Ebsite exposing AMD "vulnerabilities" goes up

I'm sitting with a Skylake i5. Told myself it would last 5 years, I'll be happy if it lasts 4. If Ryzen is really going to stick to their roadmap I might wait until AM5 mobos

>he did not read my post
How nice.

>posting in every thread about this
Kinda obvious.

He's probably not a shill, just terminally autistic.

>in the name of security we should should investigate it thouroughly

that's shillspeak.

>I just hope tech journalists will be able to recognize the bullshit
They literally never do this. Remember how half the articles about spectre/meltdown simply left it as "all CPUs are affected"?

A lot of news organizations are already backtracking on their earlier articles. It's hysterical how hard this plan is failing.

Would you advocate for nuking Intel & AMD HQ?

please use a trip

shutterstock.com/image-photo/fashion-modern-office-interiors-483411280
shutterstock.com/image-illustration/computer-notebook-on-working-place-office-332087582
shutterstock.com/video/clip-12717176-stock-footage-data-center-server-room-seamless-loop.html?src=/c1UCORCokdc7kyoIyOUQXA:2:16

Attached: file.png (960x1150, 1.31M)

here is your (you) 1/10

DESIGNATED

Attached: artImg940x540_20527.jpg (940x540, 100K)

Why?

No, nukes are bad as they produce radiation and cause all forms of cancer and contamination. I would be fine with a neutron or a normal bomb however.

Is there anything wrong with my post?

Attached: 1512870791836.jpg (870x1237, 150K)

see this retard?
tha'ts how it'll play out.

a non issue will become a thing in account of an absurd revanchism. They'll take every chance to laugh at AMD security risks all the while burying meltdown even further down.

It's like who found out someone has a smaller wiener than his. But the other kid is a grower.

Attached: 4f8ab88792.png (1165x221, 32K)

>P-please don't hurt our stock!
kek

AMDs Statement via AnandTech:

At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings

Second AMD Statement via AMD IR:

We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops.

Attached: AMD_Stock_Price_-_Advanced_Micro_Devices_Inc._Stock_Quote_(U.S._Nasdaq)_-_MarketWatch_-_2018-03-13_1 (961x399, 50K)

mods just deleted the big thread...

Well, considering these threads I can understand him. The AMD fanboys are being quite ridiculous.

>no evidence or details of their exploits
>the supposed exploits require shit like admin privileges and signed drivers
>one of them even requires flashing a BIOS on top of that
Wow, turns out if you have admin access to a machine you can compromise its security.

Attached: 1435025269049.png (747x260, 198K)

probably all the off-topic animeposting. not even fucking reaction pictures, what a fucking autist

I believe it's time for you to rethink your self-identifying posting method. I know that the manual said Sup Forums likes manga and anime but you're actually doing it in an a very obnoxious way.

learn to shill better, my friend.

They went to the press before contacting AMD. Holy fuck!

oy vey

Attached: 1405147532700.jpg (1845x1923, 925K)

Attached: 1495565593992.jpg (709x520, 52K)

twitter.com/cataclysmza/status/973623820010577920

This situation is ridiculous you moron.
Anyone saying otherwise is a shill, a retard or went short against AMD.

>no evidence or details of their exploits
They said that they will release them tomorrow, have patience.

>the supposed exploits require shit like admin privileges and signed drivers
What is wrong with that? In fact it sounds perfect for a backdoor if it needs signed drivers. As for the rest they might be useful for projects like libreboot.

Not everyone who disagrees with you is a shill.

Attached: 1507221657453.jpg (1127x1600, 501K)

Read the OP. A fucking PR company made everything. Of course they went to the press first. The first thing Bevel PR did after creating the website was help their connected journalists prepare articles.

Isn't informing the users the most important?

Wew, literally
>everyone who disagrees is a shill.

delet this

Attached: kek.png (200x200, 45K)

>everyone who disagrees is a shill
>everyone who disagrees is a shill

Well, in both your cases one might find a spark of truth in it.
Quite coincidental. We got 2 allocated to one thread here. You should divert back to other venues, 1 shill should be more than enough for Sup Forums.

actually, we were discussing the technical details of the vulns being disclosed...

