Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Coaxialgamer

[Update] Security flaws discovered in AMD zen processors : AMD's meltdown?

wkdpaul

Please keep the conversation civil and respectful, as per the Community Standards;

Quote
  • Ensure a friendly atmosphere to our visitors and forum members.
  • Encourage the freedom of expression and exchange of information in a mature and responsible manner.
  • "Don't be a dick" - Wil Wheaton.
  • "Be excellent to each other" - Bill and Ted.
  • Remember your audience; both present and future.

 

Message added by wkdpaul

Recommended Posts

Just now, imreloadin said:

Well that was when Intel was involved also, this only affects AMD as far as I can tell so I consider them lucky they even gave them 24 hours...

I don't care what bias researchers have, standard procedure calls for 90-180 day wait times and this should be called out. We should call it out if it's Samsung, AMD, Nvidia, Qualcomm or any other company.

Just now, rcmaehl said:

 

Thanks for the info, good catch.


We have a NEW and GLORIOUSER PSU Tier List Now.

 

You can check out the old one that gave joy to so many across the land here

 

Computer having a hard time powering on? Troubleshoot it with this guide. (Currently looking for suggestions to update it into the context of <current year> and make it its own thread)

Computer Specs:

Spoiler

 Mathresolvermajig: Intel Xeon E3 1240 (Sandy Bridge i7 equivalent)
Framepainting-inator: MSI RX 480 Gaming X 8GB Died in a horrible mining accident. Currently looking for used Vega 56s!

Attachcorethingy: GA-H61M-S2V-B3

Infoholdstick: Corsair 2x4GB DDR3 1333 CAS 9

Computerarmor: CM Elite 360 (Moddded to all hell by now)

Rememberdoogle: 120GB Trion 150 + 1TB WD RE+ + 240GB SSD Plus

AdditionalPylons: Corsair CX450M

Letterpad: Rosewill Apollo 9100 (Cherry MX Red)

Buttonrodent: EVGA Torq X3

Auralnterface: @Den-Fi が2年前にくれたヘッドフォン

Liquidrectangles: AOC G2260VWQ6 (Freesync 75Hz), Samsung SMB2030N (1600x900 VGA)

Brother's Computer:

Spoiler

Mathresolvermajig: Intel i3-2100 (carry over from my old build)
Framepainting-inator: GTX 650 Ti

Attachcorethingy: Intel Z68 (don't know anything else, got it from ebay for like $40)

Infoholdstick: Corsair 2x2GB 1333MHz C9

Computerarmor: Ashamed to say

Rememberdoogle: 120GB SP550 + 500GB 2.5" from a laptop

AdditionalPylons: Antec Basiq BP350 (not as loud as @STRMfrmXMN says it is) (actually pretty loud for my standards)

Letterpad: Logitech MK120 bundle

Buttonrodent: See above

Auralnterface: Hah! You wish

Liquidrectangles: Samsung 1600x900 + LG 1440x900

Link to post
Share on other sites
Just now, LAwLz said:

Nope. The reason why other vulnerabilities such as those discovered by Google are given months of time before public disclosure is because they are being nice and acting responsibly. They have no obligation to do so however

They're not obligated by law, but this should be treated just like a breach of journalism code (you know which incident I'm referring to, let's not discuss whether or not that was a breach). If a journalist shows blatant disregard for such code, it's on us to call them out and ultimately stop consuming their media.

 

Now we as consumers can't do anything about these researchers, but at the very least we should call the wankers out as wankers.

 

Either way this doesn't seem legit, looking at @rcmaehl's info.


We have a NEW and GLORIOUSER PSU Tier List Now.

 

You can check out the old one that gave joy to so many across the land here

 

Computer having a hard time powering on? Troubleshoot it with this guide. (Currently looking for suggestions to update it into the context of <current year> and make it its own thread)

Computer Specs:

Spoiler

 Mathresolvermajig: Intel Xeon E3 1240 (Sandy Bridge i7 equivalent)
Framepainting-inator: MSI RX 480 Gaming X 8GB Died in a horrible mining accident. Currently looking for used Vega 56s!

Attachcorethingy: GA-H61M-S2V-B3

Infoholdstick: Corsair 2x4GB DDR3 1333 CAS 9

Computerarmor: CM Elite 360 (Moddded to all hell by now)

Rememberdoogle: 120GB Trion 150 + 1TB WD RE+ + 240GB SSD Plus

AdditionalPylons: Corsair CX450M

Letterpad: Rosewill Apollo 9100 (Cherry MX Red)

Buttonrodent: EVGA Torq X3

Auralnterface: @Den-Fi が2年前にくれたヘッドフォン

Liquidrectangles: AOC G2260VWQ6 (Freesync 75Hz), Samsung SMB2030N (1600x900 VGA)

Brother's Computer:

Spoiler

Mathresolvermajig: Intel i3-2100 (carry over from my old build)
Framepainting-inator: GTX 650 Ti

Attachcorethingy: Intel Z68 (don't know anything else, got it from ebay for like $40)

Infoholdstick: Corsair 2x2GB 1333MHz C9

Computerarmor: Ashamed to say

Rememberdoogle: 120GB SP550 + 500GB 2.5" from a laptop

AdditionalPylons: Antec Basiq BP350 (not as loud as @STRMfrmXMN says it is) (actually pretty loud for my standards)

Letterpad: Logitech MK120 bundle

Buttonrodent: See above

Auralnterface: Hah! You wish

Liquidrectangles: Samsung 1600x900 + LG 1440x900

Link to post
Share on other sites
8 minutes ago, LAwLz said:

Source?

It's not mentioned in the article linked.

 

Link to post
Share on other sites

Gotta love the hypocrisy on this forum.

 

Intel has a security issue?

FUCK INTEL! I HOPE THEY GET SUED! WOHO AMD! INCOMPETENT MORONS CAN'T EVEN DESIGN A SECURE PROCESSOR!

 

AMD has security issues?

FUCK INTEL! I BET THIS IS FUNDED BY INTEL JUST TO MAKE AMD LOOK BAD! BY THE WAY NO NEED TO BE SCARED YOU GUYS! AMD PROCESSORS ARE SUPER SECURE!

 

 

How about we all calm down until we actually know what is going on?

It was announced just a few hours ago and I doubt people have even had the time to properly read through the white papers yet, much less analyzed the risks properly yet.

Remember, with Meltdown and Spectre there was A TON of misinformation being spread around based on assumptions or incomplete facts. I suspect the same thing will happen here. Don't believe everything you read on the Internet.

 

Edit: Also, regardless of whether or not it is a smear campaign (and regardless of who is behind it), the information and potential exploits should be taken seriously. You don't ignore potentially serious issues just because you don't like how the information was presented or obtained.

Link to post
Share on other sites
1 hour ago, rcmaehl said:


WTF Intel. Should send all this info at your local news stations,

"Intel pays big money to smear AMDs name" sounds like a big news, and because you have the evidence maybe someone will publish that story.

Link to post
Share on other sites
6 minutes ago, Energycore said:

They're not obligated by law, but this should be treated just like a breach of journalism code (you know which incident I'm referring to, let's not discuss whether or not that was a breach). If a journalist shows blatant disregard for such code, it's on us to call them out and ultimately stop consuming their media.

Who are you talking about breaching the "journalism code" in this case? CTS-Labs? They are not journalists, and "stop consuming their media" would be a horrible, absolutely horrible advice because all you're doing is turning a blind eye to problems while letting black hats run amok with them.

Do you mean all the news outlets reporting on this? Once again, turning a blind eye won't solve the problem. It will just make things even worse.

 

 

10 minutes ago, Energycore said:

Either way this doesn't seem legit, looking at @rcmaehl's info.

What do you mean it doesn't seem legit? What actual information in his post points to this being a hoax?

 

6 minutes ago, Some Random Member said:

-snip-

I don't see anything in that thread even remotely pointing towards Intel being behind this.

Link to post
Share on other sites
6 minutes ago, Some Random Member said:

WTF Intel. Should send all this info at your local news stations,

"Intel pays big money to smear AMDs name" sounds like a big news, and because you have the evidence maybe someone will publish that story.

What's your proof that Intel paid for this?

Link to post
Share on other sites
Quote

Although we strive for accuracy and completeness to support our opinions, and we have a good-faith belief in everything we write, all such information is presented "as is," without warranty of any kind– whether express or implied – and CTS does not accept responsibility for errors or omissions. CTS reserves the right to change the contents of this website and the restrictions on its use, with or without notice, and CTS reserves the right to refrain from updating this website even as it becomes outdated or inaccurate.

The bolded part is pure genius

 

amdflaws.com/disclaimer is a good read, the

" Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports. "

part is pretty great too

 

 

edit:

from their site:

Quote

 

MASTERKEY: Exploiting MASTERKEY requires an attacker to be able to re-flash the BIOS with a specially crafted BIOS update.

RYZENFALL: Exploitation requires that an attacker be able to run a program with local-machine elevated administrator privileges.

FALLOUT: Exploitation requires that an attacker be able to run a program with local-machine elevated administrator privileges.

CHIMERA: A program running with local-machine elevated administrator privileges. Access to the device is provided by a driver that is digitally signed by the vendor.

 

 

Cool security vulnerabilty that requires admin rights or bios flash

 

 

Link to post
Share on other sites
Just now, LAwLz said:

Who are you talking about breaching the "journalism code" in this case? CTS-Labs? They are not journalists, and "stop consuming their media" would be a horrible, absolutely horrible advice because all you're doing is turning a blind eye to problems while letting black hats run amok with them.

Do you mean all the news outlets reporting on this? Once again, turning a blind eye won't solve the problem. It will just make things even worse.

I think I didn't make myself clear, that was an analogy. These people aren't journalists and we can't "stop consuming their media". What I meant is that they did a breach of the standard procedure of vulnerability disclosure and as such should have that called out.

 

Just now, LAwLz said:

What do you mean it doesn't seem legit? What actual information in his post points to this being a hoax?

TL;DR: The company that disclosed these vulnerabilities created their YouTube Channel 3 days ago, registered their domain the 22nd of Feb, disabled any chance of retort in the video comments and disclosed a lot of vulnerabilities that are useless - see the post we linked you twice for more details.

Just now, cj09beira said:

is intel being shady again? :| 

  Hide contents

 

 

 

Just another reason to call out CNBC also. Rather than an attack from Intel itself, it seems like someone wants to tank AMD prices so they can profit from short-selling their shares (short selling is when you borrow some shares, sell them at a high price, buy them low then give them back and keep the difference).

 

Just now, hobobobo said:

" Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports. "

Hehe I laughed at that too


We have a NEW and GLORIOUSER PSU Tier List Now.

 

You can check out the old one that gave joy to so many across the land here

 

Computer having a hard time powering on? Troubleshoot it with this guide. (Currently looking for suggestions to update it into the context of <current year> and make it its own thread)

Computer Specs:

Spoiler

 Mathresolvermajig: Intel Xeon E3 1240 (Sandy Bridge i7 equivalent)
Framepainting-inator: MSI RX 480 Gaming X 8GB Died in a horrible mining accident. Currently looking for used Vega 56s!

Attachcorethingy: GA-H61M-S2V-B3

Infoholdstick: Corsair 2x4GB DDR3 1333 CAS 9

Computerarmor: CM Elite 360 (Moddded to all hell by now)

Rememberdoogle: 120GB Trion 150 + 1TB WD RE+ + 240GB SSD Plus

AdditionalPylons: Corsair CX450M

Letterpad: Rosewill Apollo 9100 (Cherry MX Red)

Buttonrodent: EVGA Torq X3

Auralnterface: @Den-Fi が2年前にくれたヘッドフォン

Liquidrectangles: AOC G2260VWQ6 (Freesync 75Hz), Samsung SMB2030N (1600x900 VGA)

Brother's Computer:

Spoiler

Mathresolvermajig: Intel i3-2100 (carry over from my old build)
Framepainting-inator: GTX 650 Ti

Attachcorethingy: Intel Z68 (don't know anything else, got it from ebay for like $40)

Infoholdstick: Corsair 2x2GB 1333MHz C9

Computerarmor: Ashamed to say

Rememberdoogle: 120GB SP550 + 500GB 2.5" from a laptop

AdditionalPylons: Antec Basiq BP350 (not as loud as @STRMfrmXMN says it is) (actually pretty loud for my standards)

Letterpad: Logitech MK120 bundle

Buttonrodent: See above

Auralnterface: Hah! You wish

Liquidrectangles: Samsung 1600x900 + LG 1440x900

Link to post
Share on other sites

I hope this isn't true. But if it is, at least it doesn't affect so many generations. Honestly though, I wish it was the other way around and Zen was the one immune. It's been so long since AMD has made a good CPU, and I hate for it to be negatively affected. 


Make sure to quote or tag me (@JoostinOnline) or I won't see your response!

PSU Tier List  |  The Real Reason Delidding Improves Temperatures

Link to post
Share on other sites
1 minute ago, Energycore said:

I think I didn't make myself clear, that was an analogy. These people aren't journalists and we can't "stop consuming their media". What I meant is that they did a breach of the standard procedure of vulnerability disclosure and as such should have that called out.

 

TL;DR: The company that disclosed these vulnerabilities created their YouTube Channel 3 days ago, registered their domain the 22nd of Feb, disabled any chance of retort in the video comments and disclosed a lot of vulnerabilities that are useless - see the post we linked you twice for more details.

Just another reason to call out CNBC also. Rather than an attack from Intel itself, it seems like someone wants to tank AMD prices so they can profit from short-selling their shares (short selling is when you borrow some shares, sell them at a high price, buy them low then give them back and keep the difference).

 

Hehe I laughed at that too

i bet some people also want in while price is low as they start to see that amd is probably only going up from here

Link to post
Share on other sites
Just now, cj09beira said:

i bet some people also want in while price is low as they start to see that amd is probably only going up from here

Yeah, possibly. That's also a possible reason why Bitcoin has been dumping hard every day at noon EST since a week ago.


We have a NEW and GLORIOUSER PSU Tier List Now.

 

You can check out the old one that gave joy to so many across the land here

 

Computer having a hard time powering on? Troubleshoot it with this guide. (Currently looking for suggestions to update it into the context of <current year> and make it its own thread)

Computer Specs:

Spoiler

 Mathresolvermajig: Intel Xeon E3 1240 (Sandy Bridge i7 equivalent)
Framepainting-inator: MSI RX 480 Gaming X 8GB Died in a horrible mining accident. Currently looking for used Vega 56s!

Attachcorethingy: GA-H61M-S2V-B3

Infoholdstick: Corsair 2x4GB DDR3 1333 CAS 9

Computerarmor: CM Elite 360 (Moddded to all hell by now)

Rememberdoogle: 120GB Trion 150 + 1TB WD RE+ + 240GB SSD Plus

AdditionalPylons: Corsair CX450M

Letterpad: Rosewill Apollo 9100 (Cherry MX Red)

Buttonrodent: EVGA Torq X3

Auralnterface: @Den-Fi が2年前にくれたヘッドフォン

Liquidrectangles: AOC G2260VWQ6 (Freesync 75Hz), Samsung SMB2030N (1600x900 VGA)

Brother's Computer:

Spoiler

Mathresolvermajig: Intel i3-2100 (carry over from my old build)
Framepainting-inator: GTX 650 Ti

Attachcorethingy: Intel Z68 (don't know anything else, got it from ebay for like $40)

Infoholdstick: Corsair 2x2GB 1333MHz C9

Computerarmor: Ashamed to say

Rememberdoogle: 120GB SP550 + 500GB 2.5" from a laptop

AdditionalPylons: Antec Basiq BP350 (not as loud as @STRMfrmXMN says it is) (actually pretty loud for my standards)

Letterpad: Logitech MK120 bundle

Buttonrodent: See above

Auralnterface: Hah! You wish

Liquidrectangles: Samsung 1600x900 + LG 1440x900

Link to post
Share on other sites
7 minutes ago, JoostinOnline said:

I hope this isn't true. But if it is, at least it doesn't affect so many generations. Honestly though, I wish it was the other way around and Zen was the one immune. It's been so long since AMD has made a good CPU, and I hate for it to be negatively affected. 

The nature of this flaw is that you need physical access to the machine and you have to install compromised software.  i.e., it's a PEBKAC type of issue.

 

It's same kind of "vulnerability" described in this: https://blogs.msdn.microsoft.com/oldnewthing/20100114-00/?p=15273

Edited by M.Yurizaki
Link to post
Share on other sites
5 minutes ago, Energycore said:

I think I didn't make myself clear, that was an analogy. These people aren't journalists and we can't "stop consuming their media". What I meant is that they did a breach of the standard procedure of vulnerability disclosure and as such should have that called out.

There is no standard procedure for vulnerabilities disclosures.

What should we call them out for exactly? Should we say "shame on you"? That won't change anything.

Yeah they should have given AMD time to fix these things but they didn't. It's not good but we have to live with their decisions and make the best out of it.

 

I think people should focus less on these crazy conspiracy theories (just look at how many people are now saying Intel is behind this, with 0 evidence) and instead focus on the things we do know, in order to assess the situation.

 

 

11 minutes ago, Energycore said:

TL;DR: The company that disclosed these vulnerabilities created their YouTube Channel 3 days ago, registered their domain the 22nd of Feb, disabled any chance of retort in the video comments and disclosed a lot of vulnerabilities that are useless - see the post we linked you twice for more details.

Why does it matter when they created their youtube channel? Also, do you seriously believe retorts should be made in Youtube comments? I am willing to bet that 99.99% of people who has read this story has no idea what any of it means, even those who has really strong opinions. Just look at the Meltdown and Spectre press, and how few people even understood how the exploits worked, yet felt like they could comment on the severity of it. I actually think disabling comments on this is a good idea, because I can already see conspiracy theories and misinformation starting to spread.

Why does it matter when they registered their domain?

What makes you think these vulnerabilities are useless? Have you read through the whitepaper or are you just blindly trusting what you read someone say on the Internet?

 

I have looked at the link you and someone else posted. It contains next to actual information or facts.

Link to post
Share on other sites

this is pretty interesting, something is defo up and the flaws dont seem that bad anyway tbh


I spent $2500 on building my PC and all i do with it is play no games atm & watch anime at 1080p(finally)...

Builds:

The Toaster Project! Northern Bee!

 

The original LAN PC build log! (Old, dead and replaced by The Toaster Project & 5.0)

Spoiler

"Here is some advice that might have gotten lost somewhere along the way in your life. 

 

#1. Treat others as you would like to be treated.

#2. It's best to keep your mouth shut; and appear to be stupid, rather than open it and remove all doubt.

#3. There is nothing "wrong" with being wrong. Learning from a mistake can be more valuable than not making one in the first place.

 

Follow these simple rules in life, and I promise you, things magically get easier. " - MageTank 31-10-2016

 

 

Link to post
Share on other sites
1 minute ago, LAwLz said:

I think people should focus less on these crazy conspiracy theories (just look at how many people are now saying Intel is behind this, with 0 evidence) and instead focus on the things we do know, in order to assess the situation.

Those people themselves state they have economic interest in this and that all of the flaws uncovered require either bios flash or admin rights, i dunno what more there is to assess, unless they kept some of the juicier vulnerabilities to themselves

Link to post
Share on other sites
4 minutes ago, hobobobo said:

Those people themselves state they have economic interest in this and that all of the flaws uncovered require either bios flash or admin rights, i dunno what more there is to assess, unless they kept some of the juicier vulnerabilities to themselves

Vulnerabilities can be very serious even if they require admin privilege or BIOS flashing.

I will withhold my judgement until I have read through the information we got (actual information, not what some reddit post or whatever says), and I recommend you do the same.

Link to post
Share on other sites
19 minutes ago, M.Yurizaki said:

The nature of this flaw is that you need physical access to the machine and you have to install compromised software.  i.e., it's a PEBKAC type of issue.

 

It's same kind of "vulnerability" described in this: https://blogs.msdn.microsoft.com/oldnewthing/20100114-00/?p=15273

I haven't read through the whitepaper yet but where does it say you need physical access? For the BIOS vulnerability it might be needed (although you can update BIOS without physical access), but for the ones that just need admin privilege I don't see why they couldn't be done remotely.

Link to post
Share on other sites

This entire ordeal seems like an investment scam. A company short selling shares followed by some scummy "security firm", releasing a "white paper" full of nonsense. 

 

I doubt Intel is behind this, but it seems like an attack on AMD shares for scummy investors. How very bizarre.


Watching Intel have competition is like watching a headless chicken trying to get out of a mine field

CPU: Intel I7 4790K@4.6 with NZXT X31 AIO; MOTHERBOARD: ASUS Z97 Maximus VII Ranger; RAM: 8 GB Kingston HyperX 1600 DDR3; GFX: ASUS R9 290 4GB; CASE: Lian Li v700wx; STORAGE: Corsair Force 3 120GB SSD; Samsung 850 500GB SSD; Various old Seagates; PSU: Corsair RM650; MONITOR: 2x 20" Dell IPS; KEYBOARD/MOUSE: Logitech K810/ MX Master; OS: Windows 10 Pro

Link to post
Share on other sites

wonder how many shekels they got lol.

 

thejewsdidthis.gif


AMD Ryzen 9 3950X | BeQuiet! Dark Rock Pro 4 | Crosshair VIII Impact | TeamGroup Dark Pro 2x8GB 3600C16 | GTX 1080 HOF | Lian LI TU150

Samsung Galaxy S7 Edge 32GB | Exynos 8890 Octa | SanDisk Ultra SDXC 200GB

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×