Dubious Research Discovers Ryzen vulnerabilites

[humbug]

If this is what it appears to be AMD need to be sure of it, call it and the madeup company a lie.

Force them to defend themselves.

 

[David Bisset]

Haha need physical access and admin privs? If you've got that the target is boned already. What a poorly done hatchet job.

 

[Hotwired]

From https://viceroyresearch.org/2018/03/13/amd-the-obituary/

WTF, who writes stuff like this and expects it to be taken seriously.

Short-seller Viceroy Research will be on @HalftimeReport today at Noon to discuss the new CTS Labs report alleging security flaws in $AMD chips.

I wonder what their angle is...

 

[drunkenmaster]

Like I said, if this is the best Intel has AND they've pushed this right now, months after Meltdown/Spectre and frankly no one is really even talking about it any more to me it says this is trying to muddy the waters before another big security flaw comes to light. If true I also think it would have to be soon based on the same reasoning. No one is even talking about Meltdown any more and it's only really been 2 months, people stopped talking about it a month after the fact well before Intel actually had fixes for older chips available. If this is a smoke screen to again as Intel tried to do the first time, imply AMD is just as vulnerable as Intel, then I would think something is due to be released in the next couple of weeks.

Will certainly be interesting to see if that is the case.

 

[sideways14a]

I doubt Intel is behind this, they are bent but not that stupid.
If they are then this will surely backfire in a very big way for them, its getting torn to pieces on the web so far.

 

[humbug]

Haha need physical access and admin privs? If you've got that the target is boned already. What a poorly done hatchet job.

This is the insane thing about it.

The whole point of Meltdown and Spectre was that you could access memory stored items remotely.
AMD's argument was that this did not effect them because you would have to be physically at the target machiene and hack into it.

So along come this fake security company claiming to have found 13 security flaws in Ryzen CPU's by hacking into a physical machine locally, its not even really a hack, they simply disabled all Windows security and then infected the machine with malware, WTF? you can do this with any computer, its not the fault of the CPU.

Wow, mind blown....

 

[David Bisset]

I doubt Intel is behind this, they are bent but not that stupid.
If they are then this will surely backfire in a very big way for them, its getting torn to pieces on the web so far.

Seems too dumb to be Intel, maybe some vendor company or fan group or similar? Be interesting to see what comes up.

 

[Killer7xx]

It isn't fake information as far as I can see - just the implications being inflated by intimation.

It is fake. Look at how few details they gave and the fact this was dropped with zero notice. Any reputable research report would contain exact details of which version of Windows they used, which CPUs they tested, what other software they were running on Windows and a test with an Intel CPU to ensure they are not affected. This is like claiming that your CPU is vulnerable because you ran "virus.exe" with admin rights and it bricked your windows OS. They have no proof it was due to AMD's specific architecture and not a flaw in Windows.

 

[TrixP10]

From their website

We specialize in a variety of communications areas. Our team of influencers will help you develop a customized communications plan that is uniquely designed to drive success for your business.

 

[humbug]

The thing is this is already all over Seeking Alpha and other 'Investment news groups'

So what has it actually done to AMD share price today? is it down 20%? 10%? maybe just a little, 5%? nope... its all pretty normal, in fact its up a little today.

So no one believes it.

 

[TrixP10]

I wonder what their angle is...

Viceroy Research
https://m.fin24.com/Economy/treasury-slams-viceroys-capitec-report-as-reckless-20180201

 

[CAT-THE-FIFTH]

So,where is the corresponding Intelflaws?? Maybe someone can investigate what links this company might have with Intel.

Hmm,they look rather dodgy too:

https://news.ycombinator.com/item?id=16576516
https://www.reddit.com/r/Amd/comments/844o3c/amd_security_flaw_found_in_ryzen_epyc_chips/

There's far more damning evidence than that:

24 hour disclosure instead of industry standard 90/180 day
Domain records for "amdflaws.com" were created on the Feb, 22, 2018 for this "16 years in operation" company.
It was also registered not directly but by "domainsbyproxy.com" thus no real contact information of the domain is public. It was used by fraudsters before.
Amdflaws links to a YT video, with comments disabled

YT Channel with video was just just March of this year

This sketchy "we might have economic interest by disclosing these vulnerability" from their disclaimer

Exploits have insane requirements like being able to defeat OEM BIOS flash protections and Windows' driver signing...

https://amdflaws.com/disclaimer.html

Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports.

