Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Coaxialgamer

[Update] Security flaws discovered in AMD zen processors : AMD's meltdown?

wkdpaul

Please keep the conversation civil and respectful, as per the Community Standards;

Quote
  • Ensure a friendly atmosphere to our visitors and forum members.
  • Encourage the freedom of expression and exchange of information in a mature and responsible manner.
  • "Don't be a dick" - Wil Wheaton.
  • "Be excellent to each other" - Bill and Ted.
  • Remember your audience; both present and future.

 

Message added by wkdpaul

Recommended Posts

Turns out its a pile of horseshit , theres a megathread on r/AMD with some interesting revelations in the comments 


especcialy who that "research firm" actually is 
https://www.moneyweb.co.za/in-depth/investigations/viceroy-unmasked/


RyzenAir : AMD R5 1600 | AsRock AB350M Pro4 | 24gb KVR DDR4 2666 | GTX 1060 | Fractal Design Node 804
RyzenITX : Ryzen 3 2200G | GA-AB350N-Gaming WIFI | 12gb DDR4 2993 | Vega 8 | MS-Tech CI-58 | Pico PSU 150

 

PSU Tier list

 

Link to post
Share on other sites
14 minutes ago, Some Random Member said:

The second most recent one was when they called the new amd server chips "glued together" and lacking any ecosystem. ADOREDTV did a short 30min documentary of all the shady stuff intel has done over its existance, give it a watch.

AdoredTV is a drooling moron who doesn't know what he is talking about 80% of the time.

And yes, "glued together" is in fact the correct term for what AMD is doing with their processors.

Link to post
Share on other sites
25 minutes ago, Some Random Member said:

More of the fact that website poped up a few months ago, youtube channel a few days, comments disabled, they only gave 24hours instead of 90 days, their website is full of shady stuff, the whitepaper is really vague, no source codes or linux testing etc.

Shady quote number 1:

"The report and all statements contained herein are opinions of CTS and are not statements of fact"

number 2

"CTS reserves the right to refrain from updating this website even as it becomes outdated or inaccurate."

It could be a new research group with some poor timing, or a complete BS scam. A 60-90 day time window isn't required,though only 24hrs makes them look really shady, I do agree their website and lack of source codes or a well written whitepaper seems suspicious but until anyone has proof it isn't anything but baseless accusations to assume Intel is the culprit here.

Edit: The quotes seems like they're just attempting to defend themselves in case AMD were to sue them if this was a BS attack.

Link to post
Share on other sites
7 minutes ago, M.Yurizaki said:

 

Until you have actual proof, you're spouting accusations that amount to slander, history of shady business practices or not.

This is actually well known and documented;

https://www.reuters.com/article/us-eu-intel/eu-conducts-antitrust-raid-on-intel-retailers-idUSL1216666220080212

 

https://www.cnet.com/news/eu-antitrust-officials-raid-intel/

 

https://seekingalpha.com/article/64296-eu-antitrust-investigators-raid-intel-munich-office

 

 

Link to post
Share on other sites
3 hours ago, Coaxialgamer said:

only allowed them 24 hours instead of the customary 90 days , which is kind of a duck move in my opinion

I wonder how long it took CTS to make the 'AMD Flaws Overview' video, bout 24hrs maybe?  The names of these exploits are about as subtle as a mallet and immediately make me think there is more to CTS' interests here, but whatever.  Will be interesting to see what developments occur from the EYPC side in particular, and see what professional epyc users/administrators think and say in the coming days.

There never was and never will be a 100% secure bulletproof system, but with AMD trying to wedge into server space these sorts of security concerns are paramount.

 

28 minutes ago, Drak3 said:

So, can I bash Intel for kicking dogs, even though they didn't?


No.  Though I'm fairly sure they kick puppies and light cigars with $100 bills on the regular.  My 'Ouija board' has confirmed this much and has been peer-reviewed by my magic 8-ball.

Link to post
Share on other sites
1 minute ago, M.Yurizaki said:

I'm asking for proof about this specific case.

 

But inferring context is too hard.

My apologies, but you did not specify the context. 

