AMD Security Vulnerability – The Day After - Seems Financially Motivated

At 5:20 onward is very telling indeed. But all of it is good.

In particular the following:


14:25 Look Familiar? Hahahaaaa, Snork, Ha haaahahahaaaa







At 14:50 they "used" Shutter Stock Shield Logo...And one believed them? Silly, just silly grasping of straws here. LOL.






@17:04 So, this is what they are all about...




@14:58
When you add the:
-fake background office
-"Re-purposed logo"
-Time of publication with 24 Notice to AMD
-Verbiage and tone of the publication (emotional)
-etc

It just seems wrong. Yup, I agree.

@17:30 TO 18:00
The organization is referenced like a derange lunatic.




@20:12

I don't care what anyone says. Short of actual proof I believe that. The obviousness of it is a red flag to assume Intel directly.
--------------------------------------------------------------

As a whole the defense of this allegation is completely crippled.

 

This is beyond disgusting...
The more I think about it, the more it sickens me.
As I said, there are vulnerabilities, but all this charade and all this propaganda is just ridiculous.
What happened to the "Do no hard mantra", those people have no spine and no self-esteem anymore?
On the other hand, I wish that AMD could turn this into something good, offering patches, well-documented explications about the mitigations and the simple possibility of disabling PSP in their Agesa firmware.Or offering a free open source firmware for their products.
One can dream, right?

 

Every board has it's own different BIOS. Potential hacker will have to have proper BIOS tested for each particular board. Or he is more likely to brick hacked system, than to get it done right.
Biggest safety here is setting BIOS to OS-Write-Protected-By-Default. Then almost all that wind this "vulnerability" has goes away. If user sets up admin passwd for BIOS, then Hacker can go F* himself with this.

And main concern of user should be: "Did hacker attempted to use those reported vulnerabilities? So, where is your security hole allowing him to gain Admin rights to OS?"

 

Now I wonder where that link went when TJ's comment is marked with "Last edited by a moderator: Saturday at 7:20 AM".
Just curious.

 

Hmmm. Well it was techpowerup link.

 

Linking to articles at TPU has never been an issue before....

 

I guess HH doesn't want to be brought into connection with the whole topic?
It's still weird.

 

That I could see and understand. When this all blows up, it's better to be on the outside looking in than the other way around.

 

Honestly, unless HH gets sued, he has nothing to lose.
And I personally have the feeling he's strong and has enough integrity to even say he was wrong, which happens to all of us. And I wouldn't mind, I already said it looks like I am wrong personally. But there's no use in shutting down guru if something happened and somebody would get the idea of sueing etc.
It's just... weird... and I'm curious about weird stuff.

 

Looks like AMD has responded
https://community.amd.com/community...amd-technical-assessment-of-cts-labs-research

They've confirmed the exploits, and will be rolling out firmware/BIOS updates in the coming weeks (no performance impact expected). They've also clarified that the issue does not lie with the Zen architecture, as CTS Labs seemed to imply.

Hopefully, that will be the end of the issue

 

That doesn't change the intent behind the method of disclosure, or any of the false statements made in the disclosure. It was still financially motivated, as admitted by CTS_Labs, and that claim can be verified by the PDF file released by Viceroy. If stock manipulation wasn't the primary motive, why brief a group that's well known for stock manipulation prior to public disclosure? Also, why disclose the "flaws" before a patch is ready and make the false claim that they're directly related to AMD hardware without taking the time to verify the statement as fact? Neither holds up to standard practice and the claim of it being their first public disclosure doesn't excuse the behavior but rather proves that their only intent was stock manipulation.

I never said that G3D or Hilbert had to worry about legal ramifications. Hilbert simply reports tech news and on occasion provides his own opinion/insight. At no time does Hilbert (to my knowledge) knowingly or willingly make false statements and has a proven track record of making corrections when needed. So, he's perfectly safe from legal recourse. He is, however, a trusted source of tech news and reviews. The level of credibility that Hilbert has doesn't come easy and he's put in a lot of effort to gain it and maintain it.

 

Oh, don't get me wrong, it was definitely an attempt at stock manipulation. Basically, the guys at CTS Labs found some issues (albelt easily patchable ones with minor impact) and tried to make them seem like serious bugs. They also gave AMD no time to respond, since the typical 90-day grace period would be more than enough time for AMD to provide a patch (there would have been nothing to report then, and no way to make money off the stock).

I'm guessing they were hoping investors would panic and sell en-mass, and they'd be able to cover their short position before sanity returned. They probably knew the stock would go back up once AMD took a look, so they were hoping for short-term profit (and they probably failed in that respect).

 

I was just curious on why a link from a trusted site that usually does their work as conscientious as HH, to my limited knowledge, was removed by a mod out of a posters normal, non trolling post. I was just curious what the reason behind it was, and as you can read out of my words, I have never at all claimed that HH does make false statements, more on the opposite actually. So if it's an issue of credibility, he could have said so, and we all would have understood. This way it's just mysterious.

 

- removed the boring stuff -