Page 1 of 7 1234 ... LastLast
Results 1 to 16 of 101

Thread: AMD processors impacted by 13 serious flaws, says CTS Labs

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    27,063
    Thanks
    0
    Thanked
    1,662 times in 578 posts

    AMD processors impacted by 13 serious flaws, says CTS Labs

    Four classes of security vulnerabilities exist in Ryzen and EPYC, says cyber-security firm.
    Read more.

  2. #2
    Registered+
    Join Date
    Jul 2016
    Posts
    91
    Thanks
    23
    Thanked
    4 times in 4 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    So, if I understood this correctly, you either need local admin rights or physical access (and a possible BIOS passphrase?) to be able to take advantage of these vulnerabilities? Or does Chimera only require the signed driver to be loaded?

    If so, these are nothing like as bad as Specter and Meltdown, thankfully.

    Also, it sounds like most of these can be fixed with firmware updates.

  3. Received thanks from:

    Jonj1611 (13-03-2018)

  4. #3
    Member
    Join Date
    Feb 2017
    Posts
    111
    Thanks
    3
    Thanked
    4 times in 4 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Coincidentally this has been released just before AMD is about to release the new Ryzen 2 chips.

  5. #4
    Senior Member
    Join Date
    Apr 2008
    Posts
    222
    Thanks
    12
    Thanked
    37 times in 32 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by afiretruck View Post
    So, if I understood this correctly, you either need local admin rights or physical access (and a possible BIOS passphrase?) to be able to take advantage of these vulnerabilities? Or does Chimera only require the signed driver to be loaded?

    If so, these are nothing like as bad as Specter and Meltdown, thankfully.

    Also, it sounds like most of these can be fixed with firmware updates.
    I wonder if Intel has employed the services of CTS? A dedicated microsite called "amdflaws"?! This after AMD processors aren't hit as badly by the Spectre/Meltdown issues and get better publicity over it.

    Fishy.

  6. #5
    Senior Member
    Join Date
    Nov 2015
    Posts
    217
    Thanks
    2
    Thanked
    21 times in 15 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Ummm... all these "exploits" require an admin to run or install something. This is beyond silly. I also think that this is an Intel-sponsored thing.

  7. #6
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    10,434
    Thanks
    1,462
    Thanked
    872 times in 756 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    From what I've read I have to agree - a bit of hyperbole to frighten investors who won't bother to understand what it actually is. And an impossibly short notice period is just a joke - something is obviously malicious about it. Even the language used is strange, they're making wild assumptions and implying things they simply cannot know, and acting like security flaws are unheard of.

  8. Received thanks from:

    Jonj1611 (13-03-2018)

  9. #7
    Senior Member
    Join Date
    Apr 2008
    Posts
    222
    Thanks
    12
    Thanked
    37 times in 32 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by Nifl View Post
    Ummm... all these "exploits" require an admin to run or install something. This is beyond silly. I also think that this is an Intel-sponsored thing.
    I think the only way you'd be able to guarantee doing this is to get physical access, find a root / admin unlocked terminal and have a rubber ducky ready at your disposal. I can't see these being exploitable remotely unless you have someone surfing some very dodgy websites on the admin login and you manage to exploit their horniness.

    Maybe I'm just naive?

  10. Received thanks from:

    Millennium (13-03-2018)

  11. #8
    Comrade Moose CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Moosetopia
    Posts
    27,591
    Thanks
    3,016
    Thanked
    4,230 times in 3,278 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    So,where is the corresponding Intelflaws?? Maybe someone can investigate what links this company might have with Intel.

    Hmm,they look rather dodgy too:

    https://news.ycombinator.com/item?id=16576516
    https://www.reddit.com/r/Amd/comment...en_epyc_chips/

    There's far more damning evidence than that:

    24 hour disclosure instead of industry standard 90/180 day
    Domain records for "amdflaws.com" were created on the Feb, 22, 2018 for this "16 years in operation" company.
    It was also registered not directly but by "domainsbyproxy.com" thus no real contact information of the domain is public. It was used by fraudsters before.
    Amdflaws links to a YT video, with comments disabled

    YT Channel with video was just just March of this year

    This sketchy "we might have economic interest by disclosing these vulnerability" from their disclaimer

    Exploits have insane requirements like being able to defeat OEM BIOS flash protections and Windows' driver signing...
    They talk about a company called Viceroy who does dodgy stuff:

    https://m.fin24.com/Economy/treasury...kless-20180201

    Cape Town – National Treasury has spoken out against Viceroy Research, labelling its report on Capitec as reckless.

