[Update] Security flaws discovered in AMD zen processors : AMD's meltdown?

[ARikozuM]

4 minutes ago, Taf the Ghost said:

This is pure "Nothingburger" at the moment. You can exploit many things when you're already the Admin & Physically Present at the system: i.e. the normal User.

GASP! We're all hackers!

[Taf the Ghost]

3 minutes ago, DoctorWho1975 said:

 

But but but but but but someone else LOOKED at the exploits and said they SAW IT!!!!!! That's proof enough, right right????

There might be a spoof for injecting a poisoned Chipset or BIOS control, but that means we're at the point of saying, "Flashing your BIOS is a security flaw". But you have to hack into the computer before you can use this potential "exploit", so is it even an exploit at that point?

[DoctorWho1975]

And GN layeth the smack down:

 

https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs

[Blademaster91]

15 minutes ago, Taf the Ghost said:

https://doublepulsar.com/on-amd-flaws-from-cts-labs-f167ea00e4e8

 

This is pure "Nothingburger" at the moment. You can exploit many things when you're already the Admin & Physically Present at the system: i.e. the normal User.

I wouldn't amount this up to "nothingburger" simply because they disregard the exploits on a stock image and bullshit wesbite while attacking the single source accusing Dan Guido to be a CTS shill who confirms the exploits to function,just because he got paid for it. I dunno I'd rather wait and see if someone releases any proof of concept.  An exploit is still there but so far hardly even viable in an aspect to be worried about.

[Taf the Ghost]

2 minutes ago, Blademaster91 said:

I wouldn't amount this up to "nothingburger" simply because they disregard the exploits on a stock image and bullshit wesbite while attacking the single source accusing Dan Guido to be a CTS shill that confirms the exploits to function,just because he got paid for it. I dunno I'd rather wait and see if someone releases any proof of concept. An exploit is still there but so far hardly even viable in an aspect to be worried about.

There could be an attack vector on the ASMedia chipset, but you need physical access for that to work. This is the level of exploit that makes the "FBI uses it when they have weeks and need to crack a system". 

[DanielMDA]

58 minutes ago, ARikozuM said:

Wouldn't be the first or last time someone used a green screen for a background during an interview. 

Red Herring fallacy.

Of a stock image. I mentioned my 6700K because I posted it on YT and I got immediately named AMD Fanboy. I am aware its a fallacy, but I dont want to risk beign perceived as biased on a topic like this.

[SpaceGhostC2C]

9 hours ago, LAwLz said:

Gotta love the hypocrisy on this forum.

 

Intel has a security issue?

FUCK INTEL! I HOPE THEY GET SUED! WOHO AMD! INCOMPETENT MORONS CAN'T EVEN DESIGN A SECURE PROCESSOR!

 

AMD has security issues?

FUCK INTEL! I BET THIS IS FUNDED BY INTEL JUST TO MAKE AMD LOOK BAD! BY THE WAY NO NEED TO BE SCARED YOU GUYS! AMD PROCESSORS ARE SUPER SECURE!

 

You know, there is this thing called "source". As in it's not hypocrisy to give different credibility to a Project Zero vulnerability report and a website poorly put together 2 days ago that i could be the author myself by just typing "yadda yadda, using AMD can put lives in danger" (sic).

 

Calling for caution and solid sources for others' claims, while clutching at some half-assed document because it sounds like "karma biting back fanboys" is, I don't know, hypocritical?

[kaiju_wars]

https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs

[Arika]

42 minutes ago, SpaceGhostC2C said:

 

You know, there is this thing called "source". As in it's not hypocrisy to give different credibility to a Project Zero vulnerability report and a website poorly put together 2 days ago that i could be the author myself by just typing "yadda yadda, using AMD can put lives in danger" (sic).

 

Calling for caution and solid sources for others' claims, while clutching at some half-assed document because it sounds like "karma biting back fanboys" is, I don't know, hypocritical?

are you saying that the same reaction would be given if this same article was release but was about Intel instead of AMD? Absolutely not. Intel would be ripped to shreds, regardless of how "legitimate" a website is put together.

 

That's the hypocrisy

[Jito463]

2 hours ago, Taf the Ghost said:

Still, if there are two groups within the USA to never mess with: SEC and CIA. Both will destroy you for fun, though the first won't kill you.

That's what they want you to think.  The hushed whispers of those who've gone missing after a visit from the SEC?  Well, I'd best not get into too much det....................................

 

The remainder of this post is now redacted.

[leadeater]

3 hours ago, ARikozuM said:

Thread about AMD became derailed by mods and turned into an Nvidia thread... 

 

#NotSurprised

Well my derail skills are over 9000

[Drak3]

2 minutes ago, leadeater said:

Well my derail skills are over 9000

7 minutes ago, Jito463 said:

That's what they want you to think.  The hushed whispers of those who've gone missing after a visit from the SEC?  Well, I'd best not get into too much det....................................

 

The remainder of this post is now redacted.

 

[ARikozuM]

5 minutes ago, Drak3 said:

 

I prefer the one where it says "Because f#ck me 9 times". 

[Canada EH]

2 hours ago, Shreyas1 said:

So I don't even know WHERE they got 16 years from.

