13 security vulnerabilities on AMD Ryzen/Epyc processors
Other urls found in this thread:
businesswire.com
cnet.com
ctslabsinc.com
safefirmware.com
youtube.com
embedi.com
cts-labs.com
linkedin.com
reddit.com
youtube.com
reddit.com
twitter.com
Sponsored by Intel.
I wonder who is behind this site ...
Cnet and businesswire reporting on it
fuuuuuuuuuuuuuuck
businesswire.com
cnet.com
Bump
nice fucking whitepaper
>TEL AVIV, Israel--(BUSINESS WIRE)--CTS Labs, a cyber-security research firm and consultancy, today released a severe security advisory on Advanced Micro Devices, Inc. (“AMD” or “the Company”) (NASDAQ:AMD) processors.
OY VEY!
When will upgradefags ever learn?
You were warned about PSP but you just couldn't stay on 32 nm, could you?
Phenom II doesn't have this problem
This
Cucktel being this desperate.
>no words from Lisa Su or AMD on twitter
FUUUUUUUUUUUUUCKKKKKKKK
>The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing the report. Standard vulnerability disclosure calls for 90 days notice, so companies have time to address flaws properly.
What lengths will the Intel shills go to?
One of the attacks reportedly require physical hardware access, by installing malicious hardware to infect the chipset. Another requires reflashing the BIOS. The software exploit that targets "Windows Credentials Guard" should be patched by Microsoft in the immediate future. I don't know how many of these are going to be a concern on the same level as meltdown/spectre. Wish there was something concrete to look at for the vulns instead of just a youtube video that doesn't provide any real detail.
Still more secure than jewtel.
>intel
>2 version of spectre and 1 of meltdown
>amdiscount
>2 version os spectre and 13 versions of amdflaws.com
>The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing the report. Standard vulnerability disclosure calls for 90 days notice, so companies have time to address flaws properly.
Ooh! I wonder why this could be!
>site maintained by cts-labs
ctslabsinc.com
>CTS also wholesales products to retailers, health practitioners, therapists, and bodyworkers
dude what?
>yfw you get to see the short lived Ryzen'fall of amd
here you ding dong safefirmware.com
top kek, that is so hecking fishy
where's the fall bro
>TEL AVIV, Israel
>TEL AVIV, Israel
>TEL AVIV, Israel
>TEL AVIV, Israel
>TEL AVIV, Israel
>TEL AVIV, Israel
@$$rock 350 and 1600x here how fucked am I?
Don't have anything sensitive on PC
I'm gonna kill myself for buying Ryzen.
Hmmm...AMDrones aren't laughing now are they
fucking this
No, still laughing.
Toasting in epic bread.
...
My modern AMD CPU is super secure. No worries. Also anyone buying CPU with PSP or IME is a huge fag and deserves this shitstorm hitting him.
Epyc
It's not secure in the least, but at least it doesn't have PSP.
Ah, the "get nothing done in the real world" build.
>Secure Processor
>It's not secure
cnet.com
>The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing the report. Standard vulnerability disclosure calls for 90 days notice, so companies have time to address flaws properly.
A B S O L U T E M A D M E N
>CTS Labs is a cyber-security >research firm and consultancy >based in Tel Aviv, Israel >specializing in hardware and >embedded systems security. For >more information about CTS >Labs, please see cts-labs.com.
Not very subtle, are they?
>MASTERKEY: Exploiting MASTERKEY requires an attacker to be able to re-flash the BIOS with a specially crafted BIOS update.
>RYZENFALL: Exploitation requires that an attacker be able to run a program with local-machine elevated administrator privileges.
>FALLOUT: Exploitation requires that an attacker be able to run a program with local-machine elevated administrator privileges.
>CHIMERA: A program running with local-machine elevated administrator privileges. Access to the device is provided by a driver that is digitally signed by the vendor.
This is pathetic.
I can create a website called intelflaws and do the exact same shit on intel processors.
>Israeli """researchers""" found issues
Nothing to see here, Sup Forumsuys. It's lireally fucking fake news false flag produced by Inturd agents. Like, holy shit this is lowest tier bait, wow.
1. PSP isn't the same as IME it requires OS userspace programs to operate.
IME can work without a OS or harddrive. (can even remote netboot/pixelboot over the internet)
2.PSP doesnt have a network stack or DMA access.
3. this isn't PSP related.
4. it requires physical access which is assumed a compromise either way unless you have disk encryption and secureboot with a custom gpg key
5. you're a cuck
Only two videos from their channel.
I wonder who (((contracted))) them.
Do it then, smatass
You don't have to response to VERY obvious and VERY badly constructed fake news false flagging, though.
Works quite well for me, even in Gnome 3. I've been developing on this machine for years, also played Tux Racer and a bunch of Steam games recently.
hmmm
>Tux Racer
Ah, a man of fine taste like me.
Literally nothing, and this is from a company that was probably funded by intel...
Actually laughing my goddamn ass of at how utterly low tier this VERY OBVIOUS bait is. You seriously need to work WAAAY harder than just that, Intbeciles. This is literal fucking 0/10 fake news clickbait shit.
Poozen shills on damage control and on suicide watch and BTFOOOOOO
Ryzenfall and Fallout also have the driver requirement, for whatever that's worth.
13 hahahahahahahahahahaha
How are these even vulnerabilities related to AMD.
You can flash a malicious BIOS to any device and every device/computer would be affected.
This creams of bullshit
Where is the 13 coming from? Only 4 or so are being named.
I watched the YT video but haven't gone to the site.
People have been saying that PSP (and fucking ME) was a bad idea even before spectre/meltdown, but /r/amd-fags on nu/g/ kept on lying about it.
Remember all the shit those faggots kept saying?
>hurr it's nothing like ME
>hurr just disable psp
>hurr trusting the open source trannyboot over amd
>hurr epyc won't have any of the flaws
You need to go older than phenom II friend.
U alrite dere, m8? Take a deep breathe.
Intel Boot Guard
plus the spectre and meltdown also, because everyone is affected by meldown and spectre
youtube.com
At 1min18seconds
t. Steve from Gamer's Nexus
don't be so.. INSECURE HAHAHAHAHAHA *breaths in* HAHAHAHAHAHAHAHA
This has to be fucking illegal. Why is this shit getting reported like it's real?
Couldn't you essentially, pull all of these exploits off on Intel processors, too?
>over-designed website
>logos and names for exploits on day zero
>website full of infographics
>extremely short whitepaper
>no explanation of attack mechanism
>red arrows labeled "MALWARE" pointing from OS to chipset
>no demonstrated attacks
>no clear indication of proper disclosure practices
>"It is our view that the existence of these vulnerabilities betrays disregard of fundamental security principles"
>Israelis
This is all unbelievably suspicious.
Its in the title of the cnet article
JIM KELLER IS A HACK
It's believably Israeli.
Yes, this is nothing.
>CTS Labs
What the fuck? I have never even heard of this (((security))) team. What is their company's history, besides being based in Israel and attacking AMD?
ctrl+fing 13 in the article doesn't give it much water though, the youtube thumbnail is more informative with "4 classes of vulns"
MULTIPLE CRITICAL SECURITY VULNERABILITIES AND MANUFACTURER BACKDOORS
They had so many they placed them into 4 classes
Linked in
>founded 2017
Oyyyy veyy
>cts-labs.com
>page doesn't load if you have js blocked
fucking jews
>specially crafted BIOS update
>elevated administrator privileges
>elevated administrator privileges
>elevated administrator privileges
Wow, so it's the equivalent of getting angry and smashing your computer with a hammer.
I am. This bloody funny
IT'S NOTHING GUYS THESE 13 BUGS ARE NOTHING CONTINUE BUYING AMD PRODUCTS
in my case it gave more info than allowing js which asked me to sign up/in
To be fair, even with those requirements for the attacks, enterprise could still be at risk (if any of these are actually real), since Pajeet has root on the servers and has no fucking clue what he's doing.
>all these mental gymnastics by AMDrones who bought budget processors
Having a laugh
Same here. This only raises the slimey jewish merchant meme to new levels.
Really thermals my jizz
laugh with you're mouf shut
or else the infant blood and foreskines go absolutely everywhere
Agreed
Fucking redditors this isn't funny. Stop giving AMD a bad name
Me too. AMDZ owners have and always will be btfo retards
I knew it was bad for ages it's why I stuck with my i7 920 and phenom X4 for 5 years until 2014
>*hands rubbing intensifies*
youtube.com
No one posting merchant memes?
reddit.com
Oh ha ha look at them
>inb4 reddit
PLEASE DEFLECT TO INTEL PLEASE I CAN'T STOP CRYINF
They're right
Also reddit is so close to naming the jew
God's work user
Uri Farkas
ur a fuck ass
freddie pharkass frontier pharmacist
This is literally nothing. There's even some recently created firm Viceroy saying that AMD is now worth $0 account to these "flaws".
What surprises me the most is how blatant this shilling is, Intel even hired an Israeli company.