Page 4 of 7 FirstFirst 1234567 LastLast
Results 49 to 64 of 101

Thread: AMD processors impacted by 13 serious flaws, says CTS Labs

  1. #49
    Gentoo Ricer
    Join Date
    Jan 2005
    Location
    Galway
    Posts
    10,820
    Thanks
    950
    Thanked
    920 times in 684 posts
    • aidanjt's system
      • Motherboard:
      • Asus Strix Z370-G
      • CPU:
      • Intel i7-8700K
      • Memory:
      • 2x8GB Corsiar LPX 3000C15
      • Storage:
      • 500GB Samsung 960 EVO
      • Graphics card(s):
      • EVGA GTX 970 SC ACX 2.0
      • PSU:
      • EVGA G3 750W
      • Case:
      • Fractal Design Define C Mini
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • Asus MG279Q
      • Internet:
      • 240mbps Virgin Cable

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by rainman View Post
    They say they have redacted the public version of the report - the un-redacted version being with AMD.
    So they say. But that's still not typical industry practice. Usually when vulnerabilities are discovered and written about, the authors contact the parties responsible for the development of the product or service and give them a reasonable timeframe to patch them before public disclosure of the report, as is. It might have something to do with the fact that this 'research' company didn't exist before last year. And what they're calling 'vulnerabilities' are really obvious consequences of having privileged access to the machine. Their legal disclaimer doesn't help their credibility, either.

    You should watch the video above to see what we're talking about.
    Quote Originally Posted by Agent View Post
    ...every time Creative bring out a new card range their advertising makes it sound like they have discovered a way to insert a thousand Chuck Norris super dwarfs in your ears...

  2. Received thanks from:

    CAT-THE-FIFTH (14-03-2018),chinf (15-03-2018),Corky34 (14-03-2018),peterb (14-03-2018),satrow (14-03-2018),Tabbykatze (14-03-2018)

  3. #50
    £1000 Tesco Value Beer CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Moosetopia
    Posts
    28,384
    Thanks
    3,144
    Thanked
    4,373 times in 3,389 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by rainman View Post
    Oh what a tangled web we weave when we practice to deceive.
    Talking from experience??!!

    Not sure what it has to do with the matter in hand.
    Last edited by CAT-THE-FIFTH; 14-03-2018 at 12:04 PM.


    Those despicable Elk,stealing the pond weed!

  4. #51
    “High End” Admin peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    18,367
    Thanks
    2,522
    Thanked
    3,081 times in 2,457 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by rainman View Post
    Oh what a tangled web we weave when we practice to deceive.

    Q. Whats the difference between a white hat and a black hat?
    A. One files annual tax returns and the other doesn't.

    We're led to believe that the guy that saved the planet from Wannacry also wrote malware, so whats your point? A black hat one day wakes up with a conscience, or is it a white hat decides he's not earning enough doing the right thing? They both have the same capabilities and present the same threats to global populace. They're both mercenaries, just that one decides to work for their own good and the other is drinking someone elses coolaid.

    Like it or not, the good guys and the bad guys are the same people. It just depends on what side of the bed they got out of on a particular day. A bi-polar hacker - now that's a scary thought. Just saying.

    I’m not sure what it is you are “Just saying”.

    It does seem to me that your posts fall into two categories, one group that tries to p,ah down the effects of the vulnerabilities exposed in Intel’s preocessors, and those that play up weaknesses and shortcomings in AMD’s products, which does give an impression of manufacurer/product bias... Why that might be is open to conjecture of course....

    Just saying.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  5. Received thanks from:

    CAT-THE-FIFTH (14-03-2018),chinf (15-03-2018),Pleiades (15-03-2018),Tabbykatze (14-03-2018)

  6. #52
    rainman
    Guest

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by aidanjt View Post
    So they say. But that's still not typical industry practice. Usually when vulnerabilities are discovered and written about, the authors contact the parties responsible for the development of the product or service and give them a reasonable timeframe to patch them before public disclosure of the report, as is. It might have something to do with the fact that this 'research' company didn't exist before last year.
    Oh I completely agree. And I totally understand why folk are so whipped up about the apparent validity of the organisation, I mean you'd have to be dead from the neck up to not be even slightly intrigued as to whether there may be an association with another entity with a financial interest in seeing AMD on it's heels.
    Just that reading through this thread there appear to be a fair few that seem prepared to throw the baby out with the bathwater.

    And what they're calling 'vulnerabilities' are really obvious consequences of having privileged access to the machine.
    This is where I strongly disagree and where a lot of people seem to have not grasped the very nature of the threat. Exploiting hardware is not and should not be an obvious consequence of having admin rights. Software should not be able to pwn hardware, even with admin rights. If it can then it's a vuln, plain and simple.

