# 13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors



## btarunr (Mar 13, 2018)

Security researchers with Israel-based CTS-Labs, have discovered a thirteen security vulnerabilities for systems based on AMD Zen processors. The thirteen new exploits are broadly classified into four groups based on the similarity in function of the processor that they exploit: "Ryzenfall," "Masterkey," "Fallout," and "Chimera."

The researchers "believe that networks that contain AMD computers are at a considerable risk," and that malware can "survive computer reboots and re-installations of the operating system, while remaining virtually undetectable by most endpoint security solutions," such as antivirus software. They also mention that in their opinion, "the basic nature of some of these vulnerabilities amounts to complete disregard of fundamental security principles. This raises concerning questions regarding security practices, auditing, and quality controls at AMD."



 




Since this story went up some follow ups were posted:

CTS Labs Sent AMD and Other Companies a Research Package with Proof-of-Concept Code
CTS Labs Posts Some Clarifications on AMD "Zen" Vulnerabilities
CTS-Labs Releases Masterkey Exploit Proof-of-Concept Video
Initial AMD Technical Assessment of CTS Labs Research
Windows Credential Guard bypass on Ryzen, proof-of-concept video

1. "Masterkey": This is an exploit of the Secure Boot feature, which checks if nothing has been tampered with on your machine while it was powered down (i.e. changes in firmware, hardware, or the last software state before shutdown). The Masterkey vulnerability gets around this environment integrity check by using an infected system BIOS, which can be flashed even from within Windows (with administrative privileges). This does not mean that the user has to modify and flash the BIOS manually before becoming vulnerable, the malware can do that on the fly once it is running. Theoretically, Secure Boot should validate the integrity of the BIOS, but apparently this can be bypassed, exploiting bugs in the Secure Processor's metadata parsing. Once the BIOS signature is out of the way, you can put pretty much any ARM Cortex A5 compatible code into the modified BIOS, which will then execute inside the ARM-based Secure Processor - undetectable to any antivirus software running on the main CPU, because the antivirus software running on the CPU has no way to scan inside the Secure Processor.

2. "Ryzenfall" is a class of vulnerabilities targeting Secure Processor, which lets a well-designed malware stash its code into the Secure Processor of a running system, to get executed for the remainder of the system's up-time. Again, this attack requires administrative privileges on the host machine, but can be performed in real-time, on the running system, without modifying the firmware. Secure Processor uses system RAM, in addition to its own in-silicon memory on the processor's die. While this part of memory is fenced off from access by the CPU, bugs exist that can punch holes into that protection. Code running on the Secure Processor has complete access to the system; Microsoft Virtualization-based Security (VBS) can be bypassed and additional malware can be placed into system management storage, where it can't be detected by traditional antivirus software. Windows Defender Credentials Guard, a component that stores and authenticates passwords and other secure functions on the machine, can also be bypassed and the malware can spread over the network to other machines, or the firmware can be modified to exploit "Masterkey", which persists through reboots, undetectable.

3. "Fallout": This class of vulnerabilities affects only AMD EPYC servers. It requires admin privileges like the other exploits, and has similar effects. It enables an attacker to gain access to memory regions like Windows Isolated User Mode / Kernel Mode (VTL1) and Secure Management RAM of the CPU (which are not accessible, even with administrative privileges). Risks are the same as "Ryzenfall", the attack vector is just different.

4. "Chimera": This class of vulnerabilities is an exploitation of the motherboard chipset (e.g. X370 also known as Promontory). AMD outsourced design of their Ryzen chipsets to Taiwanese ASMedia, which is a subsidiary of ASUS. You might know the company from the third-party USB 3.0 and legacy PCI chips on many motherboards. The company has been fined for lax security practices in the past, and numerous issues were found in their earlier controller chips. For the AMD chipset, it looks like they just copy-pasted a lot of code and design, including vulnerabilities. The chipset runs its own code that tells it what to do, and here's the problem: Apparently a backdoor has been implemented that gives any attacker knowing the right passcode full access to the chipset, including arbitrary code execution inside the chipset. This code can now use the system's DMA (direct memory access) engine to read/write system memory, which allows malware injection into the OS. To exploit this attack vector, administrative privileges are required. Whether DMA can access the fenced off memory portions of the Secure Processor, to additionally attack the Secure Processor through this vulnerability, is not fully confirmed, however, the researchers verified it works on a small number of desktop boards. Your keyboard, mouse, network controllers, wired or wireless, are all connected to the chipset, which opens up various other attack mechanisms like keyloggers (that send off their logs by directly accessing the network controller without the CPU/OS ever knowing about these packets), or logging all interesting network traffic, even if its destination is another machine on the same Ethernet segment. As far as we know, the tiny 8-pin serial ROM chip is connected to the CPU on AMD Ryzen platform, not to the chipset or LPCIO controller, so infecting the firmware might not be possible with this approach. A second backdoor was found that is implemented in the physical chip design, so it can't be mitigated by a software update, and the researchers hint at the requirement for a recall.

AMD's Vega GPUs use an implementation of the Secure Processor, too, so it is very likely that Vega is affected in a similar way. An attacker could infect the GPU, and then use DMA to access the rest of the system through the attacks mentioned above.

The researchers have set up the website AMDFlaws.com to chronicle these findings, and to publish detailed whitepapers in the near future.

AMD provided us with the following statement: "We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise."

Update March 14 7 AM CET: It seems a lot of readers misunderstand the BIOS flashing part. The requirement is not that the user has to manually flash a different BIOS first before becoming vulnerable. The malware itself will modify/flash the BIOS once it is running on the host system with administrative privileges. Also, the signed driver requirement does not require a driver from any specific vendor. The required driver (which is not for an actual hardware device and just provides low-level hardware access) can be easily created by any hacker. Signing the driver, so Windows accepts it, requires a digital signature which is available from various SSL vendors for a few hundred dollars after a fairly standard verification process (requires a company setup with bank account). Alternatively an already existing signed driver from various hardware utilities could be extracted and used for this purpose.

*View at TechPowerUp Main Site*


----------



## CrAsHnBuRnXp (Mar 13, 2018)

Take *THAT *AMD. I dont wanna hear the fanbois anymore.


----------



## _JP_ (Mar 13, 2018)

Like Reddit is also weed whacking this thing to oblivion, it looks like a pure smear campaign.
Red flags:
- 24h deadline before publishing
- All flaws require administrative rights in order to accomplish anything (one requires flashing firmware)
- All domains, linkedin records and so forth for a "16 year" in operations company date back at best...a year.


----------



## cucker tarlson (Mar 13, 2018)

Whohohoa ! That's a lot !

Is this like meltdown or spectre which can affect AMD too or does it not affect intel at all ?


----------



## I No (Mar 13, 2018)

Wow and I thought Intel had a a bumpy road ahead ... this is going to be interesting to say the least.


----------



## Fleurious (Mar 13, 2018)

I wonder what the performance hit will be for  fixing some of these.


----------



## Chaitanya (Mar 13, 2018)

Downloaded the whitepaper, will read it carefully. Certainly seems like a serious issue with secure processor design of Zen along with incompetence of Asmedia.


----------



## CrAsHnBuRnXp (Mar 13, 2018)

Fleurious said:


> I wonder what the performance hit will be for  fixing some of these.


Bulldozer performance.


----------



## RejZoR (Mar 13, 2018)

The first is a very unlikely scenario because you need to craft it specifically for the exact board. The other 3 however, that sucks. Both, AMD and Intel will have to do dramatic changes if they want to sell new stuff, especially to businesses. Home users often just don't care, but corporate is not as unforgiving.


----------



## phanbuey (Mar 13, 2018)

So basically... the biggest vulnerability is the meatsickle between the keyboard and the floor.


----------



## mtcn77 (Mar 13, 2018)

Conveniently they have set up naming charts that copy Intel's own.
Chimera(Spectre), Fallout(Meltdown), Masterkey(?), Ryzenfall(?).


----------



## cucker tarlson (Mar 13, 2018)

phanbuey said:


> So basically... the biggest vulnerability is the meatsickle between the keyboard and the floor.


As has always been the case.


----------



## kastriot (Mar 13, 2018)

There always be flaws, there are 2 types, deliberate ones and unnoticed ones....


----------



## cucker tarlson (Mar 13, 2018)

Still, 13 sounds downright disgusting for a consumer that purchased it in the last 12 months.


----------



## kruk (Mar 13, 2018)

I think it's great security vulnerabilities are disclosed, but the way this one was presented (24 hour notice, is this true?) is unprofessional and seems highly likely sponsored by the competition.


----------



## trparky (Mar 13, 2018)

This has the potential to be even worse than Spectre and Meltdown.


----------



## xkm1948 (Mar 13, 2018)

Fake news


----------



## lexluthermiester (Mar 13, 2018)

cucker tarlson said:


> Whohohoa ! That's a lot ! Is this like meltdown or spectre which can affect AMD too or does it not affect intel at all ?


This is specific to AMD Ryzen CPU's. No other CPU's are affected.


----------



## W1zzard (Mar 13, 2018)

RejZoR said:


> The first is a very unlikely scenario because you need to craft it specifically for the exact board.


Source on that?


----------



## BiggieShady (Mar 13, 2018)

_JP_ said:


> All flaws require administrative rights in order to accomplish anything (one requires flashing firmware)


lol  exploiting security vulnerability with root privileges ... it's like having the superpower to pass through solid objects but still picking the door lock (that is btw only pickable when you have that superpower)


----------



## lexluthermiester (Mar 13, 2018)

btarunr said:


> It's not impossible to infect system BIOS with ring-0 privileged software, if the malware is tailor-made for a device.


@W1zzard I think @RejZoR  was referring to that part of the statement, which is what I took from it as well.


----------



## Joss (Mar 13, 2018)

This "security company" is based in Israel where Intel has it's most important design centre and one of the largest manufacturing facilities. The same Israel behind Stuxnet, by the way. Also a 24 hour notice and a site called amdflaws.com plus what I can only call promotional videos... soon we'll have the white helmets releasing clips from the CPUs civil war front...
This smells rotten for anyone but dumbed down minds... oh wait


----------



## bug (Mar 13, 2018)

It's so funny seeing AMD aficionados going in defense mode


----------



## natr0n (Mar 13, 2018)

It's like a game..."Don't worry Intel we'll fuck them just as hard"


----------



## xkm1948 (Mar 13, 2018)

Everything of these so called “white papers” seems fishy. Only one source, no independent duplication of their “research “ findings is a pretty serious red flag.

I am calling this b*llshit. Seems like some smearing operation. Ryzenfall, so amature and obvious.


----------



## Shihab (Mar 13, 2018)

_JP_ said:


> Like Reddit is also weed whacking this thing to oblivion, it looks like a pure smear campaign.
> Red flags:
> - 24h deadline before publishing
> - All flaws require administrative rights in order to accomplish anything (one requires flashing firmware)
> - All domains, linkedin records and so forth for a "16 year" in operations company date back at best...a year.



Subjectively speaking, compared to Meltdown attack page, this one has waaaay too many AMD logos. Without reading the text, one might actually mistake it for an ad! Count me up holding a pitchfork if Intel turned out to have a hand in this.

Objectively speaking, smear campaign or no, a vulnerability is a vulnerability. I'm personally quite illiterate on this matter so I'll defer judgement until "for dummies-"style security expert blog posts and articles start popping up.


----------



## lexluthermiester (Mar 13, 2018)

xkm1948 said:


> Everything of these so called “white papers” seems fishy. Only one source, no independent duplication of their “research “ findings is a pretty serious red flag. I am calling this b*llshit. Seems like some smearing operation. Ryzenfall, so amature and obvious.


While I'm not willing to call BS, I agree that additional and independent testing & verification is required.


----------



## FordGT90Concept (Mar 13, 2018)

#FakeNews

Intent is in the disclaimer:


> The report and all statements contained herein are opinions of CTS and are *not statements of fact*.  To the best of our ability and belief, all information contained herein is accurate and reliable, and has been *obtained from public sources* we believe to be accurate and reliable.  Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that *we may have*, either directly or indirectly, *an economic interest in the performance of the securities of the companies whose products are the subject of our reports*.


They likely bought put options on AMD and published this website make a fortune on the sell off of AMD stocks it triggers.

But wait, there's more:


> ...CTS reserves the right to refrain from updating this website even as it becomes outdated or inaccurate.


Defamation and libel grounds there for AMD to sue on top of potential securities fraud.


Others above have already pointed out all the flaws in their methodology not only to exploit the vulnerabilities but also in how they don't conform to the standard six month window between informing the company and informing the public.


----------



## xkm1948 (Mar 13, 2018)

Eitherway, TPU probably benefits from the clickbait ~ish title. Who cares if the news is true or not. Dumb average Joe lives on sensationalism. Plus increased traffic and attention benefits both those researchers as well as any tech site that publish these without a serious look into the actual issue. More publicity and sweet sweet ad revenue, yay.

See this:

http://science.sciencemag.org/content/359/6380/1094.full

The difference is the paper on fake news is peer reviewed, not some magical claim certain “researchers “ pull out of their ass


----------



## lexluthermiester (Mar 13, 2018)

FordGT90Concept said:


> but also in how they don't conform to the standard six month window between informing the company and informing the public.


There are no legally binding limitations or regulations that require any amount of time between discovery and public disclosure, especially in Israel.


----------



## HTC (Mar 13, 2018)

lexluthermiester said:


> While I'm not willing to call BS, *I agree that additional and independent testing & verification is required*.



Agreed!

Question: i read (skimmed) the whitepaper but i didn't see a mention of Linux or other OSs other then Windows ... doesn't that mean it's Windows vulnerabilites when using Zen based hardware?


----------



## FordGT90Concept (Mar 13, 2018)

lexluthermiester said:


> There are no legally binding limitations or regulations that require any amount of time between discovery and public disclosure, especially in Israel.


It shows intent.  Six month window often doesn't allow the stock market to even respond because it's fixed before the public knows about it.  A 24-hour window is intended to spook the market as their disclaimer clearly indicates.  As I said, it opens the door to securities fraud investigation.  24-hour is in private, not public, interest.

If this does end up in court, the 24-hour window will work heavily in AMD's favor.  Any change in AMD's stock can be pinned on this website damaging AMD.

Six month is an unwritten rule for a reason.


----------



## IceScreamer (Mar 13, 2018)

So they notified AMD of the findings and posted the paper 24 hours after, when the usual time frame is, I dunno, more. Also, posting this right before the 2000 series launch. Highly suspicious.


----------



## windwhirl (Mar 13, 2018)

Well, if this turns out to be true, it's gonna be a shitstorm for AMD....

Edit: No, it probably won't.


----------



## lexluthermiester (Mar 13, 2018)

HTC said:


> Question: i read (skimmed) the whitepaper but i didn't see a mention of Linux or other OSs other then Windows ... doesn't that mean it's Windows vulnerabilites when using Zen based hardware?


My take is that most, if not all, of those problems are OS-agnostic. If all of this pans out and is verified, AMD is going to have as bad a time as Intel did with Meltdown.


FordGT90Concept said:


> Six month is an unwritten *rule* for a reason.


Rule, not law.


----------



## dj-electric (Mar 13, 2018)




----------



## W1zzard (Mar 13, 2018)

Reworked most of the article and added AMD's statement


----------



## Sam32 (Mar 13, 2018)

All four vulnerabilities require administrative access. This this NOTHING like Spectre/Meltdown...


----------



## Imsochobo (Mar 13, 2018)

skeptical as remote attacks seems hardly possible.
Method of doing this release.

if true;
what they're mentioning seems to be what intel ME has going for it, we don't like it and we still have 50 000 unpatched computers at work from Intel, that security issue isn't really talked about cause it required physical access.

Give a hacker physical access to something and some time and nothing stands in their way.
Spectre and Meltdown is fundamentally different as it allows remote attacks.

I am in no way protecting the PSP, I don't like stuff like it but I'm pretty much saying it's like intel ME.


----------



## EarthDog (Mar 13, 2018)

https://www.anandtech.com/show/1252...lish-ryzen-flaws-gave-amd-24-hours-to-respond


----------



## xorbe (Mar 13, 2018)

Joss said:


> This "security company" is based in Israel where Intel has it's most important design centre and one of the largest manufacturing facilities.



This.  Also, why does everyone need dedicated logos and websites for bug reports these days.  It's a PR smear campaign (if the website name didn't tip you off).  First and fourth are flashing the board bios, and the second and third require OS root access.  These are absolutely not on the level of Meltdown or Spectre.


----------



## W1zzard (Mar 13, 2018)

Added info that Vega is probably affected, too


----------



## R-T-B (Mar 13, 2018)

_JP_ said:


> All flaws require administrative rights in order to accomplish anything (one requires flashing firmware)



When it can survive a reinstall it's still a big issue.  If these flaws are confirmed they are fairly signifigant.

As I said earlier, 2018 is going to be a rough year for processor security...


----------



## 839millionman (Mar 13, 2018)

The timing on this is interesting. There's a ton of movement right now around AMD's stock. 

The 24 hour notice is really fishy.  I would take this with salt, especially since its from a website called amdflaws.com and has titles like "Ryzenfall".


----------



## W1zzard (Mar 13, 2018)

HTC said:


> Question: i read (skimmed) the whitepaper but i didn't see a mention of Linux or other OSs other then Windows ... doesn't that mean it's Windows vulnerabilites when using Zen based hardware?


I see no technical reason why any other OS won't be affected. As long as that OS provides a mechanism to access hardware


----------



## xorbe (Mar 13, 2018)

https://amdflaws.com/disclaimer.html

"you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports"

edit: oops sorry, this was already posted above by FordGT90Concept


----------



## Sempron Guy (Mar 13, 2018)

they published it on a site called amdflaws.com who they most likely authored as well. Anyone still falls for this kind of stuff in 2018?


----------



## gr33nbits (Mar 13, 2018)

Fake news!


----------



## xkm1948 (Mar 13, 2018)

Sempron Guy said:


> they published it on a site called amdflaws.com who they most likely authored as well. Anyone still falls for this kind of stuff in 2018?



Like 99% of the population?


----------



## the54thvoid (Mar 13, 2018)

I'm with @FordGT90Concept on this.  This isn't about security, this is about hurting AMD.  

That seems pretty obvious from the disclosure he quoted.


----------



## Durvelle27 (Mar 13, 2018)

I smell fish


----------



## Particle (Mar 13, 2018)

bug said:


> It's so funny seeing AMD aficionados going in defense mode



Defense of what?  This isn't even the same class of thing.  It's funnier seeing Intel fans bending over backward to pretend like this is even remotely as bad as Meltdown/Spectre.  It's just regular malware doing regular malware things.  I get it though.  They desperately need/want it.



R-T-B said:


> When it can survive a reinstall it's still a big issue.  If these flaws are confirmed they are fairly signifigant.
> 
> As I said earlier, 2018 is going to be a rough year for processor security...



The processor itself just has RAM and ROM.  You can't actually "install" malware to the processor itself.  It has to be loaded at startup from firmware.  It's just like microcode updates.  If you overwrite the system board's firmware, that is a different sort of problem.


----------



## EarthDog (Mar 13, 2018)

Particle said:


> Defense of what?  This isn't even the same class of thing.  It's funnier seeing Intel fans bending over backward to pretend like this is even remotely as bad as Meltdown/Spectre.  It's just regular malware doing regular malware things.  I get it though.  They desperately need/want it.


It seems nobody knows the efficacy of the report at this time. That said, seems like only one person here went intel nuts and that was early in the thread. Otherwise, its been a back and forth... mostly watching holes be shot in it.... remarkably similar responses from each side for each issue.....funny.


----------



## qcmadness (Mar 13, 2018)

EarthDog said:


> It seems nobody knows the efficacy of the report at this time. That said, seems like only one person here went intel nuts and that was early in the thread. Otherwise, its been a back and forth... mostly watching holes be shot in it.... remarkably similar responses from each side for each issue.....funny.


In fact 24-hour timeframe is not enough to verify the nature or existance of the "bugs".


----------



## theGryphon (Mar 13, 2018)

These guys, with their 24-hr notice, flashy titles, throw-AMD-name-everywhere attitude, and a disclaimer that even states their "potential" gains in AMD stock performance (if one doesn't have any gains, one states as such), are:

1) Hotshot wannabees in desperate need of attention and publicity, with no interest in "public interest"
2) Scumbags that probably bet big on AMD stock sell options
3) Dirtbags that probably got clued-in and supported (technically and/or financially) by Intel
4) Even worse filthbags if some/all of this turns out to be fake

I pray for everybody's sake (AMD and Intel users alike) that this is all fake...


----------



## xkm1948 (Mar 13, 2018)

Some one js trying tk manipulate stock price of AMD that is for sure


----------



## the54thvoid (Mar 13, 2018)

So, the first 3 exploits require admin rights....  Okay - panic over, put your pitchforks away and go home people.

The last is hypothesised and not fully verified.  It also is ASMedia's fault(?) so if there is any real issue (unlikely), any recall may be at their expense.

Finally, just for some layperson perspective.

The first 3 expoits all need admin rights.  Effectively, that means your PC is vulnerable to, well pretty much you.  Duh.....  Here are some more exploits from the54thvoid's Bug Factory that you may be liable to:

Coffee Hack - If you spill coffee into your PC case - it might not work anymore.
Porn Wrist - Certain websites you visit may give you RSI.
Dark Souls Impact Bug - Playing Dark Souls may result in a broken mouse or keyboard.  Or desk.  Or bruised knuckles.


----------



## CrAsHnBuRnXp (Mar 13, 2018)

Who wants to pool money together and get some AMD stock?


----------



## EarthDog (Mar 13, 2018)

CrAsHnBuRnXp said:


> Who wants to pool money together and get some AMD stock?


Ill bet Viceroy is...


----------



## Durvelle27 (Mar 13, 2018)

CrAsHnBuRnXp said:


> Who wants to pool money together and get some AMD stock?


I’m down


----------



## Fouquin (Mar 13, 2018)

Hmmm what an interesting connection in the CTS Labs contact page.

http://www.bevelpr.com/

Why would an infosec research firm have an external marketing department... Or is it the other way around? 

I can smell the money from here.


----------



## W1zzard (Mar 13, 2018)

the54thvoid said:


> So, the first 3 exploits require admin rights....  Okay - panic over, put your pitchforks away and go home people.
> 
> The last is hypothesised and not fully verified.  It also is ASMedia's fault(?) so if there is any real issue (unlikely), any recall may be at their expense.


They all require admin rights, I'll clarify in the original post.

For the last: what is not fully verified is whether DMA can write into the fenced off memory, the rest like keylogging and sniffing network is confirmed according to the researchers.

Clarified the original post: "To exploit this attack vector, administrative privileges are required. Whether DMA can access the fenced off memory portions of the Secure Processor, to additionally attack the Secure Processor through this vulnerability, is not fully confirmed, however, the researchers verified it works on a small number of desktop boards."


----------



## EarthDog (Mar 13, 2018)

Lets assume its true or not....doesnt matter. If you published this data, do you honestly expect them to be able to handle the inquiries? Even if its just BS?

I understand why it looks bad, but, at the same time, it doesnt take much thought to realize its needed (PR company) when releasing this kind of info...


----------



## Manu_PT (Mar 13, 2018)

This is really bad! Did you guys read the full disclosure? Good luck with zen+. Is a shame because amd was starting to bring competition


----------



## efikkan (Mar 13, 2018)

I really dislike the trend of giving all "major" vulnerabilities nicknames.

The details of these new claims remains to be confirmed by other parties. But it should come as no surprise to anyone that a lot of hardware is riddled with vulnerabilities, since the general mentality in the industry is to deal with security concerns the public is aware of exploits. This problem is a known fact for other hardware, especially networking equipment. Almost every router have known exploits which are never fixed, both cheap consumer gear and high-end enterprise equipment. Most vulnerabilities fall into the categories of carelessness by developers or built-in debugging/support features.

If anything the press should focus on the underlying problem of designing for security rather than making up nicknames and focusing too much on singular edge cases.


----------



## mtcn77 (Mar 13, 2018)

W1zzard said:


> Reworked most of the article and added AMD's statement


I read the article. You changed Chimera's status from bios "flashable" to "non-flashable", is that correct?


----------



## theGryphon (Mar 13, 2018)

Manu_PT said:


> This is really bad! Did you guys read the full disclosure? Good luck with zen+. Is a shame because amd was starting to bring competition




No it's not as bad as it is flashy. Even if all is true, it's not nearly at the same level of Intel vulnerabilities. Have you read it?


----------



## john_ (Mar 13, 2018)

Ryzenfall, AMDflaws site, only 24 hours given to AMD.

Many many jokes are coming in my mind about Jews and dollars. I would like to apologize in advance about this.


----------



## dyonoctis (Mar 13, 2018)

Wow.  amdflaws.com is so well made. The website is clean, looks modern, with interview on green screen, motion design used to explain the flaws. They made a youtube channel just for that. It's not even technical they are explaining what's a cpu and a chipset.
They are checking all the point needed to impress someone who isn't tech-savyy.

That's remind me all of those video to learn how to make to money with a secret that banks and millionaire don't want to share.

Even IF this is end up to be true the effort they made on communication can't hide a malicious intent.


----------



## delshay (Mar 13, 2018)

Hold-on guys 


__
		https://www.reddit.com/r/Amd/comments/845lgq


----------



## W1zzard (Mar 13, 2018)

mtcn77 said:


> I read the article. You changed Chimera's status from bios "flashable" to "non-flashable", is that correct?


Chimera allows you to run arbitrary code in the chipset. If the BIOS chip was connected directly to the chipset, then this would enable silent flashing in any system state as long as the chipset has power.

Since the BIOS chip is connected to the CPU on Zen, this is not possible, at least not directly. It's still possible to use DMA to write code into the CPU memory, which then gets executed, which then flashes the ROM.

Edit: I'll research whether the chipset is connected to the SPI bus on which the ROM lives.

Edit: Not connected to the SPI bus, not sure if true for all board models though


----------



## Chaitanya (Mar 13, 2018)

W1zzard said:


> They all require admin rights, I'll clarify in the original post.
> 
> For the last: what is not fully verified is whether DMA can write into the fenced off memory, the rest like keylogging and sniffing network is confirmed according to the researchers.
> 
> Clarified the original post: "To exploit this attack vector, administrative privileges are required. Whether DMA can access the fenced off memory portions of the Secure Processor, to additionally attack the Secure Processor through this vulnerability, is not fully confirmed, however, the researchers verified it works on a small number of desktop boards."


Considering the paper is not peer-reviewed and fishy behaviour of AMD and press being notified at the same time with only 24hr period given to AMD. The article should mention those researchers in double quotes. Also what is with TPU eagerly posting clickbait articles with highly questionable unverified/non peer-reviewed whitepapers shame on you guys for this behaviour.


----------



## nemesis.ie (Mar 13, 2018)

Meanwhile, as I type, AMD's share price is INCREASING ...


----------



## RejZoR (Mar 13, 2018)

W1zzard said:


> Source on that?



"The Masterkey vulnerability gets around this environment integrity check by using an infected system BIOS, which can be flashed even from within Windows (with administrative privileges)."

It means the modification has to be highly specific for a target computer. You can't just flash some BIOS, it has to be for that specific board. Chances of applying this in practice on a mass scale is totally unlikely because there is just too many variables involved starting with endless variants of motherboards. It's still an issue when it comes to a targeted attack of a particular workstation (assuming user has admin rights access to do it). The rest of vulnerabilities are a lot more problematic because you can apply them on large scale.


----------



## srsbsns (Mar 13, 2018)

Redflags

1. AMD given 24 hour ransom style notice this was going out. = bad faith.. Spectre and Meltdown were known for months to allow for mitigations to be produced.
2. The company domain was registered in February.
3. There is a disclaimer on the report that says says "*you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports."*  Looks like they are trying to tank stock to buy it up on the cheap because they expect Ryzen+ to boost AMD's financials.
4. Timing of the release is 1 year exactly from Ryzen release date.
5. Slides/presentation has production quality to deliver maximum impact. This is not the status quo for this type of research.
6. They fail to point out very clearly these alleged vulnerabilities require admin privileges. This is unlike Spectre and Meltdown.

Did I miss any?


----------



## mtcn77 (Mar 13, 2018)

W1zzard said:


> Chimera allows you to run arbitrary code in the chipset. If the BIOS chip was connected directly to the chipset, then this would enable silent flashing in any system state as long as the chipset has power.
> 
> Since the BIOS chip is connected to the CPU on Zen, this is not possible, at least not directly. It's still possible to use DMA to write code inside the CPU memory, which then gets executed, which then flashes the ROM.
> 
> Edit: I'll research whether the chipset is connected to the SPI bus on which the ROM lives.


What I took from the first edition was, you needed that "Masterkey" in order for that to work(system memory addressing to PSP memory still wasn't possible), otherwise the system integrity check would bust it out since it is still blocked from any other vector than Masterkey.
This version is more cryptic, good luck to the readers.


----------



## TheLostSwede (Mar 13, 2018)

According to what Anandtech has mentioned about these "flaws", not only would you need admin access, but also a signed driver.
As far as I'm aware, it's not very easy to get a signed driver for Windows these days, as Microsoft does a fair amount of testing, especially on drivers from new companies.
I'm also not aware of any other way to get an authentic signed driver that will install without kicking up a major fuss.

Let's wait and see what the fallout (sorry) of this will be, but it's obviously not good news if any of this proves to be true. On the other hand, it seems like a lot of it can be patched in software without causing any performance related issues, since none of these claimed vulnerabilities would affect the system performance as it looks.

Also, why would the CFO of a security company be in a video about security vulnerabilities? That makes no sense at all...
And why do they sound Russian rather than Israeli?

*Edit:* Also, why would AMD's CPU's have the same security issues as ASMedia's chips? The chipset, sure, but the CPU's, no. The "CEO" claim they found these issues when they were looking into the security of chips made by ASMedia and then somehow found the same "back doors" that they found in ASMedia chips were in AMD's processors. This makes no sense at all.

Also note that the so called whitepaper is located at safefirmware.com, i.e. an entirely different website. Does that mean this is some kind of scam to make money from some kind of alternative UEFI/firmware implementation?


*Edit 2:* A quick look on LinkedIn shows the Co-Founder at CEO of CTS Labs with a five year gap since his last job, which was for some kind of software cyber security company that is now part of Magic Leap (yes, that company). It makes you wonder how someone like this comes out of nowhere to become the face of something like this. 

As to my comment above about sounding Russian, I guess the CFO and one other guy actually speaks Russian, so it might just "colour" their English.


----------



## W1zzard (Mar 13, 2018)

mtcn77 said:


> What I took from the first edition was, you needed that "Masterkey" in order for that to work, otherwise the system integrity check would bust it out since it is still blocked from any other vector than Masterkey.
> This version is more cryptic, good luck to the readers.


Yes, you need the masterkey to execute Chimera. The Secure Processor firmware validation or UEFI validation has nothing to do with this attack and can not prevent it.


----------



## Recus (Mar 13, 2018)

But AMD/Intel common enemy is Nvidia. Why would Intel publish fake story about AMD?



> One thing we know is that NVIDIA has made a lot of enemies over the years. You can easily put AMD, Apple, and Intel on that list. We think that GPP is somewhat the result of those "feuds" with NVIDIA attempting to gain more control over the market as it is seeing its competitors developing products (ie AMD and Intel partnerships on products) that will not be open to NVIDIA.


----------



## the54thvoid (Mar 13, 2018)

dyonoctis said:


> Wow.  amdflaws.com is so well made. The website is clean, looks modern, with interview on green screen, motion design used to explain the flaws. They made a youtube channel just for that. It's not even technical they are explaining what's a cpu and a chipset.
> They are checking all the point needed to impress someone who isn't tech-savyy.
> 
> That's remind me all of those video to learn how to make to money with a secret that banks and millionaire don't want to share.
> ...



Yeah, I just had a good look at the website.  

That is 100% marketing.  Wow.  The techy people here should pay attention to HOW news is delivered, not what the news is.  Something normally techy is very bland and difficult for the layperson.  The website that is hosting this paper is so damn spangly I want to buy what it's selling.  It's actually, frighteningly professionally laid out.  As if they had a really good push to make it look great.  I mean really great.   

I'm not saying Intel had a hand in this but ... no, really, I am.


----------



## siluro818 (Mar 13, 2018)

I believe the technical term for all this is "pulling something out of one's ass" xD


----------



## CheapMeat (Mar 13, 2018)

I'm putting on my tinfoil hat.


----------



## W1zzard (Mar 13, 2018)

TheLostSwede said:


> As far as I'm aware, it's not very easy to get a signed driver for Windows these days, as Microsoft does a fair amount of testing, especially on drivers from new companies.


Just setup a company and buy a certificate from one of a handful certification companies. Microsoft does no testing of the  driver and is not involved.

Driver signature is really just security through bureaucracy and a paywall.


----------



## TheLaughingMan (Mar 13, 2018)

How do I join the committee that gets to come up with these names?


----------



## TheLostSwede (Mar 13, 2018)

W1zzard said:


> Just setup a company and buy a certificate from one of a handful certification companies. Microsoft does no testing of the  driver and is not involved.
> 
> Driver signature is really just security through bureaucracy and a paywall.



So why was there a big issue about this some years ago, with multiple companies complaining that Microsoft's certification was slowing down their driver release schedule? Or this is what we got instead of proper driver testing and signing?


----------



## W1zzard (Mar 13, 2018)

TheLostSwede said:


> So why was there a big issue about this some years ago, with multiple companies complaining that Microsoft's certification was slowing down their driver release schedule? Or this is what we got instead of proper driver testing and signing?


You are confusing WHQL signed drivers (which are tested by MS to some degree) with plain loadable kernel mode drivers that are for no specific device. GPU-Z uses such a driver for example


----------



## moob (Mar 13, 2018)

EarthDog said:


> https://www.anandtech.com/show/1252...lish-ryzen-flaws-gave-amd-24-hours-to-respond


I feel like that's how it should have been reported here on TPU as well, with a fair amount of skepticism.

The way it's been reported here you'd never know it's shady as hell.


----------



## Assimilator (Mar 13, 2018)

moob said:


> I feel like that's how it should have been reported here on TPU as well, with a fair amount of skepticism.
> 
> The way it's been reported here you'd never know it's shady as hell.



Let's all hold off on accusing something of being shady until we actually have a fuller picture, shall we?


----------



## TheLostSwede (Mar 13, 2018)

W1zzard said:


> You are confusing WHQL signed drivers (which are tested by MS to some degree) with plain loadable kernel mode drivers that are for no specific device. GPU-Z uses such a driver for example



Ah, sorry, my bad. That makes more sense now.


----------



## ssdpro (Mar 13, 2018)

Guys, we knew AMD was operating on a shoe string budget during Ryzen development.  This is not surprising.  Even if Intel had a hand in research, that isn't even a crime.   Chevy does ads comparing the bed of the F150 with the Silverado steel vs aluminum.  It would be negligent to just let AMD market their chips one way when the reality is another.  Just analyze it, fix it, and move on.  Ryzen is still a great product even if it needs some patches.


----------



## moob (Mar 13, 2018)

Assimilator said:


> Let's all hold off on accusing something of being shady until we actually have a fuller picture, shall we?


So you're willing to ignore all the red flags that have already been posted here? Especially the 24 hours notice?

Other tech sites are reporting it with the same amount of skepticism: https://www.hardocp.com/news/2018/03/13/amd_cpu_attack_vectors_vulnerabilities
And http://www.tomshardware.com/news/amd-flaws-ryzenfall-masterkey-fallout-chimera,36656.html

Even if the reported "flaws" do exist, the way it's been done has been shady.


----------



## Veradun (Mar 13, 2018)

W1zzard said:


> They all require admin rights, I'll clarify in the original post.
> 
> For the last: what is not fully verified is whether DMA can write into the fenced off memory, the rest like keylogging and sniffing network is confirmed according to the researchers.
> 
> Clarified the original post: "To exploit this attack vector, administrative privileges are required. Whether DMA can access the fenced off memory portions of the Secure Processor, to additionally attack the Secure Processor through this vulnerability, is not fully confirmed, however, the researchers verified it works on a small number of desktop boards."



So they can keylog and sniff network when in root mode? They are so good at hacking.

Laughable.


----------



## Te5lac0il (Mar 13, 2018)

Amazing how many people comment on the title alone. People need too read an article before commenting. As many other has mentioned, the way the company presented these findings should, too any reasonable person, raise some red flags. But I suspect most people will swallow this hook, line and sinker.


----------



## CheapMeat (Mar 13, 2018)

oxzy said:


> Also, this is one of the saltiest forums on the internet. The amount of school girl fanboism is hilarious, I feel bad for the mods. Great site but garbage community, I would ban every salty users and just start from clean lol cause their holding ya back Techpowerup.




Heh, ban yourself while at it. You're the same, newbie.


----------



## Boatvan (Mar 13, 2018)

Looking at this from a pure logical standpoint, the implications are massive, but I'd wait for verification of the findings. Also, anyone who didn't expect high sodium levels in this thread are fools.


----------



## windwhirl (Mar 13, 2018)

CheapMeat said:


> Heh, ban yourself while at it. You're the same, newbie.



I can feel the burn from here


----------



## csgabe (Mar 13, 2018)

#Amdfalls.


----------



## mtcn77 (Mar 13, 2018)

Sensationalism at its best, knew it was coming from 'let's pepper AMD for not sending us our review unit' news posts.


----------



## Thunderclap (Mar 13, 2018)

you know, i find this hilarious. not just the sheer bullshit these 2 'stralian kids are trying to do, but people who actually believe it as well.


----------



## FordGT90Concept (Mar 13, 2018)

Looks like traders already rejected it.  If the intent was stock manipulation, it failed:
https://www.nasdaq.com/symbol/amd/real-time


----------



## _JP_ (Mar 13, 2018)

Shihabyooo said:


> Subjectively speaking, compared to Meltdown attack page, this one has waaaay too many AMD logos. Without reading the text, one might actually mistake it for an ad! Count me up holding a pitchfork if Intel turned out to have a hand in this.
> 
> Objectively speaking, smear campaign or no, a vulnerability is a vulnerability. I'm personally quite illiterate on this matter so I'll defer judgement until "for dummies-"style security expert blog posts and articles start popping up.


If proved true, the usual applies. 
Common sense running programs and visiting the internet, make sure you have backups (cold ones preferably), patch as soon as possible.


R-T-B said:


> When it can survive a reinstall it's still a big issue.  If these flaws are confirmed they are fairly signifigant.
> 
> As I said earlier, 2018 is going to be a rough year for processor security...


Only if it's embedded in firmware, but to reach that far, so much needs to be compromised to begin with...


----------



## biffzinker (Mar 13, 2018)

> We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops.


http://ir.amd.com/news-releases/news-release-details/view-our-corner-street-0


----------



## W1zzard (Mar 13, 2018)

biffzinker said:


> http://ir.amd.com/news-releases/news-release-details/view-our-corner-street-0


Thanks! Updated the original post with this statement


----------



## Boatvan (Mar 13, 2018)

I kinda agree with AMD's point of view in that news release. If it is truly the case, releasing the CVE's without telling the vendor first seems counterproductive. I wouldn't go as far as to say this is fishy, but like I said earlier, once it ends up on a more official channel, I'll be more inclined to believe it.


----------



## ShurikN (Mar 13, 2018)

I like how @*FordGT90Concept *put more effort in investigating than the TPU editorial that published the article.

On a different note, stock actually rose. Not by much, and it looks stable at the moment, but nonetheless.


----------



## xkm1948 (Mar 13, 2018)

ShurikN said:


> I like how @*FordGT90Concept *put more effort in investigating than the TPU editorial that published the article.
> 
> On a different note, stock actually rose. Not by much, and it looks stable at the moment, but nonetheless.
> 
> ...



Agree. This entire thing feels like a huge PR scam from the Isreal based “security” firm.


----------



## oxidized (Mar 13, 2018)

kastriot said:


> There always be flaws, there are 2 types, deliberate ones and unnoticed ones....



And we always know that when we're talking about AMD, it's ALWAYS the second. Unlike other companies...


----------



## the54thvoid (Mar 13, 2018)

xkm1948 said:


> Agree. This entire thing feels like a huge PR scam from the Isreal based “security” firm.



No, it's all salty tears from us.  

And yes, too many people trying to be 'no, this is a big thing' when really, it's not such a biggie given the practicality of the process involved in the security issue.  And really, it's too glossy to be anything other than a negative PR campaign, NOT a bona fide security issue notice (like how Google played it's role last year with along NDA).  This is threat PR.  Only the naive folk here can't see that.


----------



## Konceptz (Mar 13, 2018)

Wonder how much Intel paid for this?


----------



## dicktracy (Mar 13, 2018)

The double standard is real. Let's jump the gun and defame the researchers because this is AMD and not Intel. Hell, the AMD defense force has yet to provide actual evidence to discredit each of those findings but somehow someway found a way to link this to Intel. This AMD circlejerk culture, even though it's a vocal minority, has to stop.


----------



## oxidized (Mar 13, 2018)

Konceptz said:


> Wonder how much Intel paid for this?



You can't even begin to imagine!


----------



## Konceptz (Mar 13, 2018)

dicktracy said:


> The double standard is real. Let's jump the gun and defame the researchers because this is AMD and not Intel. Hell, the AMD defense force has yet to provide actual evidence to discredit each of those findings but somehow someway found a way to link this to Intel. This AMD circlejerk culture, even though it's a vocal minority, has to stop.



Any evidence to credit said researchers? Ford pointed out many points that back up the smear campaign theory...that surprisingly is shared by a LOT of people across the web. Don't let my avatar fool you, my alliance is purely to price/performance ratio.


----------



## TheoneandonlyMrK (Mar 13, 2018)

Wow did'nt see this coming 

the brassy-ballsy-ness and general bling of this new security firm is amazeballs, their in the wrong game regardless ,they should have definately been a PR company, they have skills.
Even the numbers, 13 vulnerabillities found,wow unlucky for some but a few listed , should'nt it read like the ten commandments plus , not like a  supervillan squad.

And I'm loving the balanced views personally(genuinely and not sarcastic), yes there is a bit of salt ,why not , opinions can get that way but i thought this thread would be much worse, might taint my purchasing options but well see yet, It's not like there are options after all ,power-pc  maybe?? or a new chinese developed chip er no


----------



## oxidized (Mar 13, 2018)

Konceptz said:


> Don't let my avatar fool you, my alliance is purely to price/performance ratio.



No doubt about it!


----------



## FordGT90Concept (Mar 13, 2018)

dicktracy said:


> Let's jump the gun and defame the researchers because this is AMD and not Intel.


The "researchers" jumped the gun.  AMD hasn't even had time yet to reproduce them for verification purposes.

When Specter and Meltdown went public, it was huge news because despite having six months to work on it, they weren't even close to fixing it.  Even if one of these 13 ends up being legit, it most likely could have been quietly fixed without any fanfare.  In this case, everything the "researchers" did was about maximizing fanfare.  That should concern everyone.  I hope this doesn't become the new norm but it could.


----------



## ssdpro (Mar 13, 2018)

> AMD provided us with the following statement: "We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings.


So AMD wasn't able to discredit the claims after 36 hours of research.  Probably some verified vulnerabilities then as they only take a short time to verify.  Ugly mess how it was released; a serious security company would WANT the mfg to fix the problems not benefit by exposure.  AMD will fix.


----------



## xkm1948 (Mar 13, 2018)

Power of Reddit. Entire video footage of their “security firm” is all just green screened. Someone over reddit found all the available stock background this firm used for their video.

I am not just calling this BS now, this is market manipulation and scam. Shame on tech sites that took it and run with it WITHOUT doing their own homework. GT90 did way more research than the editors here


----------



## oxidized (Mar 13, 2018)

xkm1948 said:


> Power of Reddit. Entire video footage of their “security firm” is all just green screened. Someone over reddit found all the available stock background this firm used for their video.
> 
> I am not just calling this BS now, this is market manipulation and scam. Shame on tech sites that took it and run with it WITHOUT doing their own homework. GT90 did way more research than the editors here



Wow, you're soo keen man


----------



## FordGT90Concept (Mar 13, 2018)

ssdpro said:


> So AMD wasn't able to discredit the claims after 36 hours of research.  Probably some verified vulnerabilities then as they only take a short time to verify.  Ugly mess how it was released; a serious security company would WANT the mfg to fix the problems not benefit by exposure.  AMD will fix.


Not really.  If all they provided is a white paper, AMD has to author its own tools then they have to run said tools against a variety of hardware.  If the tools indicate some truth to the claims, they have to dig deeper and find out why.  The why indicates whether or not it is something that needs to be fixed or not, and how.  This process will likely take a month.


----------



## EarthDog (Mar 13, 2018)

They provided instructions on how to recreate the issues 'found'.


----------



## Alphadark (Mar 13, 2018)

xkm1948 said:


> Power of Reddit. Entire video footage of their “security firm” is all just green screened. Someone over reddit found all the available stock background this firm used for their video.
> 
> I am not just calling this BS now, this is market manipulation and scam. Shame on tech sites that took it and run with it WITHOUT doing their own homework. GT90 did way more research than the editors here
> 
> View attachment 98286



I'm upgrading to Zen+ after seeing this. Good bye i7, wonder if Intel is behind this or some former crypto miners looking for a quick buck manipulating AMD stocks.


----------



## oxidized (Mar 13, 2018)

Alphadark said:


> I'm upgrading to Zen+ after seeing this. Good bye i7, wonder if Intel is behind this or some former crypto miners looking for a quick buck manipulating AMD stocks.



Intel, and also nvidia, are most definitely behind this man, get rid of your i7, just do it...


----------



## EarthDog (Mar 13, 2018)

I think you are forgetting about the government too... they are watching, and listening, you know...................


----------



## ssdpro (Mar 13, 2018)

EarthDog said:


> They provided instructions on how to recreate the issues 'found'.


Yes.  And google images and stutterstock added those green screen backgrounds 6 hours ago.  Even the discredits are discredited... what a world! 

This just got a mention on CNBC so watch that stock now that someone knows.


----------



## dyonoctis (Mar 13, 2018)

(I know that motherboard isn't exactly a reference, but I'm curious to see how thing are going to evolve from there, dan guido and trail of bits are apparently not on the shady side.)
https://motherboard.vice.com/en_us/...ssor-ryzen-epyc-vulnerabilities-and-backdoors


> " All 13 vulnerabilities are exploitable, according to Dan Guido, the founder of security firm Trail of Bits, whose researchers reviewed the flaws and exploit code before publication last week.
> “Each of them works as described,” Guido told me in a phone call.
> 
> It’s important to note that all these vulnerabilities require hackers to get on the computers and gain administrative privileges some other way first, such as with a phishing attack that tricks the victim into running a malicious application, according to the CTS researchers and Guido.
> ...



So apparently those guys send a detailed document to trails of bits, a week before but choosed to alert AMD just 24h before. (How nice of them).
According to this guy  the flaws are real:


__ https://twitter.com/i/web/status/973628511515750400


----------



## jabbadap (Mar 13, 2018)

FordGT90Concept said:


> The "researchers" jumped the gun.  AMD hasn't even had time yet to reproduce them for verification purposes.
> 
> When Specter and Meltdown went public, it was huge news because despite having six months to work on it, they weren't even close to fixing it.  Even if one of these 13 ends up being legit, it most likely could have been quietly fixed without any fanfare.  In this case, everything the "researchers" did was about maximizing fanfare.  That should concern everyone.  I hope this doesn't become the new norm but it could.



Well I agree it's very very poorly executed if that indeed is genuine security firm. But looking on employees backgrounds, I have hard time to discredit their expertise in security.


----------



## Fouquin (Mar 13, 2018)

dicktracy said:


> The double standard is real. Let's jump the gun and defame the researchers because this is AMD and not Intel. Hell, the AMD defense force has yet to provide actual evidence to discredit each of those findings but somehow someway found a way to link this to Intel. This AMD circlejerk culture, even though it's a vocal minority, has to stop.



The accused does not generally carry the burden of proof.

When Meltdown and Spectre went public there was sample code, a real-time demonstration, step-by-step info on each avenue of attack. Multiple tech giants had it in-hand for months working on a fix before it went live. This report has none of those things and holds little credence in it's vague descriptions, lack of review, and immediate public exposure.


----------



## IceScreamer (Mar 13, 2018)

If this didn't involve such allegations it would be really really funny, almost like an article from The Onion, with the green screened scenes and everything. But this is just lame, a low blow to either smear the company/the new product or for a financial gain through stock trading.

And ffs, the sites name is AMDFlaws.

Also, whether these vulnerabilities are real or not, the tech sites (some at least) have lost a lot of respect in my eyes, posting such news without an in depth research, gotta get them clicks huh.


----------



## cowie (Mar 13, 2018)

IceScreamer said:


> If this didn't involve such allegations it would be really really funny, almost like an article from The Onion, with the green screened scenes and everything. But this is just lame, a low blow to either smear the company/the new product or for a financial gain through stock trading.
> 
> And ffs, the sites name is AMDFlaws.
> 
> *Also, whether these vulnerabilities are real or not, the tech sites (some at least) have lost a lot of respect in my eyes, posting such news without an in depth research, gotta get them clicks huh*.




I feel like that too about any type of unconfirmed rumors at least when you have people or money involved.
to be fair most real sites show dought because of the way it was brought to the table


----------



## R-T-B (Mar 13, 2018)

I hope it's not going to upset w1zzard, but from what limited research I can confirm as a "non-press" member at this time, I'm going to have to side with the users here:

If this is even true, it stinks of an Intel PR stunt.