    Viceroy released a report on Capitec this week, labelling the bank a "'loan shark" and alleged the bank "engaged in reckless lending".

    In a statement released on Thursday afternoon, Treasury said: “Until two weeks ago, Viceroy operated anonymously and opaquely, and the reckless way in which it has released its report is clear proof that it is not acting in the public interest nor in the interest of financial stability in South Africa.”
    Look who is trying to push AMD stock price down:

    https://viceroyresearch.files.wordpr...3-mar-2018.pdf

    AMD – The Obituary
    Apparently they "wrote that" in a few hours.

    Apparently there is concerted effort to push AMD stock price down:

    https://www.thestreet.com/video/1446...ock-lower.html

    TheStreet's founder and Action Alerts PLUS Portfolio Manager Jim Cramer said there's a concerted effort to keep shares of Advanced Micro Devices lower.


    Those despicable Elk,stealing the pond weed!

  12. Received thanks from:

    chinf (13-03-2018),Iota (14-03-2018),Jonj1611 (13-03-2018),Ozaron (14-03-2018)

  13. #9
    Comrade Moose CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Moosetopia
    Posts
    27,591
    Thanks
    3,016
    Thanked
    4,230 times in 3,278 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Another stinker from them:

    https://amdflaws.com/disclaimer.html

    Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports.
    From CNET:

    https://www.cnet.com/news/amd-has-a-...aw-of-its-own/

    The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing the report. Standard vulnerability disclosure calls for 90 days' notice so that companies have time to address flaws properly.
    Second Edit!!

    It only was started in 2017 - umm,wasn't 2017 when Intel/AMD were told of the Spectre/Meltdown flaws?
    Last edited by g8ina; 17-03-2018 at 03:57 PM.


    Those despicable Elk,stealing the pond weed!

  14. #10
    Registered User
    Join Date
    Dec 2013
    Posts
    12
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    toms hardware says "CTS-Labs released the information in an unusual fashion. Typically, semiconductor vendors are given 90 days to respond to vulnerabilities before they're disclosed to the public, but CTS-Labs provided AMD with only a 24-hour notice"

  15. #11
    Comrade Moose CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Moosetopia
    Posts
    27,591
    Thanks
    3,016
    Thanked
    4,230 times in 3,278 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by hpv9 View Post
    toms hardware says "CTS-Labs released the information in an unusual fashion. Typically, semiconductor vendors are given 90 days to respond to vulnerabilities before they're disclosed to the public, but CTS-Labs provided AMD with only a 24-hour notice"
    The domain was apparently registered in June 2017. Great timing or what??


    Those despicable Elk,stealing the pond weed!

  16. #12
    Editable... jimbouk's Avatar
    Join Date
    Aug 2005
    Location
    Bristol
    Posts
    2,509
    Thanks
    185
    Thanked
    183 times in 144 posts
    • jimbouk's system
      • Motherboard:
      • ASUS M5 A97 R2.0
      • CPU:
      • AMD FX-6300
      • Memory:
      • 8GB DDR3
      • Storage:
      • 128GB SSD + 500GB HDD
      • Graphics card(s):
      • AMD Radeon HD 7870
      • PSU:
      • Corsair HX 520W
      • Case:
      • Some large ATX case
      • Operating System:
      • Windows 7
      • Monitor(s):
      • Dell U2713HM
      • Internet:
      • Orange...

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Oh no - if someone flashes my bios they can change how my computer works! Or an admin on my machine can read data. Shock horror.

    Someone's earning some money from this in a dubious manner...

  17. #13
    HEXUS.staff MLyons's Avatar
    Join Date
    Feb 2017
    Posts
    361
    Thanks
    213
    Thanked
    90 times in 61 posts
    • MLyons's system
      • Motherboard:
      • Gigabyte G1.Sniper Z87
      • CPU:
      • 4770k
      • Memory:
      • 4GB/8GB/16GB corsair vengeance LP Depends on how my PC is feeling at the time
      • Storage:
      • 256GB 840 evo 2TB samsung HDD 500GB HDD
      • Graphics card(s):
      • Sapphire 290
      • PSU:
      • Corsair tx650
      • Case:
      • Corsair Air 540
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 2 Asus 1080p

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports
    Hmmmmmm something-smells-fishy-and-it-certainly-isnt-fish.jpg
    Half dev, Half doge. Some say DevDoge

    Feel free to message me if you find any bugs or have any suggestions.
    If you need me urgently, PM me
    If something is/was broke it was probably me. ¯\_(ツ)_/¯

  18. #14
    Registered+
    Join Date
    Dec 2012
    Posts
    76
    Thanks
    0
    Thanked
    1 time in 1 post

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by philehidiot View Post
    Quote Originally Posted by afiretruck View Post
    So, if I understood this correctly, you either need local admin rights or physical access (and a possible BIOS passphrase?) to be able to take advantage of these vulnerabilities? Or does Chimera only require the signed driver to be loaded?

    If so, these are nothing like as bad as Specter and Meltdown, thankfully.

    Also, it sounds like most of these can be fixed with firmware updates.
    I wonder if Intel has employed the services of CTS? A dedicated microsite called "amdflaws"?! This after AMD processors aren't hit as badly by the Spectre/Meltdown issues and get better publicity over it.

    Fishy.
    Yeah, this looks very suspicious to me also. I mean, look at amdflaws page. Someone worked a great deal of time on it to make it very nice and easy to read - that AMD has flaws...
    To be sincere, this looks like a 1st of April joke.
    I am 99% that this is just a scam or something...

  19. #15
    Hooning about Hoonigan's Avatar
    Join Date
    Sep 2011
    Location
    Renfrew, Scotland.
    Posts
    1,607
    Thanks
    118
    Thanked
    276 times in 192 posts
    • Hoonigan's system
      • Motherboard:
      • MSI Z270 Gaming M7
      • CPU:
      • Intel Core i7 7700k @ 5.0GHz
      • Memory:
      • 32GB Ballistix Tactical Tracer RGB DDR4 3000MHz
      • Storage:
      • 1TB Samsung 970 EVO + 512GB XPG S10
      • Graphics card(s):
      • MSI GTX1080Ti GAMING X TRIO
      • PSU:
      • BeQuiet Straight Power 11 650W
      • Case:
      • BeQuiet Dark Base Pro 900
      • Operating System:
      • Windows 10 x64
      • Monitor(s):
      • LG 34UM95-P + ASUS ROG PG279
      • Internet:
      • Virgin Media Vivid 400

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    To all of those that were singing AMD's praises when this came out about Intel a few weeks ago..

    PAHAHAHAHAHAHAHAHHHAHAHAAHAHAHA!!!!11!!11!!!!11ONEONE!!!1!!111!!!1ONE!!!!ONEONEONE!!!!11!!!!!!!

  20. #16
    Senior Member
    Join Date
    May 2014
    Posts
    642
    Thanks
    42
    Thanked
    77 times in 47 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by Hoonigan View Post
    To all of those that were singing AMD's praises when this came out about Intel a few weeks ago..

    PAHAHAHAHAHAHAHAHHHAHAHAAHAHAHA!!!!11!!11!!!!11ONEONE!!!1!!111!!!1ONE!!!!ONEONEONE!!!!11!!!!!!!
    Considering how obvious this is a sham and a smear campaign using "vulnerabilities" that can be exploited on any processor. Back into the box you go.

    Next time, properly read the article and the thread, lest you make out yourself to be any more of a fool next time.

    On topic, there is a disclaimer in the whitepaper discussing that the paper is only opinion and not subject to facts. Theres some interesting investigations over on the AMD reddit.
    Last edited by Tabbykatze; 13-03-2018 at 10:09 PM.

Page 1 of 7 1234 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •