Dammit! now it won’t!
First rule of stock trends: don’t talk about stock trends.
3 Likes
“The Chimera exploit focuses on the Promontory chipset, and hidden manufacturer backdoors that allow for remote code execution. CTS-Labs cites that ASMedia, the company behind the chipset, has been fallen foul of the FTC due to security vulnerabilities in its hardware.”
Can anyone help me find a record of these transgressions by ASMedia that the FTC has noted?
https://www.anandtech.com/show/12525/security-researchers-publish-ryzen-flaws-gave-amd-24-hours-to-
Because I damn well can’t.
1 Like
The vulns aren’t necessarily false, they could very well be real problems. Just very low criticality ones, as currently presented.
I can’t… I always thought ASMedia was in good standing. I’ll talk to my legal guy.
Oh, whois protection on the website:
https://whois.icann.org/en/lookup?name=cts-labs.com
Domain Name: cts-labs.com
Registry Domain ID: 2136949702_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2017-06-25T05:56:44Z
Creation Date: 2017-06-25T05:56:44Z
Registrar Registration Expiration Date: 2018-06-25T05:56:44Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 14455 N. Hayden Road
Registrant City: Scottsdale
Registrant State/Province: Arizona
Registrant Postal Code: 85260
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: [email protected]
Registry Admin ID: Not Available From Registry
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 14455 N. Hayden Road
Admin City: Scottsdale
Admin State/Province: Arizona
Admin Postal Code: 85260
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: [email protected]
Registry Tech ID: Not Available From Registry
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 14455 N. Hayden Road
Tech City: Scottsdale
Tech State/Province: Arizona
Tech Postal Code: 85260
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: [email protected]
Name Server: NS-1807.AWSDNS-33.CO.UK
Name Server: NS-138.AWSDNS-17.COM
Name Server: NS-812.AWSDNS-37.NET
Name Server: NS-1442.AWSDNS-52.ORG
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2018-03-13T18:00:00Z <<<
For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
Notes:
WHOIS consumers who are now receiving masked data can visit:
https://whois.godaddy.com to look up the unmasked data. You can also
get whitelisted, to get unmasked data via Port 43. Find instructions
on how to apply for whitelisting here:
https://www.godaddy.com/help/masking-contact-information-shared-via-whois-automated-access-points-27421
The data contained in GoDaddy.com, LLC's WhoIs database,
while believed by the company to be reliable, is provided "as is"
with no guarantee or warranties regarding its accuracy. This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records.
Any use of this data for any other purpose is expressly forbidden without the prior written
permission of GoDaddy.com, LLC. By submitting an inquiry,
you agree to these terms of usage and limitations of warranty. In particular,
you agree not to use this data to allow, enable, or otherwise make possible,
dissemination or collection of this data, in part or in its entirety, for any
purpose, such as the transmission of unsolicited advertising and
and solicitations of any kind, including spam. You further agree
not to use this data to enable high volume, automated or robotic electronic
processes designed to collect or compile this data for any purpose,
including mining this data for your own personal or commercial purposes.
Please note: the registrant of the domain name is specified
in the "registrant" section. In most cases, GoDaddy.com, LLC
is not the registrant of domain names listed in this database.
For fun lets imagine if a Stock trader learned from meltdown and got together with a security firm to find/create some news for his own profit?
Then spin minor/ambiguous/vague security issues into a big story for gains 
Quotes from Anandtech
CTS-Labs is very forthright with its statement, having seemingly pre-briefed some press at the same time it was notifying AMD, and directs questions to its PR firm.
The full whitepaper can be seen here, at safefirmware.com, a website registered on 6/9 with no home page and seemingly no link to CTS-Labs. Something doesn’t quite add up here.
4 Likes
I like the guy and can not abide by his statement…
http://www.overclockersclub.com/news/41453/
The only thing i can find.
It is not connected to the topic at all.
2 Likes
Yeah that’s the same I could find 
Also Overclockersclub page design is like straigt from the 90’s
It’s so gloriously simple I love it.
2 Likes
There are usually are more grumblings by the technically inclined beforehand but New Amd stuff. Thanks for your input.
Found this article curious.
Rumors and articles like this have a habit of popping up at certain times. I’m not sure what the pattern is, it’s just interesting since AMD is well known as having die trying attitude.
A sale/buyout is as unlikely as nvidia licensing AMD tech.
1 Like
Yeah found a few like this one when i was checking the stock prices most of them were posted since mar 1. I can only guess it’s a try for speculation. Maybe it has connection to today’s panic attack.
So the flaws are real, with a very important detail.
They are possibly the most over hyped & irresponsible media whoring publication I have ever seen.
-
MASTERKEY: If you allow unauthorised BIOS updates you are screwed.
Threat level: Duhhh. -
RYZENFALL: Loading unauthorised code on the Secure Processor as admin.
Threat level: Of course that’s not bloody safe. -
FALLOUT: signed driver allows access to Secure Processor.
Threat level: yes of course. -
CHIMERA: outsourced chipset has an internal micro-controller which can be pwned via signed driver.
Threat level: I’m getting tired of this nonsense.
In short there are fuck-ups here. Essentially it can make post-root exploitation worse, but then when you have root you can pretty much write into firmware already. So any other platform is at equal risk.
TLDR:
CTS-Labs wrote a media attention whoring whitepaper and website about things which are bloody obvious in order to short AMD stock because suckers and media at large will listen.
A measured take can be found here now:
Workaround:
Don’t let bad people get root.
Fix:
You get a BIOS update.
11 Likes
@Everyone that wanted open sourced PSP code.
Get to work!
7 Likes
Here’s the real question:
Who wants AMD to fail or be bought out so badly that they’re directing all these resources?
This is Lunduke vs HTTPS level of tomfoolery.
This is our chance!
Join the communist revolution!
Seriously though, now is the time for calls for open source PSP.
1 Like
That is the reply to the whole article… just a bastardized, fear-mongering piece of writing that, thankfully, was caught before it could do much harm.
8 Likes
I suspect it likely builds on the prior fTPM vuln:
1 Like
Good suspicion.
AMD response
I am rather in love with threat level…duhh 
1 Like
This whole article is a nothing burger, and honestly dont expect something like the intel debuckle.
If you hire enough monkey one if them is bound to figure out wood, can be lit on fire.
This whole debuckle smells of either Intel desperately trying to “stay cool/relevant”.
Or some shortstock genious who figured he’d try his luck due to Intels misfortune hype.
Personally im leaning against intel duffle bags of marketing cash money exchanging hands.
Again most these are security holes where if your system is at exactly 75 degrees fahrenheit, and i install
specific 1 year old version of vega drivers, and the bios is specifically using firmware version xyz, and offcourse it is raining outside,
while im doing a rain dance.
I can gain access to certain cpu features.
If they’d kept it at a reasonable level, it may have been believeable.
I mean Intel has 2 absolutely devestating flaws, then they pay Random_israely_company_01 and they find 13 “flaws”, really…
1-2 might have been believeable, 13 is just desperate.