[Update] Security flaws discovered in AMD zen processors : AMD's meltdown?

[Mira Yurizaki]

5 minutes ago, pas008 said:

but we have updated links that supposedly they are real

If you are asserting that this is indeed an attempt of driving AMD's stock down, then what's being said is that they failed miserably at doing it since AMD's stock only went down a smidgen that can be easily recovered.

[pas008]

1 minute ago, M.Yurizaki said:

If you are asserting that this is indeed an attempt of driving AMD's stock down, then what's being said is that they failed miserably at doing it since AMD's stock only went down a smidgen that can be easily recovered.

didnt say shit on driving down stock at all

i'm am saying there are links with trail of bits company being hired to look after the security vulnerabilities

 

and I stated intel stock wasnt affect by its security problems so why would amd's

 

does no one know how to read through a forum topic or do they just read what they want to read?

[Mira Yurizaki]

1 minute ago, pas008 said:

does no one know how to read through a forum topic or do they just read what they want to read?

It's kind of hard to keep up when the trail is littered with non-sequiters.

[JoostinOnline]

On 3/13/2018 at 10:35 AM, M.Yurizaki said:

That's like saying "you can exploit Windows by installing a botnet on the target machine" and claiming Windows has flaws.

I totally get what you're saying, but I doubt many people would call Windows flawless.  

[ItsMitch]

2 minutes ago, pas008 said:

and I stated intel stock wasnt affect by its security problems so why would amd's

 

You sure about that? It definitely got a big dink in the 1 and a half weeks of controversy. But it did eventually recover. 

[pas008]

15 minutes ago, SC2Mitch said:

You sure about that? It definitely got a big dink in the 1 and a half weeks of controversy. But it did eventually recover. 

over 1 yr and 5 yr looks like norm stoch shit to me

and now close to its high and shit hasnt been fixed

 

but back on topic

you think ms will help fix everything in windows lol

considering intels shit isnt even fixed

[Brainless906]

Lol, a hitpiece if there ever was one.

[LAwLz]

24 minutes ago, PPCs-Kat said:

Trail of Bits or w.e thing is just unreliable, they got paid to say it was true. Anyone wanna give me teamviewer login? if I use it and make your wallpaper linus is that a security flaw? no....

Wow wow wow... Those are some MASSIVE accusations you got there.

Trail of bits is a security firm that was hired to validate their claims as an independent third party. They were not paid to say the findings were true.

You should be very careful with those kinds of statements.

 

 

26 minutes ago, PPCs-Kat said:

Until we have proper research by companies NOT affiliated with CTS/Viceroy this all is just attack to lower stock...

We already have, but you just accused them of being shills.

[Razor01]

32 minutes ago, PPCs-Kat said:

From what I/we know...

• Viceroy is under investigation by Germany for shortselling stock in this method.
• CTS Labs is new and white paper was done improperly, used stock photos for literally everything, and owners have stake in stock holding companies
• Trail of Bits or w.e thing is just unreliable, they got paid to say it was true. Anyone wanna give me teamviewer login? if I use it and make your wallpaper linus is that a security flaw? no....

Shortselling AMD due to stock performance is what they wanted to try and do. They have targeted (Viceroy) many other companies but I believe the Techtubers and everyone with brain cells to understand its bs has kept it from crashing in proper. Those who say its Nvidia countering AMD releasing GPP stuff is silly though...This is extremely sloppy and fake. Not only that but Aptio V is locked down insanely for boards that use it...good luck trying to flash a bios that wasn't signed with manufactures signature (Which is now done with internet connected tools).

 

All it is is this... even if it dropped 27 cents a share they still could make a small profit depending on how many shares they dumped.

 

 

Until we have proper research by companies NOT affiliated with CTS/Viceroy this all is just attack to lower stock...

 

Trails of Bits didn't get paid by CTS I don't' think they got paid by Reuters.....

