1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

13 Critical Security Vulnerabilities and Manufacturer Backdoors discovered In AMD Ryzen Processors

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Mar 13, 2018.

  1. SkOrPn

    SkOrPn New Member

    Messages:
    6
    Likes Received:
    0
    GPU:
    5870
    I can't remember the last time I have seen something so scripted and so shady before. I hope both AMD and Intel fans can see the true nature of this supposed breaking story. It's just Intel's money hard at work paying people to find security flaws that the rest of the world would have never found or exploited for that matter. It is CTS Labs that has brought this to the attention of would be hackers. Intel's chips went ten years before being discovered, and who was it that discovered them and told the world about it, security firms. If these vulnerabilities ever get used now we can blame the security research teams for making them known.

    Thanks Intel, keep spending your money on these efforts to find flaws in your competitors products. I will NEVER listen to or take seriously a research firm based in Israel. They will say whatever they are paid to say, period...
     
  2. cowie

    cowie Ancient Guru

    Messages:
    13,022
    Likes Received:
    169
    GPU:
    GTX
    ^wait what ? not even on med cannabis?:D


    funny back in the 90's I had customer whose son got himself some penny stock online then proceeded to blab all over the place about these stocks ready to go up.
    he made 1 mil.then he got busted for his age. he got fined 100k then they changed some laws for things like that because of him.
    sure they were poised to do it anyway beforehand but that really made them do it pronto.
     
    -Tj- likes this.
  3. Eastcoasthandle

    Eastcoasthandle Ancient Guru

    Messages:
    1,783
    Likes Received:
    61
    GPU:
    R9 Fury
    Lets step back a bit. Both AMD and Intel have been scrutinized with vulnerability allegations. Who has the most to gain by trying to convience the market that CPU's from those companies are "risky business" right now?
     
  4. Turanis

    Turanis Maha Guru

    Messages:
    1,294
    Likes Received:
    70
    GPU:
    Gigabyte RX500
    Suddenly,again the magic number: Thirteen.No skulls,no weird signs,just the magic of Thirteen.

    Back to topic,Fake News at best. Israeli "researchers" fake news straight from Intel Corp.Bad move,Intel.
    That picture from their "office" is marvelous.
    That punks from @viceroyresearch needs to be granted with a big punch.

    Thanks,Mr Hilbert.You did a good job with these fake news.

    [​IMG]
     
    Last edited: Mar 14, 2018

  5. GxCx

    GxCx Member

    Messages:
    16
    Likes Received:
    0
    GPU:
    burned
    they got holes in alpha and music is from audiojungle, hair is keyed quite good, despill is perfect.. its average work for 2 days, maybe one day if you have money, ok, preparation maybe took longer
    they did it in hurry because those holes..
    someone want scare people
     
  6. waltc3

    waltc3 Master Guru

    Messages:
    646
    Likes Received:
    68
    GPU:
    Asus RX-480 8GB
    Talk about Fake News...what a bunch of malarkey...;) Has it come down to web sites blindly publishing "stories" from unknown sites and unknown companies that only recently popped into existence? I'd rather not see this kind of crap as the Internet has enough of that of late. Unreal.
     
  7. Mraz

    Mraz Master Guru

    Messages:
    645
    Likes Received:
    0
    GPU:
    GTX TITAN@1202
    Hi all,

    Just to add up a few words from my side, which everyone might find interesting.

    It doesn't matter where exactly I work, but there are all the heads of Intel currently in Dublin on Intel's Round Table meeting 2018.

    They have a Conference in Westin Hotel at Dame Street.

    What is unusual while talking with one of the people from there today is that the guy mentioned that the actual amount of head staff from Intel and activity they have for this year was organized and set in the last two weeks almost over night + they never ever meet here in Dublin, almost always in Germany or somewhere else.

    He also said he doesn't know why all the heads were brought in, as well as majority of the Conference is held behind the closed door between them.

    Say what you want, but the actual event is holding place from today 14.03.2018. and now this news as well.

    Something really fishy is going on here. This is my two cents to try and shed some light on things going on beside the actual website and Ryzen's 1st year from release being yesterday.
     
  8. DeskStar

    DeskStar Master Guru

    Messages:
    357
    Likes Received:
    11
    GPU:
    4 eVGA GTX TITAN SC
    "WHOA!.!.!.!" ( MIND BLOWN....)

    Makes sense to me.
     
  9. sverek

    sverek Ancient Guru

    Messages:
    4,013
    Likes Received:
    674
    GPU:
    NOVIDIA -0.5GB
    I just don't understand whats going on with publishing these vulnerabilities. First Intel and AMD, now just AMD.

    Why publish vulnerability now? Did Intel and AMD run out of time to fix these issues? Did documents got leaked? Is it already wide known on dark side of the Internet?

    Publishing will cause panic and action, but is it rightly timed?
     
    airbud7 likes this.
  10. XP-200

    XP-200 Ancient Guru

    Messages:
    4,348
    Likes Received:
    265
    GPU:
    Zotac GTX 1080 Mini
    Remember a time when your biggest worry about your PC building hobby was should you get the white metal flat case this time and break conventions, or just stick with the grey flat case. lol

    How times have changed.
     

  11. D3M1G0D

    D3M1G0D Master Guru

    Messages:
    997
    Likes Received:
    418
    GPU:
    2 x GeForce 1080 Ti
    I think that was precisely the point. Somebody (probably Viceroy Research) was looking to profit from dropping this bombshell, making it look like AMD had serious problems which would cause the stock to tank. If that was the motive then it backfired, as the stock rose instead.

    The exploits, as described, don't seem all that serious as they require the systems to already be compromised. From what I've read, the main issue seems to lie with what happens when a hacker gains admin access, making the exploit much worse (e.g., installing malware that continues to exist after a format/wipe). This may indeed be something that AMD needs to look into, but for users who have implemented strong security measures already, it's more-or-less a non-issue. At any rate, it's nothing close to the severity of the Meltdown and Spectre exploits from earlier this year.

    I'm hoping we'll know more in the coming days, but it's looking increasingly like someone was trying to manipulate the stock. Hopefully the SEC has a good look and fines whoever is responsible. I'm also sure that AMD will respond soon, and we'll have to see what they say.

    EDIT: Oh, and I'd like to add, I don't think Intel was involved in this. Although they've been known to resort to shady/illegal tactics in the past, I don't see this as something they would engage in, especially considering the shoddy/amateurish nature of the actors involved. It's possible that they had some sort of hand in it (can't know for sure at this point) but I wouldn't consider them as the prime instigators. Again, we'll hopefully know more as times goes on.
     
    Last edited: Mar 14, 2018
    sverek likes this.
  12. slyphnier

    slyphnier Master Guru

    Messages:
    446
    Likes Received:
    13
    GPU:
    GTX1070
    that 24hours "blackmail" is BS
    i mean amd doesnt need to reply within that... as what important is "proving" whether vulnerabilities is real or not... why need to rush ?
    say they(CTS-Labs) will publish vulnerabilities after 24hours... it still mean nothing if it no proved to work... and "proof-of-concept" not always real-vulnerabilites imho

    i personaly... not really care much about lately security news...
    spectre-meltdown... then few weeks ago vulnerabilites in utorrent ... then today this...

    cmon there no complete/perfect secure in first place anyway.... if we look deep there will always flaws ... thats is human-made
     
  13. PedroNF

    PedroNF Member

    Messages:
    11
    Likes Received:
    1
    GPU:
    AMD RX 570 4GB
    Hilbert, the title of your article is doing a lot to help this shady company hurt AMD. You should rephrase it and make it clear that these are unverified claims by a more than shady company. Their domain is registered through Domains By Proxy, a GoDaddy partner that hides the registrant's actual data. Not to mention that they took their website down.

    Wccftech (and others) were a lot less sensationalist about this, avoiding the clickbait title on their original article and have already followed it up with another one:

    The Low-down On Bizarre AMD Security Exploit Saga – You Will Want To Read This

    "That’s not in itself something to get the pitchforks out for, but this is where it turns malicious. CTSLab’s reports were cited by a research firm called “Viceroy Research” in a 33-page document published just 2 hours 50 minutes ago (according to PDF metadata as inspected by Ian) after the former went live and with the headline of “AMD: The Obituary”. You can read the full report by Viceroy Research over here.

    A quick lookup reveals Viceroy Research (VR) is a short group that gained notoriety (fame?) during the Capitec Bank saga in which they caused a massive downward correction in the banks stock and successfully executed a short play (thanks Wesley)."
     
    Last edited: Mar 14, 2018
  14. sykozis

    sykozis Ancient Guru

    Messages:
    20,506
    Likes Received:
    291
    GPU:
    XFX RX 470
    Google the company's phone number.... It's a "security firm" based in Israel....but yet, the company's phone number is a mobile number based in New York, assigned by Verizon Wireless.

    So, to summarize. A company based in Israel, has a service contract with Verizon Wireless for a cellphone and a number assigned in Rochester, New York.... So, why would a legitimate company, based in Israel, have a US cellphone contract (through Verizon Wireless) with a New York area code as it's only method of contact aside from e-mail? (more below...)

    The "CFO" of the "company" is also a hedge fund manager at NineWells Capital Management, so he most likely has a financial stake in causing damage to AMD's stock price. NineWells Capital Management is also based in New York, NY....and CTS_Labs uses a New York based cellphone number for their business number, even though the company is supposedly based in Tel Aviv.... Coincidence there? I'd be willing to bet that the CTS_Labs company number is owned by Yaron Luk-Zilberman, the CFO of CTS_Labs, personally.

    Gotta love the response from a Google Security Research (Arrigo Triulzi) there....

    AMD's PSP and fTPM do have security flaws. The Google Cloud Security Team reported to have found security flaws in AMD's PSP and fTPM a few months ago, and reported them to AMD at the time. There's actually a (very brief) thread about it in another section of the forum and it's quite easy to find from a quick Google search. Here's the thread:
    https://forums.guru3d.com/threads/amd-platform-security-processor-vulnerability.418812/
     
  15. Solareus Prime

    Solareus Prime Member Guru

    Messages:
    108
    Likes Received:
    6
    GPU:
    MSI 7870 2gig x 2
    100% Nvidia.
    Nvidia earlier in the week or month tried to strong arm vendors into a program that pretty much said "Only use our product, or you get scraps months later".

    Why is nvidia in meltdown ?

    Reason => intel / AMD CPU GPU combo. This partnership has pretty much cut into 1/3 of Nvidia's "exclusive" mobile market as well as the nvidia exclusive " autonomous car" market.
    Nvidia blindly went deep in R.N.D. on autonomous cars they didn't even consider Intel and AMD partnership. Nvidia spent so much money on thinking they would be the sole proprietors of driver-less cars they never thought anyone could challenge them.

    By this time next year, I'm looking at a 30% drop in Nvidia stock from poor P.C. sales, less interest in overly expensive components and falling face first on autonomous car market because of greed.

    This is what happens when people aren't innovators, they push more of what they know, waiting for the "other" guy to make a new innovation , jump on that , rinse repeat. This time, because AMD and Intel Partnered up to directly challenge Nvidia, Nvidia is finding themselves on the outside looking in for the first time in almost 2 decades.

    AMD and Intel literally sweeping the floor with Nvidia. Newegg magically got RX570's in at $380 #Amazing
    AMD Stock = > Long
    Intel Stock = > micro manage burst sell
    Nvidia = > Sell

    Good luck !
     
    Last edited: Mar 14, 2018

  16. Solareus Prime

    Solareus Prime Member Guru

    Messages:
    108
    Likes Received:
    6
    GPU:
    MSI 7870 2gig x 2
    Let not forget : https://blogs.nvidia.com/blog/2016/10/28/design-centers-israel-sweden/

    The Big plus is they are outside of U.S. laws, they have created a paperless trail , and there is really nothing AMD can do but deny or acknowledge the report.

    If it is then found to be Nvidia, it could literally bankrupt them.

    Nvidia top brass should be crapping their pants right now , if anyone can find proof it was their company who created this slanderous material. Just add bbq sauce cause these chickens are smoking.
     
    Last edited: Mar 14, 2018
  17. Eastcoasthandle

    Eastcoasthandle Ancient Guru

    Messages:
    1,783
    Likes Received:
    61
    GPU:
    R9 Fury
  18. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    8,674
    Likes Received:
    912
    GPU:
    1080Ti @h2o
    Wait, what? :eek:

    I find it funny how instantly the guys claiming this are the bad ones, while nobody even remotely considers this to be true. Talk about biased. Let's wait and see what AMD has to say to the exploits themselves.
     
  19. Fox2232

    Fox2232 Ancient Guru

    Messages:
    6,964
    Likes Received:
    622
    GPU:
    -NDA +AW@240Hz
    Important part is:
    They require full access to system 1st => can't care less.
    Connected to claim that AMD stock has real $0 value.

    Read: Unsubstantiated attack on AMD's stock.
     
  20. varkkon

    varkkon Active Member

    Messages:
    87
    Likes Received:
    4
    GPU:
    Geforce 1080 Ti
    I personally don't believe it, seems like it is most likely an Intel plot to discredit AMD or some nut jobs. If it is true then I rather hear it from AMD and hear what they have to say about it. The 24 hours seems messed up and discredits it for that is not the protocol. I hope they can fix it if it is true, still it seems like it needs admin privileges anyways, so yeah.

    You would think when all the bad Intel exploits went down AMD would of looked into all of this stuff on their own CPU's pretty hard core.

    Who knows hey, will see soon enough I guess, right now I am with Hilbert and I am writing it off as what ever.
     

Share This Page