Link to post
Share on other sites

posting it here aswell , bc we need multible threads for this topic apparently 

its 99.9% horseshit and (likely) stock manipulation 
r/ amd has a megathread on it and the comments have some interesting insights in who or what the fuck that "research firm" is and how this is handled 
https://www.reddit.com/r/Amd/comments/845w8e/alleged_amd_zen_security_flaws_megathread/
 

this is worth a read , that """Research firm""" is well known to be spreading shit to make stocks go down 
https://www.moneyweb.co.za/in-depth/investigations/viceroy-unmasked/


RyzenAir : AMD R5 1600 | AsRock AB350M Pro4 | 24gb KVR DDR4 2666 | GTX 1060 | Fractal Design Node 804
RyzenITX : Ryzen 3 2200G | GA-AB350N-Gaming WIFI | 12gb DDR4 2993 | Vega 8 | MS-Tech CI-58 | Pico PSU 150

 

PSU Tier list

 

Link to post
Share on other sites
58 minutes ago, Blademaster91 said:

I doubt Intel would so openly and brazenly smear AMD,especially now since they're working with AMD using their GPU's.

I think you're on to something here. I did some digging and and reached out to my contacts etc and 15min later I got an anonymous message with an extremely damning photo.

Link to post
Share on other sites
Just now, Space Reptile said:

posting it here aswell , bc we need multible threads for this topic apparently 

its 99.9% horseshit and (likely) stock manipulation 
r/ amd has a megathread on it and the comments have some interesting insights in who or what the fuck that "research firm" is and how this is handled 

Ah yes, because we all know how reliable and unbiased /r/AMD are when it comes to AMD news.

Anyway, even if the research firm is shady, doesn't mean they might be correct in their findings.

 

The Shadow Brokers are not exactly honest or trustworthy either, but they have been right in the information they have published.

Link to post
Share on other sites

Well it is a bs move on them to release it so soon but on the other hand amd was the reason meltdown news leaked early so i see this as karma to an extent. Though the credibility of this CTS will surely be raked over the coals due to the lack of disclosure to make necessary changes.

 

Either way I'm laughing inside at AMD fanboys who were so down on intel for their issue, smug morons didn't realize that amd surely would have similar issues eventually.


https://linustechtips.com/main/topic/631048-psu-tier-list-updated/ Tier Breakdown (My understanding)--1 Godly, 2 Great, 3 Good, 4 Average, 5 Meh, 6 Bad, 7 Awful

 

Link to post
Share on other sites

Directly from Viceroy research:

 

"In light of CTS’s discoveries, the meteoric rise of AMD’s stock price now appears to be totally unjustified and entirely unsustainable. We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries."

 

I'm not sure what to say really.

 

https://viceroyresearch.org/2018/03/13/amd-the-obituary/

Link to post
Share on other sites
Just now, Deus Voltage said:

Directly from Viceroy research:

 

"In light of CTS’s discoveries, the meteoric rise of AMD’s stock price now appears to be totally unjustified and entirely unsustainable. We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries."

 

I'm not sure what to say really.

 

https://viceroyresearch.org/2018/03/13/amd-the-obituary/

Yup. Like I stated, this is stock market manipulation.


Watching Intel have competition is like watching a headless chicken trying to get out of a mine field

CPU: Intel I7 4790K@4.6 with NZXT X31 AIO; MOTHERBOARD: ASUS Z97 Maximus VII Ranger; RAM: 8 GB Kingston HyperX 1600 DDR3; GFX: ASUS R9 290 4GB; CASE: Lian Li v700wx; STORAGE: Corsair Force 3 120GB SSD; Samsung 850 500GB SSD; Various old Seagates; PSU: Corsair RM650; MONITOR: 2x 20" Dell IPS; KEYBOARD/MOUSE: Logitech K810/ MX Master; OS: Windows 10 Pro

Link to post
Share on other sites
Just now, LAwLz said:

Ah yes, because we all know how reliable and unbiased /r/AMD are when it comes to AMD news.

Anyway, even if the research firm is shady, doesn't mean they might be correct in their findings.

 

The Shadow Brokers are not exactly honest or trustworthy either, but they have been right in the information they have published.

https://www.nytimes.com/reuters/2018/03/12/business/12reuters-prosieben-media-accounts.html

also the way they handled the whole thing , setting a 24hr ultimatum? stating that AMD Stock shud be worth 0$ ? man that sounds proffesional 
you know , instead of going out and tooting your horn w/ some THIRTEEN vulnerabilities you normally contact the guys beforehand , as its a MASSIVE security issue if those things actually existed 
heres an official statement on one of AMD's sites about it http://ir.amd.com/news-releases/news-release-details/view-our-corner-street-0


RyzenAir : AMD R5 1600 | AsRock AB350M Pro4 | 24gb KVR DDR4 2666 | GTX 1060 | Fractal Design Node 804
RyzenITX : Ryzen 3 2200G | GA-AB350N-Gaming WIFI | 12gb DDR4 2993 | Vega 8 | MS-Tech CI-58 | Pico PSU 150

 

PSU Tier list

 

Link to post
Share on other sites
5 minutes ago, Deus Voltage said:

Directly from Viceroy research:

'Dumb fanboy gibberish'

I'm not sure what to say really.

https://viceroyresearch.org/2018/03/13/amd-the-obituary/

Do these people have any relevance to the discussion on the vunerability or are they an unrelated group of fanboys who have reason bash for anything they can find (in other words are they associates of this CTS), because that sounds more like a reddit post from 12 year olds than anything worth taking seriously (though they are right that amd's stock is overvalued just they clearly are not pushing a reasonable conversation just stupid nonsense)


https://linustechtips.com/main/topic/631048-psu-tier-list-updated/ Tier Breakdown (My understanding)--1 Godly, 2 Great, 3 Good, 4 Average, 5 Meh, 6 Bad, 7 Awful

 

Link to post
Share on other sites
2 minutes ago, AresKrieger said:

Do these people have any relevance to the discussion on the vunerability or are they an unrelated group of fanboys who have reason bash for anything they can find (in other words are they associates of this CTS), because that sounds more like a reddit post from 12 year olds than anything worth taking seriously (though they are right that amd's stock is overvalued just they clearly are not pushing a reasonable conversation just stupid nonsense)

hey man , it seems to works since nobody bothered to google that """""reseach firm""""" 's name and find out that they are a pretty shitty stock manipulator company and posted this story as fact asap to get those views 

unknown.png


RyzenAir : AMD R5 1600 | AsRock AB350M Pro4 | 24gb KVR DDR4 2666 | GTX 1060 | Fractal Design Node 804
RyzenITX : Ryzen 3 2200G | GA-AB350N-Gaming WIFI | 12gb DDR4 2993 | Vega 8 | MS-Tech CI-58 | Pico PSU 150

 

PSU Tier list

 

Link to post
Share on other sites
11 minutes ago, LAwLz said:

Ah yes, because we all know how reliable and unbiased /r/AMD are when it comes to AMD news.

Anyway, even if the research firm is shady, doesn't mean they might be correct in their findings.

 

The Shadow Brokers are not exactly honest or trustworthy either, but they have been right in the information they have published.

The thread is over. It was stock manipulation by private guys, intel was not behind it this time(as far as we know for now). The firm that published "these findings" has done stock manipulations earlier too. Most of the stuff(more like all) is BS that they made up in hopes that the stock price would go down.

Link to post
Share on other sites
Just now, Some Random Member said:

The thread is over.

one last post 


Bildergebnis für mexican guy laughing


RyzenAir : AMD R5 1600 | AsRock AB350M Pro4 | 24gb KVR DDR4 2666 | GTX 1060 | Fractal Design Node 804
RyzenITX : Ryzen 3 2200G | GA-AB350N-Gaming WIFI | 12gb DDR4 2993 | Vega 8 | MS-Tech CI-58 | Pico PSU 150

 

PSU Tier list

 

Link to post
Share on other sites
7 minutes ago, Space Reptile said:

hey man , it seems to works since nobody bothered to google that """""reseach firm""""" 's name and find out that they are a pretty shitty stock manipulator company 

 

I'm not critsizing the post I quoted I just don't reddit due to the amount of contradiction and mis-information that goes on their, either way whether these people are trolls or stock manipulators as you pushed forth they are very bad at it as obvious troll is obvious. Though wallstreet is quite stupid so maybe it would work? I think even they aren't this dense if this truly is a scam.

 

That green screen blurry interview is hilarious, point validated xD

(you think they would just film in front of a office space wall truly poor effort)


https://linustechtips.com/main/topic/631048-psu-tier-list-updated/ Tier Breakdown (My understanding)--1 Godly, 2 Great, 3 Good, 4 Average, 5 Meh, 6 Bad, 7 Awful

 

Link to post
Share on other sites

https://thehackernews.com/2018/03/amd-processor-vulnerabilities.html

 

Luckily it appears none of these are unpatchable, but defeating SEV is scary at the very least.

 

Edit: Take this information with a HUGE grain of salt, there has been NO proof on concept, The people who discovered the "vulnerabilities" have no clout and are unknown, and the group funding these guys are known for stock manipulation. Until it can be proven or dis-proven though I believe it's helpful for the information to be there. Sounds like someone really wants that AMD stock to drop. but that is my opinion and not based in any proof.

Link to post
Share on other sites
3 hours ago, rcmaehl said:

This all screams smear campaign
 

1. 24 hour disclosure instead of industry standard 90/180 day
image.png.e03e6e542d8202c705b6012363772371.png

2. Amdflaws links to a YT video, with comments disabled
image.png.33b5ddec273d4307e02961a0273d69f6.png
3. YT Channel with video was just just March of this year

image.png.5af935b5033fbe89857c9c0e32888cad.png

4. Domain (website records) for this "16 years in operation" company don't exist any earlier than February of this year

image.png.d13e91d3fd30dd4675557aa30c4c6011.png

 

5. This sketchy quote from their disclaimer

 

image.png.60cfcdce6df3081abbde4c6f844dd322.png


6. This OTHER sketchy quote from their disclaimer

image.png.aef3fbb9a89c0220ea24360582e8c519.png

7. Exploits are common sense when it comes to security

MASTERKEY: "Exploiting MASTERKEY requires an attacker to be able to re-flash the BIOS with a specially crafted BIOS update. "

REBUTTAL: By the time you let attacker install BIOS you are already PWND
 

RYZENFALL: Exploitation requires that an attacker be able to run a program with local-machine elevated administrator privileges. Accessing the Secure Processor is done through a vendor supplied driver that is digitally signed.

REBUTTAL: By the time you let attacker to have admin rights, they can do anything they want anyway!
 

FALLOUT: Exploitation requires that an attacker be able to run a program with local-machine elevated administrator privileges. Accessing the Secure Processor is done through a vendor supplied driver that is digitally signed.

REBUTTAL: Same as above. Not a major concern
 

CHIMERA: A program running with local-machine elevated administrator privileges. Access to the device is provided by a driver that is digitally signed by the vendor.

REBUTTAL: Same as above. Not a major concern.

This is absolutely a huge smear campaign. Doesn't mean the vulns don't exist, but the extreme lack of notice screams some competitor is nervous and most likely helped push these guys to release early. As someone who does this for a living, it is ABSOLUTELY unprofessional to do what these guys have done. It would get your average analyst blacklisted hard.

Link to post
Share on other sites
27 minutes ago, AresKrieger said:

Well it is a bs move on them to release it so soon but on the other hand amd was the reason meltdown news leaked early so i see this as karma to an extent. Though the credibility of this CTS will surely be raked over the coals due to the lack of disclosure to make necessary changes.

 

Either way I'm laughing inside at AMD fanboys who were so down on intel for their issue, smug morons didn't realize that amd surely would have similar issues eventually.

I don't know if it is karma rather than AMD's processors not being perfect either,despite AMD bragging they're impervious to spectre. I think it should be thoroughly investigated as AMD is getting into the server space with these Ryzen/Epyc cpu's, better for them to solve it now rather than later if these vulnerabilities aren't all BS.

CTS isn't going to have much credibility with their insufficient whitepaper and their 24hr timing surely won't help them.

On a side note you should watch using the f-word,LTT doesn't like it according to the CS.

 

Edit: oh it was just a BS smear campaign,lol they should have tried harder with those stock images.

Link to post
Share on other sites
1 minute ago, Blademaster91 said:

On a side note you should watch using the f-word,LTT doesn't like it according to the CS.

That only applies to calling users fanboys, calling outsiders fanboys does not apply as the point of the rule is to prevent fighting between users, I did not refer to anyone thus it is irrelevant. Either way I can agree that this is an easy way to lose all credibility assuming they had any to begin with though the terrible blurry stock photos have added a large spoonful of doubt to that.


https://linustechtips.com/main/topic/631048-psu-tier-list-updated/ Tier Breakdown (My understanding)--1 Godly, 2 Great, 3 Good, 4 Average, 5 Meh, 6 Bad, 7 Awful

 

Link to post
Share on other sites
5 minutes ago, Blademaster91 said:

But it was fine when researchers leaked meltdown with AMD helping to spread the news?

it was discovered and reported to intel and AMD weeks before dude

 image.png.4dabd1c0611eeb61e32f1000262060b4.png
infact that vunerability exists on every intel chip made after 1995 (according to wikipedia) 
 


RyzenAir : AMD R5 1600 | AsRock AB350M Pro4 | 24gb KVR DDR4 2666 | GTX 1060 | Fractal Design Node 804
RyzenITX : Ryzen 3 2200G | GA-AB350N-Gaming WIFI | 12gb DDR4 2993 | Vega 8 | MS-Tech CI-58 | Pico PSU 150

 

PSU Tier list

 

Link to post
Share on other sites
1 minute ago, Blademaster91 said:

But it was fine when researchers leaked meltdown

1. Before I say #2, I just want to say that this should not have happened and there should have been more care taken to ensure the vulnerability was kept under wraps until the reveal date.

2. That is a completely different situation. Intel (and AMD!) had ~6 months before the vulnerability leaked a few weeks early. Here AMD had 24 Hours before the research firm goes directly to the media with (seemingly) predetermined appointments. Intel (and amd) had 180 times the time that AMD had to respond to this.

7 minutes ago, Blademaster91 said:

with AMD helping to spread the news?

3. I had not heard of this. Do you have a link? As far as I remember, amd had first a stand by post, then a post explaining what did and did not affect them on their website, without mentioning anything about intel. Intel on the other hand, their first reaction was to state that both ARM and AMDs processors were affected too, trying to deflect the blame to the group.


LTT 2019 Folding Month Rank: 49    Score: 60,484,697

Current LTT F@H Rank: 33    Score: 384,430,073   Stats

My main Rig (Hybrid Windows 10/Arch Linux):

OS: Arch Linux w/ XFCE DE (Kernel 5.3.13 VFIO) as host OS, windows 10 as guest

CPU: Ryzen 9 3900X w/PBO on (6c 12t for host, 6c 12t for guest)

Cooler: Noctua NH-D15

Mobo: Asus X470-F Gaming

RAM: 16GB G-Skill Ripjaws V @ 3000MHz (8GB for host, 8GB for guest)

GPU: Guest: EVGA GTX 1060 SC Host: 2x Radeon HD 8470

PSU: EVGA G2 650W

SSDs: Guest: Samsung 850 evo 120 GB, Samsung 860 evo 1TB Host: Samsung 970 evo 500GB NVME

HDD: Guest: WD Caviar Blue 1 TB

Case: Fractal Design Define R5 Black Windowed

Other: White LED strip to illuminate the interior. Extra fractal intake fan for positive pressure.

unRAID server (Plex, Windows 10 VM, NAS, urBackup, game servers):

OS: unRAID 6.7.0

CPU: Ryzen R7 2700x @ Stock

Cooler: Noctua NH-U9S

Mobo: Asus Prime X470-Pro

RAM: 24GB Hyperx Fury Black @ 2900MHz 16-16-16-28

GPU: EVGA GTX 1080 FTW2

PSU: EVGA G3 850W

SSD: Samsung 970 evo 250GB

HDDs: 4x HGST Dekstar NAS 4TB @ 7200RPM (3 data, 1 parity)

Case: Sillverstone GD08B

Other: Added 3x Noctua NF-F12 intake, 2x Noctua NF-A8 exhaust, Inatek 5 port USB 3.0 expansion card with usb 3.0 front panel header

Details: 12GB ram, GTX 1080, USB card passed through to windows 10 VM. VM's virtdisk is on the SSD. Rest of resources are for Plex, urBackup, Gitlab, Nextcloud, and game servers.
 

Inventory: CPU: Delidded i7 6700k @ 4.7GHz 1.46v  Motherboard: ASUS Z170-A

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×