No you retard. Letting the people who can fix it is the most important. It's like letting the general public know a bank has a huge hope into their safe with all their money before you let the bank know. The best interest of everyone is to let the bank know so everyone doesn't lose their fucking money

What do you think AMD's "Secure OS" is? Surely they didn't write something in house?

Attached: 448px-Minix3.jpg (448x599, 39K)

>Isn't informing the users the most important?
Only if your aim is to damage a companies reputation. Which clearly is the aim here. If your aim is security, You go to the company responsible so you can get patches out before anyone can exploit.

>Exploiting MASTERKEY requires an attacker to be able to re-flash the BIOS with a specially crafted BIOS update.

(Ryzenfall)
>Exploitation requires that an attacker be able to run a program with local-machine elevated administrator privileges. Accessing the Secure Processor is done through a vendor supplied driver that is digitally signed.

(Fallout)
Exploitation requires that an attacker be able to run a program with local-machine elevated administrator privileges. Accessing the Secure Processor is done through a vendor supplied driver that is digitally signed.

(Chimera)
Prerequisites for Exploitation
A program running with local-machine elevated administrator privileges. Access to the device is provided by a driver that is digitally signed by the vendor.

Quotes directly from their whitepaper. So it's literally nothing for both servers and desktop users. If anything it could give the user more power over the system.

What's "wrong" with that is it isn't an exploit. Signed drivers aren't an exploit. Flashing a malicious BIOS isn't an exploit. If you have admin level access you don't need an exploit. If they found ways to do these things by bypassing security features that prevent them, then you have an exploit. However, that's not what they're saying they did. They're saying they found ""exploits"" that, as a prerequisite, require privileges which allow you to do anything on the system.

no, informing the company involved, give due time to investigate and patch is the most important.

>unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings

this is slandering tactics.
They are clearly trying to make it stick.
Hopefully the stock will soar before ryzen 2 and they'll get btfo and then sued for slandering on a civil court and later on SEC for fraud.

intel didn't inform their consumers of meltdown.
It literally got leaked.

bro, I found out a really good technique to steal a car, you just need the keys to do it and you're almost done, Ford fanbois btfo, how will /o/ ever recover

>Yaron co-founded CTS-Labs in 2017, and previously served as an intelligence analyst in the Israeli Intelligence Corps Unit 8200. He is also the founder and Managing Director of NineWells Capital, a hedge fund that invests in public equities internationally. He holds a B.A. and M.A. from Yale University.
>previously served as an intelligence analyst in the Israeli Intelligence Corps Unit 8200

>Ilia has spent over 12 years in the security industry industry, primarily in Chief Technology Officer or Chief Executive Officer roles. He previously served in the Israeli Intelligence Elite Technological Unit. In 2017, Ilia co-founded CTS Labs.
>He previously served in the Israeli Intelligence Elite Technological Unit

>Uri is an experienced technologist and entrepreneur, specializing in embedded research. He has focused on reverse engineering, security research, building MVPs, machine learning and deep learning. He previously served as a security researcher for the Israeli Intelligence Corps Unit 8200.
>He previously served as a security researcher for the Israeli Intelligence Corps Unit 8200

holy FUCK

You need physical or root access already to exploit them.

So the entire company is just 3 Mossad agents.

Truly not suspicious at all.

>I can sell you a horse goy.., er, buddy. No keys involved. Should be safe and secure.

Attached: horse-thief-3.jpg (1140x510, 170K)

Attached: IoT.jpg (600x379, 146K)

guess I'm gonna post this again:

DISCLAIMER: I'm far from expert in this topic

OK, so I've changed my mind about this a bit.

from what I can see, they are basically claiming that you can modify the BIOS (and then re-flash it, which obviously need admin privileges) and, from there, inject code, which you shouldn't be able to do, because these files should be signed.
from the paper:

>Exploiting MASTERKEY requires an attacker to be able to re-flash the BIOS with a specially crafted BIOS update. This update would contain Secure Processor metadata that exploits one of the vulnerabilities, as well as malware code compiled for ARM Cortex A5 – the processor inside the AMD Secure Processor. Because the Secure Processor checks its own digital signatures, this malicious update often passes BIOS-specific digital signature verifications.
fine, that's a vulnerability.

now, they claim some odd stuff about MASTERKEY...:
>MASTERKEY can often be exploited as part of a remote cyber-attack. Most EPYC and Ryzen motherboards on the market use a BIOS by American Megatrends that allows easy re-flashing from within the operating system using a command-line utility. Such utility could be used by remote attackers in the course of a cyber-attack.
>On motherboards where re-flashing is not possible because it has been blocked, or because BIOS updates must be encapsulated and digitally signed by an OEM-specific digital signature, we suspect an attacker could occasionally still succeed in re-flashing the BIOS.

>The RYZENFALL vulnerabilities allow unauthorized code execution on the Secure Processor. They also allow access to protected memory regions that are otherwise sealed off by hardware. Such areas are supposed to be completely inaccessible to both kernel drivers and programs running inside the operating system.
these seem like some really big claims
>These regions are:
>Windows Isolated User Mode and Isolated Kernel Mode (VTL1)
>Secure Management RAM (SMRAM)
>AMD Secure Processor Fenced DRAM

>The FALLOUT vulnerabilities allows access to protected memory regions that are otherwise sealed off by hardware. Such areas are supposed to be completely inaccessible to both kernel drivers and user programs running inside the operating system. These regions are:
> Windows Isolated User Mode and Isolated Kernel Mode (VTL1)
> Secure Management RAM (SMRAM)
well, if you already have access to main memory as SYSTEM, I doubt you couldn't already do this

>Mitigations
>No known mitigations. AMD has recently released a BIOS update that supposedly allows users disable the Secure Processor, but this feature works only partially and does not stop the RYZENFALL attacks.
uhm, so disabling the feature doesn't affect the vuln in said feature.

You're surprised by this? The entire security industry has sold out. All of the big names are bult on lies and hysteria. They're literally as bad as the people they are supposed to be defending us against.

>CHIMERA: Backdoors Inside Ryzen Chipset
>The CHIMERA vulnerabilities are an array of hidden manufacturer backdoors inside AMD's Promontory chipsets. These chipsets are an integral part of all Ryzen and Ryzen Pro workstations. There exist two sets of backdoors, differentiated by their implementation: one is implemented within the firmware running on the chip, while the other is inside the chip's ASIC hardware.
>The Promontory chipset is powered by an internal microcontroller that manages the chip's various hardware peripherals. Its built-in USB controller is primarily based on ASMedia ASM1142, which in turn is based on the company's older ASM1042. In our assessment, these controllers, which are commonly found on motherboards made by Taiwanese OEMs, have sub-standard security and no mitigations against exploitation. They are plagued with security vulnerabilities in both firmware and hardware,
no mention of the backdoors whatsoever.

all of these vulns require:
>A program running with local-machine elevated administrator privileges. Access to the device is provided by a driver that is digitally signed by the vendor.

what I find odd is:
- I assume they tested all of this, yet they give NO PROOF WHATSOEVER of any of the vulns, not even a shitty screenshot or video.
- also, how come no other experts looked into this before? there are lots of well known, respected experts that could have found some of these vulnerabilities very easily.

anyway, my guess is that, if any of this is true, it'd allow us to inspect the insides of the PSP and other stuff, and even make it 'open' for mods. for example, we could use this second CPU, we could run Linux on the BIOS and/or the PSP, etc.
the difference with some other Intel vulns being, you can't even disable those...

The only thing I'm surprised by is how blatant they are about it.

>Windows
Great, another reason not to give a fuck.

listening to it right now

You had me worried for a second.

>They said that they will release them tomorrow, have patience
How big of an Intbecile can you actually be? No, like, seriously, wow you're DUMB.

8200 are considered the elite of israeli intelligence.
They don't have agents, they're purely a technological branch and it's a well known fact in israel it's a great jumping board into cozy programming jobs and with the connections people create there doubly so. Not surprised

amdflaws.com/disclaimer.html

>The opinions expressed in this report are not investment advice nor should they be construed as investment advice or any recommendation of any kind.
>Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports.

>you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports
lmao how is this even legal

Thanks for the summary.

Sup Forums was right again

Attached: merchant.jpg (640x480, 25K)

>bevel
>be evil

plus.google.com/ LinusTorvalds/posts/PeFp4zYWY46
Wew lad.

>b evel

The man has spoken

Attached: GPMPMFA[1].png (520x311, 28K)

Lol. Ikey from Solus, piped in too.

>Linux need CoC because use word whore as insult

That's why i love mah nigga Linus, he doesn't give a fuck about any MUH FEELINGS bullshit

The best part is no one will ever successfully tell Linus to fuck off. The man is untouchable, and I love it.

some infosec rockstars talking about this:
twitter.com/dguido/status/973628511515750400
twitter.com/mjg59/status/973644755849457664

t-thanks user!

Attached: linus_to_the_rescue.png (543x419, 41K)

B A S E D

Buying two new 2400g media computers today, and ordering a TR computer for a media server for my place and upgrading my 1800x to 2700x just to spite intel.

based as fuck

I've been using Intel for a long time, so I've never dealt with changing CPUs when a new one comes out because shit gets locked to the motherboard thanks to Intel. No problems come up when you swap an old CPU with the refresh? Is it just literally change the CPU out, press a reset button, and boom the computer works?

It's the same socket, and probably the same drivers, so yeah.

Nothing to see here

Attached: Screenshot_2018-03-13_13-24-38.png (1224x231, 38K)

Yes. It is literally exactly like this. I have swapped multiple computers between various processors. Just update BIOS, turn it off, swap parts, turn it on and you're done. Even when going from a 1600x to a 2400g.

Can you stop? It feels bad that I can recognize you by your posting style. You aren't different from a shill even if you don't get paid.

thanks, this brainlet now knows its nothing to hora about
this easy way to upgrade sounds like manna from heaven, why oh why has Intel been so bad on this, I've been missing out

Attached: linusamd2.png (777x733, 115K)

>two australian teenagers
these dumb fucks are from fucking /biz/ aren't they holy shit

Australians truly are the bane of this site

Yikes. This isn't going to end well for them, I'm guessing.

born to shitpost

viceroy research group is literally a couple of strayan shitposters and con men.

Attached: 1502991054261.gif (390x277, 2.29M)

Now they can even shitpost in a court of law

Attached: 1489282367580.png (313x321, 230K)

Further evidence to back up the claims by Linus. Fucking clowns, the whole lot of 'em.

>Letting the people who can fix it is..
The issue here is that AMD is the only one who can fix it because they are a proprietary company

>The best interest of everyone is to let the bank know so everyone doesn't lose their fucking money
I disagree, they should learn not to depend on a trusted 3rd party, especially if it does not respect them

>if your aim is to damage a companies reputation
I will disagree, I think informing the users is the most important as they can learn the issues with using closed hardware and software. I also believe that they deserve to know it because they are the ones who actually use it

>If your aim is security
..you would use an open processor like RISC-V

>You go to the company responsible
So that they can disclose the issue with the NSA, semipatch it only so that the NSA can use it, and the public will know nothing about it

>If anything it could give the user more power over the system.
This is literally my point

>Signed drivers aren't an exploit
No, but the exploits described in the paper ARE exploits. Thing is that signed drivers were not supposed to have access to the PSP et cetra

>If you have admin level access you don't need an exploit
Admin level access does not imply PSP-level access

>They're saying they found ""exploits"" that, as a prerequisite, require privileges which allow you to do anything on the system.
What is wrong with that? There are were many local exploits in linux over the years, yet they were still called exploits.

>this is slandering tactics.
I fail to see how. I find the big waits in the exploit disclosure harmful.

Okay?

More like
>I found a way to root a tesla car.

What is the issue?

Why would it not be? As long as it's true that's it.

>shut it down, the users know!

>Can you stop?
Why?

>You aren't different from a shill even if you don't get paid.
Just because I disagree with the hivemind?

Attached: 1500341102971.jpg (728x1049, 142K)

>rockstars

dontcha mean hookers?

reminder to report and ignore retards.

You fail to see a lot of things.
The necessity to kill yourself promptly being the most concerning.

>You fail to see a lot of things.
Such as? (Something on-topic please)

>The necessity to kill yourself promptly being the most concerning.
How is it necessary?

Attached: 1508002281637.jpg (1046x1910, 288K)

The best way to make people understand what's best for them is figuratively killing them. Truly an enlightened view of the world, far from the sheep.