to a maliciously crafted one, similar attack is possible on any system if you're going to the extent of creating malicious bios firmware. Many systems also implement the mentioned digital signature required for bios update images so you're either reliant on the ability to exploit other security vulnerabilities or have a system that will trust just any random bios firmware image, admittedly that's most cheap gaming motherboard but not high end ones or OEM systems by HP/Dell etc.
     
    https://www.anandtech.com/show/12525/security-researchers-publish-ryzen-flaws-gave-amd-24-hours-to-respond
     
     
    Requires a driver signed by AMD/Asmedia to talk to the chip to be able to exploit it, no details given on how they achieved this or modified an existing driver without invalidating it's signature. I 100% believe they were able to do it but zero details given on how. Further assertions were made that after such access is gained to the chipset they could load malicious firmware on to it.
     
    Summary: Real issue is being able to bypass the signed driver restriction not the access that then gives you or the malicious firmware. CTS are bundling what they can do with malicious firmware in with vulnerability and calling them one and the same. This type of access to any chipset will give you the same level of access, this is not AMD specific.
     
    https://www.anandtech.com/show/12525/security-researchers-publish-ryzen-flaws-gave-amd-24-hours-to-respond
     
     
    Again another one that requires a signed driver, same comments apply. Believe it but zero details explaining anything.
     
    Summary: This one is a big issue. This, as is no loading malicious firmware on or any other modifications, allows you to read protected areas of memory. This is an actual direct vulnerability with the PSP on all Ryzen systems, more limited impact on Ryzen Pro (no read access of protected memory areas only write).
     
    https://www.anandtech.com/show/12525/security-researchers-publish-ryzen-flaws-gave-amd-24-hours-to-respond
    https://safefirmware.com/amdflaws_whitepaper.pdf
     
    Summary: As Ryzenfall, this one actually is an issue with the secure processor in the EPYC processor that does not require any modifications or loading on malicious firmware.
     
    tl;dr Ryzenfall and Fallout are the only two that I can see that are direct security vulnerabilities with the AMD technologies. These are also serious and give access to protected memory areas and encryption keys, along with allowing you to load on malicious firmware further compromising the system. Masterkey is worrying but if an attacker is able to load malicious firmware on to your system then it honestly doesn't matter who's processor/system your using is you're screwed no matter.
  15. Like
    David89 reacted to leadeater in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    That is a different circumstance though, thought it depends on what you mean by that. The company doing the review to get paid is probably all above board, further reading of Anandtech article basically confirms this, it was a favor at first until they were given 13 to verify.
     
    It was important to note that they only verified the steps to execute the exploits, basically they can say you can carry them out as documented. There's still the question of are all of these actually security vulnerabilities with the effected technologies. Because like I mentioned if your replacing firmware or using a signed driver by the vendor (this is very unclear to me exactly what this entails) are these vulnerabilities at all, by that I mean with the technologies themselves.
     
    My point really was though that literally everything that can be firmware updated falls under this, like EVERYTHING. Do we need a security whitepaper released for every product on earth that falls under this to tell us "Hey if someone replaces the firmware with a malicious one you're at risk", think this falls under stating the obvious.
     
    To make a highly inaccurate joke, you don't need a warning label on a hammer saying "If you hit your hand it will hurt".
  16. Like
    David89 reacted to leadeater in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    The basis around how they get paid varies, it's more common practice to either work together and share payment from the effected company through a bounty program or by an entity like CERT, iDefense or TippingPoint.
     
    Your point is pricey why Responsible Disclosure is a thing and it covers aspects like payment and financial gain. These are all efforts to professionalize the security industry and introduce standards, it used to be the wild west so how things were done and should be done can be different.
     
    Analysis of things like financial gain is an important step, not the only step, for verify validity. It should not be ignored.
     
    Edit:
    Or be directly contracted by the company to find security flaws.
     
    See Gamers Nexus video, specifically the responses from those security experts.
     
    No 3 are for the bios. Ryzenfall, Masterkey and Chimera all utilize replacing firmware in the PSP (not bios) or chipset. If your putting malicious firmware on to an IC is it a security flaw of said IC or are you just using your privilege access to compromise the system. If a system has the capability for it's firmware to be updated then malicious firmware will always be an attack vector, there is no way to prevent this other than removing the ability to update the firmware which is a terrible idea because then you could never update it if it does have a security vulnerability.
     
