13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

[jabbadap]

The "researchers" jumped the gun. AMD hasn't even had time yet to reproduce them for verification purposes.

When Specter and Meltdown went public, it was huge news because despite having six months to work on it, they weren't even close to fixing it. Even if one of these 13 ends up being legit, it most likely could have been quietly fixed without any fanfare. In this case, everything the "researchers" did was about maximizing fanfare. That should concern everyone. I hope this doesn't become the new norm but it could.

Well I agree it's very very poorly executed if that indeed is genuine security firm. But looking on employees backgrounds, I have hard time to discredit their expertise in security.

 

[Fouquin]

The double standard is real. Let's jump the gun and defame the researchers because this is AMD and not Intel. Hell, the AMD defense force has yet to provide actual evidence to discredit each of those findings but somehow someway found a way to link this to Intel. This AMD circlejerk culture, even though it's a vocal minority, has to stop.

The accused does not generally carry the burden of proof.

When Meltdown and Spectre went public there was sample code, a real-time demonstration, step-by-step info on each avenue of attack. Multiple tech giants had it in-hand for months working on a fix before it went live. This report has none of those things and holds little credence in it's vague descriptions, lack of review, and immediate public exposure.

 

[IceScreamer]

If this didn't involve such allegations it would be really really funny, almost like an article from The Onion, with the green screened scenes and everything. But this is just lame, a low blow to either smear the company/the new product or for a financial gain through stock trading.

And ffs, the sites name is AMDFlaws.

Also, whether these vulnerabilities are real or not, the tech sites (some at least) have lost a lot of respect in my eyes, posting such news without an in depth research, gotta get them clicks huh.

 

[cowie]

If this didn't involve such allegations it would be really really funny, almost like an article from The Onion, with the green screened scenes and everything. But this is just lame, a low blow to either smear the company/the new product or for a financial gain through stock trading.

And ffs, the sites name is AMDFlaws.

Also, whether these vulnerabilities are real or not, the tech sites (some at least) have lost a lot of respect in my eyes, posting such news without an in depth research, gotta get them clicks huh.

I feel like that too about any type of unconfirmed rumors at least when you have people or money involved.
to be fair most real sites show dought because of the way it was brought to the table

 

[R-T-B]

I hope it's not going to upset w1zzard, but from what limited research I can confirm as a "non-press" member at this time, I'm going to have to side with the users here:

If this is even true, it stinks of an Intel PR stunt.

It's possibly not even true?

What is it doing in the news feed?

gotta get them clicks huh.

I think everyone is entitled to an honest mistake and/or "jumping the gun" on occasion. But if this turns out to be false, TPU sure had better follow up with a retraction, I would think.

 

[IceScreamer]

I feel like that too about any type of unconfirmed rumors at least when you have people or money involved.

Yea, I don't know if it's just me but I see a lot of these kind of "news" lately.

I hope it's not going to upset w1zzard, but from what limited research I can confirm as a "non-press" member at this time, I'm going to have to side with the users here:

If this is even true, it stinks of an Intel PR stunt.

It's possibly not even true?

What is it doing in the news feed?



I think everyone is entitled to an honest mistake and/or "jumping the gun" on occasion. But if this turns out to be false, TPU sure had better follow up with a retraction, I would think.

Of course, I am also partly at fault here, because until all of this clears up we don't really know who is right or who is wrong.

 

[cowie]

I hope it's not going to upset w1zzard, but from what limited research I can confirm as a "non-press" member at this time, I'm going to have to side with the users here:

If this is even true, it stinks of an Intel PR stunt.

It's possibly not even true?

What is it doing in the news feed?



I think everyone is entitled to an honest mistake and/or "jumping the gun" on occasion. But if this turns out to be false, TPU sure had better follow up with a retraction, I would think.

yeah but btarunr is such a news hound and has been for years
you guys haveta know he is crazy for news I think he is like, screw it let god sort it out.
there was no facebook or twitter or even good goggle we had him and wizz

 

[thesmokingman]

Take THAT AMD. I dont wanna hear the fanbois anymore.

 

[moob]

And yet another article that delves into the sources of these supposed flaws: https://techreport.com/news/33368/s...of-ryzen-epyc-and-amd-chipset-vulnerabilities

Viceroy even says that AMD will have to file for Chapter 11. lol

 

[ikeke]

I call a big juicy BS.

https://amdflaws.com/disclaimer.html

The report and all statements contained herein are opinions of CTS and are not statements of fact. To the best of our ability and belief, all information contained herein is accurate and reliable, and has been obtained from public sources we believe to be accurate and reliable.

Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports.

 

[Xzibit]

Not sure if anyone pointed this out yet.

The AMDFlaws.com domain was registered with GoDaddy on the 22nd of February and ownership of that domain is hidden by Domains By Proxy, LLC. That again strikes me as odd for a security company to hide the identity of domain ownership.

 

[medi01]

Heck, and one would think people don't swallow bait like this on a techie site.

"If you infect BIOS you can do baaaaad things"
"If you have admin rights then you can start a program and do baaaad things"
"if you have admin rights you can start a program and read stuff from memory!!!"

Are you FREAKING kidding me?

 

[mtcn77]

Not naming names when it is Intel... "Should owners of processors affected by security problems receive compensation?"

But when it is AMD? Anybody remember the poll? Should owners of processors affected by security problems receive compensation?

 

[theGryphon]

Not naming names when it is Intel... "Should owners of processors affected by security problems receive compensation?"

But when it is AMD? Anybody remember the poll? Should owners of processors affected by security problems receive compensation?

You're comparing horses and unicorns. Here is a hint: only one of them is real.

 

[mtcn77]

You're comparing horses and unicorns. Here is a hint: only one of them is real.

You must have found inflicting Meltdown cases in AMD processors, then.

 

[VulkanBros]

Take THAT AMD. I dont wanna hear the fanbois anymore.

Fast responder....

 

[CrAsHnBuRnXp]

An

Fast responder....

And your insinuation is?

 

[damric]

This smells political...and reeks of a Trump-Netanyahu-Intel circle jerk.

First Trump killed the Broadcom merger with Qualcom...who does that benefit? Intel. Who makes Intel chips? Israelis.

Now this weird unknown security company sounds like something concocted overnight by the same fake news exporters that we saw during the 2016 U.S. presidential campaign. Sure, there might be some half-truths, but bottom line is that ordinary good security practices protect you from most of this.

 

[thesmokingman]

This smells political...and reeks of a Trump-Netanyahu-Intel circle jerk.

First Trump killed the Broadcom merger with Qualcom...who does that benefit? Intel. Who makes Intel chips? Israelis.

Now this weird unknown security company sounds like something concocted overnight by the same fake news exporters that we saw during the 2016 U.S. presidential campaign. Sure, there might be some half-truths, but bottom line is that ordinary good security practices protect you from most of this.

It's a a short seller trying to screw AMD stock price.

https://www.iol.co.za/business-repo...-and-why-do-their-accusations-matter-13010688

For example:

"Astute social-media users have noted that Viceroy Research, a financial-analysis group that reportedly engages in short selling of various companies' securities, appears to have coordinated the release of a report provocatively titled "The Obituary" alongside the CTS Labs whitepaper."

https://techreport.com/news/33368/s...of-ryzen-epyc-and-amd-chipset-vulnerabilities

 

[xkm1948]

This smells political...and reeks of a Trump-Netanyahu-Intel circle jerk.

First Trump killed the Broadcom merger with Qualcom...who does that benefit? Intel. Who makes Intel chips? Israelis.

Now this weird unknown security company sounds like something concocted overnight by the same fake news exporters that we saw during the 2016 U.S. presidential campaign. Sure, there might be some half-truths, but bottom line is that ordinary good security practices protect you from most of this.

Come on, even the Russian collusion story found a juicy nothing buger. How the hell can you link this to Trump? Government level smearing operation is way better executed. This one on the other side is very poorly executed

 

[lexluthermiester]

And your insinuation is?

Seems he was implying the use of coincidental irony.

After reading the documentation provided by a few different sources, my $0.02 is this;
1; This not so secret "Secret Processor" nonsense needs to go or be updated to be user configured/disabled as it is a severe potential security risk,
2; There is validity to some of the scare of this paper, but not all.
3; Many aspects of these claims require physical access to the hardware and/or serious alteration to the base software(bios/efi), neither of which is practical for remote attack.

This smells political...and reeks of a Trump-Netanyahu-Intel circle jerk.

As unlikely as that is, let's keep the politics out of this and focus on factual information. Conspiracy theory's are not very helpful.

 

[Jism]

Great testing, esp. when:

1: system needs adjusted bios
2: user needs to be in administrator mode

It's not as bad as it is for Intel with Spectre and Meltdown.

I could think of an instance, https://www.spamfighter.com/News-21...ussias-Hacking-Group-Fancy-Bear-Suspected.htm

where computers that where ordered at large scale, any vendor is able to inject some sort of adjusted bios into the hardware, and send out to in this case, a goverment which opens door on spying.

But furthermore; you shoud'nt worry much about the flaws in AMD hardware. This is a merely PR message, 24 hours responsetime is very very unreal.

 

[Easo]

Everything that can be said, is already said by others. Let's see what AMD will give in full answer.

 

[lexluthermiester]

It's not as bad as it is for Intel with Spectre and Meltdown.

It's too early to claim that. The devil is in the details and those are still being sorted out. Like with Meltdown, the initial reaction is an over-reaction.

But furthermore; you shouldn't worry much about the flaws in AMD hardware. This is a merely PR message, 24 hours response time is very very unreal.

Again, it's too early to claim such.

 

[thesmokingman]

It's too early to claim that. The devil is in the details and those are still being sorted out. Like with Meltdown, the initial reaction is an over-reaction.

Again, it's too early to claim such.

Seriously, drop the official business act. This is a ruse.