Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


AMDFLAWS - Vulnerabilities and Backdoors in AMD CPUs.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

AMDFLAWS - Vulnerabilities and Backdoors in AMD CPUs.

datanoisedatanoise Member
edited March 2018 in General

Didn't see that news here, sorry if I missed it.

13 security flaws in AMD CPU. Seems rather fun:

https://www.amdflaws.com/

«1

Comments

  • NeoonNeoon Community Contributor, Veteran
    edited March 2018

    Bullshit, they gave AMD 24 hours, until they release the exploits.

    Nonsense, and everyone repost this, jesus christ.

    No one with a brain, gives a company 24 hours to fix critical exploits.

    Thanked by 3yomero rm_ KuJoe
  • desperanddesperand Member
    edited March 2018

    AHAHAHAHAHAHHAHA

    I remember some holy wars related to exploits, my position was: if they're not yet leaked exploits, that does not mean that they does not exist, and both products and good and bad for different kinds of tasks.

    But AMD fanboys used argue that if there is no like Intel ME exploits on AMD platform, that means the processor is better. Now I'm just smiling :D

  • desperand said: Now I'm just smiling :D

    Same happened with spectre / meltdown. "I'm safe, bought AMD".

    Well...

  • MikeAMikeA Member, Patron Provider

    AMFFLAWS - Funded in part by Intel

    /s

  • deankdeank Member, Troll

    The end is here, for some fanboyz.

    Thanked by 1MikePT
  • NeoonNeoon Community Contributor, Veteran

    Its fake, but its known that the new processors have a security chip, what Intel calls ME, which is a backdoor, according to the definition of a backdoor.

  • mkshmksh Member

    @Neoon said:
    Its fake, but its known that the new processors have a security chip, what Intel calls ME, which is a backdoor, according to the definition of a backdoor.

    And known for a long time also (https://libreboot.org/faq.html#amd). If someone tries to sell that as news there is no hope for him... Not even the report of a critical bug there would be much of a surprise imo.

  • Good find.

    It looks like totally fake news, someone decided to take a shot at AMD with bogus claims, possibly to short their stock and make money in the process.

  • FoxelVoxFoxelVox Member
    edited March 2018

    Yea No, accept that amd is making a comeback, Intel hardcore fanboys cant handle that.

    I use both, both great products.

    Thanked by 1qrwteyrutiyoup
  • mkshmksh Member

    I also like how it seems you need a webdesigner and a merketing company if you want to release an advisory these days to make sure you have the right presentation for complete morons.

    • "What happened?" Yeah, really what's this all about? I just randomly typed this URL hoping to find some free porn.
    • "Am I affected?" Now that's important! I need to know if my insanely expensive CS:GO skin is safe from evil russian hackers.
    • "What is this site for?" Geez, now that's a tough one. My best guess would be to tell people about the dangers of unprotected sex? No? OK, i give up.

    STUPID

  • where's the logo!!!

    exploit had name now days

    Thanked by 1mksh
  • NeoonNeoon Community Contributor, Veteran
    edited March 2018

    According to reddit, shit is real.

    https://www.reddit.com/r/Amd/comments/845w8e/alleged_amd_zen_security_flaws_megathread/

    People have spoken with them and it seems to be something, something.

  • SplitIceSplitIce Member, Host Rep

    24-hours to fix something in hardware with a software hack? Irresponsible advisory researchers.

    Thanked by 2maverickp eva2000
  • FennecFoxFennecFox Member
    edited March 2018

    Sounds like there is some truth with what has been found however so poorly executed and morally unacceptable.

    First of all amdflaws.com? 24 hours to compile a fix? Drama queen comes to mind no doubt for market manipulation but thats a guess. Using fake backgrounds on their videos? In addition to effectively disclaim that CTS may or may not have some kind of financial motive makes these 'researchers' one of the most attention whoring ones I have seen.

  • Both, amd and intel security and management processors are based on arm and in particular on "trustzone". In fact, the very concept is based on arms trustzone concept.

    And yes, there have been, are, and will continue to be flaws and vulnerabilities. Nothing new here, carry on.

    As for that "study": sorry but some "security whitepaper" including links to forbes (why not to playboy right away?) and being very thin on meat (as opposed to blabla) but having a website and even an embedded video may be lots of things, incl. competition smearing, but certainly not a security whitepaper.

    But: thanks for the entertainment and the laughs.

    Thanked by 3mksh Aidan default
  • WSSWSS Member

    Someone is just trying for a footnote in history, and they've attained it. Not that their data is empirically wrong, but their mindset is.

  • @WSS said:
    Someone is just trying for a footnote in history, and they've attained it. Not that their data is empirically wrong, but their mindset is.

    Why don’t you go to their “offices” and tell them? Jk

  • WSSWSS Member

    @doghouch said:

    @WSS said:
    Someone is just trying for a footnote in history, and they've attained it. Not that their data is empirically wrong, but their mindset is.

    Why don’t you go to their “offices” and tell them? Jk

    wat

  • @WSS said:

    @doghouch said:

    @WSS said:
    Someone is just trying for a footnote in history, and they've attained it. Not that their data is empirically wrong, but their mindset is.

    Why don’t you go to their “offices” and tell them? Jk

    wat

    I was referring to the Reddit post where they compared CTS Labs' office to some stock pictures:

    Thanked by 1WSS
  • WSSWSS Member

    @doghouch said:
    I was referring to the Reddit post where they compared CTS Labs' office to some stock pictures:

    I'm the bicycle.

  • rm_rm_ IPv6 Advocate, Veteran
    edited March 2018

    Regardless if these flaws are real or not, PSP is AMD's equivalent of "Intel ME" backdoor, and it absolutely shouldn't be there. All of the discovered (or not) exploits involve it in some way, so hopefully AMD gets into enough heat over this PSP that they decide to remove it altogether.

    Thanked by 1datanoise
  • mkshmksh Member

    @rm_ said:
    Regardless of real or not, PSP is AMD's equivalent of "Intel ME" backdoor, and it absolutely shouldn't be there. All of the discovered (or not) exploits, involve it, in some way. So hopefully AMD gets into enough heat over this PSP that they decide to remove it altogether.

    Yeah, it would be nice to be able to rely on recent hardware again. Sadly i doubt they will even make it possible to disable PSP. Not that an off-switch without any way to check if it's realy doing what it's supposed to would be worth much since as long as those blackbox chips and their shadow OSes are physicaly there any kind of trust is impossible.

    Thanked by 1datanoise
  • bsdguybsdguy Member
    edited March 2018

    @rm_ said:
    Regardless if these flaws are real or not, PSP is AMD's equivalent of "Intel ME" backdoor, and it absolutely shouldn't be there. All of the discovered (or not) exploits involve it in some way, so hopefully AMD gets into enough heat over this PSP that they decide to remove it altogether.

    Nope, no matter the heat (which, looking at the source is questionable anyway). The problem is that the new "secure blabla" already is quite new, so AMD did try (and probably succeed to a degree) and that all them management and security engines are flawed deep down to the design and that, even if they wanted to and no matter how much they want, both intel and amd (as well as arm) will stay fucked for quite some time. From what little is known, their whole design and development process, both wrt hard- and software, is not (yet) up to the task plus they'd also need a small and highly reliable hw core which nowhere exists; about the only candidate I see is Risc V which is still in its infancy.

    Plus: Hey, "we" the customers wanted ever more features and speed - and that's what they took as orientation point and what we got. We, the customers, aren't in the best place to scold them. Sad but true and that's how our system works.

    P.S. And no matter what AMD and intel might come up with, we'd still have sleepless nightmare plagued nights thanks to BMC/IPMI... (which is even bigger and worse fucked up)

    Thanked by 1datanoise
  • bsdguy said: the only candidate I see is Risc V which is still in its infancy.

    The community that actually seems to care about this issue is the one involved with the POWER series. The Risc-V crowd seems indifferent, though as you say, it's early days.

  • AidanAidan Member

    Absolutely shocking, who would've thought that an attacker could gain access to your system if he had full administrative access.

    I've been deploying software with bootloader "exploits" on both AMD & Intel for the better part of two years - this isn't news.

    Thanked by 2MasonR doghouch
  • NeoonNeoon Community Contributor, Veteran
  • lonealonea Member, Host Rep

    This is actually a concern for used hardware market.

    Aidan said: Absolutely shocking, who would've thought that an attacker could gain access to your system if he had full administrative access.

Sign In or Register to comment.