AMD Security Issues

If AMD could spin that into a positive, I would believe a checkmate would be in order towards CTS.

AMD can’t spin it into a positive, but $0.50 of swing over this shows just how poorly this attack has been executed.

I am absolutely one of those. Never really understood the difference.
Is there something important between these two?

Yes.

The concept is the same but the implementation is different.

UEFI -> Unified Extensible Firmware Interface.
BIOS -> IBM Basic Input Output System.

UEFI is modular and ‘pluggable’ which makes it easy to customize for specific platforms while the other is a block of code.
The manjaro wiki has a intro overview of it.

I jokingly refer to UEFI as Micro Windows .
Because everything is bolted together like a hybrid kernel with awkward interfaces and makes use of the Windows PE image format and other Microsoft patterns everywhere.

https://wiki.manjaro.org/index.php?title=Some_basics_of_MBR_v/s_GPT_and_BIOS_v/s_UEFI

Wow, ok. I didn’t know that.
Guess I’ll give that a read later.
Thanks.

just been watching commenting on an interresting livestream with Ian from Anandtech:
[it was live, but over now]

What’s the gist of it?

Looking at it now but 1 and a half hours is long.

mostly just the same as what others online have been saying, but more relaxed, with the lastest, as per today, where as others had not had chance to check stuff out before commenting

The horrible thing is far too many people are treating this more seriously than it deserves.

Still getting crap come through in my news feed.

I guess it will die down over the weekend, and then AMD reply on Monday, and the
whole circus starts up again

I really want a statement that reads along the lines of “We are consulting other security businesses to verify the initial report.”

looks like CTS only went to one security firm, trail of bits, and then released afterwards.

now the ball has been thrust, unfaily soon, in AMD’s court, to recover form

If I’m honest I have little concern for these vulnerabilities.

Why?

Because standard risk models, security measures & standards regarding any exploit mitigation and security apply anyway.

Of course they still need to be patched later to remove the chance of deep post exploitation persistence if something ever does go wrong.

I yake the view that the vulnerabilities can make a successful hack have deeper re-percussions, until mitigated, but it does require being compromised in the first place… so yeah, not worried either, but I am a fanboi for AMD, so am biased.

also I am a patreon of the stream I posted, so am biased that way too, if disclosure matters?

This one guy on the stream “The Naphex” sure was trying hard to fling mud.

yeah, that bozo seemed to care, but couldn’t really contain himself.

The streamer gave me mod, hoping I would deal with him, but I’m afraid I let Andy down, and only timeout-d him a couple of times

Assuming the initial report from CTS is real, there are many different companies that need to look into their entire product lines, conduct tests and where necessary, issue patches or updates. That is going to take a while (thinking half a year as the published findings reveal very little of use concerning the technical details) and cost a lot (get R&D going, etc.).
Overall, the situation is a clusterfuck based on very little.

My worry is that RyZen2 is just around the corner, and team red won’t have time to mitigate before launch, unlike team blue with their next shovel full of silicon coming later this year to address Meltdown

Zen+ is around the corner. Ryzen 2 isn’t going to be out for a while.

There’s nothing to fix on the CPU, this is all chipset BS, and it’s not AMD’s problem to solve. Looks like it’s all down to ASMedia being dumber than rocks.

That may have been the reason behind this, kill it before it emerges.