They are liars!

[Brooksie359]

9 hours ago, M.Yurizaki said:

After looking through the whitepaper some more, and despite the shadiness of the operation and the presentation of the paper and the extremely short window of time they presented the vulnerabilities, it still brings up a good point:

Security by obscurity isn't an effective means of securing your system. This is what bit Intel in the ass over IME and AMT.

 

Until you have actual proof, you're spouting accusations that amount to slander, history of shady business practices or not.

I mean they lost the lawsuit over some of those business practices so I would have to say that there is proof for alot of what they have done in the past as well as the glue comment. That being said I wouldn't jump to the assumption that it is Intel doing this but it does look like someone is trying to smear AMD.

[Jito463]

1 minute ago, Brooksie359 said:

I mean they lost the lawsuit over some of those business practices so I would have to say that there is proof for alot of what they have done in the past as well as the glue comment. That being said I wouldn't jump to the assumption that it is Intel doing this but it does look like someone is trying to smear AMD.

While I wouldn't put it past Intel or Nvidia, it would be beyond premature to even speculate at this point, given that there's not so much as a shred of evidence pointing to either company.

[SpaceGhostC2C]

1 hour ago, Sierra Fox said:

are you saying that the same reaction would be given if this same article was release but was about Intel instead of AMD? Absolutely not. Intel would be ripped to shreds, regardless of how "legitimate" a website is put together.

 

That's the hypocrisy

Ah, I see. The hypocrisy consists in what you imagine would have happened if. You are basically denouncing the blatant hypocrisy of the alternative selves of forum members inhabiting the counterfactual universe in which a different piece of news was published.

Would that be all?

[Arika]

3 minutes ago, SpaceGhostC2C said:

Ah, I see. The hypocrisy consists in what you imagine would have happened if. You are basically denouncing the blatant hypocrisy of the alternative selves of forum members inhabiting the counterfactual universe in which a different piece of news was published.

Would that be all?

yes it is what i imagine would have happen and what has happened countless times in the past. It is an assumption based on previous experiences. I'm not denouncing the hypocrisy I'm pointing it out. there is no "Alternative selves" in this situation, there is an inherent bias in some people on this forum that AMD can do no wrong and therefore will defend it to the death, yet Intel in a similar situation would not be afforded the same defense by these people.

 

 

[Jito463]

1 hour ago, VegetableStu said:

intel outed a statement to say they're not involved with the research group by the way (gamers nexus article)

Without trying to appear as if I'm claiming Intel is involved, how would you expect them to respond?  "Why yes, we did fund this hit job on AMD"?  Even if it were true that they had a hand in this, they wouldn't be so stupid as to just come out and say it.

[KuJoe]

 

TLDR: Nothing to worry about, just some kids making a few bucks in the stock market.

 

[goodtofufriday]

9 hours ago, Sierra Fox said:

The bias on this forum never ceases to amaze me. If this was Intel everyone would be losing their collective shit and saying they will be switching, But because it's AMD 

"Oh this is a smear campaign paid for by Intel"

"Fake"

"It's fine it will be fixed"

" It won't affect consumers, only companies"

 

The fuck guys?

You obviously were not here when ryzen offically launched and the single core perf was not on par with intel. It was like the whole site was shouting how bad amd is. 

[TenThousand]

It's like if someone started ranting about how water can drown and suffocate people if you hold their head in it long enough and then said you shouldn't drink it because of that.

[leadeater]

2 hours ago, Jito463 said:

While I wouldn't put it past Intel or Nvidia, it would be beyond premature to even speculate at this point, given that there's not so much as a shred of evidence pointing to either company.

Personally I couldn't see Intel or Nvidia doing what is being suggested; stock market manipulation or improper security vulnerability disclosure or invalid security vulnerability claims for another company's product (not by direct payment/support of a research firm to find it or make it up).

 

All three of them would be very easily identified and all three would carry huge penalty actions by the industry and/or potentially regulatory authorities, it just doesn't seem likely.

 

Independent market manipulation by unaffiliated entities to make monetary gain is the most plausible of any improper conduct if any, other than violating Responsible Disclosure. AMD stock is a prime target for it as the company doesn't have a strong track record of being financially stable or a track record of being a market leader backing their stock stability so it is in theory easy to influence the value of the stock being as raising doubt and uncertainty would not be hard. Hitting a company's stock value such as Intel's or Nvidia's would be incredibly hard, to the extent you could actually make any decent money off of to go through the effort and risk.

Edited March 14, 2018 by leadeater

[Vode]

This is a bullshit attempt to weaken faith in AMD.

 

Requiring to flash the BIOS and physical access to the machine... how is that an exploit? If you can do those two things you already can do whatever you want in most cases.

[Suika]

I entered this thread to watch people ceaselessly protect the manufacturer of their choice and I have not been disappointed.

 

The Gamers Nexus video on the matter is pretty good, here's a link for those who haven't seen it.

 

Regardless of the legitimacy of the proposed attacks... If the bad guy has physical access to your machine, not to mention, elevated privileges... You should automatically assume the worst, with or without an extra little exploit (that sounds like extra effort).