1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AMD has readied patches against MasterKey, Fallout, and Chimera vulnerabilities

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, May 4, 2018.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    35,496
    Likes Received:
    4,656
    GPU:
    AMD | NVIDIA
    Silva likes this.
  2. easytomy

    easytomy Member

    Messages:
    45
    Likes Received:
    8
    GPU:
    AMD
    They might want to disclose how much Intel paid CTS Labs... That would be really interesting to know. Is it 1 mil $, is it 10 mil $, is it 100 mil $ ???
    It is so obvious and so directly targeted that nobody is interested in what they found.
     
    Silva, AsiJu and drone69 like this.
  3. Vananovion

    Vananovion Active Member

    Messages:
    69
    Likes Received:
    29
    GPU:
    Radeon RX Vega 56
    Is there still anyone who thinks this "security" company is concerned about anyones security? This was shady from the start and this kind of pestering and language only reinforces my doubts, even though the vulnerabilities are legitimate (but still quite useless for a potential attacker).

    Kudos to AMD for handling this with grace.
     
    Silva and AsiJu like this.
  4. kd7

    kd7 Member Guru

    Messages:
    152
    Likes Received:
    4
    GPU:
    7970m
    LOL since when is secure encryption considered "security through obscurity"? And a "security" citing wikipedia articles? LOOOOL
     
    AsiJu, fantaskarsef and 386SX like this.

  5. jose2016

    jose2016 Member

    Messages:
    34
    Likes Received:
    1
    GPU:
    APU R3
    I completely agree. #1 and #2
     
  6. 386SX

    386SX Master Guru

    Messages:
    376
    Likes Received:
    399
    GPU:
    RX64 Red Devil
    What does "CTS" stand for?:
    Catch The Sperm :)
    (It's a PC game btw.!)

    I cannot hear it anymore TBH. CTS here, CTS there. Publishing a 0-day without notifiying the vendor first, adding pressure and false accusations, bragging about the vendor is "not able to fix it in several weeks (as we said)" and so on.
    1.) When came the point where you are able to define exactly how long "several weeks" are? Several weeks could be 50 weeks and still would be "in time". It's like "I need some time.". This doesn't specify exactly in what time neither. "Some time" could be 5 minutes, it could be 50 years.
    2.) The behaviour (0-day, pressure, etc.) rings a lot of bells in my head, but not in the way I think of a "security researcher" or "security professional", that goes more in the direction "blackhat", "unethical" or at last "attention w*ore".

    AMD did nothing wrong here (at least I am unable to see any wrongdoing).
    Bullsh!t-bingo at its finest!

    Btw.: Could you call this "cyber mobbing"? All indicators of classical mobbing are there: it happens not only once and over a (meanwhile) long period of time; it is only meant to destroy the reputation of one (usually individual, this time a company); false accusations and other unehtical methods are used to fulfil the goal, etc. etc. => sounds like mobbing to me.
    What do you guys think? :)
     
    Silva and AsiJu like this.
  7. Kaarme

    Kaarme Ancient Guru

    Messages:
    1,541
    Likes Received:
    433
    GPU:
    Sapphire 390
    I'm surprised this CTS Labs even exists anymore. The folks behind it had apparently used various front company names to pull off stock market and other tricks in the past as well. I reckon this case targeting AMD is their biggest heist so far, and they aren't sure when to stop. Probably they didn't manage to make as much money as they hoped when they first published these "shocking vulnerabilities". I'm not sure even Intel would deign to deal with these small-time crooks. Intel bosses might feel like there's no soap so strong it the world that they could ever wash the stench off if they shook hands these CTS Labs people.
     
    AsiJu likes this.
  8. Fox2232

    Fox2232 Ancient Guru

    Messages:
    9,380
    Likes Received:
    2,025
    GPU:
    -NDA +AW@240Hz
    If only they were less stupid... Again, all they want it this being discussed in earnings call. All they care about is panic money.
     
  9. AsiJu

    AsiJu Ancient Guru

    Messages:
    5,670
    Likes Received:
    1,192
    GPU:
    MSI RTX 2070 Armor
    What, CTS Labs is still there?

    Also gotta love this:

    AMD:
    "... as well as patches mitigating Chimera across all AMD platforms..."

    CTS Labs:
    "... CHIMERA cannot be directly fixed..."

    also as pointed out above any "security" company citing Wikipedia articles as reference loses all credibility.

    Last, I really fail to see the point of that document. They accuse AMD of not releasing patches, in a couple of weeks, for vulnerabilities they themselves said would take months to fix?

    AMD should sue those mofos for all they're worth.
     
    Last edited: May 4, 2018
    Silva likes this.
  10. airbud7

    airbud7 Ancient Guru

    Messages:
    7,011
    Likes Received:
    3,482
    GPU:
    pny gtx 1060 xlr8
    "The vulnerabilities within the AMD systems require admin privileges and for most things, physical access to the hardware to modify things"

    So...
    If a hacker comes knocking on your door holding a thumb drive...Kick him in the n*tz!

    [​IMG]

    :D
     
    Last edited: May 5, 2018
    GetMax, sykozis, Robbo9999 and 4 others like this.

  11. Sempaii

    Sempaii Member Guru

    Messages:
    106
    Likes Received:
    2
    GPU:
    MSI GTX970 G 4GB
    Dare i ask why they even get there words on the page ;-)
    Smells alot !
     
  12. Vmhasegawa

    Vmhasegawa Member

    Messages:
    33
    Likes Received:
    4
    GPU:
    Sapphire RX 480 8gb
    Wow. Just... Wow. I mean, with Spectre and Meltdown we've seen just long it took for both Intel and AMD to release the patches (plus the mess Intel had with it's patches earlier that had to be halted).
    So not only they don't give a heads up about the "issues", but 6 weeks after disclosing "serious" and "dangerous" "threats" that would take months to fix, (and yeah, quote marks for each and every one of those words) they expect the patches to be ready and deployed?
    While I do wait and expect patches to solve every security issue, I rather also have them fully tested and glitch free (yeah, I'm poiting my finger at you Microsoft).
    So Yeah, professionalism at it's best. I hope in the near future whenever the words CTS and security show up, there's also a big sign about WHAT YOU SHOULD NOT DO WHILE YOU'RE A FREAKING SECURITY RESEARCH TEAM. Unless of course, unprofessionalism and biased research is what you're up to. Or... someone else is funding you.
     
  13. chispy

    chispy Ancient Guru

    Messages:
    8,759
    Likes Received:
    889
    GPU:
    RTX 2080Ti - RX 580
    CTS Labs :rolleyes: sheeeshhh ... Money Driven Scammers and Not a Trusted Security Firm , may Karma take care of them !
     
    sykozis and Silva like this.
  14. Silva

    Silva Master Guru

    Messages:
    875
    Likes Received:
    274
    GPU:
    Asus RX560 4G
    Exposing security flaws without talking with the company first and giving it time to fix it isn't good business practices.
    Threatening just exposes the nature of the attack, it was planed and money driven.
    I laughed my ass when they said the vulnerabilities need physical access to exploit.
    Only now are we knowing of more Spectre vulnerabilities, but they've been reported to Intel months ago.
    I understand why journalists report this news, but sometimes I wish they would let them die in the void.
     
    AsiJu and chispy like this.
  15. SSD_PRO

    SSD_PRO Member Guru

    Messages:
    167
    Likes Received:
    20
    GPU:
    EVGA GTX 1070
    I think the real headline here is CTS continues to validate its status as an unprofessional entity but their reported exploits indeed proved legitimate. No fault to AMD any more than fault to Intel for continual work to exploit their hardware for nefarious purposes.
     

  16. C0BaLt

    C0BaLt New Member

    Messages:
    1
    Likes Received:
    0
    GPU:
    XFX R9 390X 8GB DD
    I really wouldn't be surprised that Cambridge Analytica is behind this. Better said, that someone payed Cambridge Analytica to do their dirty work. Recently some very concerning stuff has come to light regarding their business. LINK:

    Or perhaps some other company with similar business model. It's pretty scary what kind of damage you can do to your opponent using modern technologies and internet. And it's even scarier knowing that there are companies specialized in doing your dirty work if you are willing to pay enough.
     
  17. waltc3

    waltc3 Master Guru

    Messages:
    974
    Likes Received:
    286
    GPU:
    XFX 590 8GB XFire
    AMD should call these people frauds, publicly, and write them off. All OSes are deliberately and purposefully written to open up to anyone with physical access and admin privileges! That's by design. No one should be giving these imbeciles the time of day, imo. They are worse than worthless.
     
    AsiJu, sykozis and chispy like this.
  18. D3M1G0D

    D3M1G0D Ancient Guru

    Messages:
    1,745
    Likes Received:
    1,099
    GPU:
    2 x GeForce 1080 Ti
    Relax. Nobody is taking CTS Labs seriously, and there's no point in generating more news about it. It was a failed assassination attempt, AMD is doing fine, it's all good.
     
  19. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    4,132
    Likes Received:
    1,169
    GPU:
    HIS R9 290
    I guess it's good that AMD made patches to these "problems", just to appease the naysayers who would otherwise use their could-have-been "negligence" as flak, but at the same time I feel a little bit irritated that AMD is, in a way, justifying their actions. Don't feed the trolls.
    So they should sue them for $10? Because that's probably all they're going to get out of it. :p
     
    AsiJu likes this.
  20. Aura89

    Aura89 Ancient Guru

    Messages:
    7,484
    Likes Received:
    794
    GPU:
    -
    Wow, CTS labs, have you even read your own "letter"?

    How much more unprofessional can a company get? lol?
     
    chispy likes this.

Share This Page