[Update] Security flaws discovered in AMD zen processors : AMD's meltdown?

[AresKrieger]

You know if they are indeed a fake company they could simply release the exploit into the wild for lols, and personally I would find it funny as this thread has made it clear to me why I hate AMD, its the fans. (well that and AMDs CPUs have never lasted more than 4 years for me while all my intel cpus still work), either way if the exploit is real it is the same scenario as meltdown a mostly academic exploit that requires other exploits to take proper effect.

[Arika]

24 minutes ago, Sierra Fox said:

it's the red eyes right? shit i knew that would get out.

@ARikozuM

 

[DoctorWho1975]

18 minutes ago, AresKrieger said:

You know if they are indeed a fake company they could simply release the exploit into the wild for lols, and personally I would find it funny as this thread has made it clear to me why I hate AMD, its the fans. (well that and AMDs CPUs have never lasted more than 4 years for me while all my intel cpus still work), either way if the exploit is real it is the same scenario as meltdown a mostly academic exploit that requires other exploits to take proper effect.

Don't playa hate dawg.

[Blademaster91]

18 minutes ago, DoctorWho1975 said:

This thread is about the AMD security flaw bullshit, not NVidia.

No I mean if you're accusing Linus of being an NV or Intel shill (sorry if i'm misunderstanding) they only report on stuff after the rumors disappear, I don't think this is anything but bullshit either until the proof of concept is public with more statements from researchers and AMD themselves.

11 minutes ago, AresKrieger said:

You know if they are indeed a fake company they could simply release the exploit into the wild for lols, and personally I would find it funny as this thread has made it clear to me why I hate AMD, its the fans. (well that and AMDs CPUs have never lasted more than 4 years for me while all my intel cpus still work), either way if the exploit is real it is the same scenario as meltdown a mostly academic exploit that requires other exploits to take proper effect.

All of my previous builds were AMD, but I can't stand the loud unrelenting fanboys on especially r/AMD these days.

[AresKrieger]

1 minute ago, DoctorWho1975 said:

Don't playa hate dawg.

Well in this case I'm not hating the player, I would in fact be hating the game (which in this analogy is AMD)

 

Not that it matters I really just hate hypocrisy and hype marketing which seem to happen in topics about this company due to their underdog persona and marketing style. It doesn't change much though as they were blacklisted by me due to unreliability not these latter dislikes, I've blacklisted many companies they are just the largest tech one.......besides apple 

[DoctorWho1975]

1 minute ago, Blademaster91 said:

No I mean if you're accusing Linus of being an NV or Intel shill (sorry if i'm misunderstanding) they only report on stuff after the rumors disappear, I don't think this is anything but bullshit either until the proof of concept is public with more statements from researchers and AMD themselves.

 

 

Jesus Christ you are so far off base. I made the statement because actual news is left out of the WANk show more often then not the past couple months.

[ARikozuM]

8 minutes ago, Sierra Fox said:

@ARikozuM

 

I'm ashamed for checking your profile for an icon change... Apparently the logo was always there... 

 

#SponsorshipsWanted

[DoctorWho1975]

Just now, AresKrieger said:

Well in this case I'm not hating the player, I would in fact be hating the game (which in this analogy is AMD)

 

Not that it matters I really just hate hypocrisy and hype marketing which seem to happen in topics about this company due to their underdog persona and marketing style. It doesn't change much though as they were blacklisted by me due to unreliability not these latter dislikes, I've blacklisted many companies they are just the largest tech one.......besides apple 

It has nothing to do with hypocrisy, I outlined in a previous post why I think this thing(the game "CTS Labs"/Viceroy is playing) is complete bullshit. 

[Taf the Ghost]

Well, I was away all day, and look at this mess.

 

My first thought is AMD should be sending the Lawyers after this company, raze it to the ground and salt the earth where it once stood. This wasn't a security issue; this was a hit-job. That it utterly clear.

 

https://twitter.com/cataclysmza/status/973621504427651072

 

Looks like the "security research" company has ties to stock manipulators, which looks a lot like what this was about. 

 

Has anyone found proof that this can work with anything but Physical Access? (At which, there's 1000s of approaches if true.)

[DanielMDA]

9 hours ago, Coaxialgamer said:

CTS , a reasearch group has discovered potentially up to 13 flaws affecting Zen-based cpus ( this includes ryzen , ryzen pro , threadripper and epyc ) which could allow a malicious attacker to take control of a computer and/or access secure data that would usually stay our of reach .

CTS has contacted AMD , but only allowed them 24 hours instead of the customary 90 days , which is kind of a duck move in my opinion

 

Source (cnet) 

https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/

 

 I honestly don't know what to say, but this is bad. Lets hope a patch comes in quick that doesn't cripple performance. 

 

Update : AMD has released a brief statement regarding the issue :

http://quarterlyearnings.amd.com/news-releases/news-release-details/view-our-corner-street-0

 

This is very fishy, even if its true. This company came out of nowhere, the YT Channel is 3 days old, and the Website is fairly new. But what is really fishy is the fact that in their YT Videos they use stock images and Green Screen for back gorund. I dont want to get to radical, but this may be a Market Manipulation Attempt by Intel.

 

 

And before you call me a fanboy. I own a 6700K

[ARikozuM]

1 minute ago, DanielMDA said:

This is very fishy, even if its true. This company came out of nowhere, the YT Channel is 3 days old, and the Website is fairly new. But what is really fishy is the fact that in their YT Videos they use stock images and Green Screen for back gorund. I dont want to get to radical, but this may be a Market Manipulation Attempt by Intel.

Wouldn't be the first or last time someone used a green screen for a background during an interview. 

1 minute ago, DanielMDA said:

And before you call me a fanboy. I own a 6700K

Red Herring fallacy.

[Canada EH]

Fake News strix again

[AresKrieger]

12 minutes ago, DoctorWho1975 said:

It has nothing to do with hypocrisy, I outlined in a previous post why I think this thing(the game "CTS Labs"/Viceroy is playing) is complete bullshit. 

Not you I'm talking about in general, CTS is indeed sketchy but the person they had validate their exploit has credibility, doesn't make their paper any less amateur. In short CTS reminds me of some cracking groups who often break code well but don't have sense nor any sort of scruples 

[Taf the Ghost]

The Short Seller group that hatched this apparently attacked non-US Based stocks in the past. They're going to wish they didn't touch a US Stock. The SEC are a nightmare to deal with, and being non-American, they lack most protections. I hope you enjoy the NSA intercepts of your life!

[Shreyas1]

this is the fastest growing thread I have ever seen...

[8uhbbhu8]

1 hour ago, Taf the Ghost said:

The Short Seller group that hatched this apparently attacked non-US Based stocks in the past. They're going to wish they didn't touch a US Stock. The SEC are a nightmare to deal with, and being non-American, they lack most protections. I hope you enjoy the NSA intercepts of your life!

OH?! Well if it does happen that'll be fun to watch!

[Canada EH]

Blame Putin's Russia

I dont, but others would

[Shreyas1]

RIP OP's notifications

[AresKrieger]

6 minutes ago, Taf the Ghost said:

The Short Seller group that hatched this apparently attacked non-US Based stocks in the past. They're going to wish they didn't touch a US Stock. The SEC are a nightmare to deal with, and being non-American, they lack most protections. I hope you enjoy the NSA intercepts of your life!

The only question I have is whether they found an exploit or made one up, I'm sure that will be cleared up in a day or two but either way it is quite clear there was intent to cause harm to a US company regardless, also the NSA doesn't deal with foreigners that is the CIA

[Taf the Ghost]

2 minutes ago, 8uhbbhu8 said:

OH?! Well if it does happen that'll be fun to watch!

These things normally play out over 2-4 years, and they normally get like a line in a news feed at a time that never matters. It might make the news here when charges get filed in the future, but that's years from now.

 

Still, if there are two groups within the USA to never mess with: SEC and CIA. Both will destroy you for fun, though the first won't kill you.

[Shreyas1]

10 hours ago, rcmaehl said:

4. Domain (website records) for this "16 years in operation" company don't exist any earlier than February of this year

Apparently this company was founded in 2017 as stated on their own website

 

http://www.cts-labs.com/management-team

 

So I don't even know WHERE they got 16 years from.

 

Quote

In 2017, Ido co-founded CTS Labs

 

 

Quote

Yaron co-founded CTS-Labs in 2017

 

 

Quote

In 2017, Ilia co-founded CTS Labs

 

[Drak3]

3 minutes ago, Taf the Ghost said:

Both will destroy you for fun, though the first won't kill you.

Neither will the second.

 

And that's the scary part of it.

[Taf the Ghost]

Just now, AresKrieger said:

The only question I have is whether they found an exploit or made one up, I'm sure that will be cleared up in a day or two but either way it is quite clear there was intent to cause harm to a US company regardless, also the NSA doesn't deal with foreigners that is the CIA

Well, if you upload a modded BIOS, you can do anything to any computer. I'm trying to find a more technical breakdown, but, well, people are pretty pissed about the Attack aspects of this.

 

NSA logs everything. CIA does targeted Operations.

[Taf the Ghost]

https://doublepulsar.com/on-amd-flaws-from-cts-labs-f167ea00e4e8

 

Quote

Some initial technical analysis from me.

• All of the bugs require administrator (or root) access to exploit. This is a significant mitigation.
• All of the bugs require the ability to execute code. This is a significant mitigation.
• No proof of concept code has been provided.
• No technical information has been published.
• Nothing is in the wild for this.
• It could not lead to a global cyber attack like WannaCry, as it does not provide code execution.

This is pure "Nothingburger" at the moment. You can exploit many things when you're already the Admin & Physically Present at the system: i.e. the normal User.

[DoctorWho1975]

Just now, Taf the Ghost said:

https://doublepulsar.com/on-amd-flaws-from-cts-labs-f167ea00e4e8

 

This is pure "Nothingburger" at the moment. You can exploit many things when you're already the Admin & Physically Present at the system: i.e. the normal User.

 

But but but but but but someone else LOOKED at the exploits and said they SAW IT!!!!!! That's proof enough, right right????