Jump to content

[Update] Security flaws discovered in AMD zen processors : AMD's meltdown?

Message added by WkdPaul

Please keep the conversation civil and respectful, as per the Community Standards;

Quote
  • Ensure a friendly atmosphere to our visitors and forum members.
  • Encourage the freedom of expression and exchange of information in a mature and responsible manner.
  • "Don't be a dick" - Wil Wheaton.
  • "Be excellent to each other" - Bill and Ted.
  • Remember your audience; both present and future.

 

2 minutes ago, LAwLz said:

I don't think "local system access" means what you think it means.

What you need is a local admin privilege. That can be done remotely. It means local as "running on the computer", not local as in "you need physical access to the computer".

You pretty much just re-worded my entire point, but ok.... xD

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, do_root said:

You pretty much just re-worded my entire point, but ok.... xD

You said "None of these vulnerabilities can be exploited remotely" which is false.

All of them could potentially be exploited 100% remotely.

Link to comment
Share on other sites

Link to post
Share on other sites

23 minutes ago, LAwLz said:

This is completely false. You do not need physical access to use these exploits.

I repeat, you do NOT need physical access to use these exploits. Please stop saying this because it is false.

Well you need a remote execution attack that gives a local session with administrative privileges or crack a password and then use that to get RDP access if that is even published to the internet, or use the first to partly allow the second to happen. Or some other similar security breach which gets you the required access.

 

Then you also need a motherboard or OS that allows you to do a bios flash within the OS, reboot the system and then regain access to the system again after that.

 

It might not be technically correct to say physical access is required but to find a system with all the required traits to fully achieve exploiting these security vulnerabilities would be hard to say the least.

 

You either need other dependent and exploitable security vulnerabilities or physical access.

 

Edit:

Which may I add if you meet those requirements why the hell are you even trying these exploits, you have admin access already. Install your malware and key-loggers now, why are you trying to do a bios flash that might fail.

Edited by leadeater
Link to comment
Share on other sites

Link to post
Share on other sites

Just now, M.Yurizaki said:

I don't think it's productive to restrict when a person can or cannot publicly disclose a vulnerability. Though I think in some countries (like Germany), there are laws in place that if the reporter had malicious intent, they can be criminally charged.

 

However, I think there should be laws in place that also protect the reporter from retaliation if the disclosure was in good faith. I keep thinking there were reports of people discovering a flaw, only to be threatened with legal action because they had the "gall" of reporting it. Poking around in software somehow can fall under "derivative works" as far as copyright law goes.

Ok, I see your point. It seems like the researchers here had malicious intent, however I'm not sure how we differentiate this from good nature reporting. Perhaps something in their paper that literally says "hey guys we're profiting from this news, but you should take them at face value anyway".

We have a NEW and GLORIOUSER-ER-ER PSU Tier List Now. (dammit @LukeSavenije stop coming up with new ones)

You can check out the old one that gave joy to so many across the land here

 

Computer having a hard time powering on? Troubleshoot it with this guide. (Currently looking for suggestions to update it into the context of <current year> and make it its own thread)

Computer Specs:

Spoiler

Mathresolvermajig: Intel Xeon E3 1240 (Sandy Bridge i7 equivalent)

Chillinmachine: Noctua NH-C14S
Framepainting-inator: EVGA GTX 1080 Ti SC2 Hybrid

Attachcorethingy: Gigabyte H61M-S2V-B3

Infoholdstick: Corsair 2x4GB DDR3 1333

Computerarmor: Silverstone RL06 "Lookalike"

Rememberdoogle: 1TB HDD + 120GB TR150 + 240 SSD Plus + 1TB MX500

AdditionalPylons: Phanteks AMP! 550W (based on Seasonic GX-550)

Letterpad: Rosewill Apollo 9100 (Cherry MX Red)

Buttonrodent: Razer Viper Mini + Huion H430P drawing Tablet

Auralnterface: Sennheiser HD 6xx

Liquidrectangles: LG 27UK850-W 4K HDR

 

Link to comment
Share on other sites

Link to post
Share on other sites

What amazes me the most here is the beauty of execution of market manipulation, releasing a legit security whitepaper in a tottaly selfdiscrediting way is a marvel, and if proven real beyond doubt - it is just act 1 of the stock manipulation show, i would apllaud the genious of those fellas standing

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, LAwLz said:

You said "None of these vulnerabilities can be exploited remotely" which is false.

All of them could potentially be exploited 100% remotely.

Okay, I'm gonna break this down for you son.

1.) Remotely exploiting a machine means you are running exploit from your attacker machine, to a victim machine, hence "remote exploit", example: remote code execution.
2.) Local exploits mean you must have access to the victim's system, whether it be physical or a reverse shell over the internet, this is required to run the 13 exploits this website talks about.

Please stop confusing yourself.

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, hobobobo said:

What amazes me the most here is the beauty of execution of market manipulation, releasing a legit security whitepaper in a tottaly selfdiscrediting way is a marvel, and if proven real beyond doubt - it is just act 1 of the stock manipulation show, i would apllaud the genious of those fellas standing

It did not accomplish anything in the stock market though. if it was a troll on the tech press, then yes, 10/10 troll.

Link to comment
Share on other sites

Link to post
Share on other sites

If you can't see an issue with:

 

1) A fly by night company who no one has ever heard of created around the same Intel was told of Meldown and Spectre

2) Registering an inflammatory domain name just weeks before a major release

3) Registering a YouTube channel just days before release

4) Release a video you can't comment on directing to a website you can't comment on

5) Mailbox full at contact number for the company after they don't answer the phone

6) Giving a 24 hour ultimatum to fix

7) White paper that is a mess

8) Known short seller pimping it and using it in as a reason to advocate the bankruptcy of AMD

9) "Question and answer" video green screened with stock footage of IT shit

 

This is why people are quoting the YT channel and domain registration date. Because you lump it all together and it seems to be a giant ball of shit.

Link to comment
Share on other sites

Link to post
Share on other sites

............

 

stock manipulation, viceroy is being sued in germany for it..... why are people getting so heated up...

Link to comment
Share on other sites

Link to post
Share on other sites

4 minutes ago, Energycore said:

Ok, I see your point. It seems like the researchers here had malicious intent, however I'm not sure how we differentiate this from good nature reporting. Perhaps something in their paper that literally says "hey guys we're profiting from this news, but you should take them at face value anyway".

You could look at the circumstances leading up to the disclosure, then infer malicious intent and investigate them.

 

There are a lot of shady factors around CTS and its inception and its ties to Viceroy Research, who already has a history of gaming the stock market for profit.

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Majestic said:

It did not accomplish anything in the stock market though. if it was a troll on the tech press, then yes, 10/10 troll.

there was a $0.5 dip just after cnet articale release, but ofc it cant be considered directly related

the thing is, if its real, its not remotly over, there is plenty of time to switch the narative from "sketchy white paper from probable market manipulator alleges tons of security flaws" to "oh shit, its real and it is scary"

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, Majestic said:

It did not accomplish anything in the stock market though. if it was a troll on the tech press, then yes, 10/10 troll.

We can't say this for sure. Nadsaq closes very early in the afternoon, the market was already inactive when this came out.

 

We'll have to check tomorrow. If we open already down in price, you can bet this had an effect on the price.

We have a NEW and GLORIOUSER-ER-ER PSU Tier List Now. (dammit @LukeSavenije stop coming up with new ones)

You can check out the old one that gave joy to so many across the land here

 

Computer having a hard time powering on? Troubleshoot it with this guide. (Currently looking for suggestions to update it into the context of <current year> and make it its own thread)

Computer Specs:

Spoiler

Mathresolvermajig: Intel Xeon E3 1240 (Sandy Bridge i7 equivalent)

Chillinmachine: Noctua NH-C14S
Framepainting-inator: EVGA GTX 1080 Ti SC2 Hybrid

Attachcorethingy: Gigabyte H61M-S2V-B3

Infoholdstick: Corsair 2x4GB DDR3 1333

Computerarmor: Silverstone RL06 "Lookalike"

Rememberdoogle: 1TB HDD + 120GB TR150 + 240 SSD Plus + 1TB MX500

AdditionalPylons: Phanteks AMP! 550W (based on Seasonic GX-550)

Letterpad: Rosewill Apollo 9100 (Cherry MX Red)

Buttonrodent: Razer Viper Mini + Huion H430P drawing Tablet

Auralnterface: Sennheiser HD 6xx

Liquidrectangles: LG 27UK850-W 4K HDR

 

Link to comment
Share on other sites

Link to post
Share on other sites

11 minutes ago, leadeater said:

Well you need a remote execution attack that gives a local session with administrative privileges or crack a password and then use that to get RDP access if that is even published to the internet, or use the first to partly allow the second to happen. Or some other similar security breach which gets you the required access.

