David89

Meh. Another one of those Intel Videos. 56 Cores are great and such, but they are getting actually boring. I'd really like to see EPYC in one of those Videos. Although i get, that there is no Motherboard on AMDs side, that can compete with that. Still. A comparison between the Opteron Piledriver and EPYC would also be...uh...Epic.

Interesting. Anyone noticed, that Gadi Evron was in the same military unit, as the other guys from CTS...? Also, that BOTH Ido Li On and Yaron Luk-Zilberman contradicted Gadi Evron, who said "I can confirm they have a PoC on everything." I'm still going with my first assessment of the whole ordeal: Gadi Evron was part of the whole thing from the beginning... And Trail of Bits right away said, it's no where near as bad, as they say.

And that's exactly why there are different stages of severity of Bugs. This whole thing is just not a security issue. Those are some very nasty and bad bugs - but you can't to anything with them, unless you actually got in to the system with some security holes. They need to be fixed, yes, but they are rather low on the priority list. Although, as we have come to know AMD, i'm pretty sure there is a new AGESA in a few Weeks, that completely fixes those issues.

1) I have it disabled and don't have any devices relating to the PSP in Device Manager, or even DMESG on Linux. Nothing. Enabled there are a few things that hint at the PSP. 2) IMHO that's a design flaw with X86. Has been the case with many, many things over the years. Intel ME, many TPM devices, DRM functions or even Kinibi.

Man. Those guys are absolutely laughable. Hey, maybe i should search for some random fourth stage attacks, that haven't been fixed for years. For those who do not know what the stages are: Although you could even argue, that those are stage six attacks, since you are corrupting "something" (be it the ASMedia Controller or the PSP) I also just had a bit of a play with deactivating the PSP in my UEFI. That works and there is no PSP and TPM Device anymore. Edit: Even Trail of Bits says, those attacks are not viable. https://blog.trailofbits.com/2018/03/1

the FRACK? Are you for real? The whole reason why "we" defend AMD is because THE ONLY thing that may be a real problem for AMD is the ASMedia Shit - and even that is probably not even AMDs fault. It's about the "HOW" this is going down. If there are security flaws - so be it. But that whole smear campaign against AMD is an absolute shitshow, because Intel has the same vulnerabilities in their ME. That's btw one big reason why many thousands signed an open letter to AMD to make their PSP OpenSource to prevent this kind of stuff. The rest of all of those "vulnerabilities" are present

First of all: Dan Guido said that himself. Second: You just disqualified yourself from EVERY viable discussion with that kind of statement. How old are you? 14? Third: I'm a Sysadmin, so i do actually know a few things about computers. I may not be a security expert, but i do know my way around secure systems. Let's assume those vulnerabilities are real. For Ryzenfall 1-4 the first step is to get through the VSM, which was introduced with Windows 10. After that, you'll need to get access to the LSASS (Local Security Authority Subsystem Service), which has also been rewo

No. I don't, because either i completely misunderstood how the PSP and UEFI work, or i am right in that those are separated "enough" so that this can't be exploited in that way. Also, at least on my board i have to have the UEFI Network stack enabled to flash over the Internet, which i don't and as a Sysadmin it is standard policy in many companies to also turn that feature off. Timeline ======== 09-28-17 - Vulnerability reported to AMD Security Team. 12-07-17 - Fix is ready. Vendor works on a rollout to affected partners. 01-03-18 - Public disclosure due to 90 day disclosure deadline.

Please prove me wrong with data. I'm sorry, but i give a crap about your statement if you can't back it up with something else than one guy on Twitter saying he had access to the technical reports. And i don't care if he has 13 years of experience, he's still only one guy. And you repeating your claim won't make it right. Those "many other security experts" are still (it's around 23:20, 13th March of 2018, Euro Time) only that one guy. Where as at least four (!) said, that it's highly unlikely to be having any impact. And why are you so hellbent on making sure everyone be

Not only did they violate standard procedure, they made an extremely bad choice to be in the same bed with a shady companie that has a known history of manipulating stock markets with false claims. I'm not that optimistic though. The only real positive thing is, that AMD's PSP doesn't have the Network stack built in, like Intel's ME. Even if AMDs PSP is as pitted as swiss cheese, it won't matter, because they are not vulnerable from the outside. Edit: About Dan Guido - he specifically states, he has been paid by CST and "all 13 Flaws have been confirmed", while others a

Personally, i REALLY would like to know, how and why Dan Guido has said anything at all. Many other Security Experts are saying that pretty much all of that is - at least until now - absolute bullcrap. BTW, The much bigger question is: IF there is some merit to the PSP being vulnerable (read: Same problem as Intels ME, that STILL haven't been fixed fully, mind you!) - how can it be possible to bypass the Windows 10 VSM, that Microsoft praised as one of the absolute killer security features? By design it should be impossible to run unprotected code, that isn't hashed cor

No. It doesn't, especially not if the Whitepaper is as badly written as that. Especially considering what background "Viceroy" (the company behind CST) has. They have a background of manipulating stock and are currently under investigation from many around the world. Most notably Germany for crashing the ProSieben stock last week. Can you do something else, or is throwing swear words and bad mouthing people everything you can do? Have you studied that somewhere? I'd like to know that course, maybe i can jump down to your standard. Many at /r/AMD are everything but biased

Yeah, sorry, i just realized, i accidentally switched charts. But: https://www.techspot.com/review/1474-ryzen-vs-older-budget-cpus/ https://www.techspot.com/review/1546-intel-2nd-gen-core-i7-vs-8th-gen/ Therefore, i still don't think going with an 4460 is a good choice. (Unless you absolutely do not want to spend the money for DDR4...)

Edit: Yes, yes, i realized i switched charts.

I'll fire that right back: You can't be serious, right? Intel did everything in their power to make the best of the situation - yes, that is the only thing in your post i agree with. Intel knew about the Problem for at least 8 Months and they did absolutely nothing. They didn't make Microcode updates before hand, they where caught "off guard". Intel made Microcode Updates that bricked computers. Intel tried to sling mud against other manufactures. Intel tried to cover things up. And the worst of all: Intel tried to make the patches Optional. Linus Torvalds