Jump to content

No way! AMD Take A Way security vulnerability

porina
12 hours ago, leadeater said:

 

 

 

Time for a fun game of which company said what ?

AMD

 

Intel

 

AMD

 

Do I get a cookie?

Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Ubuntu 20.04.2 LTS |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to comment
Share on other sites

Link to post
Share on other sites

Did I just have my head in the sand before, or have the last two years had a ridiculous number of hardware bases security vulnerability discoveries? I honestly don't even remember any before Meltdown and Spectre.

Make sure to quote or tag me (@JoostinOnline) or I won't see your response!

PSU Tier List  |  The Real Reason Delidding Improves Temperatures"2K" does not mean 2560×1440 

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, JoostinOnline said:

Did I just have my head in the sand before, or have the last two years had a ridiculous number of hardware bases security vulnerability discoveries? I honestly don't even remember any before Meltdown and Spectre.

The reason for that is because Spectre or Meltdown (I forget which one came first) attracted SO MUCH attention that almost every security researcher immediately started looking into CPU based security real hard to try and find "the next big thing".

Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Ubuntu 20.04.2 LTS |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to comment
Share on other sites

Link to post
Share on other sites

On 3/7/2020 at 10:31 AM, yaboistar said:

inb4 amd manages to push a microcode update that doesn't actively worsen performance and shintel goes back to crying in the corner

Hopefully that's the case but the cache predictor is relevant for performance, it all depends on whether they can fix it without significantly changing its behavior.

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

Link to comment
Share on other sites

Link to post
Share on other sites

10 hours ago, mr moose said:

Not only that, but Intel's bounty program essentially means that they are funding all research into security flaws regardless of the platform.

 

I am sure if we dig deep enough we will not find research being carried out that isn't funded by industry related parties. For example Monsanto fund many universities agri departments,  the returns are huge when they successfully develop a new product.

 

 

Exactly

Why is this a problem?

Only thing that should matter is if it's real

How many would be unfound even with others like Google and ms Having their own bug bounties in all platforms

 

No matter the firmware software hardware shit isn't perfect it was created by humans

Which means imperfect 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

17 hours ago, mr moose said:

I tend not to care much for who funds what, if the issue/research/debate/conditions/etc stand on their own merit (as much of the peer reviewed stuff does) then who paid for it is moot.

 

If this turns our to be a real issue that can be fixed then we should all be glad it was discovered, not salty about how it was discovered.

This. I've been directly funded before. 

 

Bug bounty programs are basically direct funding. Plus Google's security research group (Project Zero) is well known and VERY HIGHLY respected in the field (even when they find vulnerabilities in Apple software/hardware). 

LINK-> Kurald Galain:  The Night Eternal 

Top 5820k, 980ti SLI Build in the World*

CPU: i7-5820k // GPU: SLI MSI 980ti Gaming 6G // Cooling: Full Custom WC //  Mobo: ASUS X99 Sabertooth // Ram: 32GB Crucial Ballistic Sport // Boot SSD: Samsung 850 EVO 500GB

Mass SSD: Crucial M500 960GB  // PSU: EVGA Supernova 850G2 // Case: Fractal Design Define S Windowed // OS: Windows 10 // Mouse: Razer Naga Chroma // Keyboard: Corsair k70 Cherry MX Reds

Headset: Senn RS185 // Monitor: ASUS PG348Q // Devices: Note 10+ - Surface Book 2 15"

LINK-> Ainulindale: Music of the Ainur 

Prosumer DYI FreeNAS

CPU: Xeon E3-1231v3  // Cooling: Noctua L9x65 //  Mobo: AsRock E3C224D2I // Ram: 16GB Kingston ECC DDR3-1333

HDDs: 4x HGST Deskstar NAS 3TB  // PSU: EVGA 650GQ // Case: Fractal Design Node 304 // OS: FreeNAS

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

It was just a matter of time. So much heart from AMD users. Welcome to the club fellas.

 

Lol.

AMD R9 5900X @ Booost | Thermalright Aqua Elite 360, 3x TL- C12 Pro, 2x TL-K12, SYY-157
Asus Crosshair VIII Dark Hero | 4 x 8GB G.Skill Trident Z Mix @ 3800 14-15-15-35 1.575v
Zotac 4070 Ti Trinity OC @ 3045/1495 | WD SN850, SN850X, 2x SN770, Asus Hyper M.2
EVGA SuperNova 750w | Fractal Torrent Compact RGB |1x Phanteks T30, 1x TL-B12, 1x TY-143

Link to comment
Share on other sites

Link to post
Share on other sites

Can somebody explain me why I should worry about all these security risks? I mean, you and me aren't important to hackers and we don't have any important data in our pcs. Why would I intall security patches to fix problems but to lose performance when anyway these risks doesn't mean to me anything at all

Link to comment
Share on other sites

Link to post
Share on other sites

54 minutes ago, Lakobrija said:

Can somebody explain me why I should worry about all these security risks? I mean, you and me aren't important to hackers and we don't have any important data in our pcs. Why would I intall security patches to fix problems but to lose performance when anyway these risks doesn't mean to me anything at all

You should worry because your system can be compromised and become part of a botnet for nefarious activities such as DDOS attacks and such.

CPU: Intel i7 7700K | GPU: ROG Strix GTX 1080Ti | PSU: Seasonic X-1250 (faulty) | Memory: Corsair Vengeance RGB 3200Mhz 16GB | OS Drive: Western Digital Black NVMe 250GB | Game Drive(s): Samsung 970 Evo 500GB, Hitachi 7K3000 3TB 3.5" | Motherboard: Gigabyte Z270x Gaming 7 | Case: Fractal Design Define S (No Window and modded front Panel) | Monitor(s): Dell S2716DG G-Sync 144Hz, Acer R240HY 60Hz (Dead) | Keyboard: G.SKILL RIPJAWS KM780R MX | Mouse: Steelseries Sensei 310 (Striked out parts are sold or dead, awaiting zen2 parts)

Link to comment
Share on other sites

Link to post
Share on other sites

18 hours ago, RonnieOP said:

I always find it funny how people think Intel are the devil and AMD are saints that would never do them wrong. They dont understand that neither one gives a shit about them but about their shareholders.

im an amd shareholder so they care about me :P

Link to comment
Share on other sites

Link to post
Share on other sites

I would have been really surprised if there weren't security flaws in Zen to be found.

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, leadeater said:

Nope it was Intel, Intel, AMD.

 

Grade: F-

 

?

Getting an F- on a 3 question quiz is an achievement TBH

Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Ubuntu 20.04.2 LTS |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to comment
Share on other sites

Link to post
Share on other sites

25 minutes ago, spartaman64 said:

im an amd shareholder so they care about me :P

Even as a shareholder unless you own a lot of them they care about you very little lol.

Link to comment
Share on other sites

Link to post
Share on other sites

CPU has a lot of vulnerability. No one is safe with a computer. That's why, for those of you who depends computers for all their personal data, try write it down on the paper instead of keeping in a computer. Once it is in a computer, it will be prone to hacking.

 

Anyway, it's good to see that some one is hunting for bugs. Each bug discovered means CPU can be patched and become more secure.

I have ASD (Autism Spectrum Disorder). More info: https://en.wikipedia.org/wiki/Autism_spectrum

 

I apologies if my comments or post offends you in any way, or if my rage got a little too far. I'll try my best to make my post as non-offensive as much as possible.

Link to comment
Share on other sites

Link to post
Share on other sites

10 hours ago, Master Disaster said:

Getting an F- on a 3 question quiz is an achievement TBH

 

An F just means Fantastic effort these days.  You don't really need to worry about the actually quality of the work, everyone's a winner. 

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites

Link to post
Share on other sites

On 3/7/2020 at 12:04 PM, jagdtigger said:

NoScript..... ;)

 

On 3/8/2020 at 5:25 AM, SPARTAN VI said:

Oof, javascript. Well at least I run NoScript/ScriptBlocker on Firefox/Chrome, otherwise have to be extra vigilant about clicking links to unfamiliar websites.

 

thats just the language used to demonstrate it. or do you actually think the vulnerability in L1 cache only applies to javascript??

MSI GX660 + i7 920XM @ 2.8GHz + GTX 970M + Samsung SSD 830 256GB

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, mr moose said:

 

An F just means Fantastic effort these days.  You don't really need to worry about the actually quality of the work, everyone's a winner. 

Participation award! Woo!

Link to comment
Share on other sites

Link to post
Share on other sites

7 hours ago, Neftex said:

 

 

thats just the language used to demonstrate it. or do you actually think the vulnerability in L1 cache only applies to javascript??

Relax man, it's the only attack vector mentioned in the article. If you have more technical knowledge feel free to share, don't have to put others down. 

Link to comment
Share on other sites

Link to post
Share on other sites

I'm not impressed with AMDs response on this and with the researchers still saying that fully patches systems leak data and the exploit still works this is not what I am looking for from AMD. Their statement is really meaningless unless they say no this is really patches it and it's fixed not "it's nothing new". 

 

https://www.zdnet.com/article/amd-processors-from-2011-to-2019-vulnerable-to-two-new-attacks/

Link to comment
Share on other sites

Link to post
Share on other sites

6 hours ago, Willster said:

I'm not impressed with AMDs response on this and with the researchers still saying that fully patches systems leak data and the exploit still works this is not what I am looking for from AMD. Their statement is really meaningless unless they say no this is really patches it and it's fixed not "it's nothing new". 

 

https://www.zdnet.com/article/amd-processors-from-2011-to-2019-vulnerable-to-two-new-attacks/

It'll get sorted in the end,  or at least it should.  The thing with security and exploits (and CPU's in general) is that we are at least 6 months behind what is happening.  which means it may well be something they have known about for a lot longer and really isn't as bad as we think,  or they might be working on a more permanent fix that resolves other issues they don't want to tell us about just yet.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites

Link to post
Share on other sites

On 3/7/2020 at 5:06 PM, mr moose said:

I tend not to care much for who funds what, if the issue/research/debate/conditions/etc stand on their own merit (as much of the peer reviewed stuff does) then who paid for it is moot.

 

If this turns our to be a real issue that can be fixed then we should all be glad it was discovered, not salty about how it was discovered.

Yeah I don't really care about who found research but rather that the results aren't rigged to make one party look good because of it. In a situation like this it is quite easy to decide if the vulnerability is real or not and how much of a threat it is. I mean it would be like a mechanic telling me that my oil is leaking knowing that telling me would likely result in more business for them. I mean if it really is leaking then I could care less who points it out and what motives they have. 

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×