Yes, exactly.

You need some way in to the system with admin privileges first. That is a pretty big barrier to entry right there, but that is completely different from "you need physical access" which is what a lot of people are saying right now. See the previous page for examples of this.

Needing admin privileges does not mean we should all just kick back and relax though. These exploits might still be serious and needs to be fixed.

 

11 minutes ago, leadeater said:

Then you also need a motherboard or OS that allows you to do a bios flash within the OS, reboot the system and then regain access to the system again after that.

That is only for 3 out of the 13 exploits.

Yes, for those three exploits in particular you need to flash the BIOS, but you do not need to do that for the remaining 10.

I don't get why everyone is so focused on those three in particular. Just because those three are very hard to execute doesn't mean the other 10 are as hard.

 

11 minutes ago, leadeater said:

It might not be technically correct to say physical access is required but to find a system with all the required traits to fully achieve exploiting these security vulnerabilities would be hard to say the least.

Privilege escalation exploits aren't exactly rare in the Windows world. Not to mention all the people just clicking OK at the UAC prompt without thinking.

Again, these things will not keep me up at night but I think people should quite frankly shut up and not comment on things they don't understand. They are just doing more harm than good by spreading misinformation.

 

 

9 minutes ago, DoctorWho1975 said:

If you can't see an issue with:

 

1) A fly by night company who no one has ever heard of created around the same Intel was told of Meldown and Spectre

2) Registering an inflammatory domain name just weeks before a major release

3) Registering a YouTube channel just days before release

4) Release a video you can't comment on directing to a website you can't comment on

5) Mailbox full at contact number for the company after they don't answer the phone

6) Giving a 24 hour ultimatum to fix

7) White paper that is a mess

8) Known short seller pimping it and using it in as a reason to advocate the bankruptcy of AMD

9) "Question and answer" video green screened with stock footage of IT shit

 

This is why people are quoting the YT channel and domain registration date. Because you lump it all together and it seems to be a giant ball of shit.

I really don't see why any of that is relevant except for number 7, which I don't particularly agree with.

I think it's sad to see people try and discredit security research by saying things like "they disabled comments on their youtube video".

 

@leadeater you got mad at me for maybe giving people the wrong idea about code signing just a few days ago right?

What do you think of people trying to discredit actual security research because of things like "their website has an inflammatory name" and "they have disabled youtube comments"? I find it quite sickening.

Link to comment
Share on other sites

Link to post
Share on other sites

6 minutes ago, The Viking said:

............

 

stock manipulation, viceroy is being sued in germany for it..... why are people getting so heated up...

Wow their website is pure gold.

 

Quote

We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries.

https://viceroyresearch.org/2018/03/13/amd-the-obituary/

Link to comment
Share on other sites

Link to post
Share on other sites

huEqXQM.png

Watching Intel have competition is like watching a headless chicken trying to get out of a mine field

CPU: Intel I7 4790K@4.6 with NZXT X31 AIO; MOTHERBOARD: ASUS Z97 Maximus VII Ranger; RAM: 8 GB Kingston HyperX 1600 DDR3; GFX: ASUS R9 290 4GB; CASE: Lian Li v700wx; STORAGE: Corsair Force 3 120GB SSD; Samsung 850 500GB SSD; Various old Seagates; PSU: Corsair RM650; MONITOR: 2x 20" Dell IPS; KEYBOARD/MOUSE: Logitech K810/ MX Master; OS: Windows 10 Pro

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, LAwLz said:

 

I really don't see why any of that is relevant except for number 7, which I don't particularly agree with.

I think it's sad to see people try and discredit security research by saying things like "they disabled comments on their youtube video".

 

Seriously? Holy shitballs.. wow. Yeah, I give up.

Link to comment
Share on other sites

Link to post
Share on other sites

10 minutes ago, leadeater said:

Well you need a remote execution attack that gives a local session with administrative privileges or crack a password and then use that to get RDP access if that is even published to the internet, or use the first to partly allow the second to happen. Or some other similar security breach which gets you the required access.

 

Then you also need a motherboard or OS that allows you to do a bios flash within the OS, reboot the system and then regain access to the system again after that.

 

It might not be technically correct to say physical access is required but to find a system with all the required traits to fully achieve exploiting these security vulnerabilities would be hard to say the least.

 

You either need other dependent and exploitable security vulnerabilities or physical access.

 

Edit:

Which may I add if you meet those requirements why the hell are you even trying these exploits, you have admin access already. Install your malware and key-loggers now, why are you trying to do a bios flash that might fail.

Because once you swap the bios, everything is literally unrecoverable forever. It's the difference between installing a virus that gets sweeped up with AV updates, and compromising the AV itself so that any other potential exploit can be used indefinitely.

LINK-> Kurald Galain:  The Night Eternal 

Top 5820k, 980ti SLI Build in the World*

CPU: i7-5820k // GPU: SLI MSI 980ti Gaming 6G // Cooling: Full Custom WC //  Mobo: ASUS X99 Sabertooth // Ram: 32GB Crucial Ballistic Sport // Boot SSD: Samsung 850 EVO 500GB

Mass SSD: Crucial M500 960GB  // PSU: EVGA Supernova 850G2 // Case: Fractal Design Define S Windowed // OS: Windows 10 // Mouse: Razer Naga Chroma // Keyboard: Corsair k70 Cherry MX Reds

Headset: Senn RS185 // Monitor: ASUS PG348Q // Devices: Note 10+ - Surface Book 2 15"

LINK-> Ainulindale: Music of the Ainur 

Prosumer DYI FreeNAS

CPU: Xeon E3-1231v3  // Cooling: Noctua L9x65 //  Mobo: AsRock E3C224D2I // Ram: 16GB Kingston ECC DDR3-1333

HDDs: 4x HGST Deskstar NAS 3TB  // PSU: EVGA 650GQ // Case: Fractal Design Node 304 // OS: FreeNAS

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, LAwLz said:

That is only for 3 out of the 13 exploits.

I thought it was for 10 of the 13? Don't actually remember.

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Curufinwe_wins said:

Because once you swap the bios, everything is literally unrecoverable forever. It's the difference between installing a virus that gets sweeped up with AV updates, and compromising the AV itself so that any other potential exploit can be used indefinitely.

True but what was your end game and why couldn't you achieve it with the already admin access you have gained, I would do this as a last step but you still run the risk of either killing the system or tipping off the user something is wrong because of the required reboot.

Link to comment
Share on other sites

Link to post
Share on other sites

5 minutes ago, leadeater said:

True but what was your end game and why couldn't you achieve it with the already admin access you have gained, I would do this as a last step but you still run the risk of either killing the system or tipping off the user something is wrong because of the required reboot.

The best data mining is when your target never knows you were there and you get to leech indefinitely. That's literally 100% the optimal goal for these type of exploits (think government or corporate espionage). And this is 100% the best way to do it. Gain top level access for a moment (generally through social engineering), install your hopefully-undetectable backdoor, then get the fuck out and let the data roll in.

LINK-> Kurald Galain:  The Night Eternal 

Top 5820k, 980ti SLI Build in the World*

CPU: i7-5820k // GPU: SLI MSI 980ti Gaming 6G // Cooling: Full Custom WC //  Mobo: ASUS X99 Sabertooth // Ram: 32GB Crucial Ballistic Sport // Boot SSD: Samsung 850 EVO 500GB

Mass SSD: Crucial M500 960GB  // PSU: EVGA Supernova 850G2 // Case: Fractal Design Define S Windowed // OS: Windows 10 // Mouse: Razer Naga Chroma // Keyboard: Corsair k70 Cherry MX Reds

Headset: Senn RS185 // Monitor: ASUS PG348Q // Devices: Note 10+ - Surface Book 2 15"

LINK-> Ainulindale: Music of the Ainur 

Prosumer DYI FreeNAS

CPU: Xeon E3-1231v3  // Cooling: Noctua L9x65 //  Mobo: AsRock E3C224D2I // Ram: 16GB Kingston ECC DDR3-1333

HDDs: 4x HGST Deskstar NAS 3TB  // PSU: EVGA 650GQ // Case: Fractal Design Node 304 // OS: FreeNAS

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

Some points against CST:

  • Why not give AMD time to fix the flaws? They are a security orientated group, it would be in their interest to improve the security of products and not to publish it (that the flaws exist, that gives those with malicious intent a place where to look).
  • If they wanted to improve their image (every legitimate company does, you don't earn anything if people don't want to buy your products) they would have followed standard procedure of waiting 90 days. By using the 24 hour 'EXTRA MEDIA ATTENTION' card they will be disliked by the rest of the security community (I guess). In order to counter this loss they must be getting compensation in some form i.e. through market manipulation.
  • The backgrounds are sketchy at best. One does not attempt to release groundbreaking news and use free backgrounds from google images, a legitimate company not want to look sketchy.. and these backgrounds make it look sketchy
  • Only one genuine researcher seems to support their claims. However he supposedly has seen the exploits work and one does not throw down ones career for nothing.

Considerations pro CST:

  • Disabled comments on YouTube does not mean anything. It is perfectly reasonable they did not want discussion like this on the video report.
  • A newly created channel also is irrelevant, they may not have needed to post videos before.

 

POINT: Come back in a while once the rumors have disappeared

Link to comment
Share on other sites

Link to post
Share on other sites

5 minutes ago, leadeater said:

While fair, rather hilarious from that guy lol.

I'd say hypocritical of him.  He's just loud now.  This whole discussion is a mess of emotions.  

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, ScratchCat said:

Some points against CST:

  • Why not give AMD time to fix the flaws? They are a security orientated group, it would be in their interest to improve the security of products and not to publish it (that the flaws exist, that gives those with malicious intent a place where to look).
  • If they wanted to improve their image (every legitimate company does, you don't earn anything if people don't want to buy your products) they would have followed standard procedure of waiting 90 days. By using the 24 hour 'EXTRA MEDIA ATTENTION' card they will be disliked by the rest of the security community (I guess). In order to counter this loss they must be getting compensation in some form i.e. through market manipulation.
  • The backgrounds are sketchy at best. One does not attempt to release groundbreaking news and use free backgrounds from google images, a legitimate company not want to look sketchy.. and these backgrounds make it look sketchy
  • Only one genuine researcher seems to support their claims. However he supposedly has seen the exploits work and one does not throw down ones career for nothing.

Considerations pro CST:

  • Disabled comments on YouTube does not mean anything. It is perfectly reasonable they did not want discussion like this on the video report.
  • A newly created channel also is irrelevant, they may not have needed to post videos before.

 

 

The whole image thing, lots of people (this goes for companies too) don't know anything about branding, image, what not.  Reason why advertising companies get paid big bucks lol.  Just have to wait and see how this goes over.  Cause all the other stuff has no bearing on the actual exploits, if they are valid or not.

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, DoctorWho1975 said:

Seriously? Holy shitballs.. wow. Yeah, I give up.

Please don't. I really want to know why people seem to care so much about when their youtube channel was registered, or why it is such a big deal that they have disabled comments. I legitimately don't get it.

 

 

1 minute ago, leadeater said:

I thought it was for 10 of the 13? Don't actually remember.

There are 13 exploits in total.

 

3 under the name "Masterkey" which is the BIOS attack. These are the only ones requiring a BIOS flash. What they allow is for bypassing a lot of the secure processor features, as well as running arbitary code on it.

 

4 under the name Ryzenfall. These includes things such as reading and writing to protected memory and bypassing Windows' VBS.

 

3 under the name Fallout, which seems to me like it's just the Ryzenfall but for EPYC. Not sure if they are trying to pad their list a little bit, or if there are some significant differences between Ryzenfall and Fallout.

 

2 under the Chimera name. These are the exploits in the ASMedia controllers.

 

The last one is the PSP Privilege one which I can't seem to find in the white paper, although it is listed on their website as one of the 13.

 

 

Anyway, only 3 out of the 13 exploits requires a BIOS flash. The other 10 does not.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×