[pas008]

8 minutes ago, Razor01 said:

 

Trails of Bits didn't get paid by CTS I don't' think they got paid by Reuters.....

in anandtech article

 

In a tweet, Guido goes on to say that Trail of Bits was paid for their research time, clarifying further that 

"It was driven by curiosity first and a favor. However, once we received the technical report and fielded their first set of questions, we realized it went beyond a favor. We anticipated 1 bug, not 13, so we asked to get paid."

also in the article

 

Update 3/14 5:00am ET

Reported by Ars Technica, a second security firm has now spoken publicly about being contacted by CTS-Labs for verification of the vulnerabilities. Gadi Evron, CEO of Cymmetria, stated in a series of tweets that:

1. He knows CTS-Labs and vouches for their technical capabilities, but has no knowledge of their business model
2. All the vulnerabilites do not require physical access (a simple exe is all that is needed)
3. Fallout does not require a reflash of the BIOS
4. CTS-Labs believes that the public has a right to know if a vendor they are using makes them vulnerable, which is why no substantial lead time was given.

Quoted by Ars is David Kanter, founder of Real World Technologies and industry consultant, who verifies that even though these are secondary stage attacks, they can still be highly important. David states that while

"All the exploits require root access - if someone already has root access to your system, you're already compromised. This is like if someone broke into your home and they got to install video cameras to spy on you".

Ars also quotes Dan Guido, who states that all that is needed to enable these exploits is the credentials of a single administrator: 

"Once you have administrative rights, exploiting the bugs is unforunately not that complicated."

[LAwLz]

15 minutes ago, Razor01 said:

Trails of Bits didn't get paid by CTS I don't' think they got paid by Reuters.....

Trail of bits got paid.

 

But that is completely OK because that is how the industry works (and has to work). They got paid to validate CTS's findings. Security consultants won't spend days or weeks validating and testing code and attacks for fun. They get paid to do so.

The Truecrypt audit was something like 80,000 dollars to complete. The people who worked on that weren't paid to say TrueCrypt was safe, they were paid to validate if it was safe or not.

[mr moose]

1 hour ago, PPCs-Kat said:

From what I/we know...

• Viceroy is under investigation by Germany for shortselling stock in this method.

I don't think I've seen a single person happy with the way they have carried out their business much less defend them in this thread.

 

Quote

• CTS Labs is new and white paper was done improperly, used stock photos for literally everything, and owners have stake in stock holding companies

Everyone uses stock photos,  when you try to pad out an accusation with irrelevant info it devalues your argument.  CTS might well be the evil everyone paints them. Their motivation is obviously questionable, But the issue is now how do we deal with the issue this raises.  If you want to trivialize the threats simply because some company was smart enough to use them to try and manipulate stock then by all means, but don't go adding irrelevant information.

 

Quote

• Trail of Bits or w.e thing is just unreliable, they got paid to say it was true. Anyone wanna give me teamviewer login? if I use it and make your wallpaper linus is that a security flaw? no....

 

No, just no,  you can't accuse someone of being unreliable because they were hired to do their job.  How would you like it if people accused you of being unreliable because you get paid for your services?

 

 

 

We can only judge whats happening with the information we have in front of use, when people manipulate the information because they don't like the insinuation then we have an issue (we are still fighting the trope that AMD runs hot).   Unless you have evidence trail of bits is in on this stock manipulation then provide it, otherwise stick to the facts. 

 

 

[Bananasplit_00]

no major flaws found in Via chips yet tho, they are looking pretty interesting now that their next gen is claiming on par with Ryzen performance IIRC but if i had to guess they are hit by Spectre at least

[Razor01]

Viceroy looks like the Illuminati lol, what the hell 3 people killing a multi billion dollar corporation is South Africa and other countries, damn what the hell.

 

I don't think CTS has any association with Viceroy, or hope not, because that sounds like trouble for them if they are.

[mr moose]

5 minutes ago, Bananasplit_00 said:

no major flaws found in Via chips yet tho, they are looking pretty interesting now that their next gen is claiming on par with Ryzen performance IIRC but if i had to guess they are hit by Spectre at least

Fuck AMD, FUCK Intel, VIA here I come.  Complete with VIA GPU.

[Bananasplit_00]

Just now, mr moose said:

Fuck AMD, FUCK Intel, VIA here I come.  Complete with VIA GPU.

https://www.videocardbenchmark.net/gpu.php?gpu=S3+ProSavageDDR&id=1835

 

perfection!

[sambarr]

 

Quote

When was the last time you saw a security advisory that was basically "if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem"? Yeah.

Linus Torvalds. 

 

You need administrative privileges and a vendor-supplied driver. Stupidest vulnerability ever.

[LAwLz]

9 minutes ago, sambarr said:

and a vendor-supplied driver

I think you're misunderstanding.

What they are saying is that you need the driver from AMD/ASMedia installed. That's it. Most if not all people with Ryzen computers has this installed, so it is not a hindrance for executing the exploit.

 

Needing admin privilege is essentially the only significant obstacle, and that's not all that difficult to get.

[sambarr]

15 minutes ago, LAwLz said:

I think you're misunderstanding.

What they are saying is that you need the driver from AMD/ASMedia installed. That's it. Most if not all people with Ryzen computers has this installed, so it is not a hindrance for executing the exploit.

 

Needing admin privilege is essentially the only significant obstacle, and that's not all that difficult to get.

I can flash my own graphics card with a rootkit. Even an external hard drive. What's the point if you need admin?

 

If it's not difficult to get admin, then you're already beyond fucked. 

 

(You need the graphics driver installed to put malware on your graphics card). This is really stupid.

[Bananasplit_00]

13 minutes ago, sambarr said:

I can flash my own graphics card with a rootkit. Even an external hard drive. What's the point if you need admin?

 

If it's not difficult to get admin, then you're already beyond fucked. 

 

(You need the graphics driver installed to put malware on your graphics card).

the getting admin access part is easy because people will just press yes in the admin rights pop up for any shady shit they install, thats going to be the weakest link in all this. if nobody fell for shit like that, there would be way less need for both IT staff and anti virus lol

[Sebanisu]

Security now on that Twit network covered this. All of this is on the third party chip set; that AMD is paying a Taiwan company to make for them. And it sounded like this company did a bad job making these chips. One of the vulnerabilities was a hardware backdoor of some kind and it sounded like the hardest to fix. Sounds a lot like the issues Intel had with their chips.

[sambarr]

4 minutes ago, Sebanisu said:

Security now on that Twit network covered this. All of this is on the third party chip set; that AMD is paying a Taiwan company to make for them. And it sounded like this company did a bad job making these chips. One of the vulnerabilities was a hardware backdoor of some kind and it sounded like the hardest to fix. Sounds a lot like the issues Intel had with their chips.

Watching the podcast right now, thanks

[SpaceGhostC2C]

13 minutes ago, Sebanisu said:

Security now on that Twit network covered this. All of this is on the third party chip set; that AMD is paying a Taiwan company to make for them. And it sounded like this company did a bad job making these chips. One of the vulnerabilities was a hardware backdoor of some kind and it sounded like the hardest to fix. Sounds a lot like the issues Intel had with their chips.

It seems you missed the last 18 pages

Btw, "a Taiwan company" would be ASMedia...

 

14 minutes ago, sambarr said:

Watching the podcast right now, thanks

You are wasting your time, he just reads CTS' press release and web material out loud.

[MoonSpot]

1 minute ago, SpaceGhostC2C said:

You are wasting your time, he just reads CTS' press release and web material out loud.

Where were you 9 mins ago when I needed you?  I was however reminded, at least in part, as to why I got rid of all things Twit from showing up in my streams/subscriptions.

[sambarr]

1 minute ago, MoonSpot said:

Where were you 9 mins ago when I needed you?  I was however reminded, at least in part, as to why I got rid of all things Twit from showing up in my streams/subscriptions.

Most of what they do is read the news aloud. Not a lot of insight. Spinrite 6 didn't save my bacon (yet) either.