I wonder if they got owned by a security bug in their own chips!

Gb? Gigabits? I would like to see them clarify this.
Storage is usually measured on GB, but they may be talking about something they noticed on the wire, there Gb is more common.

450 Gb or gigabits of data, which translates into 56.25 GB???

bugGb? Gigabits? I would like to see them clarify this.
Storage is usually measured on GB, but they may be talking about something they noticed on the wire, there Gb is more common.

PerfectWave450 Gb or gigabits of data, which translates into 56.25 GB???

Yeah, this sounds weirdly like someone trying to inflate the scale of this breach. Not that 56GB isn't a lot of data, but ... what?

SOAREVERSORI wonder if they got owned by a security bug in their own chips!

They got owned by weak passwords. I've been through the report. They had set network passwords to things like "amd123"

I'm fairly confident the "Gb" prefix is the ransomware group being noobsticks themselves, and they mean GBs.

R-T-BThey got owned by weak passwords. I've been through the report. They had set network passwords to things like "amd123"

I'm fairly confident the "Gb" prefix is the ransomware group being noobsticks themselves, and they mean GBs.

It was a joke!

ValantarYeah, this sounds weirdly like someone trying to inflate the scale of this breach. Not that 56GB isn't a lot of data, but ... what?

Sure, the Universe conspiring to make AMD look bad... Interesting reaction.

The size of the breach is pretty much irrelevant (still, the choice of measurement unit is strange). I mean, if they stole 50GB of 4k video, that's next to nothing. If 50GB of plain text files were exfiltrated, that is an enormous amount, with a good chance of containing something really sensitive.

From the articles concerning some people using "password" as their password. Sadly it is probably pretty common based on my experience with some inventory software that I managed as part of my duties before I retired.

this RansomHouse group should be destroyed and people prosecuted.

Tiggerthis RansomHouse group should be destroyed and people prosecuted.

Do it!

64KFrom the articles concerning some people using "password" as their password. Sadly it is probably pretty common based on my experience with some inventory software that I managed as part of my duties before I retired.

Still not a big problem if you use 2FA. You can even offer your employees something like Yubikey which is even FIPS certified for some models. Or at least to the employees touching the most sensitive stuff.

Tiggerthis RansomHouse group should be destroyed and people prosecuted.

Pretty sure they just admitted they know who did it hahahaha.

The last time I used "password" as a password was last year when I was doing random remote desktop work from one room in the house to another and some Russian bot net caught me with my pants down, ending my session in real time. I must have forgotten to send AMD a memo...

bugSure, the Universe conspiring to make AMD look bad... Interesting reaction

Uh ... why is saying "it's kind of weird to want to exaggerate the amount of data stolen, I wonder why?" somehow equivalent to saying "there's a conspiracy against AMD!"? Maybe take a step back and look at my post again, but without presuming some kind of bias? I have no idea where you got that conspiratorical angle from, but it wasn't from my post.

ValantarUh ... why is saying "it's kind of weird to want to exaggerate the amount of data stolen, I wonder why?" somehow equivalent to saying "there's a conspiracy against AMD!"? Maybe take a step back and look at my post again, but without presuming some kind of bias? I have no idea where you got that conspiratorical angle from, but it wasn't from my post.

Because, without any additional data, you're assuming exaggeration is at play. And you end with a question implying there are ulterior motives.

Old news....I know this since June 30....
nl.hardware.info/nieuws/82048/450gb-met-password-beveiligde-data-gestolen-van-amd

bugBecause, without any additional data, you're assuming exaggeration is at play. And you end with a question implying there are ulterior motives.

... sigh. The vastly dominant conventional way of presenting stored data is in B, not b. Presenting stored data in bits multiplies the number of bytes by 8. This is, inherently, an exaggeration, as most readers either won't notice or don't know the difference between b and B. There is no assumption there: presenting stored data in bits and not bytes is exaggerating its size. Period.

As for the question "implying there are ulterior motives": seriously, dude, please stop reading things into simple words that are not there. The question is an open and explicitly non-loaded one: "What?" as in, incredulity and confusion. A desire to inflate the numbers is one possible explanation, sure, but you're actually arguing that asking the question is inherently suggesting this, which ... well, boggles the mind. You're reading this as a pointed rhetorical move that it simply isn't. Heck, if anything the incredulity is there in part to highlight how pointless such exaggeration would be.

And, to be clear, even if that was the suggestion - I did touch on the weirdness of this exaggeration, after all - even that isn't inherently angled as "there's a conspiracy against AMD". IMO a reasonable interpretation would be that the hacker group might be trying to brag or pass off what they've done as larger scale than what it was - which is also reflected in the kinda-incredulous "what?" at the end of the sentence, as that would be pretty weird. Explaining this through incompetence/oversight is equally weird - I would kind of assume someone with the combination of social engineering and technical skills required to pull something like this off would have the general wherewithal to not confuse GB with Gb. Heck, for all we know this could be written on a phone and thus be a product of bad autocorrect. Who knows? Either way, it's weird. And that's all that was implied by my post.

SOAREVERSORI wonder if they got owned by a security bug in their own chips!

That would be peak irony! Or, you know what's even better? If they were hacked via some backdoor!
Oh, wait! There are no backdoors! ;)

zlobbyThat would be peak irony! Or, you know what's even better? If they were hacked via some backdoor!
Oh, wait! There are no backdoors! ;)

Then AMD would just blame it on something else, they have no reason to openly admit that their chips were compromised.

So they downloaded a couple gpu drivers??

;)

64KFrom the articles concerning some people using "password" as their password. Sadly it is probably pretty common based on my experience with some inventory software that I managed as part of my duties before I retired.

That’s pretty crazy and one would think doubtful. Where I work we have to change all our passwords quarterly and have to contain numbers, letters lower and upper case and be at least 12 characters long.

mechtechWhere I work we have to change all our passwords quarterly and have to contain numbers, letters lower and upper case and be at least 12 characters long.

Password1337

There you have it.

On the other hand, they should have a system that catches words and forces them to have actually random passwords, like "Wt8YK2ZMJWGv"

Apparently the best type of passwords are just 3 random words, treescooterracoon

www.ncsc.gov.uk/blog-post/the-logic-behind-three-random-words

You know, if folks didn't pay ransomware attacks, then it would be a lot harder getting paid (and companies like these wouldn't exist)

Who here really believes a hacker when they "pinky swear" they deleted al that data? More likely, they are getting paid TWICE ( one to get the data back, and then another on the closed market. for lots of random of data.)

Sure, its less destructive that publishing it on the open web, but it sets you up as an easy mark ( so long-term, it will cost you more to pay multiple times than a massive security audit + redesign following the first dump of data)

mechtechSo they downloaded a couple gpu drivers??

;)


That’s pretty crazy and one would think doubtful. Where I work we have to change all our passwords quarterly and have to contain numbers, letters lower and upper case and be at least 12 characters long.

It wasn't for the main site. It was just for some special software. After I turned it over to the IT dept to resolve they made the people do what you are talking about with 2 exceptions. The passwords only had to be 8 character minimum and contain at least 1 special character.

When they implemented the quarterly change later you have never seen such whining from adults.

Tiggerthis RansomHouse group should be destroyed and people prosecuted

Ah yes, let's prosecute the anonymous black market that exists only because it's managed to evade all law-enforcement to date.
Prosecution is definitely the solution!
:D