| Page 1 of 1 |
|
|
 Posted: Tue, 13th Mar 2018 18:07 Post subject: 13 vulnerabilities discovered for AMD Ryzen/Zen (?) |
|
 |
https://amdflaws.com/
| Quote: | How long before a fix is available?
We don't know. CTS has been in touch with industry experts to try and answer this question. According to experts, firmware vulnerabilities such as MASTERKEY, RYZENFALL and FALLOUT take several months to fix. Hardware vulnerabilities such as CHIMERA cannot be fixed and require a workaround. Producing a workaround may be difficult and cause undesired side-effects. |
| Quote: | Are these vulnerabilities currently being exploited in the wild?
We don't know, but we are concerned about CHIMERA. Similar vulnerabilities in other ASMedia products have been known in hardware hacking circles for several years.
|
Apparently AMD fucked really really bad:
| Quote: | Conclusion
In this paper, we have summarized our findings concerning multiple vulnerabilities in AMD Zen Architecture processors.
We believe that these vulnerabilities put networks that contain AMD computers at a considerable risk. Several of them open the door to malware that may survive computer reboots and reinstallations of the operating system, while remaining virtually undetectable by most endpoint security solutions. This can allow attackers to bury themselves deep within the computer system and to potentially engage in persistent, virtually undetectable espionage, executed from AMD’s Secure Processor and AMD’s chipset.
It is our view that the existence of these vulnerabilities betrays disregard of fundamental security principles.
We hope that the security community takes note of these findings. |
TWIN PEAKS is "something of a miracle."
"...like nothing else on television."
"a phenomenon."
"A tangled tale of sex, violence, power, junk food..."
"Like Nothing On Earth"
~ WHAT THEY'RE TRYING TO SAY CAN ONLY BE SEEN ~
http://www.youtube.com/watch?v=CHTUOgYNRzY
Last edited by consolitis on Tue, 13th Mar 2018 23:29; edited 2 times in total
|
|
| Back to top |
|
|
Nui
VIP Member
Posts: 5720
Location: in a place with fluffy towels
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
proekaan
VIP Member
Posts: 3650
Location: Finland
|
| Posted: Tue, 13th Mar 2018 20:01 Post subject: |
|
|
There is a lot of talk about this on Guru(and other places) and so far this whole thing seems really shady:
http://www.guru3d.com/news-story/13-critical-security-vulnerabilities-and-manufacturer-backdoors-discovered-in-amd-ryzen-processors.html
| Quote: |
Currently, there is speculation that this information release is an attempt to manipulate the stock price of AMD. The short seller Viceroy Research would possibly play a role in this. That company published relatively quickly after CTS the claim that the 'revelations' would be the death blow for AMD. |
AMD Ryzen 9 7900X 4,7 GHz
Asrock X670E Steel Legend
G.Skill Trident Z5 32 GB DDR5 6400Mhz
Asus TUF RTX 4090 24 GB GDDR6X
NZXT Kraken Z73 RGB
Corsair HX1500i Platinum
NZXT H7 Flow
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
proekaan
VIP Member
Posts: 3650
Location: Finland
|
| Posted: Tue, 13th Mar 2018 20:50 Post subject: |
|
|
Ya, the more you read about this, the more it seems like trolling or even plain stock manipulation.
AMD Ryzen 9 7900X 4,7 GHz
Asrock X670E Steel Legend
G.Skill Trident Z5 32 GB DDR5 6400Mhz
Asus TUF RTX 4090 24 GB GDDR6X
NZXT Kraken Z73 RGB
Corsair HX1500i Platinum
NZXT H7 Flow
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Mar 2018 23:18 Post subject: |
|
|
Trail of Bits, https://www.trailofbits.com/ a legit security company founded in 2012, corroborate the exploits are real and they've been contacted by these guys last week: https://motherboard.vice.com/en_us/article/kzpm5x/amd-secure-processor-ryzen-epyc-vulnerabilities-and-backdoors
| Quote: | All 13 vulnerabilities are exploitable, according to Dan Guido, the founder of security firm Trail of Bits, whose researchers reviewed the flaws and exploit code before publication last week.
“Each of them works as described,” Guido told me in a phone call.
It’s important to note that all these vulnerabilities require hackers to get on the computers and gain administrative privileges some other way first, such as with a phishing attack that tricks the victim into running a malicious application, according to the CTS researchers and Guido.
This means that they are “second stage” vulnerabilities, which would allow attackers to move from computer to computer inside the same network, or install malware directly inside the processor that can’t get detected by security software. This would allow an attacker to spy on the target without detection.
“It makes a bad compromise worse,” Guido said. |
But we'll see. Even if legit, they still might have had the motive to make AMD look bad by informing them too late, or exaggerating about how serious they are, etc.
TWIN PEAKS is "something of a miracle."
"...like nothing else on television."
"a phenomenon."
"A tangled tale of sex, violence, power, junk food..."
"Like Nothing On Earth"
~ WHAT THEY'RE TRYING TO SAY CAN ONLY BE SEEN ~
http://www.youtube.com/watch?v=CHTUOgYNRzY
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Mar 2018 23:39 Post subject: |
|
|
| consolitis wrote: | Trail of Bits, https://www.trailofbits.com/ a legit security company founded in 2012, corroborate the exploits are real and they've been contacted by these guys last week: https://motherboard.vice.com/en_us/article/kzpm5x/amd-secure-processor-ryzen-epyc-vulnerabilities-and-backdoors
| Quote: | All 13 vulnerabilities are exploitable, according to Dan Guido, the founder of security firm Trail of Bits, whose researchers reviewed the flaws and exploit code before publication last week.
“Each of them works as described,” Guido told me in a phone call.
It’s important to note that all these vulnerabilities require hackers to get on the computers and gain administrative privileges some other way first, such as with a phishing attack that tricks the victim into running a malicious application, according to the CTS researchers and Guido.
This means that they are “second stage” vulnerabilities, which would allow attackers to move from computer to computer inside the same network, or install malware directly inside the processor that can’t get detected by security software. This would allow an attacker to spy on the target without detection.
“It makes a bad compromise worse,” Guido said. |
But we'll see. Even if legit, they still might have had the motive to make AMD look bad by informing them too late, or exaggerating about how serious they are, etc. |
That's not good, but it's definitely not as scary as what the authors made it sound like. Did they actually contact Trail of Bits earlier than they contacted AMD? Since they apparently only gave AMD 24 hours?
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 14th Mar 2018 09:55 Post subject: |
|
|
Sounds like horseshit. They faked their office with stock photos, wtf? Shortselling stock perhaps?
i5 6600k @ 4.3 GHz | MSI z170 Gaming M7 | 32GB Kingston HyperX Fury | 850 Evo 500GB | EVGA 1070 SC | Seasonic X-660 | CM Storm Stryker
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 14th Mar 2018 17:19 Post subject: |
|
|
Last edited by paxsali on Thu, 4th Jul 2024 23:29; edited 2 times in total
|
|
| Back to top |
|
|
tonizito
VIP Member
Posts: 51413
Location: Portugal, the shithole of Europe.
|
| Posted: Wed, 14th Mar 2018 19:49 Post subject: |
|
|
Wow only 12 posts until intel is somehow blamed 
| boundle (thoughts on cracking AITD) wrote: | | i guess thouth if without a legit key the installation was rolling back we are all fucking then |
|
|
| Back to top |
|
|
tonizito
VIP Member
Posts: 51413
Location: Portugal, the shithole of Europe.
|
| Posted: Wed, 14th Mar 2018 19:49 Post subject: |
|
|
Wow only 12 posts until intel is somehow blamed
| boundle (thoughts on cracking AITD) wrote: | | i guess thouth if without a legit key the installation was rolling back we are all fucking then |
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 14th Mar 2018 19:53 Post subject: |
|
|
you must excuse pax, he would have said that earlier but most likely was distracted by installing and playing some my little pony stuff which he got from bob for the laptop for his nice
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 14th Mar 2018 20:12 Post subject: |
|
|
Last edited by paxsali on Thu, 4th Jul 2024 23:29; edited 2 times in total
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 14th Mar 2018 20:33 Post subject: |
|
|
Last edited by paxsali on Thu, 4th Jul 2024 23:29; edited 2 times in total
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 14th Mar 2018 21:54 Post subject: |
|
|
Last edited by paxsali on Thu, 4th Jul 2024 23:29; edited 2 times in total
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
kumkss
Posts: 4835
Location: Chile
|
| Posted: Sat, 17th Mar 2018 01:38 Post subject: |
|
|
amd stocks seems not affected...
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 17th Mar 2018 01:55 Post subject: |
|
|
Last edited by paxsali on Thu, 4th Jul 2024 23:29; edited 2 times in total
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 17th Mar 2018 09:30 Post subject: |
|
|
| kumkss wrote: | | amd stocks seems not affected... |
Luckily.
Since this was just troll news without any real proof by some retards.
Enthoo Evolv ATX TG // Asus Prime x370 // Ryzen 1700 // Gainward GTX 1080 // 16GB DDR4-3200
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
| Page 1 of 1 |
All times are GMT + 1 Hour |
registering an url like amdflaws for such rumors isnt really reliable
