AMD Security Vulnerability – The Day After - Seems Financially Motivated

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Mar 14, 2018.

  1. Aura89

    Aura89 Ancient Guru

    Messages:
    7,834
    Likes Received:
    1,013
    GPU:
    -
    It's funny, i'm going through twitter page after twitter page with random people saying "So and so confirms these flaws are real", so then i go to whatever place these people were talking about, and try and figure out where they stated they "confirmed" it and how they confirmed it....and always come up with nothing.

    It's like these people think that if someone reports on the issue, they have therefore "confirmed" the issue is present, because i have found where whatever person or company they stated "confirmed" they were real, had talked about the vulnerabilities, but they have all just talked about them, in a similar way that Guru3d news article did, citing that all their information about said vulnerabilities comes from CTS-Labs, the same as everyone else.

    ......I mean seriously, how is that a confirmation?

    is the fact that i'm writing about it right now, somehow confirming they are real....?

    If there is to be a confirmation, then confirm it in a way that can not be disputed, otherwise it's all just he-said she-said.
     
  2. sykozis

    sykozis Ancient Guru

    Messages:
    21,559
    Likes Received:
    872
    GPU:
    MSI RX5700
    In regards to the PSP and fTPM "vulnerabilities" listed by "CTS_Labs".... Have a read...
    https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-2018-Vulnerability

    The article on Phoronix I linked above (in this same post) confirms the PSP and fTPM "vulnerabilities"....as well as who actually "discovered" them, when they were "discovered" and, coincidentally, when AMD patched the "vulnerabilities".... Good enough for you?
     
  3. AMDfan

    AMDfan Member

    Messages:
    48
    Likes Received:
    5
    GPU:
    280X
    Sounds like Intel was trying to give the death blow to AMD.......
     
  4. chinobino

    chinobino Maha Guru

    Messages:
    1,057
    Likes Received:
    19
    GPU:
    GTX980Ti Lightning
    I was also smelling something fishy but did not take the time or effort to look into it.

    Some very interesting points Hilbert, I'm glad someone in the industry has the nounce to call them out on their made up (or greatly exaggerated) BS.
     

  5. sykozis

    sykozis Ancient Guru

    Messages:
    21,559
    Likes Received:
    872
    GPU:
    MSI RX5700
    If it walks like a duck and quacks like a duck....must be a duck....

    For anyone still wondering about AMD's PSP and fTPM "vulnerability"....the actual details can be found here, per Google's own 90-day disclosure policy (this is likely where CTS_Labs actually learned of it, but failed to read the entire disclosure): http://seclists.org/fulldisclosure/2018/Jan/12
    For those actually concerned about it, AMD starting releasing the "fix" to motherboard manufacturers on Dec 7, 2017.
     
    Embra likes this.
  6. Weecka

    Weecka Master Guru

    Messages:
    300
    Likes Received:
    4
    GPU:
    EVGA GTX 1070 SC
    Lulz @ this "security research company". I mean if you have admin access to the pc you can do/get pretty much anything that you want. And on top of that needing a specially digitally signed driver... oh come on. You don't need a vulnerabilty or amd only pc to do some damage at that stage. Someone's been careless with the drug/alcohol amount they used before coming up with this stuff.
     
  7. Dimitrios1983

    Dimitrios1983 Master Guru

    Messages:
    253
    Likes Received:
    65
    GPU:
    AMD RX560 4GB
    Went on tomshardware and trusted them for many years but they are on the same side as CTSLabs and CTSlabs site has tomshardware link in it. Screwwwwwwwwwww you Tomshardware!
     
  8. sykozis

    sykozis Ancient Guru

    Messages:
    21,559
    Likes Received:
    872
    GPU:
    MSI RX5700
    Who's debating it? Aside from the Intel loyalists anyway....

    It's pretty obvious this "news" was nothing but BS from the start. I mean, seriously. It requires access to the PC to flash the UEFI firmware (since you have to know exactly what motherboard is installed, what firmware revision is installed, etc). Then you have to have a modified, yet digitally signed driver from ARM. You also have to have administrator level access. So, by the time someone meets the criteria necessary to exploit the system, they would have been better off just simply stealing the PC and accessing the data at their own leisure.... Oh, btw, lets not forget that with the same degree of access, you could also compromise any Intel system to the exact same extent. So, this is far from being strictly an AMD related series "vulnerabilities". If secureboot is properly implemented and enabled, you're covered since an administrator password would be required to flash the UEFI firmware.

    So, if anyone wants to mitigate these "vulnerabilities".....don't download and execute malicious code. Don't download and installed modified, digitally signed drivers from ARM. Enable SecureBoot and set an administrator password. Also, don't ever give unknown software elevated privileges... Quick and simple to mitigate.

    You read my mind!!!! Now, stop that unless you're going to tell me wtf I'm thinking....lol

    As soon as I saw the article, my first thought was that tomshardware is now a CTS_Labs shill.... I wonder how much they were paid to run such a BS article after the credibility of CTS_Labs was essentially, completely destroyed.
     
    Embra and 386SX like this.
  9. Darkiee

    Darkiee Master Guru

    Messages:
    456
    Likes Received:
    37
    GPU:
    1080 Ti
    I find it so effing funny, that within a year, 13 vulnerabilties have been found, as remarkable as Spectre or Meltdown, which took that 10y to find.
    Now, suddently, 13 are found, and none of them are bugging Intels cpu´s?
    And mentioned very many times now, they gave AMD 24h to "fix" it?

    There are so many things wrong, when thinking with commonmind or maybe they really have issues with Ryzen architecture... For now, i don´t believe it.
    If and just IF, Intel is behind this, they don´t deserve my money. But let´s see where this all goes first. Just speculating.
     
  10. sykozis

    sykozis Ancient Guru

    Messages:
    21,559
    Likes Received:
    872
    GPU:
    MSI RX5700
    I doubt Intel was behind it. CTS_Labs was setting up a short sale for NineWells Capital Management and Viceroy Research.... plain and simple. CTS_Labs is a small company consisting of only 6 employees. A CEO, CFO, CTO and 3 "security researchers".... There's no way possible that they managed to find 13 security vulnerabilities and thoroughly test each vulnerability that quickly without major funding and assistance. I doubt that assistance came from Intel though. I guess I'll go ahead and put the final nail in the coffin here though. This "research" focuses solely on AMD processors. There is no consideration of the fact that Intel systems would also be compromised by modified UEFI firmware or modified, digitally signed drivers, or administrator access. For this "research" to be valid, the same exploits would have to be tested against Intel processors and multiple operating systems. The entire process would take YEARS.... Also, it's highly likely that Google would have found such vulnerabilities around the same time they discovered Spectre and Meltdown. Google has considerably more "security researchers" than CTS_Labs does and Google had already notified AMD of vulnerabilities in their PSP and fTPM implementations, which any real security researcher would have been aware of and would have had to test against the "fix" for those vulnerabilities as well. When taking modified UEFI firware into account, especially UEFI firmware that's modified for malicious behavior, the system becomes vulnerable to the point that no mitigation is possible. This is a flaw in every system that uses an EEPROM chip for UEFI firmware, whether it be AMD, Intel, ARM, VIA or MIPS. The UEFI firmware ultimately has total control over the system. So, the only real "fix" would be to return to EPROM or PROM chips for UEFI to ensure the firmware can't be overwritten with modified/malicious firmware.
     
    Darkiee likes this.

  11. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    11,467
    Likes Received:
    3,455
    GPU:
    2080Ti @h2o
    Well, if AMD officially debunks those leaks, I believe AMD. I've yet to read a statement, but of course investigating something like this takes time.
    I find it interesting that they are working to get AMD stock value down when they probably could have done all that months ago, with an already lower base price to start with...

    Reading further into things I have to say, from a technical point of view (which is the only one interesting to me, idc about stock value), it seems like it's way less drastic than I thought.

    Doing something that most people here seem to not know, sorry for argueing, I guess I was wrong. Still I'd like to read AMD saying "it's bs".
     
  12. Darkiee

    Darkiee Master Guru

    Messages:
    456
    Likes Received:
    37
    GPU:
    1080 Ti
    Beside all the fancy stuff, i still get your point. Yes, i had the thought, "Why google Experts haven´t found them, or any known company...?".

    But i´m still questioning, "Why coulnd´t it have been Intel?". I mean, you can redirect money kinda "easily", w/o getting noticed. Or did someone deliver a case of cash to them?

    Or is this just a full troll against AMD?
     
  13. Fox2232

    Fox2232 Ancient Guru

    Messages:
    10,051
    Likes Received:
    2,348
    GPU:
    5700XT+AW@240Hz
    Zen+ behind corner. They simply took note about mechanisms driving AMD's stock. And likely expected it to go up and up again once Zen+ is out next month.
     
  14. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    11,467
    Likes Received:
    3,455
    GPU:
    2080Ti @h2o
    Yeah... cool story bro
     
  15. Andrew LB

    Andrew LB Maha Guru

    Messages:
    1,131
    Likes Received:
    170
    GPU:
    EVGA GTX 1080@2,025
    After reading the article I just knew that some clown would go and blame the joos. And then to equate those who object to his accusations to being SJW's when in fact SJW's hate the state of Israel. As someone who is a Christian and is friends with a former Israeli ambassador, i'd love to get further into this topic but that belongs on a different thread on a different forum entirely.
     

  16. scatman839

    scatman839 Ancient Guru

    Messages:
    14,088
    Likes Received:
    476
    GPU:
    1080, KD55XD800
    lol wtf is he even talking about
     
    Noisiv and fantaskarsef like this.
  17. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    11,467
    Likes Received:
    3,455
    GPU:
    2080Ti @h2o
    I have no idea but I don' fancy watching the movie to try and get it.
     
    Noisiv likes this.
  18. 386SX

    386SX Master Guru

    Messages:
    865
    Likes Received:
    876
    GPU:
    AMD Vega64 RedDevil
    I just discovered a serious bug on all systems, ranging decades back:

    If you have admin / root access, you may do damage to anything you have access to!!!111!1!oneoneeleven!1!1! And this is even possible on the so-secure Linux, on O/S2 Warp and even DOS, too!!!1!1! And Intel is as much affected as AMD!!!!1!1!

    WE ARE ALL GONNA DIIIIIIEEEEE!
    (Puts tinfoil hat on)

    No wait ... :)

    Btw.: I am a Cyrix fanboy!! :p
     
  19. alanm

    alanm Ancient Guru

    Messages:
    9,218
    Likes Received:
    1,505
    GPU:
    Asus 2080 Dual OC
    Isnt this basically the same as being told if you give your house key to a burglar, your home security is compromised?
     
    Aura89, __hollywood|meo and 386SX like this.
  20. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    11,467
    Likes Received:
    3,455
    GPU:
    2080Ti @h2o
    Well, your home security usually needs a code along the key to the door ;)
     

Share This Page