Linus Torvalds Slams Security Researchers Without Taking Names

[btarunr]

Linus Torvalds has, without taking names, slammed the direction in which the IT security industry is going. The timing of Torvalds' comments is key. They come on a day when CTS-Labs published a press-release chronicling what they claim to be 13 critical security vulnerabilities with AMD "Zen" CPU microarchitecture. "It looks like the IT security world has hit a new low," Torvalds begins. "If you work in security, and think you have some morals, I think you might want to add the tag-line: "No, really, I'm not a whore. Pinky promise" to your business card. Because I thought the whole industry was corrupt before, but it's getting ridiculous," he continues. "At what point will security people admit they have an attention-whoring problem?"

CTS-Labs classified their 13 new discoveries into four categories, complete with a Meltdown/Spectre-esque graphics package, infographics, and a YouTube video with amateur-level green-screen stock footage behind the only 3 people the company has on its payroll. Their disclosures invited scorn from the public, particularly for not following the unwritten guideline of IT-sec industry that you have to give hardware/software manufacturers at least 90 days to respond/mitigate your findings before taking your work public. CTS-Labs gave AMD barely 24 hours. Some of the more skeptic voices suggest that these disclosures are part of a purpose-built stock shorting scheme that's currently engaged in devaluing AMD.



AMD itself took an exception to this guerrilla-ambush tactic adopted by the researchers. "This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings." AMD stock performance approaching closing-bell Tuesday suggests that the company's investors are giving it the benefit of doubt, that its corporate-communications and investor-relations teams are on overdrive, and that it would be prudent to hear what the company has to say. At least now that it has the investors' and public's attention, we won't hear of incidents like its senior execs dumping company stock, something that can't be said for AMD's biggest competitor.

View at TechPowerUp Main Site

 

[jigar2speed]

This was really a low blow to AMD by this security company. Really sad situation.

 

[Chaitanya]

This was really a low blow to AMD by this security company. Really sad situation.

If you read the comments Linus is not too happy with overly eagre PIMPs(Press in my pocket).

 

[xkm1948]

So you gonna retract your previous fake news?

 

[btarunr]

So you gonna retract your previous fake news?

I'll retract it once AMD refutes CTS-Labs in a press-release. It is currently investigating.

 

[esrever]

I'll retract it once AMD refutes CTS-Labs in a press-release. It is currently investigating.

Maybe you (and the rest of the press) should have given AMD enough time to even comment on it before publishing unsubstantiated libel. But then again, you got so many clicks from the bait so I'm sure you don't regret it one bit.

 

[RejZoR]

Explot finding scene turned into cracking scene. Everyone wants to be the first publishing something dramatic they found. 24 hours is an unreasonable timeframe. There is no way anyone can even evaluate, let alone address anything in such short time. CTS Labs should be ashamed of their "tactics". Makes you wonder if they made an under the table deal with Intel to release this info so quickly to make AMD look bad because there is no way AMD can evaluate, respond and fix the problems.

 

[Chaitanya]

Maybe you (and the rest of the press) should have given AMD enough time to even comment on it before publishing unsubstantiated libel. But then again, you got so many clicks from the bait so I'm sure you don't regret it one bit.

They will regret if AMD drags these media outlets for defamation and the way this story was published to spread FUD without research I won't be too surprised.

 

[xkm1948]

I like how GN did it

 

[R-T-B]

Maybe you (and the rest of the press) should have given AMD enough time to even comment on it before publishing unsubstantiated libel.

Technically they are only rereporting someone elses libel, if it turns out to be false. They would make CTS labs or what have you the ones responsible. The only way TPU can be wrong here is if they continue to print the story after it's proven false, ala "pizzagate" or similar.

EDIT: Should clarify I am speaking legally, not ethically.

 

[xkm1948]

CTS-Lab is a throw away chess piece. Whoever behind this smearing campaign would have made perfectly sure that no traces can be used to track them down. So no, that will be a dead end. Who ever did this is pretty clever. If it worked, hell yeah, smearing and manipulation done! If failed, they just throw away bunch of losers that they hired as their "security firm employees and CTOs"


However we do know their domains were registered on GoDaddy.com

Any transaction will leave trails. unless they are at the level of shadow government.

 

[TheGuruStud]

CTS-Lab is a throw away chess piece. Whoever behind this smearing campaign would have made perfectly sure that no traces can be used to track them down. So no, that will be a dead end. Who ever did this is pretty clever. If it worked, hell yeah, smearing and manipulation done! If failed, they just throw away bunch of losers that they hired as their "security firm employees and CTOs"


However we do know their domains were registered on GoDaddy.com

Any transaction will leave trails. unless they are at the level of shadow government.

I'll save everyone the trouble.

It was Intel or an executive working in the interest of Intel. We all know how much they have to lose with Epyc this year.

 

[RejZoR]

@xkm1948

That Intel statement at the end of GN video. Yeah, like Intel is going to admit it even if they did have hands in it lol

 

[Sempron Guy]

I like how the tech media will come clean after this even though they are used(voluntarily or involuntarily) as medium to push shady agenda. Got to love the power of free press.

 

[TheGuruStud]

@xkm1948

That Intel statement at the end of GN video. Yeah, like Intel is going to admit it even if they did have hands in it lol

He was being a little cheeky with his tongue.

 

[IceShroom]

I'll save everyone the trouble.

It was Intel or an executive working in the interest of Intel. We all know how much they have to lose with Epyc this year.

Or it could be Nvidia.

 

[TheGuruStud]

Or it could be Nvidia.

Seems a little sloppy for Nvidia, though. Intel isn't as bright lol.

 

[IceShroom]

Seems a little sloppy for Nvidia, though. Intel isn't as bright lol.

Why not, AMD supplied the GPP story. As counter they could do that.

 

[Imsochobo]

Why not, AMD supplied the GPP story. As counter they could do that.

This is over a year in the making.
I doubt intel has anything major to do with this either.

This is someone who have betted on amd stocks going further down and when they shot up because of ryzen and so on they had to manipulate.

 

[Xzibit]

I like how GN did it

That Viceroy piece sure sounds like some of the people who post in these forums.

 

[Space Lynx]

I like how GN did it

yep I agree, I watched that earlier and Gamers Nexus presents a very educated and objective argument that pretty much destroys CTS lol

 

[cowie]

all of us are far more guilty then this on the web.
funny what if the last business/person/item/sports team you talked shit about right here on these forums comes after you?
don't kill the messenger

 

[Vayra86]

Maybe you (and the rest of the press) should have given AMD enough time to even comment on it before publishing unsubstantiated libel. But then again, you got so many clicks from the bait so I'm sure you don't regret it one bit.

News is news, if you want your news vetted and quality checked before publication, go live in China or Russia. They're pretty good at it, I hear. And we're already moving that direction over here in the West too... its scary

Over here, we can make up our own minds about what's credible and what's not - something people are actually capable of as one can read clearly in the article.

 

[Dave65]

The fan babies will be so upset when they find out this was fake news.
I hope AMD nails their hides to a post.

 

[_Flare]

Intel ... Israel ... CTS-Labs ... anyone ?