    You ignored the parts after I said bios, PSP and IME are not bios and related to a different vulnerability in the white paper.
     
    No I'm saying it can't even be confirmed as true. Not being true doesn't mean fake it simply means not confirmed.
     
    Which all backs the point that it was easy to see Meltdown and Spectre were legitimate from the get go.
  17. Agree
    David89 reacted to Bcat00 in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    then go deal with it yourself because i ain't got the patience to satisfy your craving because you can't go read a stinken article or have a look at the links provided by the topic poster. 
     
    People aren't obliged to do your work for you because you are too LAZY
  18. Like
    David89 reacted to leadeater in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    Other researchers without any financial gain, i.e. not paid to review and not given guidance on how to use the exploits have questioned the validity of these vulnerabilities or have pointed out that the level of access and the steps used are not specific to AMD. In other words while the exact specific things they are doing are for AMD platforms they can be done on any system if you have those privileges, comments were also made that some of the vulnerabilities are not vulnerabilities and are only a direct result of having the requisite privileged access.
     
    When you're flashing things like the bios or platform security engine firmware (PSP or IME), which you need to be able to do to update them at all, then is it really a vulnerability or just malicious firmware being loaded on to the system thereby making it vulnerable.
     
    So you have security researchers with decent credibility, ones who discovered Meltdown and Spectre, warning to exercise caution with this paper but acknowledge that it could be or in parts be true and the fact that none of these even have CVE reference numbers which means they did not work with or have been acknowledged by National Cybersecurity FFRDC, again not suprising if you didn't bother to work with them but it doesn't mean they won't get them.
     
    While you shouldn't disregard that these could be real the current recommended actions are do nothing. Until these get some kind of official recognition by CVE, AMD and manufacturers like HP/Dell/Lenovo who will in due time issue advisories there is nothing else to do. No one can confidently say they are either real or fake, it's all pending further analysis.
     
    Before anyone points to Meltdown and Spectre and why those were believed they did not lack all the above mentioned traits and were very quickly confirmed by Intel and AMD.
  19. Informative
    David89 got a reaction from leadeater in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    First of all: Dan Guido said that himself.
     
    Second: You just disqualified yourself from EVERY viable discussion with that kind of statement. How old are you? 14?
     
    Third: I'm a Sysadmin, so i do actually know a few things about computers. I may not be a security expert, but i do know my way around secure systems. Let's assume those vulnerabilities are real. For Ryzenfall 1-4 the first step is to get through the VSM, which was introduced with Windows 10. After that, you'll need to get access to the LSASS (Local Security Authority Subsystem Service), which has also been reworked with Windows 10 (split in different and isolated threads that can't be accessed directly) and makes it pretty much impossible to gain any access to anything hardware related without any Admin rights. Now, even if you have full Admin rights: You need a driver that has write access to the PSP. After that you have to get the right Bios hashes for the bios in question.
    Same applies to Fallout 1-3 - only difference is that it uses the Bootloader of the SP.
     
    ALL of that implies however, that you've cracked the Microsoft VSM, which would give you access to EVERY system and not only AMD based ones. And you even need Admin rights to put Chimera to "use" - you'd also need physical access, because you have to restart Windows without the Driver Protection. Which is the case for all of those attacks, btw. So: you need physical access to ALL of those attacks, UNLESS someone has already deactivated the driver protection on that system.
    So: 3 of those attacks need a bios flash. The rest of those need drivers. Ever tried to install drivers remotely on Windows? Ever tried to install - even signed but not vendor correct - drivers?
     
    Basically, if you go through all of that trouble, EVERY System is vulnerable, not just an AMD one.
     
    Still: There are NO technical details inside the Whitepaper from CST, so all of that are just assumptions based on what the results "should" be.
  20. Informative
    David89 got a reaction from leadeater in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    First of all: Dan Guido said that himself.
     
    Second: You just disqualified yourself from EVERY viable discussion with that kind of statement. How old are you? 14?
     
    Third: I'm a Sysadmin, so i do actually know a few things about computers. I may not be a security expert, but i do know my way around secure systems. Let's assume those vulnerabilities are real. For Ryzenfall 1-4 the first step is to get through the VSM, which was introduced with Windows 10. After that, you'll need to get access to the LSASS (Local Security Authority Subsystem Service), which has also been reworked with Windows 10 (split in different and isolated threads that can't be accessed directly) and makes it pretty much impossible to gain any access to anything hardware related without any Admin rights. Now, even if you have full Admin rights: You need a driver that has write access to the PSP. After that you have to get the right Bios hashes for the bios in question.
    Same applies to Fallout 1-3 - only difference is that it uses the Bootloader of the SP.
     
