Return to Level1Techs.com

AMD Security Issues


#1

https://www.amdflaws.com

That title makes no sense - it’s not like Spectre and Meltdown.

I will say I am quite skeptical about this whole matter. Here is a some of my concerns (not authored by me.)

But if this is for real, it would be bad for AMD.


AMD Ryzen 13 Security Vulnerabilities and Manufacturer Backdoors Exposed
#2

Intel being the good old jealous Intel we know it seems. Assuming they had some input in this research.

Looks like the goal is to damage AMD’s stock. It seemed to have worked, although the stock is on the rebound it looks like…For the day at least. Hopefully tomorrow will be a brighter day, considering the researchers put a 24 hour limit for AMD to respond. Today or Tomorrow, considering if AMD does respond within the next 24, people will have have a lot of eyes on the news.

And now with ARM being a thing can’t Intel just destroy AMD and not be accused of Monopolizing the market?


#3

The first 3 are big nothingburgers IMHO. Anything affecting Intel’s ME or AMD’s PSP are really arguments for neutralizing these embedded malware devices. I’d be surprised if Chimera (or a variant) can’t be exploited on an intel platform.

We’ll see what happens, but I’m going to try not to tend one way or another for now.

Get your money ready, buy the dip. This isn’t going to be egg on AMD’s face for long.

I would argue no. Arm solutions are not a competitor to x86. Most CAD or ERP software, for example, does not run on ARM. It’s not just the CPU power. It’s ecosystem that’s available surrounding it.

Ringing @catsay, our resident CPU flaw expert.


#4

I think ARM counts, which would mean that if Intel “destroyed” AMD, Intel’s position would not count as monopol. However, Intel and AMD have several patent agreements. If AMD was bought be another company, Intel might have problems legally manufacturing CPUs. This could pose a problem for Intel in general.


#5

What’s wrong with Intel being the buyer of AMD?


#6

If AMD was bought by another company, it would be bought by Intel. That would eliminate the need for Nvidia and reduce their cross-company licensing costs in one fell swoop.


#7

Ìt wouldn’t have anything to do with Intel getting slammed and therefore wants to take AMD down with themselves? Noooo, that can’t be right? :stuck_out_tongue:


#8

This is good news let me check my bank account to see how much stock I can buy. Seriously though meltdown wasn’t as big of a hit on Intel stocks for me to be able to buy some and make money.

I am actually glad that they found those issues so early. Not like meltdown taking down 10 years of processors :grin:.

Will see how real the vulnerabilities are actually in the next few days. Until then lets make fun of AMD.

I liked the most ryzenfall.


#9

Comments on the Guru3D article and the rundown on Reddit really make this look shady AF though. 24 hours notice to AMD? Feels like a hit piece not a vulnerability report.


#10

I thought the press were briefed before AMD was.


#11

I smell bullshit. VERY BIG bullshit.

Partly because everyone on my security clearance just woke up going, wtf is this, who are these people? What are the details? Why is this even published?

The PR budget on this and who the fuck is CTS-labs?

They made a friggen movie trailer and don’t even have a CVE.

0 Responsible disclose. AMD barely even heard of this? Are you serious?

But VIceroy group runs their smear paper on them first of all websites… Smells very suspect.

And why is their contact http://cts-labs.com/contact pointing to this page http://www.bevelpr.com all of which just happen to be registered via GoDaddy domains on similar days & hosted on google cloud anonymous boxes.

https://translate.google.de/translate?sl=de&tl=en&js=y&prev=_t&hl=de&ie=UTF-8&u=https%3A%2F%2Fwww.bafin.de%2FSharedDocs%2FVeroeffentlichungen%2FDE%2FMeldung%2F2018%2Fmeldung_180309_viceroy_research.html&edit-text=&act=url

These sites are all associated

So what is up with all these sites?
http://safefirmware.com
http://cts-labs.com
http://amdfall.com


http://www.ninewellscapital.com/

All recently created.

The supposed management team:
http://cts-labs.com/management-team


#12

Glad to hear it.

Do you think these vulnerabilities are even legit, or is it just fake bullshit?


#13

Should be noted CTS-labs website is from 2017 and amdfall is from last month so it is not exactly a hit piece maybe. Will see what happens. I also like how you need administrator privileges to be able to exploit the processor.


#14

Hey guys, new privesc. You need to get root so you can exploit the processor and get root!

hu huh… Filing in DOA.


#15

These names:

Masterkey
Ryzenfall
Fallout
Chimera

It’s more branding than content in the “Whitepaper”.

In short

1) Masterkey requires you to flash the BIOS... I mean really...
2) Ryzenfall requires elevated administrator rights...
3) Fallout requires elevated administrator rights....
4) "Backdoors" require elevated administrator rights and digitally signed drivers.. 

It’s also void of technicalities and reads like someone that just barely started researcthing this topic wrote it, the amateurish references look so suspect to me.

I have had literally 30 minutes to read about this. From when it hit my desktop.
Nothing via the usual security channels. I heard of meltdown 3 months ahead almost.
So obviously this has me scratching my head… :thinking:

So overall I don’t know where to categorize this.


#16

Sounds more like a feature than a vulnerability to me.


#17

Now I find this from 3 months ago:

January is the first known internet archive record of cts-labs.com


#18

Can’t we check their SSL cert issuance date?

Oh, good fucking news, looks like they’re not using HTTPS.

Who the fuck doesn’t use HTTPS in 2017/2018?


#19

Lunduke /s

Yea this seems rather fishy…


#20

Bryan Lunduke. :slight_smile: