New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
AMDFLAWS - Vulnerabilities and Backdoors in AMD CPUs.
Didn't see that news here, sorry if I missed it.
13 security flaws in AMD CPU. Seems rather fun:
Comments
Bullshit, they gave AMD 24 hours, until they release the exploits.
Nonsense, and everyone repost this, jesus christ.
No one with a brain, gives a company 24 hours to fix critical exploits.
AHAHAHAHAHAHHAHA
I remember some holy wars related to exploits, my position was: if they're not yet leaked exploits, that does not mean that they does not exist, and both products and good and bad for different kinds of tasks.
But AMD fanboys used argue that if there is no like Intel ME exploits on AMD platform, that means the processor is better. Now I'm just smiling
Same happened with spectre / meltdown. "I'm safe, bought AMD".
Well...
AMFFLAWS - Funded in part by Intel
/s
The end is here, for some fanboyz.
Fake news?
Its fake, but its known that the new processors have a security chip, what Intel calls ME, which is a backdoor, according to the definition of a backdoor.
And known for a long time also (https://libreboot.org/faq.html#amd). If someone tries to sell that as news there is no hope for him... Not even the report of a critical bug there would be much of a surprise imo.
Good find.
It looks like totally fake news, someone decided to take a shot at AMD with bogus claims, possibly to short their stock and make money in the process.
Yea No, accept that amd is making a comeback, Intel hardcore fanboys cant handle that.
I use both, both great products.
I also like how it seems you need a webdesigner and a merketing company if you want to release an advisory these days to make sure you have the right presentation for complete morons.
STUPID
where's the logo!!!
exploit had name now days
According to reddit, shit is real.
https://www.reddit.com/r/Amd/comments/845w8e/alleged_amd_zen_security_flaws_megathread/
People have spoken with them and it seems to be something, something.
24-hours to fix something in hardware with a software hack? Irresponsible advisory researchers.
Sounds like there is some truth with what has been found however so poorly executed and morally unacceptable.
First of all amdflaws.com? 24 hours to compile a fix? Drama queen comes to mind no doubt for market manipulation but thats a guess. Using fake backgrounds on their videos? In addition to effectively disclaim that CTS may or may not have some kind of financial motive makes these 'researchers' one of the most attention whoring ones I have seen.
Both, amd and intel security and management processors are based on arm and in particular on "trustzone". In fact, the very concept is based on arms trustzone concept.
And yes, there have been, are, and will continue to be flaws and vulnerabilities. Nothing new here, carry on.
As for that "study": sorry but some "security whitepaper" including links to forbes (why not to playboy right away?) and being very thin on meat (as opposed to blabla) but having a website and even an embedded video may be lots of things, incl. competition smearing, but certainly not a security whitepaper.
But: thanks for the entertainment and the laughs.
Someone is just trying for a footnote in history, and they've attained it. Not that their data is empirically wrong, but their mindset is.
Why don’t you go to their “offices” and tell them? Jk
wat
I was referring to the Reddit post where they compared CTS Labs' office to some stock pictures:
I'm the bicycle.
Regardless if these flaws are real or not, PSP is AMD's equivalent of "Intel ME" backdoor, and it absolutely shouldn't be there. All of the discovered (or not) exploits involve it in some way, so hopefully AMD gets into enough heat over this PSP that they decide to remove it altogether.
Yeah, it would be nice to be able to rely on recent hardware again. Sadly i doubt they will even make it possible to disable PSP. Not that an off-switch without any way to check if it's realy doing what it's supposed to would be worth much since as long as those blackbox chips and their shadow OSes are physicaly there any kind of trust is impossible.
Nope, no matter the heat (which, looking at the source is questionable anyway). The problem is that the new "secure blabla" already is quite new, so AMD did try (and probably succeed to a degree) and that all them management and security engines are flawed deep down to the design and that, even if they wanted to and no matter how much they want, both intel and amd (as well as arm) will stay fucked for quite some time. From what little is known, their whole design and development process, both wrt hard- and software, is not (yet) up to the task plus they'd also need a small and highly reliable hw core which nowhere exists; about the only candidate I see is Risc V which is still in its infancy.
Plus: Hey, "we" the customers wanted ever more features and speed - and that's what they took as orientation point and what we got. We, the customers, aren't in the best place to scold them. Sad but true and that's how our system works.
P.S. And no matter what AMD and intel might come up with, we'd still have sleepless nightmare plagued nights thanks to BMC/IPMI... (which is even bigger and worse fucked up)
The community that actually seems to care about this issue is the one involved with the POWER series. The Risc-V crowd seems indifferent, though as you say, it's early days.
https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs
They outline everything fishy about this
Interesting comments
Absolutely shocking, who would've thought that an attacker could gain access to your system if he had full administrative access.
I've been deploying software with bootloader "exploits" on both AMD & Intel for the better part of two years - this isn't news.
This is actually a concern for used hardware market.