AMD Security Vulnerability – The Day After - Seems Financially Motivated

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Mar 14, 2018.

  1. Eastcoasthandle

    Eastcoasthandle Ancient Guru

    Messages:
    2,525
    Likes Received:
    337
    GPU:
    Nitro 5700 XT
    At 5:20 onward is very telling indeed. But all of it is good. :)

    In particular the following:

    [​IMG]
    14:25 Look Familiar? Hahahaaaa, Snork, Ha haaahahahaaaa






    [​IMG]
    At 14:50 they "used" Shutter Stock Shield Logo...And one believed them? Silly, just silly grasping of straws here. LOL.





    [​IMG]
    @17:04 So, this is what they are all about...




    @14:58
    When you add the:
    -fake background office
    -"Re-purposed logo"
    -Time of publication with 24 Notice to AMD
    -Verbiage and tone of the publication (emotional)
    -etc

    It just seems wrong. Yup, I agree.

    @17:30 TO 18:00
    The organization is referenced like a derange lunatic.




    @20:12
    [​IMG]
    I don't care what anyone says. Short of actual proof I believe that. The obviousness of it is a red flag to assume Intel directly.
    --------------------------------------------------------------

    As a whole the defense of this allegation is completely crippled.
     
    Last edited by a moderator: Mar 19, 2018
    386SX likes this.
  2. anticupidon

    anticupidon Ancient Guru

    Messages:
    4,925
    Likes Received:
    1,487
    GPU:
    Polaris/Vega/Navi
    This is beyond disgusting...
    The more I think about it, the more it sickens me.
    As I said, there are vulnerabilities, but all this charade and all this propaganda is just ridiculous.
    What happened to the "Do no hard mantra", those people have no spine and no self-esteem anymore?
    On the other hand, I wish that AMD could turn this into something good, offering patches, well-documented explications about the mitigations and the simple possibility of disabling PSP in their Agesa firmware.Or offering a free open source firmware for their products.
    One can dream, right?
     
  3. Fox2232

    Fox2232 Ancient Guru

    Messages:
    10,051
    Likes Received:
    2,348
    GPU:
    5700XT+AW@240Hz
    Every board has it's own different BIOS. Potential hacker will have to have proper BIOS tested for each particular board. Or he is more likely to brick hacked system, than to get it done right.
    Biggest safety here is setting BIOS to OS-Write-Protected-By-Default. Then almost all that wind this "vulnerability" has goes away. If user sets up admin passwd for BIOS, then Hacker can go F* himself with this.

    And main concern of user should be: "Did hacker attempted to use those reported vulnerabilities? So, where is your security hole allowing him to gain Admin rights to OS?"
     
  4. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    11,467
    Likes Received:
    3,455
    GPU:
    2080Ti @h2o
    Now I wonder where that link went when TJ's comment is marked with "Last edited by a moderator: Saturday at 7:20 AM".
    Just curious.
     

  5. -Tj-

    -Tj- Ancient Guru

    Messages:
    16,767
    Likes Received:
    1,713
    GPU:
    Zotac GTX980Ti OC
    Hmmm. Well it was techpowerup link.
     
    fantaskarsef likes this.
  6. sykozis

    sykozis Ancient Guru

    Messages:
    21,559
    Likes Received:
    872
    GPU:
    MSI RX5700
    Linking to articles at TPU has never been an issue before....
     
  7. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    11,467
    Likes Received:
    3,455
    GPU:
    2080Ti @h2o
    I guess HH doesn't want to be brought into connection with the whole topic?
    It's still weird.
     
  8. sykozis

    sykozis Ancient Guru

    Messages:
    21,559
    Likes Received:
    872
    GPU:
    MSI RX5700
    That I could see and understand. When this all blows up, it's better to be on the outside looking in than the other way around.
     
  9. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    11,467
    Likes Received:
    3,455
    GPU:
    2080Ti @h2o
    Honestly, unless HH gets sued, he has nothing to lose.
    And I personally have the feeling he's strong and has enough integrity to even say he was wrong, which happens to all of us. And I wouldn't mind, I already said it looks like I am wrong personally. But there's no use in shutting down guru if something happened and somebody would get the idea of sueing etc.
    It's just... weird... and I'm curious about weird stuff.
     
  10. D3M1G0D

    D3M1G0D Ancient Guru

    Messages:
    2,123
    Likes Received:
    1,358
    GPU:
    2 x GeForce 1080 Ti
    Looks like AMD has responded
    https://community.amd.com/community...amd-technical-assessment-of-cts-labs-research

    They've confirmed the exploits, and will be rolling out firmware/BIOS updates in the coming weeks (no performance impact expected). They've also clarified that the issue does not lie with the Zen architecture, as CTS Labs seemed to imply.
    Hopefully, that will be the end of the issue :)
     

  11. sykozis

    sykozis Ancient Guru

    Messages:
    21,559
    Likes Received:
    872
    GPU:
    MSI RX5700
    That doesn't change the intent behind the method of disclosure, or any of the false statements made in the disclosure. It was still financially motivated, as admitted by CTS_Labs, and that claim can be verified by the PDF file released by Viceroy. If stock manipulation wasn't the primary motive, why brief a group that's well known for stock manipulation prior to public disclosure? Also, why disclose the "flaws" before a patch is ready and make the false claim that they're directly related to AMD hardware without taking the time to verify the statement as fact? Neither holds up to standard practice and the claim of it being their first public disclosure doesn't excuse the behavior but rather proves that their only intent was stock manipulation.

    I never said that G3D or Hilbert had to worry about legal ramifications. Hilbert simply reports tech news and on occasion provides his own opinion/insight. At no time does Hilbert (to my knowledge) knowingly or willingly make false statements and has a proven track record of making corrections when needed. So, he's perfectly safe from legal recourse. He is, however, a trusted source of tech news and reviews. The level of credibility that Hilbert has doesn't come easy and he's put in a lot of effort to gain it and maintain it.
     
    Last edited: Mar 21, 2018
    Embra and 386SX like this.
  12. D3M1G0D

    D3M1G0D Ancient Guru

    Messages:
    2,123
    Likes Received:
    1,358
    GPU:
    2 x GeForce 1080 Ti
    Oh, don't get me wrong, it was definitely an attempt at stock manipulation. Basically, the guys at CTS Labs found some issues (albelt easily patchable ones with minor impact) and tried to make them seem like serious bugs. They also gave AMD no time to respond, since the typical 90-day grace period would be more than enough time for AMD to provide a patch (there would have been nothing to report then, and no way to make money off the stock).

    I'm guessing they were hoping investors would panic and sell en-mass, and they'd be able to cover their short position before sanity returned. They probably knew the stock would go back up once AMD took a look, so they were hoping for short-term profit (and they probably failed in that respect).
     
  13. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    11,467
    Likes Received:
    3,455
    GPU:
    2080Ti @h2o
    I was just curious on why a link from a trusted site that usually does their work as conscientious as HH, to my limited knowledge, was removed by a mod out of a posters normal, non trolling post. I was just curious what the reason behind it was, and as you can read out of my words, I have never at all claimed that HH does make false statements, more on the opposite actually. So if it's an issue of credibility, he could have said so, and we all would have understood. This way it's just mysterious.
     
    Last edited: Mar 21, 2018
  14. 386SX

    386SX Master Guru

    Messages:
    865
    Likes Received:
    876
    GPU:
    AMD Vega64 RedDevil
    - removed the boring stuff -
     
    Last edited: Mar 23, 2018
  15. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    37,886
    Likes Received:
    6,715
    GPU:
    AMD | NVIDIA
    Hey, gents, your brains are overreacting a little and jump into a conspiracy modus :), just noticed these replies. There have been some thread cleanups as this thread became an utter spam-fest of click-bait links and moreover repetitive links and such. Not even sure if any specific link was removed by mistake, but there's no foul intent or legal reasoning something, don't worry.

    This thread, however, is to discuss the AMD vulnerabilities and the CTS related stuff. So in that spirit, please stay on topic and absolutely feel free what you want to say.

    As far as the CTS stuff goes, I've moved on. It is clear what the intent was, the level 2 bugs all will be patched. And pretty much it's the end of this story as far as I am concerned.
     
    Last edited: Mar 21, 2018
    386SX and fantaskarsef like this.

Share This Page