It's possibly not even true?

What is it doing in the news feed?



IceScreamer said:


> gotta get them clicks huh.



I think everyone is entitled to an honest mistake and/or "jumping the gun" on occasion.  But if this turns out to be false, TPU sure had better follow up with a retraction, I would think.


----------



## IceScreamer (Mar 13, 2018)

cowie said:


> I feel like that too about any type of unconfirmed rumors at least when you have people or money involved.


Yea, I don't know if it's just me but I see a lot of these kind of "news" lately.


R-T-B said:


> I hope it's not going to upset w1zzard, but from what limited research I can confirm as a "non-press" member at this time, I'm going to have to side with the users here:
> 
> If this is even true, it stinks of an Intel PR stunt.
> 
> ...


Of course, I am also partly at fault here, because until all of this clears up we don't really know who is right or who is wrong.


----------



## cowie (Mar 13, 2018)

R-T-B said:


> I hope it's not going to upset w1zzard, but from what limited research I can confirm as a "non-press" member at this time, I'm going to have to side with the users here:
> 
> If this is even true, it stinks of an Intel PR stunt.
> 
> ...



yeah but btarunr is such a news hound and has been for years
you guys haveta know he is crazy for news I think he is like, screw it let god sort it out.
there was no facebook or twitter or even good goggle we had him and wizz


----------



## thesmokingman (Mar 13, 2018)

CrAsHnBuRnXp said:


> Take *THAT *AMD. I dont wanna hear the fanbois anymore.


----------



## moob (Mar 13, 2018)

And yet another article that delves into the sources of these supposed flaws: https://techreport.com/news/33368/s...of-ryzen-epyc-and-amd-chipset-vulnerabilities

Viceroy even says that AMD will have to file for Chapter 11. lol


----------



## ikeke (Mar 13, 2018)

I call a big juicy BS.

https://amdflaws.com/disclaimer.html

_The report and all *statements contained herein are opinions of CTS and are not statements of fact.* To the best of our ability and belief, *all information contained herein* is accurate and reliable, and *has been obtained from public sources* we believe to be accurate and reliable. 

Although we have a good faith belief in our analysis and believe it to be objective and unbiased, *you are advised that we may have*, either directly or indirectly, _*an economic interest in the performance of the securities of the companies whose products are the subject of our reports. *


----------



## Xzibit (Mar 13, 2018)

Not sure if anyone pointed this out yet.



> The AMDFlaws.com domain was registered with GoDaddy on the *22nd of February and ownership of that domain is hidden* by Domains By Proxy, LLC. That again strikes me as odd for a security company to hide the identity of domain ownership.


----------



## medi01 (Mar 13, 2018)

Heck, and one would think people don't swallow bait like this on a techie site.

*"If you infect BIOS you can do baaaaad things"
"If you have admin rights then you can start a program and do baaaad things"
"if you have admin rights you can start a program and read stuff from memory!!!"*

*Are you FREAKING kidding  me?*


----------



## mtcn77 (Mar 13, 2018)

Not naming names when it is Intel... *"Should owners of processors affected by security problems receive compensation?"*

 But when it is AMD? Anybody remember the poll? Should owners of processors affected by security problems receive compensation?


----------



## theGryphon (Mar 13, 2018)

mtcn77 said:


> Not naming names when it is Intel... *"Should owners of processors affected by security problems receive compensation?"*
> 
> But when it is AMD? Anybody remember the poll? Should owners of processors affected by security problems receive compensation?




You're comparing horses and unicorns. Here is a hint: only one of them is real.


----------



## mtcn77 (Mar 13, 2018)

theGryphon said:


> You're comparing horses and unicorns. Here is a hint: only one of them is real.


You must have found inflicting Meltdown cases in AMD processors, then.


----------



## VulkanBros (Mar 13, 2018)

CrAsHnBuRnXp said:


> Take *THAT *AMD. I dont wanna hear the fanbois anymore.



Fast responder....


----------



## CrAsHnBuRnXp (Mar 13, 2018)

An


VulkanBros said:


> Fast responder....


And your insinuation is?


----------



## damric (Mar 13, 2018)

This smells political...and reeks of a Trump-Netanyahu-Intel circle jerk.

First Trump killed the Broadcom merger with Qualcom...who does that benefit? Intel. Who makes Intel chips? Israelis.

Now this weird unknown security company sounds like something concocted overnight by the same fake news exporters that we saw during the 2016 U.S. presidential campaign. Sure, there might be some half-truths, but bottom line is that ordinary good security practices protect you from most of this.


----------



## thesmokingman (Mar 13, 2018)

damric said:


> This smells political...and reeks of a Trump-Netanyahu-Intel circle jerk.
> 
> First Trump killed the Broadcom merger with Qualcom...who does that benefit? Intel. Who makes Intel chips? Israelis.
> 
> Now this weird unknown security company sounds like something concocted overnight by the same fake news exporters that we saw during the 2016 U.S. presidential campaign. Sure, there might be some half-truths, but bottom line is that ordinary good security practices protect you from most of this.



It's a a short seller trying to screw AMD stock price.

https://www.iol.co.za/business-repo...-and-why-do-their-accusations-matter-13010688

For example:

"Astute social-media users have noted that Viceroy Research, a financial-analysis group that reportedly engages in short selling of various companies' securities, appears to have coordinated the release of a report provocatively titled "The Obituary" alongside the CTS Labs whitepaper."

https://techreport.com/news/33368/s...of-ryzen-epyc-and-amd-chipset-vulnerabilities


----------



## xkm1948 (Mar 13, 2018)

damric said:


> This smells political...and reeks of a Trump-Netanyahu-Intel circle jerk.
> 
> First Trump killed the Broadcom merger with Qualcom...who does that benefit? Intel. Who makes Intel chips? Israelis.
> 
> Now this weird unknown security company sounds like something concocted overnight by the same fake news exporters that we saw during the 2016 U.S. presidential campaign. Sure, there might be some half-truths, but bottom line is that ordinary good security practices protect you from most of this.




Come on, even the Russian collusion story found a juicy nothing buger. How the hell can you link this to Trump? Government level smearing operation is way better executed. This one on the other side is very poorly executed


----------



## lexluthermiester (Mar 13, 2018)

CrAsHnBuRnXp said:


> And your insinuation is?


Seems he was implying the use of coincidental irony.

After reading the documentation provided by a few different sources, my $0.02 is this;
1; This not so secret "Secret Processor" nonsense needs to go or be updated to be user configured/disabled as it is a *severe* potential security risk,
2; There is validity to some of the scare of this paper, but not all.
3; Many aspects of these claims require physical access to the hardware and/or serious alteration to the base software(bios/efi), neither of which is practical for remote attack.



damric said:


> This smells political...and reeks of a Trump-Netanyahu-Intel circle jerk.


As unlikely as that is, let's keep the politics out of this and focus on factual information. Conspiracy theory's are not very helpful.


----------



## Jism (Mar 13, 2018)

Great testing, esp. when:

1: system needs adjusted bios
2: user needs to be in administrator mode

It's not as bad as it is for Intel with Spectre and Meltdown.

I could think of an instance, https://www.spamfighter.com/News-21...ussias-Hacking-Group-Fancy-Bear-Suspected.htm

where computers that where ordered at large scale, any vendor is able to inject some sort of adjusted bios into the hardware, and send out to in this case, a goverment which opens door on spying.

But furthermore; you shoud'nt worry much about the flaws in AMD hardware. This is a merely PR message, 24 hours responsetime is very very unreal.


----------



## Easo (Mar 13, 2018)

Everything that can be said, is already said by others. Let's see what AMD will give in full answer.


----------



## lexluthermiester (Mar 13, 2018)

Jism said:


> It's not as bad as it is for Intel with Spectre and Meltdown.


It's too early to claim that. The devil is in the details and those are still being sorted out. Like with Meltdown, the initial reaction is an over-reaction. 


Jism said:


> But furthermore; you shouldn't worry much about the flaws in AMD hardware. This is a merely PR message, 24 hours response time is very very unreal.


Again, it's too early to claim such.


----------



## thesmokingman (Mar 13, 2018)

lexluthermiester said:


> It's too early to claim that. The devil is in the details and those are still being sorted out. Like with Meltdown, the initial reaction is an over-reaction.
> 
> Again, it's too early to claim such.



Seriously, drop the official business act. This is a ruse.


----------



## Jism (Mar 13, 2018)

lexluthermiester said:


> Again, it's too early to claim such.



If i'd had a perfectly working exploit that bypasses, bios level and administrator rights, then i'd be the last one reporting that to AMD, and simply sell it to the highest bidder. Great PR if you've found 13 potential exploits, but the severe of these require a modified bios and administrator rights.

If i'd hack into a server, these exploits would fail me on a user or guest level.


----------



## lexluthermiester (Mar 13, 2018)

thesmokingman said:


> Seriously, drop the official business act.


I think the words you're looking for are objectivity and responsibility.


thesmokingman said:


> This is a ruse.


That's what a lot of people said about Meltdown and Spectre.


Jism said:


> If i'd hack into a server, these exploits would fail me on a user or guest level.


You seem to misunderstand how they work. If you exploited an EPYC based server using the Fallout vulnerabilities, user access authority level would be irrelevant as you could easily bypass restrictions using the "Secret Processor" as a platform to launch an attack on the system in question.


----------



## Jism (Mar 13, 2018)

Yeah but for exploiting you need a server board that already has some sort of rigged bios.


----------



## Joss (Mar 13, 2018)

Even the names and icons were judiciously chosen to give an impression of failure and doom on AMD


----------



## thesmokingman (Mar 13, 2018)

lexluthermiester said:


> I think the words you're looking for are objectivity and responsibility.
> 
> That's what a lot of people said about Meltdown and Spectre.
> 
> You seem to misunderstand how they work. If you exploited an EPYC based server using the Fallout vulnerabilities, user access authority level would be irrelevant as you could easily bypass restrictions using the "Secret Processor" as a platform to launch an attack on the system in question.



rofl


----------



## Vya Domus (Mar 13, 2018)

Ain't that a nice title.

It is quite scary to see just how effective this faux story was on the yet ripe and tender minds of the lovely fanboys.


----------



## lexluthermiester (Mar 13, 2018)

Jism said:


> Yeah but for exploiting you need a server board that already has some sort of rigged bios.


True! That is what makes this as scary as it is difficult. For remote execution your chances of success seem next to impossible, but if you have physical access to the system in question...


damric said:


> I hope I am wrong.


Very likely.


Joss said:


> Even the names and icons were judiciously chosen to give an impression of failure and doom on AMD


Meltdown and Spectre weren't?


Vya Domus said:


> It is quite scary to see just how effective this faux story was on the yet ripe and tender minds of the lovely fanboys.


Come on people, enough with the tin hat crap.


----------



## Aquinus (Mar 13, 2018)

The fact that AMD wasn't contacted by said security company seems fishy to me considering even with Spectre and Meltdown that Google made sure to contact all parties involved to be validate and begin correcting the problem. Going straight to the press does two things. First of all, it gives AMD no time to craft a solution which extends the time that the public knows about it before a solution is in place. It also gives those with malicious intent a one-up on it, if they're real vulnerabilities. For whatever reason, this sounds like an attempt to discredit AMD. The rather childish names of these "issues" also makes me think that they're no real validity to this.

I wouldn't be surprised if this turns out to be fake or simply a vulnerability by having too much access in the first place.


----------



## Vya Domus (Mar 13, 2018)

lexluthermiester said:


> enough with the tin hat crap.



My God , you might just be right. 

Though we need quite a few more good looking dedicated sites (*Insert obnoxious Wix ad*) to spread the word with fancy names and dank memes.

Ain't nothing like that picture of the leaning tower of Pisa.


----------



## windwhirl (Mar 13, 2018)

Jism said:


> Yeah but for exploiting you need a server board that already has some sort of rigged bios.





lexluthermiester said:


> True! That is what makes this as scary as it is difficult. For remote execution your chances of success seem next to impossible, but if you have physical access to the system in question...



I've been considering that maybe you could bypass getting physical access and stolen credentials. What if you could take advantage of a vulnerability in Microsoft IIS or Apache, for example, that gave you admin or SYSTEM level access, and from there go and install the rigged BIOS or whatever you wanted with the OS still in memory? Then you could erase all trace of what you did at OS level and do your evil things without anyone taking notice, once the machine reboots. If the attack has a very specific target and people behind it were skilled enough, then there could be other ways to get in and it could be easier for them to do so.

However, I agree that it would be really hard to pull off successfully without physical access in most cases.


----------



## lexluthermiester (Mar 13, 2018)

windwhirl said:


> What if you could take advantage of a vulnerability in Microsoft IIS or Apache, for example, that gave you admin or SYSTEM level access, and from there go and install the rigged BIOS or whatever you wanted with the OS still in memory?


Oh, that might work. You'd need to both know about such a vulnerability and be sure it hasn't been patched.


----------



## phill (Mar 13, 2018)

It's got to be true, it's on the internet...  I read that somewhere....

As always, lets see what comes of it....


----------



## lexluthermiester (Mar 13, 2018)

Aquinus said:


> The fact that AMD wasn't contacted by said security company seems fishy to me considering even with Spectre and Meltdown that Google made sure to contact all parties


But that's the point, this isn't Google. It's a new no-name company trying to make a name for itself and wow the world with it's "mad skillz". Whether or not the company's motivations are dubious does not change the seriousness of the information provided nor the practical and responsible research that must go into verifying and fixing vulnerabilities.


----------



## ArbitraryAffection (Mar 13, 2018)

Some Anti-AMD stock-manipulation BS. Nothing to see here.


----------



## Vya Domus (Mar 13, 2018)

ArbitraryAffection said:


> Nothing to see here.



There is , actually. Because it failed miserably.


----------



## 1stn00b (Mar 13, 2018)

And to exploit all of this vulnerabilities u just need :

1. Physical access to the PC
2. Flash a BIOS with injected malware
3. Have Admin account on that PC 

SO EZ : >


----------



## Space Lynx (Mar 13, 2018)

Vya Domus said:


> There is , actually. Because it failed miserably.



Wish I could downvote this, and upvote @1stn00b  twice.


----------



## Vya Domus (Mar 13, 2018)

lynx29 said:


> Wish I could downvote this



I am deeply saddened by your remark.


----------



## thesmokingman (Mar 13, 2018)

ArbitraryAffection said:


> Some Anti-AMD stock-manipulation BS. Nothing to see here.



Apparently some are eating this up and giddily.


----------



## windwhirl (Mar 13, 2018)

thesmokingman said:


> Apparently some are eating this up and giddily.



You know, if I didn't care about this potential security problem, and this were a "real-life forum", brick and mortar and all that, I'd totally get me some popcorn and enjoy seeing the fights between AMD-fans, Intel-fans, skeptical people, paranoid people and everyone else. From a safe distance, of course. Maybe set a betting pool too


----------



## wow&wow (Mar 13, 2018)

No address, no land line, 4 persons in Isral set up in 2017 (after Intel's "Meltdown inside" in June), ..., but just a website ($4.95/month) and a mobile number +1-585-233-0321!

"For the attacks to work, an attacker must first obtain administrator access to a targeted network, Guido said."

For the car thief to steal the car, the car thief must first obtain the car key and access to the car, CommonSense said.


----------



## EntropyZ (Mar 13, 2018)

This is so funny. These have little meaning until the exploits can be duplicated plus verified and the vulnerability can be used remotely.

People are making new accounts just to jump in on the fun.

Someone is just mad because AMD is ballin' in desktop/workstation and server. Let the games begin.


----------



## Jism (Mar 13, 2018)

windwhirl said:


> I've been considering that maybe you could bypass getting physical access and stolen credentials. What if you could take advantage of a vulnerability in Microsoft IIS or Apache, for example, that gave you admin or SYSTEM level access, and from there go and install the rigged BIOS or whatever you wanted with the OS still in memory? Then you could erase all trace of what you did at OS level and do your evil things without anyone taking notice, once the machine reboots. If the attack has a very specific target and people behind it were skilled enough, then there could be other ways to get in and it could be easier for them to do so.
> 
> However, I agree that it would be really hard to pull off successfully without physical access in most cases.



It is possible. There are enough servers with outdated configuration and / or software hooked on the net. But for a succesfull bios update you need to restart the system. This will look very odd a server rebooting out of nowhere. Once that happend the payload could be triggered again and you could take over the complete system. Thus with any credentials that might apply on the machine. But this should trigger any admin in the first place, that something is going on.

There are several approaches to a succesfull attack. One of m might simply stick a USB drive into a running server and exploit it's chipset by a handwritten program. Upload your payload and good to go. But even if you 'hack' apache, your still a user, and a user compared to root has different priveledges. None of them as close to flashing a bios lol.


----------



## Vya Domus (Mar 13, 2018)

EntropyZ said:


> This is so funny. These have little meaning until the exploits can be duplicated and verified and the vulnerability can be used remotely.
> 
> People are making new accounts just to jump in on the fun.




More fascinating are the highly technical discussions and debates about said vulnerabilities. The world is full of security experts , no wonder CTS-Labs managed to get their hands on such talents.


----------



## phanbuey (Mar 13, 2018)

1stn00b said:


> And to exploit all of this vulnerabilities u just need :
> 
> 1. Physical access to the PC
> 2. Flash a BIOS with injected malware
> ...



In other news: Home security panels vulnerable to burglars, once they break into the house and befriend the family dog.


----------



## thesmokingman (Mar 14, 2018)

windwhirl said:


> You know, if I didn't care about this potential security problem, and this were a "real-life forum", brick and mortar and all that, I'd totally get me some popcorn and enjoy seeing the fights between AMD-fans, Intel-fans, skeptical people, paranoid people and everyone else. From a safe distance, of course. Maybe set a betting pool too



So you're really concerned right? No BS? Take a guess how many articles based their news on these findings?



> New York-based cyber security firm Trail of Bits told Reuters that it had verified the findings from *CTS, which paid $16,000 for a review of the AMD vulnerabilities.*
> 
> *For the attacks to work, an attacker must first obtain administrator access to a targeted network, Guido said.*



https://www.reuters.com/article/us-...irm-says-it-finds-amd-chip-flaw-idUSKCN1GP273



phanbuey said:


> In other news: Home security panels vulnerable to burglars, once they break into the house and befriend the family dog.



Exactly lol!


----------



## B-Real (Mar 14, 2018)

CrAsHnBuRnXp said:


> Take *THAT *AMD. I dont wanna hear the fanbois anymore.


Before you say anything, have you seen this?






Or have you checked the YT channel comments are disabled? And the domain name amdflaws.com?  Correct company.  Ridiculous really. A sue is on the way for sure. BTW, your next comment made it clear that you are an Intel tard.



trparky said:


> This has the potential to be even worse than Spectre and Meltdown.



Yes, definitely.  LOL



bug said:


> It's so funny seeing AMD aficionados going in defense mode




No need for that, as this is a complete BS. Wake up and you will see.


----------



## thesmokingman (Mar 14, 2018)

^^Hey I recognize those 3 employees now.


----------



## Vya Domus (Mar 14, 2018)

B-Real said:


> Before you say anything, have you seen this?
> 
> 
> 
> ...



Oh come on , don't be so mean. They mean 16 years of experience as in what their brilliant employees have.


----------



## B-Real (Mar 14, 2018)

Vya Domus said:


> Oh come on , don't be so mean. They mean 16 years of experience as in what their brilliant employees have.


Yeppp, just thought that ^^


----------



## CrAsHnBuRnXp (Mar 14, 2018)

B-Real said:


> Before you say anything, have you seen this?


Should I? Im not a researcher


----------



## thesmokingman (Mar 14, 2018)

Vya Domus said:


> Oh come on , don't be so mean. They mean 16 years of experience as in what their brilliant employees have.



They implied their company as an entity, not the combined xp of their staff.


----------



## Divide Overflow (Mar 14, 2018)

I've just heard that if someone had my car keys and access to my car, they could change the memory positions for my driver's seat!  This is an outrage!  Where's the whitepaper on this critical exploit?!


----------



## Dave65 (Mar 14, 2018)

CrAsHnBuRnXp said:


> Take *THAT *AMD. I dont wanna hear the fanbois anymore.



Quite the fanbaby yourself it seems.


----------



## windwhirl (Mar 14, 2018)

Jism said:


> It is possible. There are enough servers with outdated configuration and / or software hooked on the net. But for a succesfull bios update you need to restart the system. This will look very odd a server rebooting out of nowhere. Once that happend the payload could be triggered again and you could take over the complete system. Thus with any credentials that might apply on the machine. But this should trigger any admin in the first place, that something is going on.
> 
> There are several approaches to a succesfull attack. One of m might simply stick a USB drive into a running server and exploit it's chipset by a handwritten program. Upload your payload and good to go. But even if you 'hack' apache, your still a user, and a user compared to root has different priveledges. None of them as close to flashing a bios lol.



Yeah, but two things:
1 - I don't know how server motherboards work, but some desktop ones allow you to update the BIOS/UEFI from within Windows. So, maybe you could do the same on some servers? And would it be mandatory to restart immediately? If not, you could wait until the next scheduled restart, with none the wiser.
2 - Privilege-escalation bugs are common in Windows (every month they fix one of those, at least) and Linux has some too (though I don't know if they are as common as their Windows-counterparts). If patches are not applied, someone could just chain a few exploits together and get in. 

However, such an outcome may be avoided, at least for a short time, if the system is inside a VM.


----------



## thesmokingman (Mar 14, 2018)

CrAsHnBuRnXp said:


> An
> 
> And your insinuation is?



Oh the excruciating irony escapes you!


----------



## B-Real (Mar 14, 2018)

windwhirl said:


> Well, if this turns out to be true, it's gonna be a shitstorm for AMD....


Haha, for what reason? Have it caused anything for Intel except for its shitty communication?



CrAsHnBuRnXp said:


> Should I? Im not a researcher




I'm not a researcher either, but I found it pretty easily. You should have done so, if you were really interested in the news. In fact, you are only an Intelboy.


----------



## thesmokingman (Mar 14, 2018)

windwhirl said:


> Yeah, but two things:
> 1 - I don't know how server motherboards work, but some desktop ones allow you to update the BIOS/UEFI from within Windows. So, maybe you could do the same on some servers? And would it be mandatory to restart immediately? If not, you could wait until the next scheduled restart, with none the wiser.
> 2 - Privilege-escalation bugs are common in Windows (every month they fix one of those, at least) and Linux has some too (though I don't know if they are as common as their Windows-counterparts). If patches are not applied, someone could just chain a few exploits together and get in.
> 
> However, such an outcome may be avoided, at least for a short time, if the system is inside a VM.



Um, maybe you missed it but if you have access to update said bios even in windows, that would mean you already have root/admin... so wtf are you doing? Why even bother with a hack/flaw/bug whatever? Why not get to the business of stealing whatever the eff you are there for?


----------



## AsRock (Mar 14, 2018)

WOW awesome naming, shame one of the others were not called IntelFall.



CrAsHnBuRnXp said:


> Take *THAT *AMD. I dont wanna hear the fanbois anymore.



Well Intel and Arm might be in the same boat so.

And OMG "The researchers "believe that networks that contain AMD" they believe ?.  If this was found on Intel they would dare to say shit yet.


----------



## Vya Domus (Mar 14, 2018)

I wonder if "RYZENFALL" was intended as "Ryze-and-fall". That would have been smart of them.


----------



## windwhirl (Mar 14, 2018)

B-Real said:


> Haha, for what reason? Have it caused anything for Intel except for its shitty communication?



Well, I originally just skimmed over the article. So, I though that for Intel something like this could have had negligible impact (except for the possible lawsuits), but AMD is a bit more vulnerable, because of the much lower market share and the company's more economically complicated situation.
Now, and considering that most of these vulnerabilities need certain uncommon conditions (special privileges and physical access), it doesn't seem to me that it could end up being a shitstorm, though it'd definitely be embarrassing...



thesmokingman said:


> Um, maybe you missed it but if you have access to update said bios even in windows, that would mean you already have root/admin... so wtf are you doing? Why even bother with a hack/flaw/bug whatever? Why not get to the business of stealing whatever the eff you are there for?



Maybe I could be waiting for some specific file to be transferred to the server? Or maybe I could be a creep and monitor all communications in and out?

Look at Equifax, the guys just sat down and held the doors open for themselves for a few months. What if someone did that with the NSA? Valuable data would definitely go through there, and there would be people very interested in getting it, no matter the cost. If that happened to the Pentagon's network... well, that could be really worrisome.


----------



## CrAsHnBuRnXp (Mar 14, 2018)

B-Real said:


> Haha, for what reason? Have it caused anything for Intel except for its shitty communication?
> 
> 
> 
> ...


Not hardly. Im not an "intelboy" i have owned both AMD and Intel. In fact, i got my feet wet with an AMD Athlon XP back in the day. Then a 3200+ after that and an AMD opteron after that.

I go where the performance is. Intel just happens to be that. My original comment in this thread was a stab at the AMD fanboys because of the intel controversy not too long ago and how "amd is so much better" (paraphrasing here) and now we turn around and AMD is on the end of the pitchfork. It's just ironic.

So before you try and call me a fanboy, maybe you should do some research on me before trying to start something.


----------



## Xzibit (Mar 14, 2018)

thesmokingman said:


> ^^Hey I recognize those 3 employees now.



The guy in the middle the co-founder Yaron Luk-Zilberman serves as the *President at NineWells Capital Management*.



> NineWells Capital Management, LLC is a privately owned investment manager. The firm manages hedge funds for its clients. NineWells Capital Management is based in New York, New York



That might explain the AMDFlaws.com being registered to a New York number or more sinister as to why AMD wasn't notified in a timely manner.

Funny side note: at least for me. When you visit their site is says "not secure" in browser.


----------



## CrAsHnBuRnXp (Mar 14, 2018)

Dave65 said:


> Quite the fanbaby yourself it seems.


Read the above post of mine.


----------



## thesmokingman (Mar 14, 2018)

Xzibit said:


> The guy in the middle the co-founder Yaron Luk-Zilberman serves as the *President at NineWells Capital Management*.
> 
> 
> 
> ...



Doh, says a lot doesn't it? Man, I cannot wait until the Feds and SEC get involved in this.


----------



## Basard (Mar 14, 2018)

OMFG MUH FILES!


thesmokingman said:


> Doh, says a lot doesn't it? Man, I cannot wait until the Feds and SEC get involved in this.


They've always been involved.


----------



## B-Real (Mar 14, 2018)

CrAsHnBuRnXp said:


> Not hardly. Im not an "intelboy" i have owned both AMD and Intel. In fact, i got my feet wet with an AMD Athlon XP back in the day. Then a 3200+ after that and an AMD opteron after that.
> 
> I go where the performance is. Intel just happens to be that.




Than you should have owned a Zen before the 8600K, and replace the 8600K for a 2600X or 2700X.


----------



## CrAsHnBuRnXp (Mar 14, 2018)

AsRock said:


> WOW awesome naming, shame one of the others were not called IntelFall.


Wintelfell. Get it? 



B-Real said:


> Than you should have owned a Zen before the 8600K, and replace the 8600K for a 2600X or 2700X.


Im sorry im not made of money and cant upgrade everytime the latest and greatest comes out like some folks can. I have a baby to think about. Guess that sort of logic is lost on the likes of you.

I get what is best for my money at the time of my upgrade. If I can afford to do a full upgrade path to AMD and they are superior, I will.


----------



## B-Real (Mar 14, 2018)

CrAsHnBuRnXp said:


> I get what is best for my money at the time of my upgrade. If I can afford to do a full upgrade path to AMD and they are superior, I will.



After your starting comment  "Take *THAT *AMD. I dont wanna hear the fanbois anymore." I cannot take you serious. Sorry. GN.


----------



## Steevo (Mar 14, 2018)

CrAsHnBuRnXp said:


> Take *THAT *AMD. I dont wanna hear the fanbois anymore.


Yeah, all code that requires physical access, admin rights, and could be prevented by using an operating system, specifically Windows to enact is terrible. 

Also, I hear if you let a user take a hammer to AMD processors, they break... unlike Intel.


----------



## Hood (Mar 14, 2018)

Let me know when they confirm or deny all this - that might actually be interesting.


----------



## Nkd (Mar 14, 2018)

This seems like a total fud campaign by intel. Really? Release all this information without giving the company time to react and call yourself security firm. I have never seen any security company publish anything for long period until they have given the company time to patch anything. So it seems like politics here. lol.


----------



## OneMoar (Mar 14, 2018)

so tldr you need administrator access to use any of these
and one requires a bios flash from windows which is a risky proceedure

what exactly is new about any of this ? none of these are unpatchable with a bios update ....

also are we not gonna touch on the total amature job they did on their website and disclosure practice

I hate amd as much as the next blue blooded intel user but this whole disclosure stinks of SEC fraud and people with a agenda
cts labs didn't even exist a little over a year ago both of there websites are rife with bad engrish and stock photos and where registered in the last year


----------



## Mistral (Mar 14, 2018)

Hood said:


> Let me know when they confirm or deny all this - that might actually be interesting.



So, if any of those exploits are real... you still need admin privileges?

If a malicious actor has already gotten their hands on admin privileges, wouldn't you have bigger problems to worry about?


----------



## Nkd (Mar 14, 2018)

bug said:


> It's so funny seeing AMD aficionados going in defense mode


ROFL have you seen a legit reputable company do this to a manufacturer? Really? Give 24 hours notice, and then make a site called amdflaws.com, imagine google doing this. This seems like intel sponsored smear campaign. I bet you if the link is ever discovered it will backfire big time on Intel. I have not seen a company go out of their way and give little to no notice, publish all this and even make a website to bash the product. You have to be dumb to call anyone fanboy, it just sounds like there is a clear intention to hurt amd sales as fast as they can.



OneMoar said:


> so tldr you need administrator access to use any of these
> and one requires a bios flash from windows which is a risky proceedure
> 
> what exactly is new about any of this ? none of these are unpatchable with a bios update ....
> ...



I agree. Haven't bought an AMD CPU for a decade and this makes me go out and buy one lol. Just because it seems like this is very deliberate and this company even set up a site called amdflaws? rofl.


----------



## OneMoar (Mar 14, 2018)

btw the folks at cts are known to have some pretty big shares  of intel stock .... take that as you will
@btarunr  can we get some corrections here or least a link to... https://wccftech.com/low-down-amd-security-exploit-saga-cts-labs/


----------



## qubit (Mar 14, 2018)

I can't believe it. Seems that everything to do with computers has lots of serious security vulnerabilities in it, from Windows, to apps, to WPA2, routers, IoT and now CPUs of either brand.

Looks like computer security is a chimera.  No wonder the exploits keep coming.

EDIT: Ok, reading some of the comments, it seems that the veracity of this report may be in some doubt. Let's hope it's fake, but I'm not holding my breath.


----------



## R-T-B (Mar 14, 2018)

I mean, assuming these flaws do exist, they should not require physical access, only admin rights...

...but in the meantime, can everyone turn down the fanboy?  It's getting hard to hear.



qubit said:


> I can't believe it.



I can.


----------



## Jism (Mar 14, 2018)

windwhirl said:


> Maybe I could be waiting for some specific file to be transferred to the server? Or maybe I could be a creep and monitor all communications in and out?
> 
> Look at Equifax, the guys just sat down and held the doors open for themselves for a few months. What if someone did that with the NSA? Valuable data would definitely go through there, and there would be people very interested in getting it, no matter the cost. If that happened to the Pentagon's network... well, that could be really worrisome.



This is'nt exactly how servers are being hacked. Let me give you an example. Wordpress for instance. Used over 40% in the complete internet today. Very populair and hugeeee database to plugins, themes and what more. Complete businesses rely on a simple wordpress website. It's know that wordpress needs alot of updates and esp. on security level, since it is a very bad product from design actually.

When it comes down to security, wordpress could have a zero day exploit, or one of the plugins, which hackers could download, analyse and write a script for it in order to break into. It's really hard to run through every line of code since most people rely on the functionality of the plugin or theme and just expect the developper to do his homework. Anyway, so lets say a plugin or theme gets hacked, it's a fairly simple task to 'upload' a file to the server, and execute it remotely.

It's called a shell. Now a shell is just a little script packed with all sorts of stuff to discover the server, configuration and even extra's to drop another payload. It's very populair these days. I've seen company's install wordpress under ROOT level (lol) which is screaming for trouble's. If a server has outdated or unpatched software it's just minutes work to pass through any flaws. But the main question is will the server itself be hackable in this case in order to get ROOT rights and start updating biosses.

If you get root in the first place, you dont need this specific exploit anymore since you can do whatever you want with the server. 

If i'd sell motherboards on Ebay tomorrow with modified biosses, that already poses a security threat since i could program it to make a call to home. I'd know the user, the IP and i could do anything related to it remote, that's what this exploit is basicly about. But if you overwrite the bios with a latest and brand new one, pretty much as good as that the exploit is gone.

They have a point; there's lots you can do with it, but not as critical as Meltdown or Spectre was.


----------



## CrAsHnBuRnXp (Mar 14, 2018)

Steevo said:


> Also, I hear if you let a user take a hammer to AMD processors, they break... unlike Intel.


Nah, it's Intel too. And nvidia


----------



## evernessince (Mar 14, 2018)

From the linked website

" Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports.  Any other organizations named in this website have not confirmed the accuracy or determined the adequacy of its contents."

What exactly does "we may have, either directly or indirectly, an economic interest" mean precisely here?  Did they make this white paper for free or was it commissioned by Intel?

Also I'm going to wait for another group to verify their claims.  They specificly state here that it has only been validated by them.



xkm1948 said:


> Eitherway, TPU probably benefits from the clickbait ~ish title. Who cares if the news is true or not. Dumb average Joe lives on sensationalism. Plus increased traffic and attention benefits both those researchers as well as any tech site that publish these without a serious look into the actual issue. More publicity and sweet sweet ad revenue, yay.
> 
> See this:
> 
> ...



That's the problem though, many people absorb just the title.  I don't think it's in any tech outlet's best interest when the community here can easily see red flags popping up.  This is the reason the whole fake news thing started up, because websites were willing to sacrifice journalistic integrity for clicks.



EarthDog said:


> https://www.anandtech.com/show/1252...lish-ryzen-flaws-gave-amd-24-hours-to-respond



24 hours to respond....  That's completely unacceptable.  Their website comes off as trying to protect the general public but then if you read their disclaimer and that they only gave AMD 24 hours to respond and that they didn't verify their claims with any other group, these are major red flags.  That's not even enough time for AMD to validate their claims.

I did some additional research on these guys and they started in 2017 and are pretty small themselves.


----------



## GoldenX (Mar 14, 2018)

What is important is AMD confirming this and how they respond with their fixes. Intel wanted to drag everyone down with their patches, I hope AMD does better than that.


----------



## evernessince (Mar 14, 2018)

"In light of CTS’s discoveries, the meteoric rise of AMD’s stock price now appears to be totally unjustified and entirely unsustainable. We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries."

-Direct quote from Viceroy research

It seems more and more like a smear campaign....


----------



## lexluthermiester (Mar 14, 2018)

Vya Domus said:


> That would have been smart of them.


Clever, not smart..



evernessince said:


> It seems more and more like a smear campaign....


If so it is failing spectacularly. No one is worried. However, that doesn't change the fact that these are tangible and real problems.


----------



## evernessince (Mar 14, 2018)

ssdpro said:


> Guys, we knew AMD was operating on a shoe string budget during Ryzen development.  This is not surprising.  Even if Intel had a hand in research, that isn't even a crime.   Chevy does ads comparing the bed of the F150 with the Silverado steel vs aluminum.  It would be negligent to just let AMD market their chips one way when the reality is another.  Just analyze it, fix it, and move on.  Ryzen is still a great product even if it needs some patches.



Yes but those claims are put in the context of an ad.  Context is everything here.  In this case these security researchers are posing this as independent findings.

https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs


----------



## Mussels (Mar 14, 2018)

"Fuck"


----------



## qubit (Mar 14, 2018)

OneMoar said:


> btw the folks at cts are known to have some pretty big shares  of intel stock .... take that as you will
> @btarunr  can we get some corrections here or least a link to... https://wccftech.com/low-down-amd-security-exploit-saga-cts-labs/


I've read that Wccftech article now and the "research" company certainly looks shady as fuck. Definitely looks like they're after a quick buck by trashing AMD's reputation and shares.

In short, I wouldn't let this put me off buying AMD's processors. Frankly, I wouldn't be surprised if Intel is behind this somewhere, just really well hidden.


----------



## Mussels (Mar 14, 2018)

After doing some more reasearch into this (reading all the comments here) its definitely being inflated, the risk to home users is low, and the risk to enterprise/business level is at the point where its a specific targeted attack (needs local admin access, possibly hardware access) so while it does need to be corrected, its certainly not a widescale threat to all ryzen users out there


----------



## btarunr (Mar 14, 2018)

OneMoar said:


> btw the folks at cts are known to have some pretty big shares  of intel stock .... take that as you will
> @btarunr  can we get some corrections here or least a link to... https://wccftech.com/low-down-amd-security-exploit-saga-cts-labs/



I've heard from a semi-credible source that a hackathon is underway, let's see what comes out of that. Unfortunately information from that source isn't credible enough to post.

In the meantime, CTS is also reaching out to the press. We've been contacted, they pointed us in the direction of some "third-parties" who could corroborate their claims. We've attempted contact with those third-parties.

I'd be shocked if AMD's counterattack vector isn't in trying to prove that many of these vulnerabilities exist even with Intel processors, and to prevent a short.


----------



## OneMoar (Mar 14, 2018)

semi credible anus whatttttt
go home bta you are drunk


----------



## btarunr (Mar 14, 2018)

OneMoar said:


> semi credible anus whatttttt
> go home bta you are drunk



Fine. I rephrased. Feel better?


----------



## OneMoar (Mar 14, 2018)

btarunr said:


> Fine. I rephrased. Feel better?


too late thats going in my sig/tpumemes folder


----------



## Melvis (Mar 14, 2018)

This came out 18 days to early 

What a load of crap!


----------



## InVasMani (Mar 14, 2018)

Well on the positive side of things if AMD did go to $0's there is no x86 or GPU monopoly to worry about from Intel or Nvidia. We can totally expect tons of innovation out of both.


----------



## Chaitanya (Mar 14, 2018)

Linus Torvalds is also livid about this whole situation even so as to call the press in comments. 
https://plus.google.com/+LinusTorvalds/posts/PeFp4zYWY46


----------



## AsRock (Mar 14, 2018)

CrAsHnBuRnXp said:


> *Wintelfell. Get it?*




Made  me think of the POS WinChip |, not sure if thats what you were getting at. But you most likey will not see some thing like that as they be to worried about being sued.



qubit said:


> I can't believe it. Seems that everything to do with computers has lots of serious security vulnerabilities in it, from Windows, to apps, to WPA2, routers, IoT and now CPUs of either brand.
> 
> Looks like computer security is a chimera.  No wonder the exploits keep coming.
> 
> EDIT: Ok, reading some of the comments, it seems that the veracity of this report may be in some doubt. Let's hope it's fake, but I'm not holding my breath.



Whole reason ii stopped watching the news, and this seems like it's being treated the same kinda way. Until some thing else takes it's place.


----------



## Zyll Goliat (Mar 14, 2018)




----------



## GAR (Mar 14, 2018)

"Israel" Im sure Intel sponsored this research


----------



## jigar2speed (Mar 14, 2018)

ssdpro said:


> Guys, we knew AMD was operating on a shoe string budget during Ryzen development.  This is not surprising.  Even if Intel had a hand in research, that isn't even a crime.   Chevy does ads comparing the bed of the F150 with the Silverado steel vs aluminum.  It would be negligent to just let AMD market their chips one way when the reality is another.  Just analyze it, fix it, and move on.  Ryzen is still a great product even if it needs some patches.



You might want to read the article before posting. This flaws need admin right, with admin right any system is vulnerable.


----------



## erocker (Mar 14, 2018)

It really does seem to be a hit piece on AMD. 

Pretty good video on it:


----------



## W1zzard (Mar 14, 2018)

Added this to the article because a lot of people seem to misunderstand:

Update March 14 7 AM CET: It seems a lot of readers misunderstand the BIOS flashing part. The requirement is not that the user has to manually flash a different BIOS first before becoming vulnerable. The malware itself will modify/flash the BIOS once it is running on the host system with administrative privileges. Also, the signed driver requirement does not require a driver from any specific vendor. The required driver (which is not for an actual hardware device and just provides low-level hardware access) can be easily created by any hacker. Signing the driver, so Windows accepts it, requires a digital signature which is available from various SSL vendors for a few hundred dollars after a fairly standard verification process (requires a company setup with bank account). Alternatively an already existing signed driver from various hardware utilities could be extracted and used for this purpose.


----------



## R-T-B (Mar 14, 2018)

W1zzard said:


> Added this to the article because a lot of people seem to misunderstand:
> 
> Update March 14 7 AM CET: It seems a lot of readers misunderstand the BIOS flashing part. The requirement is not that the user has to manually flash a different BIOS first before becoming vulnerable. The malware itself will modify/flash the BIOS once it is running on the host system with administrative privileges. Also, the signed driver requirement does not require a driver from any specific vendor. The required driver (which is not for an actual hardware device and just provides low-level hardware access) can be easily created by any hacker. Signing the driver, so Windows accepts it, requires a digital signature which is available from various SSL vendors for a few hundred dollars after a fairly standard verification process (requires a company setup with bank account). Alternatively an already existing signed driver from various hardware utilities could be extracted and used for this purpose.



People underestimate how many people capable of doing this are out there, as well.


----------



## ShurikN (Mar 14, 2018)

The BIOS mod with the 1337 really is a selling point.
Who made this whitepaper, 12 year olds...


----------



## InVasMani (Mar 14, 2018)

It makes me think that Microsoft should just patch the OS itself to prevent all .bios files from being flashed w/o 2-step authentication first to safe guard against these malicious attacks. Something that important should be better guarded against for these kinds of exploits.


----------



## W1zzard (Mar 14, 2018)

InVasMani said:


> It makes me think that Microsoft should just patch the OS itself to prevent all .bios files from being flashed w/o 2-step authentication first to safe guard against these malicious attacks. Something that important should be better guarded against for these kinds of exploits.


Can't be done, unless they completely forbid device drivers and manually approve every single one. This will turn Windows into iOS


----------



## laszlo (Mar 14, 2018)

and admin rights user don't need vulnerabilities to achieve his agenda/rampage


----------



## R-T-B (Mar 14, 2018)

laszlo said:


> and admin rights user don't need vulnerabilities to achieve his agenda/rampage



They do to survive a detection/reinstall.


----------



## Vya Domus (Mar 14, 2018)

GAR said:


> "Israel" Im sure Intel sponsored this research



I am usually pretty skeptical about this sort of thing , but this one is buried in so many unusual coincidences and questionable doings it almost looks like it was meant from the get go to look shady as fuck.


----------



## laszlo (Mar 14, 2018)

R-T-B said:


> They do to survive a detection/reinstall.



don't see where is the need of survive; as admin you can do whatever you want even reinstall when you want and what you want...


----------



## R-T-B (Mar 14, 2018)

laszlo said:


> don't see where is the need of survive; as admin you can do whatever you want even reinstall when you want and what you want...



Until someone hops on locally and wipes out all your hard work.

This can survive that...  if it's real, anyhow.


----------



## silentbogo (Mar 14, 2018)

Well, that's beyond fishy... Even without looking at company's background I can tell that this is a load of bullshit just by paying attention to wording in their whitepaper.


> We did not attempt to produce exploits for Ryzen Pro and Ryzen Mobile, although we have seen the vulnerabilities in the code. We also did not attempt to produce exploits for MASTERKEY-3.


The others are also quite vague and always imply plausibility, and not a proof (e.g. "if you get access to Fenced RAM, then you are in trouble").

So, basically it's like my occasional rants about PSP and ME, but with better presentation and many-many words.

Also, what I find strange, is that with all of my google-fu skills  I cannot find shit about ASM1042 or 1142 vulnerabilities these dudes mention. The only thing I could find is a forced firmware update through upstream port on ASM1074(USB3.0 hub), ASM1053(USB to SATA bridge) ,which is basically a feature, but could be used as an attack vector on the device side. And nothing related to DMA attacks (except for some Thunderbolt stuff from Blackhat 2013, which is not even a hack but still interesting).

P.S>  I'm still worried about potential vulnerabilities in ME and PSP, but I'm definitely not worried about these four "totally not made-up, pinkie swear" vulns.


----------



## john_ (Mar 14, 2018)

lexluthermiester said:


> Meltdown and Spectre weren't?


There is a clear difference between "Meltdown" and, for example, "Intelfail".


----------



## W1zzard (Mar 14, 2018)

laszlo said:


> don't see where is the need of survive; as admin you can do whatever you want even reinstall when you want and what you want...


How do you plan on removing the virus in your BIOS that you don't know about, that your antivirus can not find, that has enabled BIOS write protection since it became active?
Buy a new computer, sell old computer on eBay

Oh your name contains "bank" ? Here let me sell you these awesome computers with great motherboards.

Edit: I just realized I should get into the business of selling crypto-equipment


----------



## ikeke (Mar 14, 2018)

W1zzard said:


> How do you plan on removing the virus in your BIOS that you don't know about, that your antivirus can not find, that has enabled BIOS write protection since it became active?
> Buy a new computer, sell old computer on eBay
> 
> Oh your name contains "bank" ? Here let me sell you these awesome computers with great motherboards.
> ...



If someone with elevated admin access can craft a modified BIOS or has access to signed drivers that they, again with elevated admin access, can deploy to your system - then you are way too f***ed anyway.

..and to add that having a virus/backdoor/keylogger in the system *is the least of your worries* if theres a bad actor with this level of access to your environment.


----------



## las (Mar 14, 2018)

Intel paid for this - Just before Ryzen refresh. What a coincidence...


----------



## W1zzard (Mar 14, 2018)

ikeke said:


> If someone with elevated admin access can craft a modified BIOS or has access to signed drivers that they, again with elevated admin access, can deploy to your system - then you are way too f***ed anyway.
> 
> ..and to add that having a virus/backdoor/keylogger in the system *is the least of your worries* if theres a bad actor with this level of access to your environment.


You have never run GPU-Z ? It starts with admin privileges and comes with a signed driver


----------



## laszlo (Mar 14, 2018)

W1zzard said:


> How do you plan on removing the virus in your BIOS that you don't know about, that your antivirus can not find, that has enabled BIOS write protection?
> Buy a new computer, sell old computer on eBay
> 
> Oh your name contains "bank" ? Here let me sell you these awesome computers with great motherboards.
> ...



i understand your point; one solution would be to have bios update directly from manufacturer server; basically deny the admin the right to manually do it without a connection to bios server from where is flashed

now question is can bios be hacked at manufacturer ?  unfortunately the answer is yes as we already had situation when new hardware had hacked bios...

we already know that every hardware is susceptible to intrusion at bios level having the needed means and authorization so we'll be never safe ...


----------



## W1zzard (Mar 14, 2018)

laszlo said:


> now question is can bios be hacked at manufacturer ?



Actually the more realistic attack vector is that someone performs a man in the middle attack (malware on your PC, your router, ISP, upstream ISP of mobo vendor) to swap out the BIOS.


----------



## delshay (Mar 14, 2018)

If a BIOS is re-written, I do believe it resets back to default basic settings. It seems I will keep an eye on this if my computer somehow defaults back for no reason. Please correct me if I am wrong here.


----------



## INSTG8R (Mar 14, 2018)

I’ll be sure to leave my front door unlocked so the “hackers” can have a go with these flaws...


----------



## bug (Mar 14, 2018)

delshay said:


> If a BIOS is re-written, I do believe it resets back to default basic settings. It seems I will keep an eye on this if my computer somehow defaults back for no reason. Please correct me if I am wrong here.


It does. I believe the target here is the uninformed user who both runs everything at default settings and couldn't tell their systems were reset to defaults if their life depended on it.


----------



## jabbadap (Mar 14, 2018)

bug said:


> It does. I believe the target here is the uninformed user who both runs everything at default settings and couldn't tell their systems were reset to defaults if their life depended on it.



Afaik it does not have to revert to default settings. Maker of malicious code might wanted to modify bios settings to i.e. grant remote access.


----------



## Veradun (Mar 14, 2018)

qubit said:


> EDIT: Ok, reading some of the comments, it seems that the veracity of this report may be in some doubt. Let's hope it's fake, but I'm not holding my breath.



It's very likely not fake. The point is it is super-obvious that once you give root access to anyone you are fucked <insert Nicolas Cage meme here>



W1zzard said:


> How do you plan on removing the virus in your BIOS that you don't know about, that your antivirus can not find, that has enabled BIOS write protection since it became active?
> Buy a new computer, sell old computer on eBay



So you think people in the industry randomly reinstall operating systems for the sake of it without knowing there is a virus/whatever? The point is you are already fucked when they get root access, no matter what else comes later. If you instead know there is a problem, well, you solve it, no matter what the vulnerability is (i.e. reflash with legit BIOS).

If someone in the manufacturing industry wants to craft a keylogging bios they can do that with or without a "flaw" that enables root users to flash bioses.

The whole thing is laughable and I just registered to this forum to laugh together


----------



## W1zzard (Mar 14, 2018)

Veradun said:


> So you think people in the industry randomly reinstall operating systems for the sake of it without knowing there is a virus/whatever?