    Their legal disclaimer doesn't help their credibility, either.
    I can't argue with that. I completely agree.

  7. #53
    Gentoo Ricer
    Join Date
    Jan 2005
    Location
    Galway
    Posts
    10,820
    Thanks
    950
    Thanked
    920 times in 684 posts
    • aidanjt's system
      • Motherboard:
      • Asus Strix Z370-G
      • CPU:
      • Intel i7-8700K
      • Memory:
      • 2x8GB Corsiar LPX 3000C15
      • Storage:
      • 500GB Samsung 960 EVO
      • Graphics card(s):
      • EVGA GTX 970 SC ACX 2.0
      • PSU:
      • EVGA G3 750W
      • Case:
      • Fractal Design Define C Mini
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • Asus MG279Q
      • Internet:
      • 240mbps Virgin Cable

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by rainman View Post
    This is where I strongly disagree and where a lot of people seem to have not grasped the very nature of the threat. Exploiting hardware is not and should not be an obvious consequence of having admin rights. Software should not be able to pwn hardware, even with admin rights. If it can then it's a vuln, plain and simple.
    OK, well, the only way to prevent that is to disable firmware updates. That's not a good idea. And once that bar has been raised, what's next? Calling it a vulnerability if you can swap out the EEPROM and security chip? At some point you need to draw the line between sensible and stupid.
    Quote Originally Posted by Agent View Post
    ...every time Creative bring out a new card range their advertising makes it sound like they have discovered a way to insert a thousand Chuck Norris super dwarfs in your ears...

  8. Received thanks from:

    chinf (15-03-2018),Pleiades (15-03-2018)

  9. #54
    Member
    Join Date
    Mar 2013
    Location
    Lancaster
    Posts
    198
    Thanks
    76
    Thanked
    21 times in 17 posts
    • Mr_Jon's system
      • Motherboard:
      • ASRock AB350M Pro4
      • CPU:
      • Ryzen 5 1600
      • Memory:
      • Ballistix Sport LT DDR4-2666, 24gb
      • Storage:
      • Samsung 840 Series SSD, 120GB
      • Graphics card(s):
      • EVGA GTX 780Ti SC
      • PSU:
      • EVGA SuperNOVA 650 G2
      • Case:
      • Fractal Design Define XL R2 Black Pearl
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • Samsung 32" C32F391 Curved

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by CAT-THE-FIFTH View Post
    We specialize in a variety of communications areas. Our team of influencers will help you develop a customized communications plan that is uniquely designed to drive success for your business.
    It appears they have also plagiarised my CV.

  10. #55
    rainman
    Guest

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by peterb View Post
    I’m not sure what it is you are “Just saying”.

    It does seem to me that your posts fall into two categories, one group that tries to p,ah down the effects of the vulnerabilities exposed in Intel’s preocessors, and those that play up weaknesses and shortcomings in AMD’s products, which does give an impression of product bias... Why that might be is open to conjecture of course....

    Just saying.
    I've said nothing about Intel vulns at all at any stage, so please Mr Forum Moderator, don't put words in my mouth.

    In relation to Cat the fifth's posts, it seems to assume that there is a line between the guys that do wrong and the good guys that know how to do wrong. I'm saying that there isn't a line, or if there is one then it's so thin as to be only visible under a microscope and we can only guess at how many times a so-called good guy decided to cross the line, and vice versa.

    Whilst Cat also points to Linus Torvold's comments on the shady nature of the security industry he seems to miss that this is the exact point that LT is making. He's right, it's damned shady, and thats almost completely unavoidable due to the nature of the beast, such as it is. The point I was trying to make was that in the security landscape leopards do change their spots continually and everyone has a price. They are all just weighing up just how much they're prepared to have on their conscience vs they're income, and their own personal level of risk is just as likely to change day to day. Just because a bad guy comes out with news that you don't like reading, doesn't mean it's not true. Equally, we have a some good guys with an awesome reputation, who's work on which I rely on a daily basis but how would anyone even know if they did actually work in both camps?

    It is an industry that is completely Machiavellian at every level, and we'd all do well to realise that. So I guess I'm "just saying" assume nothing and trust no one. If you've ever had to pay an auditor to carry out a pen test, and then wondered just what it was you just paid for then you might have some semblance of the level of conflict that it leaves you with, or is that just me?
    Last edited by rainman; 14-03-2018 at 12:43 PM.

  11. #56
    £1000 Tesco Value Beer CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Moosetopia
    Posts
    28,384
    Thanks
    3,144
    Thanked
    4,373 times in 3,389 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by Mr_Jon View Post
    It appears they have also plagiarised my CV.
    Maybe,AMD needs your help!!

