[Update] Security flaws discovered in AMD zen processors : AMD's meltdown?

[leadeater]

42 minutes ago, Jito463 said:

Sadly, in Windows 10 that's not necessarily the case (and yes, I run with UAC "disabled").  Even with UAC turned down to the lowest setting, you still have to right-click and run certain things as admin, unless they're set to explicitly request it from the system.

Yea things like PowerShell and CMD, plus some other odd apps. For the most part though if you run an exe with UAC off it has admin perms. Windows really needs to start sandboxing applications and their config/reg hives so they can run with godly perms but only screw over itself. Any system stuff should require explicit access not accessible through any old application.

[Jito463]

1 hour ago, leadeater said:

Yea things like PowerShell and CMD, plus some other odd apps. For the most part though if you run an exe with UAC off it has admin perms. Windows really needs to start sandboxing applications and their config/reg hives so they can run with godly perms but only screw over itself. Any system stuff should require explicit access not accessible through any old application.

They have done that to some extent with the registry, through the use of the TrustedInstaller permission.  However, I do agree that they could do a far better job of sandboxing things.

[JuNex03]

They confirmed the vulnerabilities and stated said vulnerabilities were overhyped and exaggerated. Now AMD is asking for an investigation of unusual stock trading...

 

https://www.bloomberg.com/news/articles/2018-03-20/amd-confirms-chip-vulnerability-says-report-exaggerated-danger

[mr moose]

1 hour ago, JuNex03 said:

They confirmed the vulnerabilities and stated said vulnerabilities were overhyped and exaggerated. Now AMD is asking for an investigation of unusual stock trading...

 

https://www.bloomberg.com/news/articles/2018-03-20/amd-confirms-chip-vulnerability-says-report-exaggerated-danger

I hope it's thorough and these guys get their ass's handed to them.  It's hard enough dealing with security issues in such a complex industry as it is without encouraging stock market parasites to make things worse.

[LAwLz]

8 hours ago, Notional said:

Injecting a malware ridden signed driver will compromise any piece of hardware ever.

Not in this way, no.

Again, there is a massive difference between gaining local admin privileges (the worst a compromised driver should be able to do), and having access to the PSP (which should not be possible at all, even if you flash a malicious BIOS and a bunch of infected drivers).

 

8 hours ago, Notional said:

It's like saying there is a security hole in your home because the thief had a full set of keys to your front door and your security code for the alarm. Not really a security bug as such.

No, it is more like the thief was able to compromise your online bank account, just because they had the keys to your front door.

If a thief can enter your house then you are already pretty screwed, but being in your house should not allow them to also access your bank accounts. There are safeguards to prevent that from happening. Such as passwords, two step verification, encryption and so on. It shouldn't happen. 

 

8 hours ago, Space Reptile said:

ah so as previously said , its a NO SHIT SHERLOCK vulnerability , "at that point you might aswell take the computer and leave" -Steve , GN 

You: "LAwLz is lying! These reports are not real!"

Me: "Hey look, AMD confirmed it is real."

You: "No shit Sherlock. Of course it's real."

 

Strange how your username is reptile, yet you try to weasel yourself out of this.

 

 

4 hours ago, leadeater said:

Yea things like PowerShell and CMD, plus some other odd apps. For the most part though if you run an exe with UAC off it has admin perms. Windows really needs to start sandboxing applications and their config/reg hives so they can run with godly perms but only screw over itself. Any system stuff should require explicit access not accessible through any old application.

Are you sure about that? I don't see why everything would default to running as admin just because you have UAC disabled. Seems like bad design compared to just automatically accepting requests for admin privilege.

[leadeater]

2 minutes ago, LAwLz said:

Are you sure about that? I don't see why everything would default to running as admin just because you have UAC disabled. Seems like bad design compared to just automatically accepting requests for admin privilege.

It's effectively the same thing, UAC off logged in as an admin any apps you run will have privileges to change system settings and access restricted filesystem locations and it's not going to stop and ask.

 

I run my UAC on second lowest and I very rarely even see UAC prompts on that as well, things like Steam games just kick off external installers without prompting at all because it see it as me making the change which is in line with that UAC setting.

[LAwLz]

1 hour ago, leadeater said:

It's effectively the same thing, UAC off logged in as an admin any apps you run will have privileges to change system settings and access restricted filesystem locations and it's not going to stop and ask.

 

I run my UAC on second lowest and I very rarely even see UAC prompts on that as well, things like Steam games just kick off external installers without prompting at all because it see it as me making the change which is in line with that UAC setting.

Well maybe I am being a bit pedantic since it shouldn't matter in most, if any, cases.

I am not sure how Windows handles it. There is a difference between running everything as admin all the time, and giving admin privilege to everything that asks for it though. The latter sounds to me like the better solution, especially for multi-user machines.

[hobobobo]

So, dunno if any1 posted this, but CTS fellas just cant calm down, they started to publish POCs on their youtube page)

 

[Space Reptile]

@LAwLz i actually talked to someone who works as cybersec tech about these exploit(s) and according to him they dont even matter 
you can do what these exploits claim to enable on ANY SYSTEM w/ the priviliges they require remotely , does not matter what OS , what vendor or what year 

as "real" as these exploits might be , they dont make it any easier nor enable someone to do more than he already can 


also CTS and that other lab are shady as shit , unknown firm w/ next to no record and plenty of connections to stock manipulation and FUD 
also breaking many standards for reporting and publishing of this kind (weird wp , 24 deadline , claiming AMD stock should be 0$ and AMD @ chapter 11) 

[ItsMitch]

5 hours ago, hobobobo said:

So, dunno if any1 posted this, but CTS fellas just cant calm down, they started to publish POCs on their youtube page)

 

What the fuck? Do they have any kind of decency left? 

[hobobobo]

13 minutes ago, SC2Mitch said:

What the fuck? Do they have any kind of decency left? 

lol, the right question would be did they have any in the first place

[Blademaster91]

47 minutes ago, Space Reptile said:

@LAwLz i actually talked to someone who works as cybersec tech about these exploit(s) and according to him they dont even matter 
you can do what these exploits claim to enable on ANY SYSTEM w/ the priviliges they require remotely , does not matter what OS , what vendor or what year 

as "real" as these exploits might be , they dont make it any easier nor enable someone to do more than he already can

If it doesn't matter then why did AMD confirm these exploits to be real with bios updates? Opinions of some cyber security tech is just that, people should be taking these exploits seriously and at this point CTS doesn't matter when the exploits are real even though their way of going about releasing it to the public was terrible. Interesting bias some people have when it comes to AMD,if it were Intel having the exact same issue people wouldn't be defending their brand while constantly trying to play down the issue because of an unprofessional source.

[AncientNerd]

11 minutes ago, Blademaster91 said:

If it doesn't matter then why did AMD confirm these exploits to be real with bios updates? Opinions of some cyber security tech is just that, people should be taking these exploits seriously and at this point CTS doesn't matter when the exploits are real even though their way of going about releasing it to the public was terrible. Interesting bias some people have when it comes to AMD,if it were Intel having the exact same issue people wouldn't be defending their brand while constantly trying to play down the issue because of an unprofessional source.

It is both real and doesn't matter...because it's a case of perception. There has now been enough noise about this in both the tech and financial press that there is no way that AMD could ignore the issues and hope they went away, no matter how minor they were. Note I am not saying they are minor, I am saying it no longer matters because of the cloud of virtual dust raised by this that needs to be dealt with or the perception will be that AMD doesn't care about security so don't use their stuff for servers. Which is really the only place that this matters in the long run. AMD needs to take market share away from Intel in the server market or they will die, that's where the main growth is right now in both numbers and profit. Mobile is growing but the actual profits are not growing like they were and actual growth is much slower - almost showing signs of flattening to the point where the big players are warning in the stock calls that 2019 may have "slow to flat" growth in smart phone sales. Which is CFO speak for, don't blame me when our next flagship doesn't do so well. While the server markets are all at "increases in the high double digit range", which is CFO speak for, I'm not willing to commit but you should be ready to pay me a big bonus next year. 

 

Oh yea and the financial guys are still calling the death of the desktop and laptop, but they have been doing that for 15 years. 

[LAwLz]

4 hours ago, Space Reptile said:

@LAwLz i actually talked to someone who works as cybersec tech about these exploit(s) and according to him they dont even matter

Maybe you should have asked that person before you started attacking me and saying everything was fake.

 

4 hours ago, Space Reptile said:

you can do what these exploits claim to enable on ANY SYSTEM w/ the priviliges they require remotely , does not matter what OS , what vendor or what year 

OK, do it on my old 2500K machine. Or maybe my 6500U.

If you look those up, and understand the basics of these Ryzen exploits then you will quickly realize that both of my systems I mentioned are immune to these types of attacks.

So no, these exploits does not work on all systems.

In the case of these ones, they most likely only work on AMD systems because they heavily rely on the architecture surrounding the PSP.

 

Remember, this is more than just flashing some malware to the BIOS. This is compromising the TEE.

 

4 hours ago, Space Reptile said:

as "real" as these exploits might be , they dont make it any easier nor enable someone to do more than he already can 

Yes they do.

Having access to the PSP enables someone to do a great amount of things they would previously not be able to do, with just mere admin privileges. Bypass secure boot is one of them.

 

4 hours ago, Space Reptile said:

also CTS and that other lab are shady as shit , unknown firm w/ next to no record and plenty of connections to stock manipulation and FUD 
also breaking many standards for reporting and publishing of this kind (weird wp , 24 deadline , claiming AMD stock should be 0$ and AMD @ chapter 11) 

That might be the only correct thing you have said the entire thread. Yes, CTS are shady as fuck. Doesn't make the exploits any less real though.

 

 

I'm waiting on my apology.

[mr moose]

9 hours ago, hobobobo said:

So, dunno if any1 posted this, but CTS fellas just cant calm down, they started to publish POCs on their youtube page)

 

Probably just trying to set themselves up some defense for any court action they might face in regard to share trading issues.  

 

 

Or (and this is probably less likely) the CEO has schizophrenia and thinks AMD is plotting to get him.

[laminutederire]

1 hour ago, mr moose said:

Probably just trying to set themselves up some defense for any court action they might face in regard to share trading issues.  

 

 

Or (and this is probably less likely) the CEO has schizophrenia and thinks AMD is plotting to get him.

Well so much for not releasing POC to protect consumers... he may try to allow people to hurt AMD while it's not patched and delivered yet

[pas008]

does amd have bug bounty like the other companies?

 

[Bananasplit_00]

even though these guys really arent doing a nice job at containing the impact of this stuff, at least we know that one of them works, and therefor the other ones have a higher chance to work as well. 

 

i still dont get why people are saying that everyone can be hit by this either, like yes you are fucked when the hackers have admin access but you are even MORE fucked when they can install malware you cant detect, without you noticing and if you somehow do you need new hardware. this isnt stuff that just goes away because you ran malwarebytes guys...

[Drak3]

And here I am, still confused how they got this:

Into this:

 

 

 

 

I amuse myself.

[Taf the Ghost]

@leadeater @LAwLz

 

I found a way to summarize the entire discussion!

 

"The Flaws are real, the News is fake".

 

That's actually what has been going on. Only Chimera is that interesting (as the other ones were going to be patchable), and there are far more Intel motherboards with those flawed USB controllers than there are AMD. CTS is clearly working for someone with some pockets, and this seems less like a stock manipulation and more like a Media-space attack, as time goes on.

[Taf the Ghost]

47 minutes ago, Bananasplit_00 said:

even though these guys really arent doing a nice job at containing the impact of this stuff, at least we know that one of them works, and therefor the other ones have a higher chance to work as well. 

 

i still dont get why people are saying that everyone can be hit by this either, like yes you are fucked when the hackers have admin access but you are even MORE fucked when they can install malware you cant detect, without you noticing and if you somehow do you need new hardware. this isnt stuff that just goes away because you ran malwarebytes guys...

Any "poisoned" BIOS attack would work by definition, but that would require attacking a specifically targeted Motherboard. If you hit your cellphone with a hammer, by definition you're going to do damage.

[leadeater]

3 hours ago, Taf the Ghost said:

If you hit your cellphone with a hammer, by definition you're going to do damage.

Gorilla glass would like to argue that point 

[Drak3]

18 minutes ago, leadeater said:

Gorilla glass would like to argue that point 

I'll get Mjolnir.

[ravenshrike]

9 hours ago, Blademaster91 said:

people should be taking these exploits seriously

These are level 2 exploits. People are taking them as seriously as they should, which is not very if they have a competent IT department because there are currently no exploits out for it and by the time there are it will probably(It definitely would have been patched had the hatchet men followed proper security protocols) mitigated or eliminated, and not very if they don't have a competent IT department because then they clearly don't give a shit about their IT security and are holed six ways from Sunday anyway. It would be completely different if exploits had shown up in the wild.  Let's also not mention that there are currently a shitload more Intel systems out there vulnerable to CHIMERA than AMD ones from a pure numbers perspective.

[mr moose]

It's hard to admit that the threat is real and needed addressing when your mouth is covered chin deep in sand.  

 

Mind you,  some people still manage to articulate the exploits in Intel make everything O.K even with their head firmly planted a foot deep in the beach.