    ALL of that implies however, that you've cracked the Microsoft VSM, which would give you access to EVERY system and not only AMD based ones. And you even need Admin rights to put Chimera to "use" - you'd also need physical access, because you have to restart Windows without the Driver Protection. Which is the case for all of those attacks, btw. So: you need physical access to ALL of those attacks, UNLESS someone has already deactivated the driver protection on that system.
    So: 3 of those attacks need a bios flash. The rest of those need drivers. Ever tried to install drivers remotely on Windows? Ever tried to install - even signed but not vendor correct - drivers?
     
    Basically, if you go through all of that trouble, EVERY System is vulnerable, not just an AMD one.
     
    Still: There are NO technical details inside the Whitepaper from CST, so all of that are just assumptions based on what the results "should" be.
  21. Informative
    David89 got a reaction from leadeater in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    First of all: Dan Guido said that himself.
     
    Second: You just disqualified yourself from EVERY viable discussion with that kind of statement. How old are you? 14?
     
    Third: I'm a Sysadmin, so i do actually know a few things about computers. I may not be a security expert, but i do know my way around secure systems. Let's assume those vulnerabilities are real. For Ryzenfall 1-4 the first step is to get through the VSM, which was introduced with Windows 10. After that, you'll need to get access to the LSASS (Local Security Authority Subsystem Service), which has also been reworked with Windows 10 (split in different and isolated threads that can't be accessed directly) and makes it pretty much impossible to gain any access to anything hardware related without any Admin rights. Now, even if you have full Admin rights: You need a driver that has write access to the PSP. After that you have to get the right Bios hashes for the bios in question.
    Same applies to Fallout 1-3 - only difference is that it uses the Bootloader of the SP.
     
    ALL of that implies however, that you've cracked the Microsoft VSM, which would give you access to EVERY system and not only AMD based ones. And you even need Admin rights to put Chimera to "use" - you'd also need physical access, because you have to restart Windows without the Driver Protection. Which is the case for all of those attacks, btw. So: you need physical access to ALL of those attacks, UNLESS someone has already deactivated the driver protection on that system.
    So: 3 of those attacks need a bios flash. The rest of those need drivers. Ever tried to install drivers remotely on Windows? Ever tried to install - even signed but not vendor correct - drivers?
     
    Basically, if you go through all of that trouble, EVERY System is vulnerable, not just an AMD one.
     
    Still: There are NO technical details inside the Whitepaper from CST, so all of that are just assumptions based on what the results "should" be.
  22. Informative
    David89 got a reaction from leadeater in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    First of all: Dan Guido said that himself.
     
    Second: You just disqualified yourself from EVERY viable discussion with that kind of statement. How old are you? 14?
     
    Third: I'm a Sysadmin, so i do actually know a few things about computers. I may not be a security expert, but i do know my way around secure systems. Let's assume those vulnerabilities are real. For Ryzenfall 1-4 the first step is to get through the VSM, which was introduced with Windows 10. After that, you'll need to get access to the LSASS (Local Security Authority Subsystem Service), which has also been reworked with Windows 10 (split in different and isolated threads that can't be accessed directly) and makes it pretty much impossible to gain any access to anything hardware related without any Admin rights. Now, even if you have full Admin rights: You need a driver that has write access to the PSP. After that you have to get the right Bios hashes for the bios in question.
    Same applies to Fallout 1-3 - only difference is that it uses the Bootloader of the SP.
     
    ALL of that implies however, that you've cracked the Microsoft VSM, which would give you access to EVERY system and not only AMD based ones. And you even need Admin rights to put Chimera to "use" - you'd also need physical access, because you have to restart Windows without the Driver Protection. Which is the case for all of those attacks, btw. So: you need physical access to ALL of those attacks, UNLESS someone has already deactivated the driver protection on that system.
    So: 3 of those attacks need a bios flash. The rest of those need drivers. Ever tried to install drivers remotely on Windows? Ever tried to install - even signed but not vendor correct - drivers?
     
    Basically, if you go through all of that trouble, EVERY System is vulnerable, not just an AMD one.
     
    Still: There are NO technical details inside the Whitepaper from CST, so all of that are just assumptions based on what the results "should" be.
  23. Informative
    David89 got a reaction from leadeater in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    First of all: Dan Guido said that himself.
     
    Second: You just disqualified yourself from EVERY viable discussion with that kind of statement. How old are you? 14?
     
    Third: I'm a Sysadmin, so i do actually know a few things about computers. I may not be a security expert, but i do know my way around secure systems. Let's assume those vulnerabilities are real. For Ryzenfall 1-4 the first step is to get through the VSM, which was introduced with Windows 10. After that, you'll need to get access to the LSASS (Local Security Authority Subsystem Service), which has also been reworked with Windows 10 (split in different and isolated threads that can't be accessed directly) and makes it pretty much impossible to gain any access to anything hardware related without any Admin rights. Now, even if you have full Admin rights: You need a driver that has write access to the PSP. After that you have to get the right Bios hashes for the bios in question.
    Same applies to Fallout 1-3 - only difference is that it uses the Bootloader of the SP.
     
    ALL of that implies however, that you've cracked the Microsoft VSM, which would give you access to EVERY system and not only AMD based ones. And you even need Admin rights to put Chimera to "use" - you'd also need physical access, because you have to restart Windows without the Driver Protection. Which is the case for all of those attacks, btw. So: you need physical access to ALL of those attacks, UNLESS someone has already deactivated the driver protection on that system.
    So: 3 of those attacks need a bios flash. The rest of those need drivers. Ever tried to install drivers remotely on Windows? Ever tried to install - even signed but not vendor correct - drivers?
     
    Basically, if you go through all of that trouble, EVERY System is vulnerable, not just an AMD one.
     
    Still: There are NO technical details inside the Whitepaper from CST, so all of that are just assumptions based on what the results "should" be.
  24. Informative
    David89 got a reaction from leadeater in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    First of all: Dan Guido said that himself.
     
    Second: You just disqualified yourself from EVERY viable discussion with that kind of statement. How old are you? 14?
     
    Third: I'm a Sysadmin, so i do actually know a few things about computers. I may not be a security expert, but i do know my way around secure systems. Let's assume those vulnerabilities are real. For Ryzenfall 1-4 the first step is to get through the VSM, which was introduced with Windows 10. After that, you'll need to get access to the LSASS (Local Security Authority Subsystem Service), which has also been reworked with Windows 10 (split in different and isolated threads that can't be accessed directly) and makes it pretty much impossible to gain any access to anything hardware related without any Admin rights. Now, even if you have full Admin rights: You need a driver that has write access to the PSP. After that you have to get the right Bios hashes for the bios in question.
    Same applies to Fallout 1-3 - only difference is that it uses the Bootloader of the SP.
     
    ALL of that implies however, that you've cracked the Microsoft VSM, which would give you access to EVERY system and not only AMD based ones. And you even need Admin rights to put Chimera to "use" - you'd also need physical access, because you have to restart Windows without the Driver Protection. Which is the case for all of those attacks, btw. So: you need physical access to ALL of those attacks, UNLESS someone has already deactivated the driver protection on that system.
    So: 3 of those attacks need a bios flash. The rest of those need drivers. Ever tried to install drivers remotely on Windows? Ever tried to install - even signed but not vendor correct - drivers?
     
    Basically, if you go through all of that trouble, EVERY System is vulnerable, not just an AMD one.
     
    Still: There are NO technical details inside the Whitepaper from CST, so all of that are just assumptions based on what the results "should" be.
  25. Informative
    David89 got a reaction from Razor01 in [Update] Security flaws discovered in AMD zen processors : AMD's meltdown?   
    No. I don't, because either i completely misunderstood how the PSP and UEFI work, or i am right in that those are separated "enough" so that this can't be exploited in that way. Also, at least on my board i have to have the UEFI Network stack enabled to flash over the Internet, which i don't and as a Sysadmin it is standard policy in many companies to also turn that feature off.
    Timeline ======== 09-28-17 - Vulnerability reported to AMD Security Team. 12-07-17 - Fix is ready. Vendor works on a rollout to affected partners. 01-03-18 - Public disclosure due to 90 day disclosure deadline. Everyone's attention moved to Meltdown and Spectre, because the PSP was already fixed.
×