That's exactly what happens at server hosting companies?


----------



## Veradun (Mar 14, 2018)

W1zzard said:


> That's exactly what happens at server hosting companies?



So this method lets you get to bios flashing from a windows host on an hypervisor?


----------



## W1zzard (Mar 14, 2018)

Veradun said:


> So this method lets you get to bios flashing from a windows host on an hypervisor?


Lots of people are renting full servers, not just virtual machines. Yes I can flash the BIOS of our webservers


----------



## qubit (Mar 14, 2018)

Veradun said:


> It's very likely not fake. The point is it is super-obvious that once you give root access to anyone you are fucked <insert Nicolas Cage meme here>


After reading more about it, it's clear that this is clearly a smear campaign against AMD. Of course there's some truth to it, but it's obviously been designed to try and damage AMD. So underhand and in my opinion, I believe Intel is behind it, since AMD are giving them a good kicking now in sales and market share.


----------



## laszlo (Mar 14, 2018)

W1zzard said:


> Yes I can flash the BIOS of our webservers



this is the main problem ; admin can do whatever they want without a superadmin to check; of course if superadmin is human we're back at the beginning..


----------



## Veradun (Mar 14, 2018)

W1zzard said:


> Lots of people are renting full servers, not just virtual machines. Yes I can flash the BIOS of our webservers



We are at the beginning:

- you don't want to exploit your own windows server
- if you gift someone with root access you can't blame Intel/AMD/whatever since the flaw is in your policies

Besides people renting full servers usually don't randomly reinstall OSes. They do if they have a BIG problem, and only after investigation on what the problem has been (i.e. a breach that gave someone root access) and what as been done since then.


----------



## Caelestis (Mar 14, 2018)




----------



## delshay (Mar 14, 2018)

jabbadap said:


> Afaik it does not have to revert to default settings. Maker of malicious code might wanted to modify bios settings to i.e. grant remote access.



Then how about I set my own overclocking BIOS, then lock the BIOS chip. Any changes I want to do, I will have to insert a new BIOS chip. I can live with this.

Now nobody can write to it.


----------



## EarthDog (Mar 14, 2018)

qubit said:


> since AMD are giving them a good kicking now in sales and *market share*.


No. Not close actually...articles just came out saying so...

http://www.tomshardware.com/news/amd-cpu-gpu-market-share,36592.html


----------



## bug (Mar 14, 2018)

I'm know I'm talking to myself here, but would it be possible we wait until somebody looks into these further, before we decide how much of an impact they have under various circumstances?

I mean, ok, it's rather suspicious how these were discovered and announced, but the crux of the matter is if they're real and if yes, who and how should guard against these. Everything else is just noise.


----------



## EarthDog (Mar 14, 2018)

bug said:


> I'm know I'm talking to myself here, but would it be possible we wait until somebody looks into these further, before we decide how much of an impact they have under various circumstances?
> 
> I mean, ok, it's rather suspicious how these were discovered and announced, but the crux of the matter is if they're real and if yes, who and how should guard against these. Everything else is just noise.


And there is a shit ton of noise here... so many experts, so little knowledge.


----------



## qubit (Mar 14, 2018)

EarthDog said:


> No. Not close actually...articles just came out saying so...
> 
> http://www.tomshardware.com/news/amd-cpu-gpu-market-share,36592.html


It's getting on for it, especially with Ryzen 2, that's my point. Clearly Intel feels under threat from this and therefore may have orchestrated this smear campaign against AMD.


----------



## Jism (Mar 14, 2018)

qubit said:


> It's getting on for it, especially with Ryzen 2, that's my point. Clearly Intel feels under threat from this and therefore may have orchestrated this smear campaign against AMD.



I call this bullshit. Intels owns 90% of the market, if not 85%, worldwide. They dont need to.

There are very much start-ups all over the world looking for PR / Branding. Attacking AMD on CPU Security flaws is one of them.

Country israel poops out geniuses once in a while, remember the company who was able to hack a iphone where FBI failed?


----------



## EarthDog (Mar 14, 2018)

qubit said:


> It's getting on for it, especially with Ryzen 2, that's my point. Clearly Intel feels under threat from this and therefore may have orchestrated this smear campaign against AMD.


If that is what you meant, consider actually writing that next time instead. 

I really doubt Intel has anything to do with this... they wouldn't orchestrate such a debacle of a smear campaign is my reasoning. It stinks soooooooo bad there is no way they can be behind this. I could be wrong, but, I simply don't imagine Intel to be this sloppy trying to smear AMD... no way. Now, I believe Intel would smear AMD, I am not saying otherwise, but the way this happened doesn't scream multi-billion dollar corporation smear campaign with how it all transpired. 

I fully believe these problems exist. I fully believe the severity of these are blown out of proportion and the notification process by CTS was abhorrent. Anything else is just lemming adding fuel to the fire, one post and jump off the cliff at a time.


----------



## bug (Mar 14, 2018)

qubit said:


> It's getting on for it, especially with Ryzen 2, that's my point. Clearly Intel feels under threat from this and therefore may have orchestrated this smear campaign against AMD.


So at some point you've decided the flaws aren't real and it's all a smearing campaign. Neat.


----------



## EarthDog (Mar 14, 2018)

No.. he believes some of it. 



qubit said:


> Of course there's some truth to it, but it's obviously been designed to try and damage AMD.


----------



## qubit (Mar 14, 2018)

bug said:


> So at some point you've decided the flaws aren't real and it's all a smearing campaign. Neat.


No, I didn't say that. Have you actually read the articles and seen the videos surrounding this or do you just like spouting off?
@EarthDog you really should know better than to join in.
@Jism No, you're talking bullshit. AMD is doing remarkably better and has become a competitive threat to them, so even with a market share ratio of 85-90% they are still gonna feel threatened.


----------



## bug (Mar 14, 2018)

qubit said:


> It's getting on for it, especially with Ryzen 2, that's my point. Clearly Intel feels under threat from this and therefore may have orchestrated *this smear campaign against AMD*.





bug said:


> So at some point *you've decided* the flaws aren't real and *it's all a smearing campaign*. Neat.





qubit said:


> *No, I didn't say that.* Have you actually read the articles and seen the videos surrounding this or do you just like spouting off?


----------



## Jism (Mar 14, 2018)

qubit said:


> No, I didn't say that. Have you actually read the articles and seen the videos surrounding this or do you just like spouting off?
> @EarthDog you really should know better than to join in.
> @Jism No, you're talking bullshit. AMD is doing remarkably better and has become a competitive threat to them, so even with a market share ratio of 85-90% they are still gonna feel threatened.



Oh so it's automaticly intel by your standards and without any confirmation?


----------



## EarthDog (Mar 14, 2018)

Know better than to join in............WTH are you talking about @qubit ? I just asked that you type what you mean man. If you are talking about bug, I supported you and quoted you believed "some of it" was true. Get your head on straight man!

I simply disagree that intel had a part in this due to the terrible terrible execution of these findings. I could be wrong though!!! But so far, after all the digging, its just forum lemmings jumping on this bandwagon for the most part... that and sensationalist headlines. You don't see any publication worth a salt actually believing intel had anything to do with this..


----------



## Xuper (Mar 14, 2018)

one of guy explained this : 



			
				mtrai said:
			
		

> Let me address the bios flashing...you just can't do it.
> 
> 
> I know for a fact flashing any type of modded bios on the Ryzen motherboards is not an easy feat and requires a UEFI boot disk with powershell and a ton of switches plus 2 different flashing programs one written for just this purpose over at overclock net. Also the USB stick has to be created a certain way via UEFI boot for any of this to work.
> ...



*One Asked :*



			
				weareanomalous said:
			
		

> > On motherboards where re-flashing is not possible because it has been blocked, or because BIOS updates must be encapsulated and digitally signed by an OEM-specific digital signature, we suspect an attacker could occasionally still succeed in re-flashing the BIOS. This could be done by first exploiting RYZENFALL or FALLOUT and breaking into System Management Mode (SMM). SMM privileges could then be used to write to system flash, assuming the latter has not been permanently write-locked.
> 
> 
> 
> ...



*then he replied :*



			
				mtrai said:
			
		

> Can't do it on the Ryzen family without all those steps I outlined. Yeah flashback would work on earlier AMD and Intel motherboards and bypass the security checks but not on Ryzen.
> 
> So in order to accomplished this you need to be physically at the system to flash it.
> 
> ...





> You would have to mod the bios to inject any of this.  Once you mod the bios you will not be able to flash ryzen via windows flash, bio flash tool or even in dos.
> 
> You would need the .cap and do the first line with a UEFI USB boot stick and then second step with the .rom file in order to get any modded bios onto a Ryzen series motherboard.  I am not even sure we could actually injust new code into the bios...the only bios mods on ryzen has been just flipping existing switches from hidden to show.  All the important ones are in the CBS which that in and of itself takes many steps.  And I am pretty sure we cannot change anything in the PSP chip only AMD has that ability so that nullifies the other exploits.
> 
> The way you describe and more as I said is possible on AMD 990FX and Intel platforms but not any Ryzen Series.  AMD locked this down already.  So yes for this new AMD exploit you will have to be physically at the computer and have the know how.



*another  Asked :*



			
				exscape said:
			
		

> They bring this up in the "paper" though:
> 
> 
> > On motherboards where re-flashing is not possible because it has been blocked, or because BIOS updates must be encapsulated and digitally signed by an OEM-specific digital signature, we suspect an attacker could occasionally still succeed in re-flashing the BIOS. This could be done by first exploiting RYZENFALL or FALLOUT and breaking into System Management Mode (SMM). SMM privileges could then be used to write to system flash, assuming the latter has not been permanently write-locked.​
> ...





			
				mtrai said:
			
		

> For ryzen...once you modify the bios .cap you cannot flash it without going though the steps I outlined.  For previous (990FX and Intel) you can do it through other methods.
> 
> The switches and steps are mandatory on the Ryzen family platform.  There is no other way at this time...you have to start with a .cap file flash and then flash with .rom using all the switches.  The .rom will be the modified and there are still some security checks that goes on hence why you have to do the first flash with the .cap with all the switches to make it work.
> 
> ...




Source : 




__
		https://www.reddit.com/r/Amd/comments/845w8e/_/dvmzymy


If you want do flashing modded bios on Ryzen  , atm It's impossible to do it inside Windows


----------



## CrAsHnBuRnXp (Mar 14, 2018)

AsRock said:


> Made me think of the POS WinChip |, not sure if thats what you were getting at.


Was actually making a Game of Thrones reference on Winterfell.


----------



## mcraygsx (Mar 14, 2018)

This story was published with no concrete background evidence and CTS LAB a company that just appeared out of no where back in 2017. This all seems like a targeted campaign just when AMD is gaining ground in CPU market. Besides you need Admin access to the system itself, with that kind of access any system is vulnerable.


----------



## wiyosaya (Mar 14, 2018)

It will be interesting to see how this turns out. Point of note: Intel is threatened by AMD's recent advances; however, if these turn out to be as BS as they smell right now, Intel should beware gamers with pitchforks.


----------



## Hood (Mar 14, 2018)

"So, if any of those exploits are real... you still need admin privileges?

If a malicious actor has already gotten their hands on admin privileges, wouldn't you have bigger problems to worry about?"
The problem would be that you might not even know you've been compromised, since these exploits are (supposedly) undetectable by any current antivirus software.  Even if you suspected that someone had accessed your machine, a scan would show no problems.  Of course, that may change soon, as more becomes known.


----------



## T4C Fantasy (Mar 14, 2018)

they had this website built, videos made, diagrams made and charts with whitepapers made in 48 hours? i think they set up amd to tell them then 24hours later they slam the media on them.... 100% a setup


----------



## lexluthermiester (Mar 14, 2018)

delshay said:


> If a BIOS is re-written, I do believe it resets back to default basic settings. It seems I will keep an eye on this if my computer somehow defaults back for no reason. Please correct me if I am wrong here.


That doesn't always happen as it is triggered by a flag in the update process. If that flag is not set, the settings are not reset to defaults.



W1zzard said:


> Lots of people are renting full servers, not just virtual machines. Yes I can flash the BIOS of our webservers


Holy crap! You'd think something like that would be locked down..


----------



## EarthDog (Mar 14, 2018)

lexluthermiester said:


> Holy crap! You'd think something like that would be locked down..


That depends, but generally it isn't when you have an entire box to yourself.


----------



## lexluthermiester (Mar 14, 2018)

EarthDog said:


> That depends, but generally it isn't when you have an entire box to yourself.


Ok, good point. So TPU has it's own servers now? Most sites are hosted.


----------



## EarthDog (Mar 14, 2018)

And when I say 'have' I mean, rent an entire server for yourself. 

No clue about TPU.


----------



## ikeke (Mar 14, 2018)

W1zzard said:


> You have never run GPU-Z ? It starts with admin privileges and comes with a signed driver



No, not in production environment. Not on anything remotely important enough.

If this issue/attack vector is possible only via Windows OS and elevated administrator privileges are required AND the BIOS flash requires signed UEFI package then for all i can find currently you'd be screwed without any exploit. The user who has such access and tools available to them can take anything in the system without your knowledge. Full system access required to exploit? LOL


----------



## BiggieShady (Mar 14, 2018)

Those guys at CTS Labs are adware developers: 



http://imgur.com/a/2cV3k

 ^^ CTS-Labs turns out to be the company that produced the CrowdCores Adware ^^


----------



## lexluthermiester (Mar 14, 2018)

BiggieShady said:


> Those guys at CTS Labs are adware developers:
> 
> 
> 
> ...


If true, it would give them a bit of credibility as they obviously know how to take advantage of vulnerabilities. Who better to find vulnerabilities than actual hackers/crackers?


----------



## BiggieShady (Mar 14, 2018)

lexluthermiester said:


> If true, it would give them a bit of credibility as they obviously know how to take advantage of vulnerabilities. Who better to find vulnerabilities than actual hackers/crackers?


Adware are mostly browser toolbars/plugins that install silently with the utility you previously trusted but the company got bought 


EarthDog said:


> No clue about TPU.


There's your clue: https://www.techpowerup.com/forums/...cture-including-backdoors.242328/post-3812761


----------



## W1zzard (Mar 14, 2018)

lexluthermiester said:


> Ok, good point. So TPU has it's own servers now? Most sites are hosted.


We've had our own (rented) servers for at least a decade now, at various hosting companies. If you are curious and want to know more, open a new thread or send me a pm.


----------



## mtcn77 (Mar 14, 2018)

W1zzard said:


> Can't be done, unless they completely forbid device drivers and manually approve every single one. This will turn Windows into iOS


I'm on W7 for this reason, no need for permanent test mode.


----------



## mcraygsx (Mar 14, 2018)

W1zzard said:


> We've had our own (rented) servers for at least a decade now, at various hosting companies. If you are curious and want to know more, open a new thread or send me a pm.



W1zzard, what is your take on credibility of CTS Labs?


----------



## Nihilus (Mar 14, 2018)

Wow TPU seems to be the bottom of the barrel for tech sites.  Other sites like gamersnexus and techspot have already revealed all of the BS or at least suspect nature of this.  You guys would rather keep the click bait.

Wizard, butnr - do some dame journalism!


----------



## bug (Mar 14, 2018)

mcraygsx said:


> W1zzard, what is your take on credibility of CTS Labs?


They don't have any. They're a newly established group that handled this terribly.
Their credibility, however, is of little importance.


----------



## lexluthermiester (Mar 15, 2018)

mcraygsx said:


> W1zzard, what is your take on credibility of CTS Labs?


Based on what he's said already, my guess is that he is likely dubious of the company itself but takes the vulnerabilities seriously, which is wise. That happens to be my position as well. CTS may be shady as hell, but the threats must be taken seriously until either proven invalid or verified and fixed.


----------



## EarthDog (Mar 15, 2018)

https://twitter.com/gadievron?ref_src=twsrc^google|twcamp^serp|twgr^author


----------



## GoldenX (Mar 15, 2018)

lexluthermiester said:


> Based on what he's said already, my guess is that he is likely dubious of the company itself but takes the vulnerabilities seriously, which is wise. That happens to be my position as well. CTS may be shady as hell, but the threats must be taken seriously until either proven invalid or verified and fixed.



Same here, but if this is proved to be by Intel's hand... Man they would be the lowest. "Performance over price and any kind of integrity!"


----------



## lexluthermiester (Mar 15, 2018)

GoldenX said:


> Same here, but if this is proved to be by Intel's hand... Man they would be the lowest. "Performance over price and any kind of integrity!"


I'm not buying that. Even if true, should the vulnerabilities be real, they're real and need to be addressed regardless of the motives and methods of discovery.


----------



## GoldenX (Mar 15, 2018)

Yeah, I want a fast response from AMD, backstab or not, they have to fix this, or confirm that it's a fraud, whatever the truth may be.


----------



## badtaylorx (Mar 15, 2018)

This absolutely REEKS like a group of Intel insiders that hatched a plan to short AMD shares after the big "meltdown/spectre" scare last June.   

Geeks don't always make the best criminals though....


----------



## arterius2 (Mar 15, 2018)

Why do these exploits have such kickass names?


----------



## techy1 (Mar 15, 2018)

sadly, but we live in "alternative facts" age where PObox companies (that did not exist few months ago) with shutter stock photo/video backgrounds can make such a noise in a split second and weather that PObox company will exists after few weeks or not - that does not matter -  damage (to multibillion company) will be done for next few Quartals to come.


----------



## delshay (Mar 15, 2018)

lexluthermiester said:


> That doesn't always happen as it is triggered by a flag in the update process. If that flag is not set, the settings are not reset to defaults.
> 
> 
> Holy crap! You'd think something like that would be locked down..



I will be looking at PDF documentation W/P pin of a BIOS chip to see if I can do anything in hardware, locking my BIOS chip in either software or hardware.


----------



## 1stn00b (Mar 15, 2018)

So this "vulnerabilities" are like using admin account to install web applications into Intel firmware with MeshCommander https://software.intel.com/en-us/blogs/2017/07/11/meshcommander-firmware-web-application


----------



## SRB151 (Mar 15, 2018)

lexluthermiester said:


> This is specific to AMD Ryzen CPU's. No other CPU's are affected.



Actually, that is not known.   Intel uses asmedia chips as well, and CTS never bothered to test this on any other processors.


----------



## W1zzard (Mar 15, 2018)

SRB151 said:


> Actually, that is not known.   Intel uses asmedia chips as well.


Good point.


----------



## Aderbas (Mar 15, 2018)

My impression or techpowerup still believes this news as true?


----------



## EarthDog (Mar 15, 2018)

CVEs should be released about them in the coming days. Additional 3rd party validation (we have one sketchy source and one that for now seems legit) we should see perhaps Friday or Monday as they have said it took 3rd party 4-5 days to validate their findings.


----------



## Rauelius (Mar 15, 2018)

You all understand this is likely fake and possible stock manipulation? CTS Labs themselves state they may have a financial interest in these results.


----------



## EarthDog (Mar 15, 2018)

Loving the people that joined the conversation hundreds of posts in like we haven't discussed that possibility ad nauseam in the past two days, LOL!


----------



## bug (Mar 15, 2018)

Rauelius said:


> You all understand this is likely fake and possible stock manipulation? CTS Labs themselves state they may have a financial interest in these results.


If the news was about a possible vulnerability at VISA what would you do till VISA either confirms or denies it? Would you  say "hey, this is likely fake, trying to make VISA look bad" or would you keep an eye on your transactions, just in case?
In any case, at this point I'd say this is likely _not_ fake since, as poorly as this has been handled, CTS Labs say they have proof of concept attacks and they've submitted them for review.


----------



## Casecutter (Mar 15, 2018)

Would be good to have a Poll on this... or did I miss that?


----------



## bug (Mar 15, 2018)

Casecutter said:


> Would be good to have a Poll on this... or did I miss that?


Poll on what? Do we now decide whether a CVE is warranted by taking polls on TPU?


----------



## Casecutter (Mar 15, 2018)

Oh IDK... like is this a proper business practice from a company that intends to be about "protecting the world from vulnerabilities".

I just say if they creditably want to protect me/you they would offer any company a judicious amount of time to both confirm and reply to such accusation. And, I'm not saying 90 days, more like 7 full working days, before making it public, and then provide the opportunity to interact in a relationship that plugs the holes, all while perhaps consigns that company some form of reimbursement for their work in helping.

This remind me of the one thing that nationality fears more than anything... being labeled a "Freier".  In this case they appear to be..., or they tried to ransom AMD and the response was we are not working with extortionists.

In this way they did a bunch of work and aren't recouping anything, at least that we're privy too!


----------



## mtcn77 (Mar 15, 2018)

bug said:


> Poll on what? Do we now decide whether a CVE is warranted by taking polls on TPU?


We had one before, but there wasn't any naming names. This one, however, should be more conspicuous about the offender of the obvious fandom.


----------



## bug (Mar 15, 2018)

Casecutter said:


> Oh IDK... like is this a proper business practice from a company that intends to be about "protecting the world from vulnerabilities".
> 
> I just say if they creditably want to protect me/you they would offer any company a judicious amount of time to both confirm and reply to such accusation. And, I'm not saying 90 days, more like 7 full working days, before making it public, and then provide the opportunity to interact in a relationship that plugs the holes, all while perhaps consigns that company some form of reimbursement for their work in helping.
> 
> ...


Ah, so of all this thread your beef is with the whistleblower. I get it now.


----------



## John Naylor (Mar 16, 2018)

Im still waiting to see a "aww... look at what happened to this guy" story from any of these "major defects"


----------



## FordGT90Concept (Mar 16, 2018)

I just wanted to say that I'm glad TechPowerUp is doing editorial updates to an article.  I'd like to see improvements in terms of making it clear what changed in each update though.  It looks like, in its present state, only one update is clearly marked at the bottom.


----------



## dorsetknob (Mar 16, 2018)

Spoiler:    Low Quality Post      






Mussels said:


> "Fuck"


----------



## W1zzard (Mar 16, 2018)

FordGT90Concept said:


> I just wanted to say that I'm glad TechPowerUp is doing editorial updates to an article.  I'd like to see improvements in terms of making it clear what changed in each update though.  It looks like, in its present state, only one update is clearly marked at the bottom.


Just added two links to follow up stories and bumped the update number.


----------



## bug (Mar 16, 2018)

John Naylor said:


> Im still waiting to see a "aww... look at what happened to this guy" story from any of these "major defects"


Same thing that happened because of Spectre and Meltdown, I guess.

Seriously speaking though these aren't about what happens to this or that guy. These are more about ways to breach into servers and other stuff that has a good chance of going unnoticed. Think someone managing to escape their VM on a rented server and reading others' data.
These aren't the kind of vulnerabilities your next door script kiddie will abuse at will.

@W1zzard If you would properly prefix each update with "Update 1", "Update 2" and so on, that would be dreamy.


----------



## W1zzard (Mar 16, 2018)

bug said:


> If you would properly prefix each update with "Update 1", "Update 2" and so on, that would be dreamy.


The first updates were in-text changes and in short succession, so difficult to prefix those. Will try to handle this better in the future.


----------



## i7Baby (Mar 16, 2018)

Gamers Nexus showed this to be a lot of BS. A paid by Intel article?


----------



## ikeke (Mar 16, 2018)

According to AT call with CTS labs the exploits also require bare metal install of the OS (and OS has to be Windows?).

https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs


----------



## bug (Mar 16, 2018)

ikeke said:


> According to AT call with CTS labs the exploits also require bare metal install of the OS (and OS has to be Windows?).
> 
> https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs


A hardware flaw that needs a specific OS to exploit seems uber-suspicious.

Edit: Then again, seeing how mobo makers implement UEFI just so that it works on Windows, maybe not?


----------



## HTC (Mar 16, 2018)

ikeke said:


> According to AT call with CTS labs the exploits also require bare metal install of the OS (and OS has to be Windows?).
> 
> https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs



Then it turns out i was more on point then i thought:



HTC said:


> Agreed!
> 
> Question: i read (skimmed) the whitepaper but i didn't see a mention of Linux or other OSs other then Windows ... doesn't that mean it's Windows vulnerabilites when using Zen based hardware?



I'll ask again: doesn't that mean it's Windows vulnerabilites when using Zen based hardware?


----------



## FordGT90Concept (Mar 16, 2018)

W1zzard said:


> The first updates were in-text changes and in short succession, so difficult to prefix those. Will try to handle this better in the future.


Could underline changes and subscript the update number at the end of each one.


----------



## anubis44 (Mar 19, 2018)

The longer you leave up this fake security news article, the less likely it becomes that I'll keep visiting this site.


----------



## lexluthermiester (Mar 19, 2018)

anubis44 said:


> The longer you leave up this fake security news article, the less likely it becomes that I'll keep visiting this site.


This is not fake news. Much of it has either been verified or is looking very plausible. But if you want to leave, your loss..


----------



## ikeke (Mar 19, 2018)

Even if everything they say turns out to be truth then it still leaves the question why they gave AMD less than 24h notification on these before publishing "amdflaws" and why none of this was validated by independant review before going public.

These two, along with references to personal profit they may gain from publishing the alleged exploits, do not paint them as security researchers. More like guns for hire.


----------



## anubis44 (Mar 20, 2018)

lexluthermiester said:


> This is not fake news. Much of it has either been verified or is looking very plausible. But if you want to leave, your loss..



It's utter garbage. You have to be sitting at the computer AND know the admin password to do any of these. If somebody gets admin rights and is sitting at your computer, you're ALREADY screwed. This was a stock market short-sell hit piece plain and simple. Please just accept this and move on. Nothing to see here.

*HW News: CTS Labs Avoids Questions*









*Linus Torvalds slams CTS Labs over AMD vulnerability report*
Linux's creator said he thinks CTS Labs' AMD chip security report "looks more like stock manipulation than a security advisory" and questions an industry.
http://www.zdnet.com/article/linus-torvalds-slams-cts-labs-over-amd-vulnerability-report/

*Evidence Suggests Report on AMD Security Was Financially Motivated*
https://wccftech.com/report-alleges-amd-ryzen-epyc-cpus-suffer-13-fatal-security-flaws/


----------



## lexluthermiester (Mar 20, 2018)

anubis44 said:


> It's utter garbage. You have to be sitting at the computer AND know the admin password to do any of these. If somebody gets admin rights and is sitting at your computer, you're ALREADY screwed.


As most of these problems are aimed at remote attack vectors it would seem you have not been reading up on the details of these vulnerabilities.


anubis44 said:


> This was a stock market short-sell hit piece plain and simple.


Conspiracy theory. Even if true, such efforts didn't work on any level.


anubis44 said:


> Please just accept this and move on.


Oh please.


anubis44 said:


> Nothing to see here.


As several of these vulnerabilities have been verified, there is very clearly something "to see" and be concerned about. If you want to bury your head in the sand that's your choice. The rest of us will be responsible, stay objective and focus on facts & evidence.


----------



## Totally (Mar 20, 2018)

lexluthermiester said:


> As most of these problems are aimed at remote attack vectors



That are not executable without aforementioned password and physical access to computer. ATM to me it would be like a car thief stealing a car by smashing in a window after finding the door unlocked with the keys in the ignition.



> The rest of us will be responsible, stay objective and focus on facts & evidence.



Your opinion has clearly gone a bit beyond that.


----------



## lexluthermiester (Mar 20, 2018)

Totally said:


> That are not executable without aforementioned password and physical access to computer.


Not a difficult task depending on the target and goal. You'd be surprised how vulnerable most systems are to directed remote attacks and how easy it is to gain admin access.


Totally said:


> Your opinion has clearly gone a bit beyond that.


My opinion is that of focusing on the problems presented by the vulnerabilities, *not* on the politics or brand loyalties of the companies involved. The motivations of the actors behind the discoveries are irrelevant to the discoveries themselves.

The perspectives offered by "anubis44" focus on the politics of the people making the discoveries rather than the facts and details of the discoveries themselves, which is not helpful or constructive. "abubis44" is also calling out TPU for reporting on the information claiming some sort of bias or defaming effort on their part which is complete rubbish and narrow minded thinking. Again, not helpful or constructive. TPU is reporting information as it comes to light and doing a damn good job keeping updated and up to speed with developments as they occur. "anubis44" also made a veiled "threat" of abandoning the site if they didn't discontinue what "anubis44" considers unacceptable. My response to that sad little remark implied "don't let the door hit you on the way out".

The occurrence of "certain" people "getting outraged" over silly things that ultimately don't matter has been on the rise lately. The staff have had to deal with it even more than us users. Both groups are getting tired of it.



ikeke said:


> Even if everything they say turns out to be truth then it still leaves the question why they gave AMD less than 24h notification on these before publishing "amdflaws" and why none of this was validated by independent review before going public.


The technical details were not released with the announcement, only the conceptual details. This seems to be a continuing misunderstanding on the part of the general public. The technical details and proof of concept samples were only released to AMD and other responsible party's/entity's to be validated and fixed. The announcement was the only part of this release that was done with only 24hr notice, which CTS Labs admitted they could have handled better. Everything else was handled in a seemingly appropriate manner.

Trying to vilify and berate a group for what is clearly a minor mistake by conjuring up fanciful conspiracies is an effort of foolishness, not objectivity.


----------



## ikeke (Mar 20, 2018)

I'm still calling BS on the excuses.

Giving someone 90d headsup on allegedly critical flaw vs taking the time to craft a web site and videos with greenscreen just to paddle some FUD, not to mention some stock shortseller pushing 20+ page FUD article minutes after you go public? Yeah, all good...

https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs

*IC: Would there be any circumstance in which you would be willing to share the details of these vulnerabilities and exploits under NDA with us?*
_YLZ: We would love to, but there is one quirk. A*ccording to Israel export laws, we cannot share the vulnerabilities with people outside of Israel, unless they are a company that provides mitigations to such vulnerabilities*. *[ikeke:this is BS] *That is why we chose the list. But look, we are interested in the validation of this – we want people to come out and give their opinion, but we are only limited to that circle of the vendors and the security companies, so that is the limitation there._

And, to repeat myself, if they want to see how AMD is "unable" to fix issues then perhaps someone can point them towards latest example that i know of, which is a fix for, well-well AMD-PSP 
http://seclists.org/fulldisclosure/2018/Jan/12


----------



## lexluthermiester (Mar 20, 2018)

@ikeke
That comment showcases what I was saying. Your complaint focus's on the politics of the company that made the discoveries instead of the technical details of the discoveries themselves. Not saying you're wrong either. The way CTS conduced themselves was very much less than ideal. However one could also say that they knew what they had on their hands, knew it would be a big deal and made efforts beforehand to be prepared with presentations. The only real problem I see is the way they handled the announcement. Not buying into this conspiracy nonsense one bit.

This kind of thing has happened before. Someone makes a discovery, knows it's big, prepares for the announcement and disclosure of such and then messed up the timing of it of all. This has happened in all area's of society, not just the tech sector. Intel, AMD, Nvidia, IBM, HP, Dell, etc, etc have all made these kinds of mistakes. Call it what it is and lets move on..


----------



## ikeke (Mar 20, 2018)

But them saying that they "messed up" and the available facts do not add up.
Too many inconsistencies.
Im not one to veer into conspiracies but they have shown way too many markers *for *bad intentions and *against *accidental mishap. Claiming to have "16 years of experience" and then this? Yeah, right.

_https://www.gamersnexus.net/industry/3264-hw-news-cts-labs-update-r5-2600x-specs-dead-wafers-more

One of our questions was about NineWells Capital, with which CTS Labs CFO Yaron Luk-Zilberman has held a position. We asked what the relationship was between NineWells Capital, a hedge-fund firm, and CTS Labs. The company provided this statement: “*NineWells Capital is a long-oriented financial partnership that was managed by our CFO, Yaron Luk-Zilberman. He no longer actively manages that partnership. NineWells has no financial position in AMD, Intel, or any other semiconductor company.”*

We are still waiting for clarity on this. Some digging revealed an *SEC document that lists Yaron Luk-Zilberman as President of NineWells Capital as recently as March 8, 2018, just days before CTS Labs released its exploit list*. We can’t make links at this time, but we have asked for clarity on this point. Luk-Zilberman was also listed on the CTS-Labs website as a Managing Director of NineWells Capital.

Regarding Viceroy, we asked this question: “What is CTS Labs' affiliation with Viceroy Research? Did Viceroy commission CTS Labs for this report? Have the two companies had any previous connections or affiliation?”

The response was as follows: “*"Viceroy is not a client of CTS. We did not send Viceroy our report. For any additional questions, please ask Viceroy."*

Unfortunately, this response side-steps half the other questions -- like our question about the affiliation between Viceroy Research and CTS Labs. There is some affiliation, even if unofficial or distant. *Viceroy Research is on-record with Reuters stating that they received the CTS Labs research document prior to launch*, via leak, and took a “sizeable short” on AMD as a result. Given the small size of CTS Labs, it’s interesting that a leak would happen to such a specific firm._


----------



## R0H1T (Mar 20, 2018)

lexluthermiester said:


> @ikeke
> That comment showcases what I was saying. Your complaint focus's on the politics of the company that made the discoveries instead of the technical details of the discoveries themselves. Not saying you're wrong either. The way CTS conduced themselves was very much less than ideal. However one could also say that they knew what they had on their hands, knew it would be a big deal and made efforts beforehand to be prepared with presentations. The only real problem I see is the way they handled the announcement. Not buying into this conspiracy nonsense one bit.
> 
> This kind of thing has happened before. Someone makes a discovery, knows it's big, prepares for the announcement and disclosure of such and then messed up the timing of it of all. This has happened in all area's of society, not just the tech sector. Intel, AMD, Nvidia, IBM, HP, Dell, etc, etc have all made these kinds of mistakes. Call it what it is and lets move on..


I think the problem, for many on this forum & elsewhere, is that CTS hasn't disclosed the more technical details & PoC to the public or even the press. So there's no way to know how serious they are, like flash 0day level or closer to spectre/meltdown wrt PSP & ASMedia chipsets.

If they are really serious about helping us, then why not tell us what's wrong & how bad is it? I have a Z97 with 2 Asmedia USB ports, am I safe(r) after these *disclosures*?


----------



## R-T-B (Mar 20, 2018)

Totally said:


> physical access to computer.



Can we please stop repeating this?  It's not what the report claims.

At this point the best we can do is wait and see.  But the fact that AMD did not debunk this immediately firmly takes it out of the "fake news" category in my eyes, FWIW.


----------



## lexluthermiester (Mar 20, 2018)

ikeke said:


> But them saying that they "messed up" and the available facts do not add up. Too many inconsistencies. I'm not one to veer into conspiracies but they have shown way too many markers *for *bad intentions and *against *accidental mishap. Claiming to have "16 years of experience" and then this? Yeah, right.


That assumes that all of the information has been disclosed. It hasn't so a lot of assumptions are being made. And 16 years might be collective for all of the people involved. Again, this information focuses on the politics of the people involved instead of the merit of the vulnerabilities disclosed, which we already know some of them to be valid.


R0H1T said:


> I think the problem, for many on this forum & elsewhere, is that *CTS hasn't disclosed the more technical details & PoC to the public or even the press*. So there's no way to know how serious they are, like flash 0day level or closer to spectre/meltdown wrt PSP & ASMedia chipsets.


Correct, they didn't! And that is what is responsible about it. They released only the conceptual descriptions of the vulnerabilities to the public, not the full technical details.


----------



## R-T-B (Mar 20, 2018)

lexluthermiester said:


> Correct, they didn't! And that is what is responsible about it. They released only the conceptual descriptions of the vulnerabilities to the public, not the full technical details.



That is the big point people seem to miss about why the "60 day disclosure warning" did not occur here, isn't it?

The big difference here is:  They aren't disclosing it to the public at all.  Period.


----------



## R0H1T (Mar 20, 2018)

lexluthermiester said:


> That assumes that all of the information has been disclosed. It hasn't so a lot of assumptions are being made. And 16 years might be collective for all of the people involved. Again, this information focuses on the politics of the people involved instead of the merit of the vulnerabilities disclosed, which we already know some of them to be valid.
> 
> Correct, they didn't! And that is what is responsible about it. They released only the conceptual descriptions of the vulnerabilities to the public, not the full technical details.


And I'll refer you back to the post where 4 different researchers found spectre/meltdown within a space of 3 to 6 months after GPZ first reported it.
If there's a flaw, chances are ~ it was already known or will be uncovered quickly by those who want to exploit it.


----------



## ikeke (Mar 20, 2018)

Anything accidental goes out the window with the original diclaimer where they say, that they have financial interest in companies affected by these exploits.
edit: _*NineWells Ca*_*pital *_* + Viceroy*_

https://amdflaws.com/disclaimer.html
_Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, *either directly or indirectly*, an economic interest in the performance of the securities of the companies whose products are the subject of our reports._


----------



## lexluthermiester (Mar 20, 2018)

R0H1T said:


> If there's a flaw, chances are ~ it was already known or will be uncovered quickly for those who want to exploit it.


There is one glaring flaw with that logic, Meltdown existed for nearly a decade before being discovered and there are still no known exploits for it, only the potential for such. Spectre was even longer starting in mid-90's with the first Pentium, K6 and ARM CPU's and again no known exploits to date.


ikeke said:


> Anything accidental goes out the window with the original disclaimer where they say, that they have financial interest in companies affected by these exploits.


Again, those are the politics of the problems, not the applied technicalities of such.

The reality is that the circumstances of the discovery of these vulnerabilities are irrelevant. The impact of them is the only relevant information we in the tech sector need worry about. Are they real and if so, how bad are they? Will they affect consumers, prosumers, enterprise sectors or perhaps all? Can they be fixed in software or will hardware revisions need to be made? These are the type os questions we need to be asking and concern ourselves with. Any else is just drama and fluff.


----------



## R0H1T (Mar 20, 2018)

lexluthermiester said:


> There is one glaring flaw with that logic, Meltdown existed for nearly a decade before being discovered and there are still no known exploits for it, only the potential for such. Spectre was even longer starting in 1993 with the first Pentium, K6 and ARM CPU's and again *no known exploits to date*.


Yes because it's nigh impossible to detect spectre or meltdown, surely you remember the dicussion we had? The OS throws no exception, there's no AV red flags or anything else, even when say a rogue JS code is eavesdropping on your passwords.

This exploit basically requires admin privileges, as well as overwriting BIOS (in case of Masterkey) & a whole host of things you'd avoid anyway so far as competent enterprises are concerned. Also wasn't the whole *Asmedia* backdoor thing known for many years, by CTS?


----------



## ikeke (Mar 20, 2018)

Hm, Meltdown and Spectre are not seriuous enough due to there being no known exploits (and after they were discovered all procedures were followed, fixes were in pipeline before the flaws leaked)  but "Amdflaws" are really serious since there are no known exploits (but they were revealed without following procedures and informing affected parties beforehand to look for possible fixes).

I struggle to follow the logic.

Asmedia flaw (edit: could possibly) affect (s) tens of millions of Intel motherboards, just FYI.


----------



## lexluthermiester (Mar 20, 2018)

R0H1T said:


> This exploit basically requires admin privileges


Again, not as difficult to achieve as one might think.


ikeke said:


> (but they were revealed without following procedures and informing affected parties beforehand to look for possible fixes)


Not true. The only things announced to the public were the existence of the vulnerabilities and the conceptual ideas behind them. The technical details were given only to responsible companies/entities to be researched, verified and fixed.


ikeke said:


> Asmedia flaw affects tens of millions of Intel motherboards, just FYI.


That is very possible and very worrisome. It's enough of a problem that I'm now actively looking to see if motherboards have AsMedia parts and avoiding them.


----------



## ikeke (Mar 20, 2018)

Without CTSlabs giving the headsup and admitting they are to gain from these exploits - i struggle to see beyond FUD as a reason instead of "whoops".

edit: and they did not mess up the timing, they timed it to hit before Ryzen refresh with no headsup to AMD but with enough headsup to Viceroy to write a 20+ page FUD article. I'd say it's timed perfectly, for someone to short AMD.


----------



## R-T-B (Mar 20, 2018)

R0H1T said:


> Also wasn't the whole *Asmedia* backdoor thing known for many years, by CTS?



It's been known by everyone for a while.  ASMedia was literally fined over it.  They aparently did not learn, and copy-pasted the same code into the Ryzen chipset.


----------



## Xzibit (Mar 20, 2018)

R-T-B said:


> It's been known by everyone for a while.  ASMedia was literally fined over it.  *They aparently did not learn*, and copy-pasted the same code into the Ryzen chipset.



They still have 2 of the ones CTS-Labs listed on their site.

A lot of the Intel boards carried them as recent as the Z270 series.


----------



## ikeke (Mar 20, 2018)

Since CTS-Labs also claim not to have any relation to Viceroy and yet Viceroy had enough headsup to time article perfectly to amdflaws website going public, then i would be very cautios about the claim that the exploits details were not shared with some still currently unknown party who could further profit from it or weaponize it.

Would fit this "security researcher for hire" more to sell 0-day to highest bidder.

(again, since AMD et al were not informed about the possible exploit then i see no other reasoning behind this but to give someone time for using it in the wild)

edit:
https://en.wikipedia.org/wiki/White_hat_(computer_security)
_The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies *to ensure the security of an organization's information systems.* _
https://en.wikipedia.org/wiki/Black_hat
_A black hat hacker (or black-hat hacker) is a hacker who "violates computer security for little reason beyond maliciousness *or for personal gain*" _

Tell me, which one describes actions by CTS-labs, currently? Again, as per their own disclaimer..


----------



## R-T-B (Mar 20, 2018)

ikeke said:


> Since CTS-Labs also claim not to have any relation to Viceroy and yet Viceroy had enough headsup to time article perfectly to amdflaws website going public, then i would be very cautios about the claim that the exploits details were not shared with some still currently unknown party who could further profit from it or weaponize it.
> 
> Would fit this "security researcher for hire" more to sell 0-day to highest bidder.
> 
> ...



Considering they haven't released the bugs to the general public yet, I'd say "grey-hat" if anything, honestly.



Xzibit said:


> They still have 2 of the ones CTS-Labs listed on their site.
> 
> A lot of the Intel boards carried them as recent as the Z270 series.



True.  ASMedia needs a bigger fine, methinks.


----------



## ikeke (Mar 20, 2018)

They also said they don't have any affiliation with Viceroy who pushed FUD on this right after amdflaws went public..
edit: general public is not what I said, I said highest bidder for 0-day.

Them possibly making money on this is written on amdflaws disclaimer.

I find it hard to trust someone who lies.


----------



## R-T-B (Mar 20, 2018)

ikeke said:


> They also said they don't have any affiliation with Viceroy who pushed FUD on this right after amdflaws went public..
> edit: general public is not what I said, I said highest bidder for 0-day.
> 
> Them possibly making money on this is written on amdflaws disclaimer.
> ...



You can make money and still be "greyhat" or even whitehat.  You just can't create a malicious security risk and have to at least have the intent to fix something.  There is no hard proof of malicious intent yet, from a security perspective.

I don't know enough about them either way to make any claims, yet.


----------



## ikeke (Mar 20, 2018)

I dont know them either, but financial gains due to amdflaws is written into the disclaimer on amdflaws.


----------



## EarthDog (Mar 20, 2018)

ikeke said:


> I find it hard to trust someone who lies.


Let's strip away the name AMD...aren't they finding these for profit anyway? Someone pays them and they look for exploits for company X. Isn't that a financial gain? I get why people were flagged on the statement, but.... have an open mind. 



R-T-B said:


> Which could simply be legally covering their ass.  It's not proof of a motive or even action.


THIS!!! Its worth sucking up into my post for thanks and reiteration, lol!


----------



## R-T-B (Mar 20, 2018)

ikeke said:


> I dont know them either, but financial gains due to amdflaws is written into the disclaimer on amdflaws.



Which could simply be legally covering their ass.  It's not proof of a motive or even action.


----------



## ikeke (Mar 20, 2018)

Viceroy posting FUD right after amdflaws went public, though, is.


----------



## bug (Mar 20, 2018)

ikeke said:


> Viceroy posting FUD right after amdflaws went public, though, is.


Just cool it. It's not like AMD will give free stuff if you kiss their asses enough.
Plus, you're only attacking the messenger here, so it's not like you're making valid arguments.


----------



## ikeke (Mar 20, 2018)

How am i kissing AMDs anything here?


----------



## anubis44 (Mar 20, 2018)

lexluthermiester said:


> The perspectives offered by "anubis44" focus on the politics of the people making the discoveries rather than the facts and details of the discoveries themselves, which is not helpful or constructive. "abubis44" is also calling out TPU for reporting on the information claiming some sort of bias or defaming effort on their part which is complete rubbish and narrow minded thinking. Again, not helpful or constructive. TPU is reporting information as it comes to light and doing a damn good job keeping updated and up to speed with developments as they occur. "anubis44" also made a veiled "threat" of abandoning the site if they didn't discontinue what "anubis44" considers unacceptable. My response to that sad little remark implied "don't let the door hit you on the way out".
> 
> The occurrence of "certain" people "getting outraged" over silly things that ultimately don't matter has been on the rise lately. The staff have had to deal with it even more than us users. Both groups are getting tired of it.
> 
> ...



Thank you, Intel PR, for your input.

Look, the fact is, leaving this 'story' up on the main page of TechPowerUp lends credibility to the entire hit-piece. It's something like a guy who purports to be a private investigator, who hates somebody famous, going to the press, and accusing the famous person of being a pedophile. So a news site then puts up a story titled 'It looks like so-and-so is a pedophile!' Once the information comes to light that the 'private investigator' is actually not really a private investigator, but someone who hates the famous person for personal reasons, and that they had a vested interest in damaging the reputation of the famous person, AND there's no evidence the famous person IS a pedophile, should the news site continue to leave up the story with that title?

It would be irresponsible for the news site to continue to leave the article up, with the title, 'It looks like so-and-so is a pedophile!' because the accusation itself is disparaging in a manner that is not accurately reflective on the accused. Once the credibility of the accuser/accusations are proven to be false, it's bad journalism to keep the headline implying the now-proven-to-be-false accusation.


----------



## EarthDog (Mar 20, 2018)

ikeke said:


> Viceroy posting FUD right after amdflaws went public, though, is.


Correlation is not causation.



anubis44 said:


> Thank you, Intel PR, for your input. Look, the fact is, leaving this 'story' up on the main page of TechPowerUp lends credibility to the entire hit-piece. It's something like a guy who pro-ports to be a private investigator, who hates somebody famous accusing the famous person of being a pedophile, and so a news site has a story titled 'Is so-and-so a pedophile?!' Once the information comes to light that the 'private investigator' is actually not a private investigator, and there's no evidence the famous person IS a pedophile, it would be irresponsible for the news site to continue to leave the article up, with the title, 'Is so-and-so a pedophile?!' Once the credibility of the accuser/accusations are proven to be false, it's bad journalism to keep the headline asking the now-proven-to-be-false accusation.


Again, the method of  delivery leaves a lot to be desired, they even admitted as such. However, the vulnerabilities are REAL. Perhaps they are not as severe as presented, but that isn't the point here. Look past the trees and see the forest. There will be CVEs, they have said they submitted them. AMD has also yet to make a statement after their findings (remember it took 4-5 days using the exploits to do it). Also, 2 3rd party orgs supported their findings. One a bit dubious indeed, the other, unrelated and found the same things. 

While turning a  blind eye to things isn't a great idea, neither is sticking your head in the sand and pretending it isn't real.


----------



## ikeke (Mar 20, 2018)

Benefit of a doubt goes a long way, it seems.


----------



## EarthDog (Mar 20, 2018)

ikeke said:


> Benefit of a doubt goes a long way, it seems.


Conspiracy theories run deep, it seems.

Just because you _smell_ smoke, doesn't mean there is _currently_ fire. I agree, it stinks, the delivery... but to completely blow off the security issues is a bit myopic as well.


----------



## ikeke (Mar 20, 2018)

How does me concluding on facts and statements by CTS-Labs equal conspiracy?

If it smells like smoke and looks like smoke, then perhaps, there is some smoke somewhere?


----------



## EarthDog (Mar 20, 2018)

Because _you_ concluded it was a fact (the financial statement). I just posted this....


EarthDog said:


> Let's strip away the name AMD...aren't they finding these for profit anyway? Someone pays them and they look for exploits for company X. Isn't that a financial gain? I get why people were flagged on the statement, but.... have an open mind.


A financial disclaimer in and of itself from a security company isn't anything new. They are FOR PROFIT companies.

We don't SEE smoke. Until we SEE smoke, there isn't a fire. We can smell it... but that doesn't mean there is _currently_ a fire. Surely, it stinks, I feel you. But again, denying there are security issues is just as myopic.

Again, their delivery and things surrounding this are questionable. I think we all get that and are waiting to see how it shakes out. But again, to outright deny there are security issues here which need to be handled is sticking your head in the sand over the issue.

Time will tell. Let's hear AMD's response, let's see these when the come out as CVE's... and so on.


----------



## ikeke (Mar 20, 2018)

I've referenced the facts, not much more i can do here.


----------



## EarthDog (Mar 20, 2018)

You've extrapolated your *belief*  from their financial disclaimer. If you believe what you said there was a fact, then you are correct, there isn't much more you can do here for your mind is already made up.

We'll see you when AMD responds and the CVEs come out.


----------



## lexluthermiester (Mar 20, 2018)

anubis44 said:


> Thank you, Intel PR, for your input.


That's it? You're just going to call me a fanboy?


anubis44 said:


> Look, the fact is, leaving this 'story' up on the main page of TechPowerUp lends credibility to the entire hit-piece.


Not fact, opinion. It is your opinion, and *only* your opinion. That opinion is based on assumptions that have no credibility. 

I'm not going to remark on the rest of that drivel. Let it go, seriously.


----------



## ikeke (Mar 20, 2018)

Theres more behind the "belief" than the financial disclaimer.
Again, im not denying the possible exploits, im saying that these exploits, based on information currently available, are very specific and require very specific sets of requirements to be filled in order for someone to exploit them.

They are not what CTS-Labs is saying they are.


----------



## EarthDog (Mar 20, 2018)

ikeke said:


> are very specific and require very specific sets of requirements to be filled in order for someone to exploit them.


Que? This isn't new. CTS-labs didn't say any dick, tom, or jane could do it...what lines are you reading between? I'm not trying to be an ass, but, I am not seeing what you are saying...



And completely unrelated... for some reason, TPU isn't on their front page linking  back to the other thread as they were a week ago.....................................................why?


----------



## ikeke (Mar 20, 2018)

You need to have admin and the system has to be on baremetal install of Windows, as per current information. Also, currently "validated" on 2 motherboards for Epyc.

I'd say thats quite specific.

vs

*Am I affected?*
Any consumer or organization purchasing AMD Servers, Workstations, or Laptops are affected by these vulnerabilities.

https://amdflaws.com/


----------



## EarthDog (Mar 20, 2018)

So, nothing new. CTS didn't say it was easy... not sure how you believe they are doing so...

2 validations... in two tests... right? They only sent it out to two groups so far who have tested and confirmed? Isn't that batting 1.000? What do the motherboards have to do with it anyway? Didn't TPU just post a video of PoC? Was that one of the two boards you are talking about? Can you link to me the two boards this was confirmed on?


----------



## ikeke (Mar 20, 2018)

video @8:10
https://www.techpowerup.com/242521/cts-labs-releases-masterkey-exploit-proof-of-concept-video


----------



## EarthDog (Mar 20, 2018)

2/2 it seems...and again, CTS didn't say it was easy, so isn't that point bunk?

I'm sorry the information wasn't all vomited out at once. Perhaps that would have helped those thinking these aren't true? No idea.


----------



## lexluthermiester (Mar 20, 2018)

ikeke said:


> im saying that these exploits, based on information currently available, are very specific and require very specific sets of requirements to be filled in order for someone to exploit them.


True, but then again, so is everything else these days. Meltdown & Spectre require even more specific conditions to be exploited. And those are taken seriously. The main reasons certain groups of people are calling foul is that these are mostly AMD specific vulnerabilities coming out of an Intel friendly country from an unknown group who made a mistake concerning the announcement. The same kind of group kept bashing Intel over Meldown & Spectre calling them flaws of design, which they are not. Then it came to light that Spectre affected every CPU made, with few exceptions, since 1993. Then those same people stopped whining and looked at the problems for what they were. Now we have information that shows Intel platforms are affected to some degree by these new vulnerabilities.

What the people complaining seem to be missing is that these discoveries are beneficial to everyone. It doesn't matter who likes what company, who profits from them, who made a mistake in timing of announcement or what level of specific expertise is needed to pull off an effective exploit. What matters is the knowledge we all gain from these discoveries and the benefit from that knowledge for future advancements.


----------



## Veradun (Mar 20, 2018)

lexluthermiester said:


> True, but then again...



Read again the headline of this thread. Done? Good.

I wouldn't say that a vulnerability that needs an already deeply exploited system to be exposed is to be considered "major".


----------



## lexluthermiester (Mar 20, 2018)

Veradun said:


> I wouldn't say that a vulnerability that needs an already deeply exploited system to be exposed is to be considered "major".


But 13 of them is. And like Meltdown & Spectre this situation turning into something much larger.


----------



## ikeke (Mar 20, 2018)

lexluthermiester said:


> True, but then again, so is everything else these days. Meltdown & Spectre require even more specific conditions to be exploited. And those are taken seriously. The main reasons certain groups of people are calling foul is that these are mostly AMD specific vulnerabilities coming out of an Intel friendly country from an unknown group who made a mistake concerning the announcement. The same kind of group kept bashing Intel over Meldown & Spectre calling them flaws of design, which they are not. Then it came to light that Spectre affected every CPU made, with few exceptions, since 1993. Then those same people stopped whining and looked at the problems for what they were. Now we have information that shows Intel platforms are affected to some degree by these new vulnerabilities.
> 
> What the people complaining seem to be missing is that these discoveries are beneficial to everyone. It doesn't matter who likes what company, who profits from them, who made a mistake in timing of announcement or what level of specific expertise is needed to pull off an effective exploit. What matters is the knowledge we all gain from these discoveries and the benefit from that knowledge for future advancements.



Incorrect, it's the way these were communicated that people are calling foul.

Meltdown and Spectre allow for *unprivileged account on a VM to read from host memory*. I'd say thats almost a universal exploit.

https://blog.acolyer.org/2018/01/15/meltdown/
https://blog.acolyer.org/2018/01/16/spectre-attacks-exploiting-speculative-execution/


----------



## Veradun (Mar 20, 2018)

lexluthermiester said:


> But 13 of them is. And like Meltdown & Spectre this situation turning into something much larger.



If you give me your car keys I can:
- open you car
- get inside
- remap your control unit
- turn on the engine
- drive it to end of the world
- steal the contents
- damage the interiors
- install a remotely controlled microphone
- install a remotely controlled camera
- tinker with the seat so that in case of a crash you get killed
- fart on your seat

So your car has major security issues.


----------



## lexluthermiester (Mar 20, 2018)

ikeke said:


> Incorrect, it's the way these were communicated that people are calling foul.


Then their complaining about nothing. There are *no legal requirements anywhere in the world* that state those making a discovery of a vulnerability have to give the manufacturers any heads up at all. So therefore any warning at all, even if a bit sloppy, is better than nothing.



Veradun said:


> If you give me your car keys I can:
> - open you car
> - get inside
> - remap your control unit
> ...


There is one flaw in your logic. You don't need the car keys for that. Every car, even the newest ones, can be hot wired or tricked into operating without the key. Likewise, PC's, regardless of the OS, can be tricked into operating without the proper "keys", giving full access to the device. It is then a trivial effort to exploit them, just like a car.


----------



## Veradun (Mar 20, 2018)

lexluthermiester said:


> Then their complaining about nothing. There are *no legal requirements anywhere in the world* that state those making a discovery of a vulnerability have to give the manufacturers any heads up at all. So *therefore any warning at all, even if a bit sloppy, is better than nothing*.



No. The goal of warning the involved companies far before going public is to protect first and foremost whoever is affected by the vulnerabilities since they would be fixed before there is notice of those vulnerabilities. If you go public, even without a full disclosure, you give wannabe attackers a direction on where to look for the holes. So definitely no, it's not better this way.


----------



## EarthDog (Mar 20, 2018)

Listen, I can't do much about the front door of the house already being broken open, however, I can lock down the bedrooms.


----------



## lexluthermiester (Mar 20, 2018)

Veradun said:


> No. The goal of warning the involved companies far before going public is to protect first and foremost whoever is affected by the vulnerabilities since they would be fixed before there is notice of those vulnerabilities. If you go public, even without a full disclosure, you give wannabe attackers a direction on where to look for the holes. So definitely no, it's not better this way.


Ok, you're just trolling. Let it go.


----------



## ikeke (Mar 20, 2018)

lexluthermiester said:


> Then their complaining about nothing. There are *no legal requirements anywhere in the world* that state those making a discovery of a vulnerability have to give the manufacturers any heads up at all. So therefore any warning at all, even if a bit sloppy, is better than nothing.
> 
> 
> There is one flaw in your logic. You don't need the car keys for that. Every car, even the newest ones, can be hot wired or tricked into operating without the key. Likewise, PC's, regardless of the OS, can be tricked into operating without the proper "keys", giving full access to the device. It is then a trivial effort to exploit them, just like a car.



No legal requirement is a slippery slope. Lets not go there.

It's standard procedure in the industry, though.

Also, to add, it's increasingly difficult, without access to specific exploits, to run a car without key. Theres a whole industry who works tirelessly to find the exploits, though. But we call them thieves.


----------



## lexluthermiester (Mar 20, 2018)

ikeke said:


> No legal requirement is a slippery slope. Lets not go there. It's standard procedure in the industry, though.


The point is, they have no obligations. No one does. Therefore the fact that they disclosed the technical details only to responsible parties was a good thing and they followed a proceedure, even if it wasn't perfect.



ikeke said:


> Also, to add, it's increasingly difficult, without access to specific exploits, to run a car without key. Theres a whole industry who works tirelessly to find the exploits, though. But we call them thieves.


Yes, and that is the kind of people we have to worry about with technology as well. PC's, much like cars, have varying levels of difficulty in cracking.


----------



## ikeke (Mar 20, 2018)

Responsible parties is something I can't agree with. Purely based on the fact that Viceroy was one of the first to publish on this issue after CTS-Labs.


----------



## lexluthermiester (Mar 20, 2018)

ikeke said:


> Responsible parties is something I can't agree with. Purely based on the fact that Viceroy was one of the first to publish on this issue after CTS-Labs.


Semantics and nitpicking. I was referring to AMD.


----------



## ikeke (Mar 20, 2018)

You cant say that they disclosed them to responsible parties, since for fact they provided information on these to Viceroy well in advance (25 page report Viceroy published 3h after CTS-Labs went public suggest they had time to prepare).

If information was for sale then how can you assume that the exploits werent?


----------



## anubis44 (Mar 20, 2018)

lexluthermiester said:


> That's it? You're just going to call me a fanboy?
> 
> Not fact, opinion. It is your opinion, and *only* your opinion. That opinion is based on assumptions that have no credibility.
> 
> I'm not going to remark on the rest of that drivel. Let it go, seriously.



So, having an article posted on a high traffic tech journal website with the title: "Vulnerabilities discovered in AMD Zen, including backdoors" doesn't lend credibility to the baseless accusations of 'vulnerabilties' in AMD Zen CPUs? That's NOT a fact? Hmmm. Perhaps you also don't think it's true that a headline in an otherwise credible newspaper that says 'Alien contact made' implies that we've made contact with aliens? Very interesting idea of yours there on what is a fact and what isn't.

Also, your failure to remark on the rest of my post doesn't make it drivel. That's just your opinion.  As for letting this go, well, I own shares of AMD, and I'm not too thrilled with the idea of a website posting bogus allegations that serve to damage AMD's share value as a news item. So no, I'm not going to just 'let it go.'


----------



## EarthDog (Mar 20, 2018)

anubis44 said:


> baseless accusations of 'vulnerabilties' in AMD Zen CPUs?


Oh, it isnt ikekekekeke, its anubis that belives they don't exist...apologies ikeke

...sweet baby jebus people...


----------



## anubis44 (Mar 20, 2018)

EarthDog said:


> Oh, it isnt ikekekekeke, its anubis that belives they don't exist...apologies ikeke
> ...sweet baby jebus people...



Oh, you mean the 'vulnerability' that exists if you:
1) Have the administrator password
2) Are personally at the machine
3) Can flash the BIOS

You mean THAT crazy vulnerability? The one that EVERY computer ever made has? Yeah, that's a really BIG news item. Nobody in tech EVER suspected that you could take control of a computer and install malware on it if you personally flashed the bios with a corrupt one. That was a vulnerability we were talking about in the 1980s, people. It's not NEWS. It's common knowledge. It's like saying: NEWSFLASH! Humans need BLOOD in their bodies or they DIE! Quick! It's an EMERGENCY! We've JUST FIGURED THIS OUT!!! It's not that it isn't true, it's that it's not true that it's some kind of newly discovered vulnerability. It's not NEWS. It's like saying: "Warning! Your car could be stolen if somebody breaks the window and the keys are in the car! Everybody needs to hear this! It's NEWS!!!" No, it isn't news.


----------



## lexluthermiester (Mar 20, 2018)

anubis44 said:


> As for letting this go, well, I own shares of AMD, and I'm not too thrilled with the idea of a website posting bogus allegations that serve to damage AMD's share value as a news item. So no, I'm not going to just 'let it go.'


So you admit you're biased and unable to be objective. If you'd said that to begin with..


----------



## EarthDog (Mar 20, 2018)

anubis44 said:


> Oh, you mean the 'vulnerability' that exists if you:
> 1) Have the administrator password
> 2) Are personally at the machine
> 3) Can flash the BIOS
> ...


But, the allegations are not bogus. You can minimize them if you would like, we get it, you own stock, its in your own vested interest to do so.

Cheers though... I tried to stay out of this thread because as we know, opinions are like assholes and all (everybody has one). I should have tried harder.

We'll let the CVE's and further explanations take care of this noise.


----------



## ikeke (Mar 20, 2018)

Explanation for one was, from the video, that you need specific motherboard with OS on bare metal and admin on said combo. They acknowledged in video that it wont work on all motherboards. 

Again, once you have admin with possibility to flash bios anything is possible. You have full access on the machine, you can do anything.


----------



## EarthDog (Mar 20, 2018)

What about the other 12?


----------



## ikeke (Mar 20, 2018)

Haven't seen them, cant say.

But thisfar CTS-Labs has not been able to validate their extraordinary claims of, quote:

_https://amdflaws.com/
*Am I affected?*
Any consumer or organization purchasing AMD Servers, Workstations, or Laptops are affected by these vulnerabilities._

Which, I'd say is as clear of a case of FUD as there ever was.


----------



## EarthDog (Mar 20, 2018)

ikeke said:


> Which, I'd say is as clear of a case of FUD as there ever was.


Is it though? I don't think so. They do go on to explain things a bit and we, both, have no idea of the scope of these. I'm just amazed that so many people can call it absolutely BS without flinching and with such little ACTUAL evidence. Oh well, time will tell.


----------



## ikeke (Mar 20, 2018)

If they have such extraordinary claims then I'm not buying it after first example. Again, im pointing at the case they made as these being super critical flaws, not at the exploits per se.

For all its worth it could right now boil down to broken BIOS verification mechanism on some OEMs implementation. Now, that is not difficult to fix, I know for fact.

edit: Also, BIOS password in place? Exploit useless.

editx2: and now, this https://www.anandtech.com/show/12556/amd-confirms-exploits-patched-in-weeks

_The salient high-level takeaway from AMD is this:_


_All the issues can be confirmed on related AMD hardware, but require Admin Access at the metal_
_All the issues are set to be fixed within weeks, not months, through firmware patches and BIOS updates_
_No performance impact expected_
_None of these issues are Zen-specific, but relate to the PSP and ASMedia chipsets._
_These are not related to the GPZ exploits earlier this year._
https://community.amd.com/community...amd-technical-assessment-of-cts-labs-research

Someones going to get a call from the law..
_https://www.bloomberg.com/news/arti...-vulnerability-says-report-exaggerated-danger_


----------



## EarthDog (Mar 20, 2018)

Certainly much ado about nothing it seems...though all real!


----------



## bug (Mar 20, 2018)

ikeke said:


> If they have such extraordinary claims then I'm not buying it after first example. Again, im pointing at the case they made as these being super critical flaws, not at the exploits per se.
> 
> For all its worth it could right now boil down to broken BIOS verification mechanism on some OEMs implementation. Now, that is not difficult to fix, I know for fact.
> 
> ...


#4 could be a bit more troublesome, because everything AMD has released since 2013 includes PSP. Though all should be patchable just the same.


----------



## lexluthermiester (Mar 21, 2018)

Looks like AMD has confirmed these vulnerabilities, completely. https://www.techpowerup.com/242550/initial-amd-technical-assessment-of-cts-labs-research
Interesting info.


----------



## R-T-B (Mar 21, 2018)

ikeke said:


> Viceroy posting FUD right after amdflaws went public, though, is.



Proof?

I think you and I define "proof" differently.

It's fishy, I'll hand you that.



anubis44 said:


> Are personally at the machine



Again, not required.


----------



## ikeke (Mar 21, 2018)

R-T-B said:


> Proof?
> 
> I think you and I define "proof" differently.
> 
> It's fishy, I'll hand you that.



https://amdflaws.com/
https://safefirmware.com/amdflaws_whitepaper.pdf
and
https://viceroyresearch.org/2018/03/13/amd-the-obituary/
https://viceroyresearch.files.wordpress.com/2018/03/amd-the-obituary-13-mar-2018.pdf

Viceroy published ~180 minutes after amdflaws went public, publish included 25 page  "analysis". I'd call that orchestrated.


----------



## lexluthermiester (Mar 21, 2018)

ikeke said:


> I'd call that orchestrated.


And the Meltdown/Spectre wasn't coordinated/orchestrated? Come on, take off the tin-hat..


----------



## ikeke (Mar 21, 2018)

What are you talking about? No, really?

Meltdown/Spectre - industry as a whole had months to prepare the fixes, no public disclosure.
"Amdflaws" - 24h notification to AMD since "these are unfixable issues", then amateurish public FUD campaign.


----------



## lexluthermiester (Mar 21, 2018)

ikeke said:


> "Amdflaws" - 24h notification to AMD


We've been over this. There is *huge difference* between making a public announcement and full disclosure to the public. *CTS did not and has not disclosed the full technical details to the public.* They only announced the existence of them. Have you actually read the links you've been posting?


----------



## ikeke (Mar 21, 2018)

Neither You or I or anyone but CTS-Labs knows who the details were shared with. 

You take their word? Good for you. Thusfar they have less than stellar reputation on being factual.


----------



## lexluthermiester (Mar 21, 2018)

ikeke said:


> Neither You or I or anyone but CTS-Labs knows who the details were shared with.


It only matters that they did not share it with the general public. You're picking nits again..


ikeke said:


> You take their word? Good for you. Thus far they have less than stellar reputation on being factual.


People make mistakes. It's not the end of the world. Get over it.


----------



## trparky (Mar 21, 2018)

OK then, I was wrong. These issues can be fixed and unlike Spectre and Meltdown there's no performance degradation that will be seen when it's fixed.


----------



## anubis44 (Mar 21, 2018)

lexluthermiester said:


> So you admit you're biased and unable to be objective. If you'd said that to begin with..



No. I'm not 'admitting' anything. I'm not 'guilty' of something, so admission is the wrong word. I'm merely stating my position on this matter. The fact that I own shares of AMD isn't a source of bias for me in my determination on whether these 'flaws' are a serious problem. I would argue the same thing if somebody had levelled this accusation at Intel-based computers, too.


----------



## EarthDog (Mar 21, 2018)

Are you now able to admit they are real at least?


----------



## John Naylor (Mar 21, 2018)

As with the Spectre / Meltown scenario, It would be great if at some point we could have a thread focusing on the potential impact of these flaws on users ... Id rather skip having to read thru 100s of brand bashing posts  to get any useful information.  While it's certainy too early at this point to ascertain the impact of the new Zen flaws,  it's been hard to find any instances of actual "typical user" impact of Spectre and Meltdown because of all the "noise".


----------



## bug (Mar 21, 2018)

John Naylor said:


> As with the Spectre / Meltown scenario, It would be great if at some point we could have a thread focusing on the potential impact of these flaws on users ... Id rather skip having to read thru 100s of brand bashing posts  to get any useful information.  While it's certainy too early at this point to ascertain the impact of the new Zen flaws,  it's been hard to find any instances of actual "typical user" impact of Spectre and Meltdown because of all the "noise".


All of these require admin rights to exploit.
As a home user, if someone gets into a position to exploit these, you're already royally screwed. But, as CTS Labs have noted, these are more of a danger to organizations where, by phising or other means, someone exploits these to plant almost undetectable malware that can be used to further compromise the organization.


----------



## lexluthermiester (Mar 21, 2018)

bug said:


> But, as CTS Labs have noted, these are more of a danger to organizations where, by phising or other means, someone exploits these to plant almost undetectable malware that can be used to further compromise the organization.


Exactly correct. It's a risk that must be taken seriously no matter how difficult it is to accomplish.


anubis44 said:


> No. I'm not 'admitting' anything.


----------



## Veradun (Mar 22, 2018)

lexluthermiester said:


> Exactly correct. It's a risk that must be taken seriously no matter how difficult it is to accomplish.



Yep, correct. If companies are unable to isolate users and they give every employee admin rights on their PCs, well, being exploited is well deserved.


----------



## las (Mar 22, 2018)

The danger of these flaws has been exaggerated ALOT.

Spectre and Meltdown are way more serious.


----------



## bug (Mar 22, 2018)

las said:


> The danger of these flaws has been exaggerated ALOT.
> 
> Spectre and Meltdown are way more serious.


How so? They may not require admin rights, but still in most cases the data you can sniff will be garbage.
Vulnerabilities are vulnerabilities. Just because you and I can't figure out how to exploit them doesn't make them less dangerous. Patch them and move on.

Also, I wonder who exaggerated these "A LOT" since very few parties actually had a chance to examine them properly. CTS Labs? We've already established they have little credibility, so I wouldn't put much weight on their assessment of how serious these are. And I'm not aware of anyone else saying these were serious flaws.


----------



## lexluthermiester (Mar 22, 2018)

bug said:


> And I'm not aware of anyone else saying these were serious *vulnerabilities*.


Let's be fair, AMD themselves have said this with their actions. 
https://www.techpowerup.com/242550/initial-amd-technical-assessment-of-cts-labs-research


lexluthermiester said:


> When the company effected by these problems commits resources to releasing full bios revisions for said problems, they are automatically qualified as serious.


So AMD themselves have validated them and are taking these vulnerabilities seriously enough to release fixes for them.


----------



## bug (Mar 22, 2018)

lexluthermiester said:


> Let's be fair, AMD themselves have said this with their actions.
> https://www.techpowerup.com/242550/initial-amd-technical-assessment-of-cts-labs-research



In case I wasn't clear before, any security vulnerability should be taken seriously. It's just that in this context I haven't understood where the "end of the world is drawing near" assessment came from in the first place. Therefore, I'm not getting the "these aren't as serious as previously thought" reasoning now.

I've been looking at these with the caution any person looks at an unknown quantity. Now that the quantity is known, I/we can relax.


----------



## ikeke (Mar 22, 2018)

@bug

It was a mix of amdflaws and partly TPU original wording, which implied some possibly unfixable scenario.

Its updated now.

https://www.techpowerup.com/forums/...ss-proof-of-concept-video.242575/post-3817320


----------



## hat (Mar 25, 2018)

bug said:


> In case I wasn't clear before, any security vulnerability should be taken seriously. It's just that in this context I haven't understood where the "end of the world is drawing near" assessment came from in the first place. Therefore, I'm not getting the "these aren't as serious as previously thought" reasoning now.
> 
> I've been looking at these with the caution any person looks at an unknown quantity. Now that the quantity is known, I/we can relax.


You really think so? I agree these flaws would be very hard to actually use, but imagine if somebody managed to pull it off at your bank, or anywhere else where you have sensitive information...


----------



## ikeke (Mar 25, 2018)

I dont think organizations with sensitive information should have InfoSec holes that allow for such vulnerabilities to be used, unless bad actor/insider user can deploy them.


----------



## r9 (Mar 26, 2018)

At first take on CTS Labs I was thinking that provable somebody cough*intel*  payed them to do it why else.
But if you think about it this is what they do, and you can't buy exposure like this.


----------



## bug (Mar 26, 2018)

r9 said:


> At first take on CTS Labs I was thinking that provable somebody cough*intel*  payed them to do it why else.
> But if you think about it this is what they do, and you can't buy exposure like this.


Yes, that's probably why they rushed disclosing all this. Even bad publicity is publicity and CTS Labs went from no-name to world famous. But I really, really hope they don't handle further discoveries like they did.


----------



## mtcn77 (Mar 26, 2018)

Cambridge Analytica is world famous, too. Guess, this is a good thing?


----------



## ikeke (Mar 26, 2018)

I dont think that being in InfoSec/auditing business and having this clusterf*ck in resume will give you any credits in the future.

(oh, we found this issue while looking at this non-related thing, hmm, looks like something that could be sold to stockmarket for quick buck, ta-daaa, profit. Also, we don't know how to inform parties of our findings, hehe, no worries, happens, whoops...)

edit:In another news, Viceroy unmasked.

https://www.moneyweb.co.za/in-depth/investigations/viceroy-unmasked/

This all stinks to high heaven. They all look to be a front for someone else.


----------



## bug (Mar 26, 2018)

ikeke said:


> I dont think that being in InfoSec/auditing business and having this clusterf*ck in resume will give you any credits in the future.
> 
> (oh, we found this issue while looking at this non-related thing, hmm, looks like something that could be sold to stockmarket for quick buck, ta-daaa, profit. Also, we don't know how to inform parties of our findings, hehe, no worries, happens, whoops...)


Yeah, well, they're into the business of finding issues and they found them. When they'll be in the business of making friends, they'll hire a PR company.


----------



## ikeke (Mar 26, 2018)

I don't think they have anything to do with the original findings. This looks more and more like an orchestrated stunt by someone else.


----------



## Veradun (Mar 27, 2018)

bug said:


> Yeah, well, they're into the business of finding issues and they found them. When they'll be in the business of making friends, they'll hire a PR company.



The funny part is they hired one.


----------



## bug (Mar 27, 2018)

ikeke said:


> I don't think they have anything to do with the original findings. This looks more and more like an orchestrated stunt by someone else.


Do you have anything to back that up, other than "you don't think"?


----------



## ikeke (Mar 27, 2018)

Nope, just  the looks of it and available information about involved parties, it stinks.


----------



## lexluthermiester (Mar 27, 2018)

ikeke said:


> edit:In another news, Viceroy unmasked.
> https://www.moneyweb.co.za/in-depth/investigations/viceroy-unmasked/
> This all stinks to high heaven. They all look to be a front for someone else.


Credible citation that is not. Looks like a hit-piece and a rather flimsy one. FUD, plain and simple.


----------



## EarthDog (Mar 27, 2018)

Zzzzzzzzz*snore*zzzzzzzzzzzzz

Will someone tag me when conclusive info comes out intel was behind this, please? Much appreciated (not expecting a notification either). We all know everything around the very real and blown out of proportion security flaws sucked. But until something conclusive comes out about intel, this is all a rehash of day 1...400+ posts ago. Boooooooring.


----------



## ikeke (Mar 27, 2018)

lexluthermiester said:


> Credible citation that is not. Looks like a hit-piece and a rather flimsy one. FUD, plain and simple.


y u  troll?

This sheds some light onto Viceroy who were the first to react, and like CTSLabs they look to be amateurs who push information without credentials for analysis they claim to have done themselves.


----------



## bug (Mar 27, 2018)

ikeke said:


> y u  troll?
> 
> This sheds some light onto Viceroy who were the first to react, and like CTSLabs they look to be amateurs who push information without credentials for analysis they claim to have done themselves.


Well, you also push the claim CTS Labs did not uncover the vulnerabilities without evidence. What does that tell us?

Also, of your 150+ posts here, only 5 or so are not on this or the "CTS-Labs Posts Ryzen Windows Credential Guard Bypass Proof-of-concept Video" thread. If I were you, I'd stay away from trolling references.


----------



## ikeke (Mar 27, 2018)

So?

Only those who wrote certain amount of posts over certain threads have the right to express their thoughts? :/

OK.

And btw, which part of my thoughts on this specific topic would fall into trolling category? 

_In Internet slang, a *troll* (/troʊl, trɒl/) is a person who sows discord on the Internet by starting quarrels or upsetting people, by posting inflammatory,[1] extraneous, or off-topic messages in an online community (such as a newsgroup, forum, chat room, or blog) with the intent of provoking readers into an emotional response[2] or of otherwise disrupting normal, on-topic discussion,[3]often for the troll's amusement_


----------



## lexluthermiester (Mar 27, 2018)

bug said:


> Also, of your 150+ posts here, only 5 or so are not on this or the "CTS-Labs Posts Ryzen Windows Credential Guard Bypass Proof-of-concept Video" thread.


@ikeke
I've made a similar observation. You seem to be deliberately posting FUD comments. And we've been over this next one, lack of objectivity. You seem hell bent on smearing CTS who's claims have been proven to have merit, by AMD themselves. Your actions here seem to clearly show that you are acting with an agenda in a troll like fashion. The only thing that is making your comments tolerable, for me at least, is that you seem to be conducting yourself in a mostly civilized manner.


----------



## ikeke (Mar 27, 2018)

lexluthermiester said:


> You seem hell bent on smearing CTS who's claims have been proven to have merit, by AMD themselves.


CTSLabs assessment of the issues impact/scope has been overturned by independent reviewer they themselves hired. Amd assessment for fixes availability was estimated as weeks-to-month. 

And they (CTSLabs) stopped broadcasting, silence speaks volumes in this case.


----------



## lexluthermiester (Mar 27, 2018)

ikeke said:


> CTSLabs assessment of the issues impact/scope has been overturned by independent reviewer they themselves hired. Amd assessment for fixes availability was estimated as weeks-to-month. And they (CTSLabs) stopped broadcasting, silence speaks volumes in this case.


This is a perfect example of your FUD and dancing around the facts. *AMD has confirmed the findings of CTS.* They downplayed it a bit, naturally, but they confirmed it all none-the-less.
You also danced completely around the other points made without confirmation or denial.

Seriously, you're not and haven't added anything of value to the conversation. Let it go.


----------



## EarthDog (Mar 27, 2018)

ikeke said:


> And they (CTSLabs) stopped broadcasting, silence speaks volumes in this case.


What are they supposed to be saying during this time?

They gave their information out (in the most questionable manner possible), AMD confirmed all the issues are real and will be fixing it in 'weeks not months'. CTS replied to that and said they don't believe it will take weeks, but months (part of what they said initially). Only time will tell who is right on this. As I said before, this is just rehashing what we already know. Nothing new... Zzzzzzzzzzzzzzzzzzzzzzz*snore*zzzzzzzzzzzzzz wait wut? Nothing new? Zzzzzzzzzzzzzzzzzz*snore*zzzzzzzzzzzzzzzzzzz.

Anyway, AMD responded about 2 weeks ago right? We'll expect to see some roll outs soon if they are correct.


Unsubscribing to this spinning amusement park ride... someone tag me when..........................

1. Intel is PROVEN CONCLUSIVELY to be behind this...
2. When AMD fixes everything. 


mmmmmmmmmmmmmkay?


----------



## ikeke (Mar 27, 2018)

Sigh.
@EarthDog
Where. In. Any. Of. My. Posts. Have. I. Said. Intel?
@lexluthermiester
And AMD confirmed the vulnerabilities, where have I argued that. You, though, conveniently dance around the issues of impact assessment. Which, in case of vulnerabilities is quite important, well actually the most important. CTSLabs failed spectacularly in theirs.

Tinfoil hats and trolling, guys.


----------



## EarthDog (Mar 27, 2018)

I. Didn't. Say. You. Said. Intel.

If you read more closely, you will note I asked to be notified when Intel is proven to be behind this (along with when AMD fixes things)... that is just one of the many points brought up in this thread by various people.



Good bye, thread and the constant rehash of known information... and glossing over of talking points by both sides. Man o man do threads like these really make me hate forums.


----------



## lexluthermiester (Mar 27, 2018)

ikeke said:


> Tinfoil hats and trolling, guys.


Irony, far out. Look in a mirror. I'm not leaving the conversation though. Instead, welcome to my ignored users list.


----------



## bug (Mar 27, 2018)

ikeke said:


> So?
> 
> Only those who wrote certain amount of posts over certain threads have the right to express their thoughts? :/
> 
> ...


Repeating the same opinion over and over and over ad nauseam fits the description pretty well.
Of the 440-ish comments so far, 40 are yours saying nothing but "Intel made CTS Labs publish these and they're so meaningless we shouldn't even mention them". Ok, your opinion. We don't need 40 posts of that.

Like @lexluthermiester said, your saving grace is you're conducting yourself in a civilized manner so far. But don't be surprised if you find yourself reported one day if you keep polluting threads.


----------



## Veradun (Mar 27, 2018)

bug said:


> Repeating the same opinion over and over and over ad nauseam fits the description pretty well.



This includes you opinion


----------



## bug (Mar 27, 2018)

Veradun said:


> This includes you opinion


It does. Am I up to 40 posts yet?


----------



## ikeke (Mar 28, 2018)

bug said:


> 40 are yours saying nothing but "Intel made CTS Labs publish these and they're so meaningless we shouldn't even mention them".



Really? When facts fail - just make them up?

Some of you are all in on protecting the original OP of this thread, which makes me wonder..

_ “When my information changes, I change my mind. What do you do?” 
- John Maynard Keynes _

_


_

/t


----------



## bug (Mar 28, 2018)

ikeke said:


> Really? When facts fail - just make them up?
> 
> Some of you are all in on protecting the original OP of this thread, which makes me wonder..
> 
> ...


Ok, be the constructive one and summarize for me what is it that you had to share with us over 40 posts?


----------



## lexluthermiester (Mar 28, 2018)

ikeke said:


> Really? When facts fail - just make them up?
> 
> Some of you are all in on protecting the original OP of this thread, which makes me wonder..
> 
> ...


Based on that graph, you have been doing much of the orange, yellow and green. You've seemingly avoided the red and haven't touched the blue, violet and gray. Just based on observations.


----------



## ikeke (Mar 29, 2018)

@bug
CTSLabs has still been unable to demonstrate the quote "13 Critical Security Vulnerabilities and Manufacturer Backdoors discovered throughout AMD Ryzen & EPYC product lines" and quote "Any consumer or organization purchasing AMD Servers, Workstations, or Laptops are affected by these vulnerabilities" and quote "How long before a fix is available? - We don't know. CTS has been in touch with industry experts to try and answer this question. According to experts, firmware vulnerabilities such as MASTERKEY, RYZENFALL and FALLOUT take several months to fix. Hardware vulnerabilities such as CHIMERA cannot be fixed and require a workaround. Producing a workaround may be difficult and cause undesired side-effects." (https://amdflaws.com/)

They paid trailofbits for analysis which they've ignored aswell as ignoring suggestion to disclose them via CERT,  industry experts disagree with their impact assessment. https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/

The information leaked to stock shortseller Viceroy who were the first to capitalize on this, unsuccessfully since they are a bunch of amateurs, as found in #426.

Based on all this CTSLabs is a bunch of amateurs paddling some vulnerabilities which they were hoping to make some dirty money out of, instead of reporting issues as per industry agreed procedures to resolve the problems.



lexluthermiester said:


> Based on that graph, you have been doing much of the orange, yellow and green. You've seemingly avoided the red and haven't touched the blue, violet and gray. Just based on observations.


Come again? For every detail i've shared along with my opinion about this I've added links and reasoning. Can't do much more in a forum thread, unfortunately. Something that cant be said about you, though.


----------



## bug (Mar 29, 2018)

You're just being schizophrenic now. On one hand you're questioning CTS Labs' credibility (somewhat justified), on the other hand you seem to be waiting for them to demonstrate the vulnerabilities.
Disregard the fact that they have already stated they will not demonstrate these publicly because at this point that would only teach hackers how to compromise systems and have instead sent their proof of concept attacks to other security researches and AMD. Disregard the fact that I have told you these things before.
Why on Earth are you seeking confirmation from a source you've already deemed unreliable?
If CTS Labs' findings are without merit, what is AMD getting ready to patch?

On another note, a simple look at the price of AMD's stock would have saved you the embarrassment of talking about shorting (hint: the stock price didn't move past CTS Labs' revelations).

Edit: On the upside, do you now see it doesn't take 40+ posts to make a fool of yourself? When properly motivated, you could finally do it in one!


----------



## ikeke (Mar 30, 2018)

@bug

I'm just going to leave this. You're bashing and this aint a way for grownups to talk. I've been adding links and reasoning behind my inputs to this thread. Can't say that about yours, unfortunately.

Please, find the nearest bridge, sir, there's a meeting place under it for people like you, i think.



bug said:


> You're just being schizophrenic now.





I'd direct you to https://www.techpowerup.com/forums/threads/forum-guidelines.197329/ under "_*Posting in a thread*_ " where you can find quite a few helpful pointers as to what you should do and not do in a thread.


----------



## bug (Mar 30, 2018)

My point has consistently been that I don't see the threatening stipulations in the GPP. What links would you think I could post to reinforce that?
Also, we don't have a copy of the GPP, just the fragments Kyle published.


----------



## ikeke (May 3, 2018)

https://www.tomshardware.com/news/amd-vulnerability-patches-ecosystem-partners,36993.html

The "impossible to fix" fixes are being validated by partners.

Quote:
_Within approximately 30 days of being notified by CTS Labs, AMD released patches to our ecosystem partners mitigating all of the CTS identified vulnerabilities on our EPYC™ platform as well as patches mitigating Chimera across all AMD platforms. These patches are in final testing with our ecosystem partners in advance of being released publicly.  We remain on track to begin releasing patches to our ecosystem partners for the other products identified in the report this month.  We expect these patches to be released publicly as our ecosystem partners complete their validation work. _


----------



## lexluthermiester (May 3, 2018)

ikeke said:


> The "impossible to fix" fixes are being validated by partners.


No one said they're impossible to fix. Quit trolling.


----------



## nemesis.ie (May 3, 2018)

https://blog.cts-labs.com/2018/05/new-amd-update-encrypts-psp-firmware.html


----------



## Vya Domus (May 3, 2018)

_"It appears the latest AGESA update encrypts portions of the PSP firmware, making it harder* for security researchers* to examine the code."_

Or rather for everyone ? Funny, they infer that this is done to keep them away specifically.

CTS seems awfully interested in everything AMD does. If they discovered all these vulnerabilities as a result of someone contracting them , what is it that still piques their interest such that they still conduct research on their own for free , I wonder.


----------



## ikeke (May 4, 2018)

lexluthermiester said:


> No one said they're impossible to fix. Quit trolling.



*



			How long before a fix is available?
		
Click to expand...

*


> We don't know. CTS has been in touch with industry experts to try and answer this question. According to experts, firmware vulnerabilities such as MASTERKEY, RYZENFALL and FALLOUT take *several months to fix*. Hardware vulnerabilities such as CHIMERA *cannot be fixed* and require a workaround. Producing a workaround may be difficult and cause undesired side-effects.



https://amdflaws.com/


----------



## nemesis.ie (May 4, 2018)

@Vya Domus Who says they are still doing it for free? Perhaps they have an on-going contract or are still fulfilling the previous one, or even a new one?

AMD now have a chance to gauge this latest CTS response and possibly change how things work again/more with another patch/AGESA or issue a comment on it.


----------



## 1stn00b (May 4, 2018)

No word on *Spectre Next Generation* Techpowerup ? 
https://www.heise.de/ct/artikel/Exc...U-flaws-revealed-several-serious-4040648.html
https://newsroom.intel.com/articles/addressing-questions-regarding-additional-security-issues/

I remember this news about AMD was instantly posted and also pinned up on site for days if not weeks ;>


----------



## bug (May 4, 2018)

1stn00b said:


> No word on *Spectre Next Generation* Techpowerup ?
> https://www.heise.de/ct/artikel/Exc...U-flaws-revealed-several-serious-4040648.html
> https://newsroom.intel.com/articles/addressing-questions-regarding-additional-security-issues/
> 
> I remember this news about AMD was instantly posted and also pinned up on site for days if not weeks ;>


Damn, TPU's secret plan to make AMD look bad has been uncovered bt astute minds


----------



## Prince Valiant (May 4, 2018)

lexluthermiester said:


> No one said they're impossible to fix. Quit trolling.


The first post of the thread mentions a second Chimera exploit as "requiring a hardware fix and hinting at needing a recall".



bug said:


> Damn, TPU's secret plan to make AMD look bad has been uncovered bt astute minds


I'm not going to don my tinfoil but I'd have thought we'd see a post about the new Intel vulnerabilities and the update from AMD. Coverage for the Ryzen exploits was over the top.


----------



## bug (May 4, 2018)

Prince Valiant said:


> I'm not going to don my tinfoil but I'd have thought we'd see a post about the new Intel vulnerabilities and the update from AMD. Coverage for the Ryzen exploits was over the top.



Depends on your definition for "over the top", it's not like there's a common standard of how much coverage a type of story should get. I just did a TPU search and found about a page of news articles about Spectre and Meltdown.

Incidentally, this very thread only got so long because AMD fans just couldn't underscore enough how the vulnerabilites reported here are without merit, because the ones disclosing them were jerks. Streisand effect at its best.


----------



## R0H1T (May 4, 2018)

bug said:


> Depends on your definition for "over the top", it's not like there's a common standard of how much coverage a type of story should get. I just did a TPU search and found about a page of news articles about Spectre and Meltdown.
> 
> Incidentally, this very thread only got so long because AMD fans just couldn't underscore enough how the vulnerabilites reported here are without merit, because the ones disclosing them were jerks. Streisand effect at its best.


No most of the AMD fan base (& others) were angry because a no name *security firm*, with ties to a *hedge fund*, released highly professional (read *dubious*) videos on how the AMD chips were vulnerable with admin rights. While their site was all glitzy, they were very light on details & (almost) certainly had an *agenda* to drive the stock price down ~ given their minutiae *exposé* spread over a period of 2(?) weeks. Also they'd given no practical time to AMD in resolving this issue, unlike another major competitor which sat on that info (GPZ) for almost 3 quarters & yet botched updates for another full quarter!


----------



## bug (May 4, 2018)

R0H1T said:


> No most of the AMD fan base (& others) were angry because a no name *security firm*, with ties to a *hedge fund*, released highly professional (read *dubious*) videos on how the AMD chips were vulnerable with admin rights. While their site was all glitzy, they were very light on details & (almost) certainly had an *agenda* to drive the stock price down ~ given their minutiae *exposé* spread over a period of 2(?) weeks. Also they'd given no practical time to AMD in resolving this issue, unlike another major competitor which sat on that info (GPZ) for almost 3 quarters & yet botched updates for another full quarter!


Yeah, thanks for posting all that again, I thought the thread was dying.
The one that reported could have been murderers and necrophiles, it wouldn't change that vulenrabilities (as hard to exploit as they were) were there.
But you just can't get enough of attacking the messenger, can you? That won't solve anything, it never did.


----------



## HTC (May 4, 2018)

1stn00b said:


> *No word on Spectre Next Generation Techpowerup* ?
> https://www.heise.de/ct/artikel/Exc...U-flaws-revealed-several-serious-4040648.html
> https://newsroom.intel.com/articles/addressing-questions-regarding-additional-security-issues/
> 
> I remember this news about AMD was instantly posted and also pinned up on site for days if not weeks ;>



I sent a heads-up note to Bta about this yesterday (1st link, Google translated to English).


----------



## TrustNo1 (Jun 15, 2018)

CrAsHnBuRnXp said:


> Take *THAT *AMD. I dont wanna hear the fanbois anymore.



there is a lot of anti AMD propaganda on the internet its beyond suspicious. best you dig a little deeper and find out the truth yourself, a lot of the stuff you see online is regurgitated garbage that reviewers have somehow come to agree on.

basically viceroy research is full of you know what and cts labs doesn't exist:

"https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs"


----------



## Salty_sandwich (Oct 11, 2018)

TrustNo1 said:


> there is a lot of anti AMD propaganda on the internet its beyond suspicious. best you dig a little deeper and find out the truth yourself, a lot of the stuff you see online is regurgitated garbage that reviewers have somehow come to agree on.
> 
> basically viceroy research is full of you know what and cts labs doesn't exist:
> 
> "https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs"



very interesting read that link, ... here's a quote from it

*Unreachable PR Company*

When we first saw the press release, we reached-out to the listed Bevel PR phone number and publicly listed contact, Jessica Schaefer, to learn more about the CTS Labs research company. We won’t show it on screen, but looking through personal social media pages, we were able to find that Bevel PR appears to have been founded in 2017, and that it is staffed primarily or entirely by one individual. The Bevel PR phone number went straight to a full inbox and we were unable to get into contact. We have also reached-out to Schaefer through other contact media. We’ve never heard of Bevel PR before, but their webpage indicates that they have some experience working with ICOs and hedge funds. This pointed us in the next direction.

How vast amounts of money can change a human from being a human is …. well, frankly disturbing


----------



## Space Lynx (Oct 11, 2018)

Salty_sandwich said:


> very interesting read that link, ... here's a quote from it
> 
> *Unreachable PR Company*
> 
> ...




we already knew this this was all a dead end and basically just anti AMD propaganda, why resurrect a dead topic? I'll be rocking AMD 7nm cpu and GPU in winter 2019, vote with your money.


----------



## bug (Oct 11, 2018)

lynx29 said:


> we already knew this this was all a dead end and basically just anti AMD propaganda, why resurrect a dead topic? I'll be rocking AMD 7nm cpu and GPU in winter 2019, vote with your money.


And you're posting this despite AMD acknowledging the issues were real: https://community.amd.com/community...amd-technical-assessment-of-cts-labs-research


----------



## TheoneandonlyMrK (Oct 11, 2018)

ikeke said:


> https://www.tomshardware.com/news/amd-vulnerability-patches-ecosystem-partners,36993.html
> 
> The "impossible to fix" fixes are being validated by partners.
> 
> ...


Loop complete , return to start.


----------



## John Naylor (Oct 11, 2018)

After all the Intel and AMD *vulnerabilities" announced and finger pointing, has anyone seen a post saying "I didn't install the patch and [insert horror story] happened to me.


----------



## qubit (Oct 11, 2018)

John Naylor said:


> After all the Intel and AMD *vulnerabilities" announced and finger pointing, has anyone seen a post saying "I didn't install the patch and [insert horror story] happened to me.


<tumbleweeds>


----------



## AsRock (Oct 11, 2018)

John Naylor said:


> After all the Intel and AMD *vulnerabilities" announced and finger pointing, has anyone seen a post saying "I didn't install the patch and [insert horror story] happened to me.



Well if some one is being hacked, the hacker might not want to be seen\noticed.  There fore you might of been and just don't know about it ( YET!).

It's like depending on a single anti virus program and saying i have never had a virus.

Ignorence is bliss.


----------



## John Naylor (Oct 13, 2018)

I always used one active AV and had a second do nightly scans ... up until a few years ago.  Now we just have one on each box and the server scans all networked drives in wee hours.

As to getting it out there... what idiot uses their real name online ?   Well back when i started, that was the only way you could get online ... AOL going to the unlimited data for $19.99 a month and allowing "handles" will be later defined in historical exts as the "End of Western (amd eastern) Civilization"


----------



## GoldenX (Oct 13, 2018)

This was the best joke of the year until Intel released the same Skylake 14nm CPU at $600.


----------



## ikeke (Oct 15, 2018)

theoneandonlymrk said:


> Loop complete , return to start.




Meanwhile..www.amdflaws.com #crickets


----------



## Deleted member 178884 (Oct 15, 2018)

btarunr said:


> CTS-Labs


Wasn't that the company spilling BS? 


bug said:


> It's so funny seeing AMD aficionados going in defense mode


What? Like the intel fanboys with specter?  also checkmate, I run both intel and amd systems and I'm no fanboy.


----------



## rugabunda (Nov 13, 2018)

HP lists them:
http://h22208.www2.hpe.com/eginfolib/securityalerts/AMD/AMD-Flaws.html
https://www.hpe.com/us/en/services/security-vulnerability.html
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03841en_us&docLocale=en_US
Government lists them:
https://nvd.nist.gov/vuln/detail/CVE-2018-8933
CVE's have been registered:
https://www.cvedetails.com/vulnerability-list/vendor_id-7043/AMD.html

https://fortiguard.com/psirt/FG-IR-18-046

The related CVEs are:

1. CVE-2018-8930: The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1,

MASTERKEY-2, and MASTERKEY-3.
2. CVE-2018-8931: The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1.
3. CVE-2018-8932: The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and

RYZENFALL-4.
4. CVE-2018-8933: The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3.
5. CVE-2018-8934: The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW.
6. CVE-2018-8935: The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW.
7. CVE-2018-8936: The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation.

Impact
Execute unauthorized code or commands, Escalation of privilege, Information Disclosure

Affected Products
The following Fortinet products are NOT affected:
FortiOS
FortiAP
FortiAnalyzer
FortiSwitch

References
https://safefirmware.com/amdflaws_whitepaper.pdf
https://safefirmware.com/Whitepaper+Clarification.pdf
https://community.amd.com/community...amd-technical-assessment-of-cts-labs-research

More:https://www.bleepingcomputer.com/ne...rkey-fallout-and-chimera-cpu-vulnerabilities/


----------



## TheoneandonlyMrK (Nov 13, 2018)

rugabunda said:


> HP lists them:
> http://h22208.www2.hpe.com/eginfolib/securityalerts/AMD/AMD-Flaws.html
> https://www.hpe.com/us/en/services/security-vulnerability.html
> https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03841en_us&docLocale=en_US
> ...


Are intel that sweaty you now have a job, sad times.


----------



## hat (Nov 13, 2018)

I mean, those _were_ supposedly real flaws, but they had more to do with (ASMEDIA, I believe?) chipsets rather than AMD themselves... though you could still wag a finger at AMD for using such chipsets. They'd also be incredibly tough to pull off... much like Spectre and Meltdown and all the other variants that we've found out about recently.


----------



## nemesis.ie (Nov 13, 2018)

@rugabunda Why don't you also mention the fixes that were released?


----------



## ikeke (Nov 17, 2018)

Sounds legit.


----------



## hat (Nov 17, 2018)

"Helping manufactures make hardware secure". Because this ragtag group of whoevers knows better than the engineers. Okay.


----------

