AMD Security Issues

Ruffalo · March 20, 2018, 9:37pm

The security advisories we all knew were low-criticality on day 1 turned out to be confirmed low-criticality on day 8. Cool.

catsay · March 20, 2018, 9:51pm

What can I say…

catsay · March 20, 2018, 10:04pm

WHY Post this already?

You could have waited.

RevampedTech · March 20, 2018, 10:08pm

Wow, these cunts won’t stop.

anon5644329 · March 20, 2018, 10:10pm

Showing off his mad hacking skills or maybe just being paid … a lot of people would do stupid things for money.

SgtAwesomesauce · March 20, 2018, 10:44pm

Where’s his fancy fucking office? Looks like he did this in his basement workshop.

EDIT: just noticed drill press. Why does a security firm need a drill press?

Deanpal · March 20, 2018, 10:47pm

I think there is a Payday joke somewhere in there.

catsay · March 20, 2018, 10:48pm

Number one reason, from my experience is destroying hard disks.

MazeFrame · March 20, 2018, 10:49pm

How to spot a fishy video:

denstieg · March 20, 2018, 10:50pm

To infiltrate the secure proccesor

Pholostan · March 20, 2018, 10:51pm

Didn’t they kinda promise to not post anything public? To not harm the users that they care so very much about…

SgtAwesomesauce · March 20, 2018, 10:53pm

I like a sledge hammer. Good catharsis. We have one at HQ. Whenever hard drives need to go, I go out to the loading bay with our desktop support guy and we spend a good hour slamming steel into platters.

I can see why they need it now though. I definitely don’t get a “CTS Labs” vibe from that video, especially considering their last video.

catsay · March 20, 2018, 10:56pm

To be frank this video skips over a lot of details. It’s really a PoC demo.
But it’s also completely unnecessary, it adds nothing and serves simply to show off the exploit.

The YouTube settings (likes hidden, comments off) they chose further exacerbates the fact that it once again comes off as attention seeking.

SgtAwesomesauce · March 20, 2018, 10:57pm

I watched the embedded version first, didn’t notice it in the beginning.

thro · March 21, 2018, 1:18am

Systems that are owned are owned. Film at 11.

edit:
That said, looks like if AMD was given a couple of weeks notice, these issues would have been fixed inside the disclosure window. No doubt this is why they were hyped so hard and announced on day 1.

noenken · March 21, 2018, 7:41pm

flazza · March 21, 2018, 8:03pm

I do like how he puts it all together as a story from start to present that almost anyone can follow, regardless of their technical knowledge.

He has good presentation and communication skills

… dislike the bit at the end where he points to intel with no evidence.

I wouldnt put it past them but… evidence first, cmon.

Fairly certain cts labs are never going to get work after this because of their lack of professional conduct.

foppe · March 22, 2018, 12:18am

With no direct evidence, but a whole slew of indirect evidence, you mean? The mere fact that cts repeatedly refuses to identify ‘another maker of motherboards/pcs’ is pretty damning all by itself.

Ruffalo · March 22, 2018, 12:44am

No it’s not, could be (and very likely is) just spreading FUD.

SgtAwesomesauce · March 22, 2018, 12:47am

It’s cause for questioning at the very least, considering that some of those ASMedia chips can be seen on Intel mainboards as well as standalone PCIe boards.