    I am still perplexed why a security firm needs to have influencers,etc??

    This too:

    right reporters, bloggers, analysts and influencers
    Right reporters and bloggers?? Why would you need to control the message to the media if the message has nothing to hide??

    Surely if what you done is up to scratch the results will defend themselves. I mean in many cases,companies will pay people if you find an issue in their software or hardware too,and companies might even contract you for some services.


    Those despicable Elk,stealing the pond weed!

  12. #57
    “High End” Admin peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    18,367
    Thanks
    2,522
    Thanked
    3,081 times in 2,457 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by rainman View Post
    I've said nothing about Intel vulns at all at any stage, so please Mr Forum Moderator, don't put words in my mouth.
    I noticed you added that as an afterthought. You have defended Intel in some other threads on the forum.

    However it is true that you have also declined to comment on the Intel vulnerabilities, while making a point about AMD's. You have also made a point of attacking those that may prefer AMDs offerings with terms such as 'fanbois' and 'shills' without really offering any supporting evidence - while ignoring those that may be avid Intel enthusiasts!

    If you consider that as putting 'words in your mouth' then I apologise for giving that impression.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  13. #58
    Senior Member
    Join Date
    Dec 2013
    Posts
    2,333
    Thanks
    259
    Thanked
    278 times in 196 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by rainman View Post
    They say they have redacted the public version of the report - the un-redacted version being with AMD. So until AMD confirm it or not then you're not in much of a different position if they'd told they had exploits or not ... other than to feed your paranoia and/or manipulate the market.
    Very true, however that still leaves us in the position of not knowing, that's why most people working in computer security follow responsible disclosure practices, it gives the effected company time to address the vulnerability and if they don't then it becomes public knowledge so the community can verify if the vulnerability actual exists and that the effected company isn't just BS'ing people by saying nothing wrong here.

    EDIT: Sorry i just read aidanjt's reply that says pretty much the same thing, apologies treading on his/her toes.

  14. Received thanks from:

    CAT-THE-FIFTH (14-03-2018)

  15. #59
    £1000 Tesco Value Beer CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Moosetopia
    Posts
    28,384
    Thanks
    3,144
    Thanked
    4,373 times in 3,389 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by Corky34 View Post
    Very true, however that still leaves us in the position of not knowing, that's why most people working in computer security follow responsible disclosure practices, it gives the effected company time to address the vulnerability and if they don't then it becomes public knowledge so the community can verify if the vulnerability actual exists and that the effected company isn't just BS'ing people by saying nothing wrong here.

    EDIT: Sorry i just read aidanjt's reply that says pretty much the same thing, apologies treading on his/her toes.
    Well considering they made Bitcoin malware in the past under a different name,do you honestly think they believe in responsible practices??


    CTS-Labs is "Catenoid Security" which was formally Flexagrid Systems Inc

    A company that produced the Computer Hijacking "CrowdCores"

    See for instance: "How to remove CrowdCores from your computer"

    From their old website dated 17-01-2018:
    This hijacker was used to run BitCoin mining software on the hijacked computers to make money at the expense of unsuspecting PC owners.

    https://web.archive.org/web/20170130...s.com/FAQ.html

    From the wayback machine because access to http://www.crowdcores.com/ is now blocked.


    Those despicable Elk,stealing the pond weed!

  16. Received thanks from:

    chinf (15-03-2018)

  17. #60
    Orbiting The Hand's Avatar
    Join Date
    Mar 2004
    Location
    Lincoln, UK
    Posts
    1,388
    Thanks
    134
    Thanked
    74 times in 58 posts
    • The Hand's system
      • Motherboard:
      • Gigabyte AB350 Gaming-3
      • CPU:
      • Ryzen 5 2400G
      • Memory:
      • 16GB Patriot Viper DDR4 3200mhz (8GBx2)
      • Storage:
      • 1TB Toshiba SSHD
      • Graphics card(s):
      • Vega 11 (APU)
      • PSU:
      • Corsair Modular 520w
      • Case:
      • Coolermaster Praetorian
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • Sony 32 inch HD TV
      • Internet:
      • 20Mbps Fibre

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Hardware Unboxed:



    If CTS wanted to sound impartial and be taken seriously, why did they call alleged flaws Ryzenfall? It's like calling a flaw with Intel chips Smintel or Core i0!

  18. #61
    rainman
    Guest

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by peterb View Post
    I noticed you added that as an afterthought. You have defended Intel in some other threads on the forum.
    The only comment I'd would have made about Intel vs AMD would have been on technical differences between the products and their capabilities ... just what has that got to do with this?

    However it is true that you have also declined to comment on the Intel vulnerabilities, while making a point about AMD's.
    I've never participated in any threads relating to Intel vulnerabilities, which isn't the same as "declining to comment". Also, I've not made any point about AMD vulnerabilities either ... simply because I (like everyone else except possibly some entity that may or may not have reported something valid to AMD), don't know anything about them other than some one-line descriptions - which is partly my point.

    If you'd actually read my posts in this thread (because you clearly haven't) I'm not commenting on a brand or any aspect inherent to a particular companies products. My argument is completely platform agnostic and doesn't have anything to do with AMD or Intel per say. I am merely stating that the belief that an exploit needing admin rights to pwn hardware somehow makes it a non-issue is extremely misguided - and that's all I'm saying. So I'll say it again "don't put words in my mouth".

    You would do well to put aside your bias based on any previous posts on a completely unrelated matter.

  19. #62
    Senior Member
    Join Date
    May 2009
    Location
    Where you are not
    Posts
    376
    Thanks
    113
    Thanked
    32 times in 26 posts
    • Iota's system
      • Motherboard:
      • GA-P67A-UD5-B3
      • CPU:
      • Intel Core i7 2600K
      • Memory:
      • 2 x BL2KIT25664FN2139
      • Storage:
      • 4 x CTFDDAC064MAG-1G1 (Raid 0)
      • Graphics card(s):
      • ASUS Radeon R9 290 DC-2
      • PSU:
      • Corsair Professional Series Gold AX750
      • Case:
      • Lian Li PC-X500B
      • Operating System:
      • Windows 10 Pro 64-bit
      • Monitor(s):
      • 2x Samsung 22" widescreen P2270 2ms DVI HD LCD TFT Ecofit
      • Internet:
      • 40Mbps SKY Fibre

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    So, no CVE numbers for the alleged "flaws"?

    Dubious company that doesn't follow responsible disclosure practices? Clear disclaimer they want to make money from shorting AMD stocks?

    I'm not saying there are not any flaws, but considering that if someone has root access you're already wtfpwned, I can't say these are any flaws I'm overly concerned about when taking into account the above points. I'm sure AMD are able to fix these problems and not require completely new hardware fixes (unlike Intel *cough*).

    *disclaimer, I use Intel hardware currently!*

  20. Received thanks from:

    chinf (15-03-2018),MLyons (14-03-2018)

  21. #63
    “High End” Admin peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    18,367
    Thanks
    2,522
    Thanked
    3,081 times in 2,457 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by rainman View Post
    The only comment I'd would have made about Intel vs AMD would have been on technical differences between the products and their capabilities ... just what has that got to do with this?



    I've never participated in any threads relating to Intel vulnerabilities, which isn't the same as "declining to comment". Also, I've not made any point about AMD vulnerabilities either ... simply because I (like everyone else except possibly some entity that may or may not have reported something valid to AMD), don't know anything about them other than some one-line descriptions - which is partly my point.

    If you'd actually read my posts in this thread (because you clearly haven't) I'm not commenting on a brand or any aspect inherent to a particular companies products. My argument is completely platform agnostic and doesn't have anything to do with AMD or Intel per say. I am merely stating that the belief that an exploit needing admin rights to pwn hardware somehow makes it a non-issue is extremely misguided - and that's all I'm saying. So I'll say it again "don't put words in my mouth".

    You would do well to put aside your bias based on any previous posts on a completely unrelated matter.
    And yet you attacked those who have posted opposing views to you as ‘fanbois’ and ‘shils’ so I am quite justified in drawing such inferences as I wish based on the tone and language of those posts.

    And of course while you are free to choose the tech that works for you, so are other posters.

    So you would do well to be moderate in your posting tone, in case others might draw the same conclusions.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  22. Received thanks from:

    Pleiades (15-03-2018)

  23. #64
    rainman
    Guest

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by peterb View Post
    And yet you attacked those who have posted opposing views to you as ‘fanbois’ and ‘shils’ so I am quite justified in drawing such inferences as I wish based on the tone and language of those posts.
    However I've decided to colloquially address a particular subset of users on these forums, you are most definitely NOT justified in implying that I have made comments or consciously declined to comment on subjects and threads where I have most definitely not partaken at all, and I'd go as far as suggesting that in you doing so amounts to a libel, against myself. So perhaps you'd like to just review your accusations before this escalates somewhere to the benefit of neither of us?

    And of course while you are free to choose the tech that works for you, so are other posters.
    I've never posted anything to suggest that this is not the case.

    So you would do well to be moderate in your posting tone, in case others might draw the same conclusions.
    Are you moderating me or is this just your personal opinion? Maybe you want to do this in a PM? I don't see that I'm the one that needs to moderate anything but right now I'm wondering "who moderates the moderator"?

Page 4 of 7 FirstFirst 1234567 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •