• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

CTS-Labs Posts Ryzen Windows Credential Guard Bypass Proof-of-concept Video

Joined
May 6, 2012
Messages
184 (0.04/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
This TPU bashing crap needs to stop.

How was I bashing? Which part of my statement can be taken like bashng? I was merely stating my own opinion.

That and the point there still is no valid update on CTS-Labs original "13 world-ending exploits" claim.
 
Joined
Mar 18, 2008
Messages
5,717 (0.94/day)
System Name Virtual Reality / Bioinformatics
Processor Undead CPU
Motherboard Undead TUF X99
Cooling Noctua NH-D15
Memory GSkill 128GB DDR4-3000
Video Card(s) EVGA RTX 3090 FTW3 Ultra
Storage Samsung 960 Pro 1TB + 860 EVO 2TB + WD Black 5TB
Display(s) 32'' 4K Dell
Case Fractal Design R5
Audio Device(s) BOSE 2.0
Power Supply Seasonic 850watt
Mouse Logitech Master MX
Keyboard Corsair K70 Cherry MX Blue
VR HMD HTC Vive + Oculus Quest 2
Software Windows 10 P
Just for the lulz, somebody actually made a CTSflaws website.

https://www.ctsflaws.com


Man these guys are probably looking to short CTS stock value. Oh wait, nvm
 
Joined
Jul 5, 2013
Messages
27,860 (6.69/day)
How was I bashing? Which part of my statement can be taken like bashing? I was merely stating my own opinion. That and the point there still is no valid update on CTS-Labs original "13 world-ending exploits" claim.
Stop trolling please.
 
Joined
Oct 2, 2004
Messages
13,791 (1.87/day)
Most not all. The majority of the script-kiddies out there are of little concern, true, but it's the ones with real skills that are of concern. And there are a lot of them. Do you want to be the nitwit who told their boss it was nothing to worry about and then was victimized by the very same problem? You'd be out of a job so fast it would make your head spin. EVERY vulnerability like this is a serious vulnerability which requires serious attention and consideration. It would be irresponsible, negligent, reckless and unprofessional to treat this with less seriousness than any other system cracking vulnerability.

Enough with the FUD. Try taking off the tin hat and seeing the problems for what they are.

What FUD? Only FUD is from CTS side. It's a TERRIBLE EXPLOIT OH MAH GOD, WAVING WITH HANDS IN THE AIR. And none of these exploits even work without admin rights. LOL? It's more of an inconvenience or a design flaw than exploit or whatever. Given that AMD has responded with a microcode fix for all of them, I see it as a non issue. I do still have a problem how CTS pushed the info out giving AMD just 24 hours, that slandering shit from Viceroy and the fact they keep on making it all about AMD even though what really seems to be the real problem is ASMEDIA which surprisingly no one seems to talk about much. ASMEDIA chipsets come on Intel boards as well and yet all the focus is on AMD for some dumb reason. But sure, it's my tin hat...
 
Joined
Aug 20, 2007
Messages
21,476 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
I'm actually of the opinion that as an exploitable issue, these don't amount to much. There are very targeted use cases in which some very select users may be concerned, but that's it.

What's more disturbing is that they point to lax practices inside AMD and ASMedia in general. I don't like that. Not that that's anything unusual these days, but that's even more disturbing.

Seriously, if you are going to push "hardware security" try and give a shit about how the hardware thinks, please?
 
Joined
May 6, 2012
Messages
184 (0.04/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
Im stating that this is the highest trending topic/news on TPU. I cant call it objective, sorry.





How am I trolling, exactly?
 
Joined
Jul 16, 2014
Messages
8,198 (2.16/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 4070 ti super 16gb
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
It's obvious what cts is trying to do, so i denounce anything they do. I trust the developer of the arch on fixes before a 3rd party such as CTS.

I wonder if AMD might pursue a lawsuit for libel.
I do hope AMD sues, it would be like a free publicity stunt for them.
 
Joined
Jan 8, 2017
Messages
9,439 (3.27/day)
System Name Good enough
Processor AMD Ryzen R9 7900 - Alphacool Eisblock XPX Aurora Edge
Motherboard ASRock B650 Pro RS
Cooling 2x 360mm NexXxoS ST30 X-Flow, 1x 360mm NexXxoS ST30, 1x 240mm NexXxoS ST30
Memory 32GB - FURY Beast RGB 5600 Mhz
Video Card(s) Sapphire RX 7900 XT - Alphacool Eisblock Aurora
Storage 1x Kingston KC3000 1TB 1x Kingston A2000 1TB, 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s) LG UltraGear 32GN650-B + 4K Samsung TV
Case Phanteks NV7
Power Supply GPS-750C
CTS were just a tool , someone else is behind them. Either Viceroy or someone else.
 
Joined
Jul 5, 2013
Messages
27,860 (6.69/day)
I'm actually of the opinion that as an exploitable issue, these don't amount to much. There are very targeted use cases in which some very select users may be concerned, but that's it.
To be fair, Meltdown & Spectre are in the same boat. As with most vulnerabilities, they are difficult for the general user base to pull off but that is not why they should taken seriously. These are things that are still possible to pull off and presents a distinct danger to data/system security.
 
Last edited:

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,244 (7.54/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
No, it is not serious. If you are already in a privilidged shell, nothing else matters anymore.

You do realize that software seeking elevated privileges doesn't need you to key in admin password, don't you?

Imagine you're just another desktop PC user running a Ryzen processor, and have the average joe's understanding of computers. You download a harmless looking free software (something that makes GIFs, converts videos, etc., to help you post dank memes). You run its installer, the installer seeks elevated privileges (in order to install software). You give it those privileges at the click of a button. That's it. You just gave something from the internet elevated privileges, enough to install a remote shell for a haxxor sitting across the globe, to access your hardware, and plant exploits that survive reboots and re-installs.

CTS were just a tool , someone else is behind them. Either Viceroy or someone else.

They themselves admitted that they're a for-profit company that's paid by stock research firms (not Viceroy, but someone with an identical modus operandi).
 
Joined
May 6, 2012
Messages
184 (0.04/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
Imagine you're just another desktop PC user running a Ryzen processor, and have the average joe's understanding of computers. You download a harmless looking free software (something that makes GIFs, converts videos, etc., to help you post dank memes). You run its installer, the installer seeks elevated privileges (in order to install software). You give it those privileges at the click of a button.
No regular user (in domain/work network) should/will ever have admin access. In environment with security protocols in place this is impossible.

(any users in my domain try something like this I'll just have a talk with them and point out the obvious, "you do not click on random stuff/files downloaded from the internet")
 
Last edited:
Joined
Jul 5, 2013
Messages
27,860 (6.69/day)
No regular user (in domain/work network) should/will ever have admin access.
That is a huge assumption on your part and is incorrect. Additionally, there are fine grained levels of admin access that can and are granted for various tasks within a company/network. Then there are IT admins themselves who often don't use proper security methodologies either out of ignorance or incompetence.
In environment with security protocols in place this is impossible.
Incorrect again. There are many ways around network security, even in a Unix/Linux based environment.
 
Joined
May 6, 2012
Messages
184 (0.04/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
Again, if Joe Average in your network has (unrestricted) admin access then Amdflaws is the least of your worries.

And yet again, we add a lot of "if" in order to make the CTS-Labs claims viable. Still no "staggering thirteen critical security vulnerabilities for AMD's "Zen" CPU microarchitecture" (quote from TPU original post).
 
Joined
Jul 5, 2013
Messages
27,860 (6.69/day)
Again, if Joe Average in your network has (unrestricted) admin access then Amdflaws is the least of your worries. And yet again, we add a lot of "if" in order to make the CTS-Labs claims viable. Still no "staggering thirteen critical security vulnerabilities for AMD's "Zen" CPU micro-architecture" (quote from TPU original post).
You're not getting it. The "if" is at the core of these problems. Just because they are difficult to exploit doesn't mean you can dismiss them as harmless. And if you are, or may become, a target, would you want them fixed or left as-is to be taken advantage of? If you say anything other than "fixed", you are completely unqualified to be offering IT/network security advice and certainly unqualified to be a IT/network administrator. You're lucky you don't work for me. You'd already be out of a job as the attitude displayed here is completely intolerable.
 
Joined
May 6, 2012
Messages
184 (0.04/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
I am lucky indeed, true that.

Just because they are difficult to exploit doesn't mean you can dismiss them as harmless.

vs

"staggering thirteen critical security vulnerabilities for AMD's "Zen" CPU microarchitecture" (quote from TPU original post)

Leaving them "as-is" is something i cant recall i've ever said...
 

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,244 (7.54/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
Again, if Joe Average in your network has (unrestricted) admin access then Amdflaws is the least of your worries.

Your dank meme generator installer running on elevated privileges will create a remote shell, haxxor then uses Ryzenfall-enhanced mimikatz to see your unhashed admin password. It's cake from there on.
 
Joined
May 6, 2012
Messages
184 (0.04/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
OK, i get it. It's a cake.

https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/

I quote:

"There is no immediate risk of exploitation of these vulnerabilities for most users. Even if the full details were published today, attackers would need to invest significant development efforts to build attack tools that utilize these vulnerabilities. This level of effort is beyond the reach of most attackers (see https://www.usenix.org/system/files/1401_08-12_mickens.pdf, Figure 1)

These types of vulnerabilities should not surprise any security researchers; similar flaws have been found in other embedded systems that have attempted to implement security features. They are the result of simple programming flaws, unclear security boundaries, and insufficient security testing. In contrast, the recent Meltdown and Spectre flaws required previously unknown techniques and novel research advances to discover and exploit."

https://community.amd.com/community...amd-technical-assessment-of-cts-labs-research

I quote:

The security issues identified by the third-party researchers are not related to the AMD “Zen” CPU architecture or the Google Project Zero exploits made public Jan. 3, 2018. Instead, these issues are associated with the firmware managing the embedded security control processor in some of our products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.

I find it weird to have continued discussion on this topic at the same original "staggering thirteen critical security vulnerabilities for AMD's "Zen" CPU microarchitecture " topic, since the magnitude of these issues was played as something they clearly werent. And this continues even after outside evaluation and AMDs reply. Somehow any bone CTS-Labs throws has so much weight to it..

For a fact, these exploits, based on POC, would be undeployable in environments i know of.

There are safeguards in place, for a reason.
 
Last edited:
Joined
Apr 10, 2013
Messages
302 (0.07/day)
Location
Michigan, USA
Processor AMD 1700X
Motherboard Crosshair VI Hero
Memory F4-3200C14D-16GFX
Video Card(s) GTX 1070
Storage 960 Pro
Display(s) PG279Q
Case HAF X
Power Supply Silencer MK III 850
Mouse Logitech G700s
Keyboard Logitech G105
Software Windows 10
I came back to see if there were any updates here and see the back and forth temper tantrums continue. Why is there even debate anymore? AMD already acknowledged the vulnerabilities in whole. AMD is crafting fixes for those vulnerabilities. If there was no risk there would be no fix but fixes are coming. Are these high risk? No, but there is risk so it needs a fix. Chips have flaws. Intel chips have flaws. AMD chips have flaws. What is so hard to understand and accept?
 
Joined
Sep 6, 2013
Messages
3,340 (0.81/day)
Location
Athens, Greece
System Name 3 desktop systems: Gaming / Internet / HTPC
Processor Ryzen 5 5500 / Ryzen 5 4600G / FX 6300 (12 years latter got to see how bad Bulldozer is)
Motherboard MSI X470 Gaming Plus Max (1) / MSI X470 Gaming Plus Max (2) / Gigabyte GA-990XA-UD3
Cooling Îťoctua U12S / Segotep T4 / Snowman M-T6
Memory 32GB - 16GB G.Skill RIPJAWS 3600+16GB G.Skill Aegis 3200 / 16GB JUHOR / 16GB Kingston 2400MHz (DDR3)
Video Card(s) ASRock RX 6600 + GT 710 (PhysX)/ Vega 7 integrated / Radeon RX 580
Storage NVMes, ONLY NVMes/ NVMes, SATA Storage / NVMe boot(Clover), SATA storage
Display(s) Philips 43PUS8857/12 UHD TV (120Hz, HDR, FreeSync Premium) ---- 19'' HP monitor + BlitzWolf BW-V5
Case Sharkoon Rebel 12 / CoolerMaster Elite 361 / Xigmatek Midguard
Audio Device(s) onboard
Power Supply Chieftec 850W / Silver Power 400W / Sharkoon 650W
Mouse CoolerMaster Devastator III Plus / CoolerMaster Devastator / Logitech
Keyboard CoolerMaster Devastator III Plus / CoolerMaster Devastator / Logitech
Software Windows 10 / Windows 10&Windows 11 / Windows 10
You do realize that software seeking elevated privileges doesn't need you to key in admin password, don't you?

Imagine you're just another desktop PC user running a Ryzen processor, and have the average joe's understanding of computers. You download a harmless looking free software (something that makes GIFs, converts videos, etc., to help you post dank memes). You run its installer, the installer seeks elevated privileges (in order to install software). You give it those privileges at the click of a button. That's it. You just gave something from the internet elevated privileges, enough to install a remote shell for a haxxor sitting across the globe, to access your hardware, and plant exploits that survive reboots and re-installs.

Ryzen processor detected. Installing malware.

You do realize that software seeking elevated privileges doesn't need you to key in admin password, don't you?

Imagine you're just another desktop PC user running a Coffee Lake processor, and have the average joe's understanding of computers. You download a harmless looking free software (something that makes GIFs, converts videos, etc., to help you post dank memes). You run its installer, the installer seeks elevated privileges (in order to install software). You give it those privileges at the click of a button. That's it. You just gave something from the internet elevated privileges, enough to install a remote shell for a haxxor sitting across the globe, to access your hardware, and plant exploits that survive reboots and re-installs.

Intel processor detected. Abort! Abort!! ABORT!!!



I love it how CTS managed to make the installation of malware synonym to having a Ryzen processor.
Any new videos from CTS for the front page?
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
27,852 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
Im stating that this is the highest trending topic/news on TPU. I cant call it objective, sorry.





How am I trolling, exactly?
Updated the first sentences in the article, good catch. It's highest trending because it has huge activity in every metric
 
Joined
May 6, 2012
Messages
184 (0.04/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
Updated the first sentences in the article, good catch. It's highest trending because it has huge activity in every metric

I dont think there are any CVE IDs for any of these sofar, as well.
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
27,852 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
Joined
Oct 2, 2004
Messages
13,791 (1.87/day)
I'm actually of the opinion that as an exploitable issue, these don't amount to much. There are very targeted use cases in which some very select users may be concerned, but that's it.

What's more disturbing is that they point to lax practices inside AMD and ASMedia in general. I don't like that. Not that that's anything unusual these days, but that's even more disturbing.

Seriously, if you are going to push "hardware security" try and give a shit about how the hardware thinks, please?

How do you know they are "lax"? Processors aren't something you throw together in 6 hours. Especially considering Zen was put together from ground up. Just because CTS Labs gave them a ridiculous 24 hour timeframe to address it, that doesn't mean they are incompetent or clueless. Every device has potential issues, it's just a matter of when someone finds them.

Can't say the same for ASMedia. Then again, no one seems to have addressed them specifically as all the focus is on AMD for some dumb reason...
 
Joined
Jul 16, 2014
Messages
8,198 (2.16/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 4070 ti super 16gb
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
CTS were just a tool , someone else is behind them. Either Viceroy or someone else.
have a look at who owns CTS and Viceroy, its a fund manager.

the first video on Gamers Nexus about this makes a mention about that that EVERYONE ignored.
 
Joined
Mar 7, 2010
Messages
989 (0.18/day)
Location
Michigan
System Name Daves
Processor AMD Ryzen 3900x
Motherboard AsRock X570 Taichi
Cooling Enermax LIQMAX III 360
Memory 32 GiG Team Group B Die 3600
Video Card(s) Powercolor 5700 xt Red Devil
Storage Crucial MX 500 SSD and Intel P660 NVME 2TB for games
Display(s) Acer 144htz 27in. 2560x1440
Case Phanteks P600S
Audio Device(s) N/A
Power Supply Corsair RM 750
Mouse EVGA
Keyboard Corsair Strafe
Software Windows 10 Pro
While I find the focus on CTS distasteful, the rhetoric and accusations against TPU are something that should have been dealt with a long time ago. TPU has had militants rally against it for a while now (usually in AMD/Nvidia threads) and the constant "TPU is a shill" cry has gone unpunished, until now. If you invite someone into your house and they shit on your carpet - you really ought to kick them out before they've pulled their trousers up.

As for further coverage of CTS labs technical pieces, it should be noted that the majority of TPU members (from what I've seen) are not that tech savvy. This is not my site (nor do I own one) but as Anandtech and others have done, a fair reflection on the merits of CTS background funding and PR roadshow wouldn't go amiss. There is one thing that will be proven in time and that is a very viable path for discrediting this exploit expose:

CTS says it's not fixable
CTS gives AMD 24 hours notice that they have found said exploit.
AMD says a firmware patch will fix it and they are working on it.

so.....

If patch fixes problem, and it does so within 90 days (standard industry timescale for exploit announcement)...
There would be no issue at all. This is the crux of it all - by not giving due time as is normally allowed, CTS have used unfair media leverage to make AMD look bad. If AMD do patch this (apparently unfixable issue) it makes CTS look like opportunistic little scum bags. This exploit would be history before it was even news but CTS intentionally released the exploit reveal with as little time as possible for AMD to make them look crap.

Therefore, all the PR the tech sites are allowing CTS 'airtime' is actually helping them look better when we're not giving AMD time to work on it as Google gave Intel (and AMD) when Spectre/Meltdown were discovered.

So, even those doing this :banghead: at those saying there is no flaw, of course there's a flaw but it could have been dealt with 'properly' and had it been done so (been fixed by AMD), we would not have had all this hyperbolic forum activity.

Is there an exploit? YES. Did CTS stitch AMD up? YES. TPU has not sufficiently asked why that is, that is why there is a great resentment in the forums.
Then again, in 'x' weeks time, if AMD hasn't fixed it, then we can get all pissy again.....

VERY well said..
 
Top