WTF??

They talk about a company called Viceroy who does dodgy stuff:

https://m.fin24.com/Economy/treasury-slams-viceroys-capitec-report-as-reckless-20180201

Cape Town – National Treasury has spoken out against Viceroy Research, labelling its report on Capitec as reckless.

Viceroy released a report on Capitec this week, labelling the bank a "'loan shark" and alleged the bank "engaged in reckless lending".

In a statement released on Thursday afternoon, Treasury said: “Until two weeks ago, Viceroy operated anonymously and opaquely, and the reckless way in which it has released its report is clear proof that it is not acting in the public interest nor in the interest of financial stability in South Africa.”

Look who is trying to push AMD stock price down:

https://viceroyresearch.files.wordpress.com/2018/03/amd-the-obituary-13-mar-2018.pdf

AMD – The Obituary

Apparently they "wrote that" in a few hours.

There appears to be a concerted effort to push AMD stock price down:

https://www.thestreet.com/video/144...concerted-effort-to-keep-the-stock-lower.html

TheStreet's founder and Action Alerts PLUS Portfolio Manager Jim Cramer said there's a concerted effort to keep shares of Advanced Micro Devices lower.

 

[CAT-THE-FIFTH]

From their website

We specialize in a variety of communications areas. Our team of influencers will help you develop a customized communications plan that is uniquely designed to drive success for your business.

I had a quick look - where is that posted on their website??

 

[4K8KW10]

"13" "flaws" "discovered or revealed" on the 13th day of the month by some random troll hackers?!

I do wonder why we are wasting our time with this crap.

 

[crinkleshoes]

Mines on my landline which I pretty much ignore these days.

Yeah... I normally added privacy... the first one I forget to add it, I added my mobile... derp... it was more frequent... but even 1 year later... it's still about one per week.

 

[Silent_Scone]

Of course they were paid, it's more than obvious. That said, is this any surprise? Zen is a mongrel, the outsourcing on this platform alone leaves a lot of room for these types of things.

 

[Hotwired]

That said, is this any surprise?

I don't know, how vulnerable is any system really when Step #1 of exploiting a vulnerability is to have admin access or be in a position to flash the BIOS.

That is what they have specified as necessary...

 

[Hotwired]

Short-seller Viceroy Research will be on @HalftimeReport today at Noon to discuss the new CTS Labs report alleging security flaws in $AMD chips.

I wonder what their angle is...

https://twitter.com/ScottWapnerCNBC/status/973597591400337408

UPDATE -- Not going to get to the $AMD story today on @HalftimeReport

Yes that's CNBC the american news channel backpedalling the hell away from this story

 

[Rroff]

It is fake. Look at how few details they gave and the fact this was dropped with zero notice. Any reputable research report would contain exact details of which version of Windows they used, which CPUs they tested, what other software they were running on Windows and a test with an Intel CPU to ensure they are not affected. This is like claiming that your CPU is vulnerable because you ran "virus.exe" with admin rights and it bricked your windows OS. They have no proof it was due to AMD's specific architecture and not a flaw in Windows.

Most of that is irrelevant to potential hardware flaws that give sideband memory access, etc. a lot revolves around the specific implementation of AMD's SPS and specific to the architecture so testing an Intel CPU makes zero sense and doesn't depend on OS, etc.

Someone has been planning this for awhile - a month ago there was rumbles released around certain parts of a potential buffer overrun that can be used to execute code within the SPS that doesn't require such elevation - put the two together and it doesn't seem like coincidence.

Now granted they don't actually give a technical report - but assumedly such details were given to AMD or they'd have shot them down already or will do so very quickly.

 

[Hotwired]

Reddit is making itself useful

https://www.reddit.com/r/Amd/comments/845w8e/alleged_amd_zen_security_flaws_megathread/