AMD shares mitigation plans for Zen chipset security flaws

[Tabbykatze]

No, I'm not comfortable with what I've not said being contested, especially when i specifically said remote attack and someone overlooks the remote part and focuses on the attack part in order to make it appear to only be about semantics, in other words giving the impression that you were refuting my argument, while actually refuting an argument that was not presented by me.

I think the issue I have with what you're saying is you have a perception that a remote attack is anything that is done or actioned remotely. When the actual definition is far more muddy, most people define a Remote Attack as something akin to DNS poisoning, DOS, TCP sequence and desync attacks or even just a port a scan.

Now the semantic-e facetious c... in me perceives what you're actually getting across is a Remote Exploit.

However, a remote exploit that needs local access to actually run the in the first place is not a "Remote Attack" or even a "Remote Exploit". It is a local exploit/attack. To muddy it even further, if you use a remote exploit (like mimikatz) to garner local administrative creds to then action the local exploit (reflash bios), are the CTS Labs proposed vulnerabilities a remote attack.

The answer begins with n and ends in o.

[DanceswithUnix]

We're going to have to agree to disagree on the definition of remote access then as in my book if you're typing "net use \\10.0.01\C$ /u:Builtin\Administrator *" into a local command prompt you're using the network to access the hidden C drive share on a device with that IP, you're connecting to another computers shared resources.

If I punch someone in the face, that is a car based attack because I drove there before getting out of the car and hitting them?

There is no grey area here, it is a local attack. Use of a network is incidental, the attack could have been done with no network present because it isn't a necessary part of the attack.

Edit: And I think that video was intended to blur the use of the network to make people believe it is a network attack. That was at best incompetent of them, at worst dishonest.

[Tabbykatze]

If I punch someone in the face, that is a car based attack because I drove there before getting out of the car and hitting them?

There is no grey area here, it is a local attack. Use of a network is incidental, the attack could have been done with no network present because it isn't a necessary part of the attack.

Edit: And I think that video was intended to blur the use of the network to make people believe it is a network attack. That was at best incompetent of them, at worst dishonest.

I think we just pretty much said the same thing, yours was slightly more eloquent

[Corky34]

OK so I'll admit there seems to be different opinions on what defines a remote attack, to me it's attacking a system from another location via a network, for others it seems there's a different definition and that's fair enough, it's not a definition that i recognise or completely understand but c'est la vie i guess.

Edit: And I think that video was intended to blur the use of the network to make people believe it is a network attack. That was at best incompetent of them, at worst dishonest.

I'd go for incompetent myself as i get the impression they don't understand the exploits themselves, from what i can tell all these attacks seem to boil down to circumventing, in some manner, the checks that the PSP should be doing when installing unsigned and/or modified firmware and even i could guess something like that would only take a few weeks to fix, not the years they claim they were told by "people" in the know.

[Tabbykatze]

OK so I'll admit there seems to be different opinions on what defines a remote attack, to me it's attacking a system from another location via a network, for others it seems there's a different definition and that's fair enough, it's not a definition that i recognise or completely understand but c'est la vie i guess.

There's not really opinions, there's what it is and then there's what that is in this market. The total overall attack could be remotely executed which is what you are misidentifying as a Remote Attack. In the security world, these definitions have to be separate because protecting against a Remote Attack, Remote Exploit and a Local Exploit have very different methods. A Remote Attack can be protected against using Intrusion Detection/Prevention (like Snort) and an anti-DOS engine (Snort also has one). Remote exploits can be protected against very differently depending on the attack types, if it is a Webserver based exploit then I would use a form of IPS like OWASP WAF ruleset, if it is a known CVE that can be remotely utilised as part of a drive by, malicious link or malvertisemet/script then that would be IPS again. Whereas if it is a locally executed exploit (like a Mimikatz Kerberos privilege access which is remotely executed but is a local attack so IPS cannot detect this), I would need an anti-exploit engine like Sophos InterceptX.

Now reflashing the BIOS? That's not a remote exploit, attack or any of those things...it's standard expected functionality. The only thing that makes this an "attack" is that the PSP is not functioning correctly.

[DanceswithUnix]

OK so I'll admit there seems to be different opinions on what defines a remote attack, to me it's attacking a system from another location via a network, for others it seems there's a different definition and that's fair enough, it's not a definition that i recognise or completely understand but c'est la vie i guess.

Depends how involved you are in the industry. To me it is clear cut, no room for debate.

OTOH, well to me a Goose is just a Duck that is mostly white and a bit fat isn't it? They are all just a kind of Duck, they look much the same. A Zoologist might disagree, but to me it is just another sort of Duck so me and the zoologist should agree to disagree

To some people the language use here is critical, so expect them to get stressy over it.

[watercooled]

I'd go for incompetent myself as i get the impression they don't understand the exploits themselves, from what i can tell all these attacks seem to boil down to circumventing, in some manner, the checks that the PSP should be doing when installing unsigned and/or modified firmware and even i could guess something like that would only take a few weeks to fix, not the years they claim they were told by "people" in the know.

That's what I've been thinking to be honest, particularly the part I've highlighted. Malicious or incompetent are the options, I can't think of a way in which neither of those are true. Their report reads kinda like it's been written by a journalist operating outside of their expertise and/or being deliberately inflammatory and misleading.

[Corky34]

Depends how involved you are in the industry. To me it is clear cut, no room for debate.

That does seem to be what confused me, I've done a lot more reading and like you say that's how the industry views it whereas the common language terms of "local" and "remote" point to a more literal (is that the right word?) understanding of the terms, it also makes what they're claiming, in hind sight of learning the differences, seem even more peculiar.

I don't know if AMD will release the technical details once they've been patched but i hope they do so everyone can asses CTS-Labs findings.

[KN1GHT]

This whole thing really irks me, CTS Labs and Viceroy research need to be put in their place and even closed down if possible.

That said going through the facts it does seem that stock manipulation were mostly a smoke screen, side objective or absolute stupidity, because firstly even after specter and meltdown which were much more serious, Intel didn't really notice stock change.

Looking at all the coincidences, it does seem like Intel was behind everything especially because a lot of the above will be effecting them just as much especially since they use the same third party chips in their chip-sets.

Not to mention that Intel has a good deal of foot prints in Israel, just like CTS Labs.

To me the fact that they refrain from mentioning Intel anywhere seem to be the most damming evidence of all.