Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
porina

No way! AMD Take A Way security vulnerability

Recommended Posts

https://mlq.me/download/takeaway.pdf

In the acknowledgement section at the end

Quote

Additional funding was provided by generous gifts from Intel.

?

When asked about that in their paper:

So it might just be that Intel "funded" one of the students and not the research itself... 
But overall, we have no real way of knowing and the wording may be vague exactly as to give them a "way out".
 

Still, it's a conflict of interest and makes it dubious at best that this comes out right after the new flaw in Intel CPUs was released to the public.


CPU: AMD Ryzen 3600 / GPU: Radeon HD7970 GHz 3GB(upgrade pending) / RAM: Corsair Vengeance LPX 2x8GB DDR4-3200
MOBO: MSI B450m Gaming Plus / NVME: Corsair MP510 240GB / Case: TT Core v21 / PSU: Seasonic 750W / OS: Win 10 Pro

Link to post
Share on other sites
8 minutes ago, TetraSky said:

Still, it's a conflict of interest and makes it dubious at best that this comes out right after the new flaw in Intel CPUs was released to the public.

Not really, either one would of been waiting for the other, better to ride bad news at the same time and see who cops it worse than different times when only you will.

 

But Intel funding research even if it's directly to find flaws in a competitor product like this only helps AMD not hurts. If there is a flaw and it is published then AMD can fix it and that improves the product and it's money AMD did not have to spend to find it. There actually has to be a flaw for one to be found so at some point Intel could spend as much as they like and find nothing while all their past efforts have done nothing other than improve the product and make it more secure.

 

For the people that really do actually care about these security issues they have enough intelligence to assess the products and make those informed decisions, little bit of bad press a few times in the past doesn't really alter the best decision that can be made at the time it's being made.

 

Just remember situations like CTS labs was not security research.

Link to post
Share on other sites
55 minutes ago, leadeater said:

Not really, either one would of been waiting for the other, better to ride bad news at the same time and see who cops it worse than different times when only you will.

 

But Intel funding research even if it's directly to find flaws in a competitor product like this only helps AMD not hurts. If there is a flaw and it is published then AMD can fix it and that improves the product and it's money AMD did not have to spend to find it. There actually has to be a flaw for one to be found so at some point Intel could spend as much as they like and find nothing while all their past efforts have done nothing other than improve the product and make it more secure.

 

For the people that really do actually care about these security issues they have enough intelligence to assess the products and make those informed decisions, little bit of bad press a few times in the past doesn't really alter the best decision that can be made at the time it's being made.

 

Just remember situations like CTS labs was not security research.

Not only that, but Intel's bounty program essentially means that they are funding all research into security flaws regardless of the platform.

 

I am sure if we dig deep enough we will not find research being carried out that isn't funded by industry related parties. For example Monsanto fund many universities agri departments,  the returns are huge when they successfully develop a new product.

 

 


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites

Oof, javascript. Well at least I run NoScript/ScriptBlocker on Firefox/Chrome, otherwise have to be extra vigilant about clicking links to unfamiliar websites.

Link to post
Share on other sites
12 hours ago, leadeater said:

 

 

 

Time for a fun game of which company said what ?

AMD

 

Intel

 

AMD

 

Do I get a cookie?


Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Windows 10 Pro X64 |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to post
Share on other sites

Did I just have my head in the sand before, or have the last two years had a ridiculous number of hardware bases security vulnerability discoveries? I honestly don't even remember any before Meltdown and Spectre.


Make sure to quote or tag me (@JoostinOnline) or I won't see your response!

PSU Tier List  |  The Real Reason Delidding Improves Temperatures"2K" does not mean 2560×1440 

Link to post
Share on other sites
1 minute ago, JoostinOnline said:

Did I just have my head in the sand before, or have the last two years had a ridiculous number of hardware bases security vulnerability discoveries? I honestly don't even remember any before Meltdown and Spectre.

The reason for that is because Spectre or Meltdown (I forget which one came first) attracted SO MUCH attention that almost every security researcher immediately started looking into CPU based security real hard to try and find "the next big thing".


Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Windows 10 Pro X64 |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to post
Share on other sites
On 3/7/2020 at 10:31 AM, yaboistar said:

inb4 amd manages to push a microcode update that doesn't actively worsen performance and shintel goes back to crying in the corner

Hopefully that's the case but the cache predictor is relevant for performance, it all depends on whether they can fix it without significantly changing its behavior.


...is there a question here? 🤔

sudo chmod -R 000 /*

What is scaling and how does it work? Asus PB287Q unboxing! Console alternatives :D Watch Netflix with Kodi on Arch Linux Sharing folders over the internet using SSH Beginner's Guide To LTT (by iamdarkyoshi)

Sauron'stm Product Scores:

Spoiler

Just a list of my personal scores for some products, in no particular order, with brief comments. I just got the idea to do them so they aren't many for now :)

Don't take these as complete reviews or final truths - they are just my personal impressions on products I may or may not have used, summed up in a couple of sentences and a rough score. All scores take into account the unit's price and time of release, heavily so, therefore don't expect absolute performance to be reflected here.

 

-Lenovo Thinkpad X220 - [8/10]

Spoiler

A durable and reliable machine that is relatively lightweight, has all the hardware it needs to never feel sluggish and has a great IPS matte screen. Downsides are mostly due to its age, most notably the screen resolution of 1366x768 and usb 2.0 ports.

 

-Apple Macbook (2015) - [Garbage -/10]

Spoiler

From my perspective, this product has no redeeming factors given its price and the competition. It is underpowered, overpriced, impractical due to its single port and is made redundant even by Apple's own iPad pro line.

 

-OnePlus X - [7/10]

Spoiler

A good phone for the price. It does everything I (and most people) need without being sluggish and has no particularly bad flaws. The lack of recent software updates and relatively barebones feature kit (most notably the lack of 5GHz wifi, biometric sensors and backlight for the capacitive buttons) prevent it from being exceptional.

 

-Microsoft Surface Book 2 - [Garbage - -/10]

Spoiler

Overpriced and rushed, offers nothing notable compared to the competition, doesn't come with an adequate charger despite the premium price. Worse than the Macbook for not even offering the small plus sides of having macOS. Buy a Razer Blade if you want high performance in a (relatively) light package.

 

-Intel Core i7 2600/k - [9/10]

Spoiler

Quite possibly Intel's best product launch ever. It had all the bleeding edge features of the time, it came with a very significant performance improvement over its predecessor and it had a soldered heatspreader, allowing for efficient cooling and great overclocking. Even the "locked" version could be overclocked through the multiplier within (quite reasonable) limits.

 

-Apple iPad Pro - [5/10]

Spoiler

A pretty good product, sunk by its price (plus the extra cost of the physical keyboard and the pencil). Buy it if you don't mind the Apple tax and are looking for a very light office machine with an excellent digitizer. Particularly good for rich students. Bad for cheap tinkerers like myself.

 

 

Link to post
Share on other sites
10 hours ago, mr moose said:

Not only that, but Intel's bounty program essentially means that they are funding all research into security flaws regardless of the platform.

 

I am sure if we dig deep enough we will not find research being carried out that isn't funded by industry related parties. For example Monsanto fund many universities agri departments,  the returns are huge when they successfully develop a new product.

 

 

Exactly

Why is this a problem?

Only thing that should matter is if it's real

How many would be unfound even with others like Google and ms Having their own bug bounties in all platforms

 

No matter the firmware software hardware shit isn't perfect it was created by humans

Which means imperfect 

 

 

Link to post
Share on other sites
17 hours ago, mr moose said:

I tend not to care much for who funds what, if the issue/research/debate/conditions/etc stand on their own merit (as much of the peer reviewed stuff does) then who paid for it is moot.

 

If this turns our to be a real issue that can be fixed then we should all be glad it was discovered, not salty about how it was discovered.

This. I've been directly funded before. 

 

Bug bounty programs are basically direct funding. Plus Google's security research group (Project Zero) is well known and VERY HIGHLY respected in the field (even when they find vulnerabilities in Apple software/hardware). 


LINK-> Kurald Galain:  The Night Eternal 

Top 5820k, 980ti SLI Build in the World*

CPU: i7-5820k // GPU: SLI MSI 980ti Gaming 6G // Cooling: Full Custom WC //  Mobo: ASUS X99 Sabertooth // Ram: 32GB Crucial Ballistic Sport // Boot SSD: Samsung 850 EVO 500GB

Mass SSD: Crucial M500 960GB  // PSU: EVGA Supernova 850G2 // Case: Fractal Design Define S Windowed // OS: Windows 10 // Mouse: Razer Naga Chroma // Keyboard: Corsair k70 Cherry MX Reds

Headset: Senn RS185 // Monitor: ASUS PG348Q // Devices: Note 10+ - Surface Book 2 15"

LINK-> Ainulindale: Music of the Ainur 

Prosumer DYI FreeNAS

CPU: Xeon E3-1231v3  // Cooling: Noctua L9x65 //  Mobo: AsRock E3C224D2I // Ram: 16GB Kingston ECC DDR3-1333

HDDs: 4x HGST Deskstar NAS 3TB  // PSU: EVGA 650GQ // Case: Fractal Design Node 304 // OS: FreeNAS

 

 

 

Link to post
Share on other sites

It was just a matter of time. So much heart from AMD users. Welcome to the club fellas.

 

Lol.


i7 3770K @ 4700MHz 1.35v/Thermalright Le Grand Macho RT/TY-143/TF8
ASRock Z77 OC Formula|12GB G.Skill Mix @ 933MHz 9-10-9-28-2T 1.6v
EVGA GTX 980 Classified @ Stock |Intel 545S 256 x2 Striped + 3TB Spinning
CM Silent Pro M2 850|Fractal Define R4/5x 120x38, 1x 92x35, TY-147B|ZM-MFC2

Link to post
Share on other sites

Can somebody explain me why I should worry about all these security risks? I mean, you and me aren't important to hackers and we don't have any important data in our pcs. Why would I intall security patches to fix problems but to lose performance when anyway these risks doesn't mean to me anything at all

Link to post
Share on other sites
54 minutes ago, Lakobrija said:

Can somebody explain me why I should worry about all these security risks? I mean, you and me aren't important to hackers and we don't have any important data in our pcs. Why would I intall security patches to fix problems but to lose performance when anyway these risks doesn't mean to me anything at all

You should worry because your system can be compromised and become part of a botnet for nefarious activities such as DDOS attacks and such.


CPU: Intel i7 7700K | GPU: ROG Strix GTX 1080Ti | PSU: Seasonic X-1250 (faulty) | Memory: Corsair Vengeance RGB 3200Mhz 16GB | OS Drive: Western Digital Black NVMe 250GB | Game Drive(s): Samsung 970 Evo 500GB, Hitachi 7K3000 3TB 3.5" | Motherboard: Gigabyte Z270x Gaming 7 | Case: Fractal Design Define S (No Window and modded front Panel) | Monitor(s): Dell S2716DG G-Sync 144Hz, Acer R240HY 60Hz (Dead) | Keyboard: G.SKILL RIPJAWS KM780R MX | Mouse: Steelseries Sensei 310 (Striked out parts are sold or dead, awaiting zen2 parts)

Link to post
Share on other sites
18 hours ago, RonnieOP said:

I always find it funny how people think Intel are the devil and AMD are saints that would never do them wrong. They dont understand that neither one gives a shit about them but about their shareholders.

im an amd shareholder so they care about me :P

Link to post
Share on other sites
Just now, leadeater said:

Nope it was Intel, Intel, AMD.

 

Grade: F-

 

?

Getting an F- on a 3 question quiz is an achievement TBH


Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Windows 10 Pro X64 |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to post
Share on other sites
25 minutes ago, spartaman64 said:

im an amd shareholder so they care about me :P

Even as a shareholder unless you own a lot of them they care about you very little lol.

Link to post
Share on other sites

CPU has a lot of vulnerability. No one is safe with a computer. That's why, for those of you who depends computers for all their personal data, try write it down on the paper instead of keeping in a computer. Once it is in a computer, it will be prone to hacking.

 

Anyway, it's good to see that some one is hunting for bugs. Each bug discovered means CPU can be patched and become more secure.

Link to post
Share on other sites
10 hours ago, Master Disaster said:

Getting an F- on a 3 question quiz is an achievement TBH

 

An F just means Fantastic effort these days.  You don't really need to worry about the actually quality of the work, everyone's a winner. 


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites
On 3/7/2020 at 12:04 PM, jagdtigger said:

NoScript..... ;)

 

On 3/8/2020 at 5:25 AM, SPARTAN VI said:

Oof, javascript. Well at least I run NoScript/ScriptBlocker on Firefox/Chrome, otherwise have to be extra vigilant about clicking links to unfamiliar websites.

 

thats just the language used to demonstrate it. or do you actually think the vulnerability in L1 cache only applies to javascript??


MSI GX660 + i7 920XM @ 2.8GHz + GTX 970M + Samsung SSD 830 256GB

Link to post
Share on other sites
2 hours ago, mr moose said:

 

An F just means Fantastic effort these days.  You don't really need to worry about the actually quality of the work, everyone's a winner. 

Participation award! Woo!

Link to post
Share on other sites
7 hours ago, Neftex said:

 

 

thats just the language used to demonstrate it. or do you actually think the vulnerability in L1 cache only applies to javascript??

Relax man, it's the only attack vector mentioned in the article. If you have more technical knowledge feel free to share, don't have to put others down. 

Link to post
Share on other sites

I'm not impressed with AMDs response on this and with the researchers still saying that fully patches systems leak data and the exploit still works this is not what I am looking for from AMD. Their statement is really meaningless unless they say no this is really patches it and it's fixed not "it's nothing new". 

 

https://www.zdnet.com/article/amd-processors-from-2011-to-2019-vulnerable-to-two-new-attacks/

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×