Dubious Research Discovers Ryzen vulnerabilites

[humbug]

Its sad, very very sad, you only ever see the posts where I talk negative about AMD and overlook that it is usually based on reasoning rather than just the knee jerk reaction that is going on in defence of AMD in a good amount of this thread.



These features annoy me a lot - some of it has functionality but not giving users transparency and options to control it properly is very poor.

I actually really hope one day something really bad happens and people actually see how bad this kind of approach is and there is public backlash against it - likewise with forced updates in Windows 10.

Well, i'm no noob here, i have been around a long while... not as long as him or others but long enough, if you're ever talking down anyone its only AMD,. i have never seen you do it to nVidia or Intel, with AMD it is as SiDeards73 said, constant.

Its a shame, you're a clever guy and i like you but you are on some sort of mission with AMD.

 

[SiDeards73]

Its sad, very very sad, you only ever see the posts where I talk negative about AMD and overlook that it is usually based on reasoning rather than just the knee jerk reaction that is going on in defence of AMD in a good amount of this thread.

No Rroff, whats sad is your post history does not lie, yes you often chime in with stuff that appears to have no agenda and may well be just a personal opinion, but you cannot resist dragging down AMD at every opportunity.

you are making these exploits out to be something more than they actually are, pretty much the entire internet and their dog agree that the level of access required to perform these exploits would effect ANY Cpu, not just AMD, but also Intel and anyone else. I guarantee you would have been "Lol yeah whatever" had this whole fiasco been about Intel, as inside you know its laughable at best.

 

[Rroff]

but you cannot resist dragging down AMD at every opportunity.

But you see it in narrow scope versus AMD and obviously dismissive of half of what I do post - spend a bit longer you'll see my approach is reflected in everything whether that is PC hardware or politics or whatever.

You are talking absolutely rubbish - spend awhile browsing the Meltdown thread for instance I'm talking in the same kind of tone, in this case even in reply to you, in respect to Intel:

https://forums.overclockers.co.uk/t...ectre-exploits.18806814/page-15#post-31485718

EDIT: Infact let me reproduce it here as you seem hard of reading

Intel are going to have to up their game - this isn't the only serious and long standing hardware vulnerability that has come to light lately with their hardware - there have been at least 2 AMT disclosures in the last 6 months - and people seem to have quickly forgotten about stuff like https://www.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/

 

[TrixP10]

But you see it in narrow scope versus AMD and obviously dismissive of half of what I do post - spend a bit longer you'll see my approach is reflected in everything whether that is PC hardware or politics or whatever.

Your talking absolutely rubbish - spend awhile browsing the Meltdown thread for instance I'm talking in the same kind of tone, in this case even in reply to you, in respect to Intel:

https://forums.overclockers.co.uk/t...ectre-exploits.18806814/page-15#post-31485718

Here is a read for you

https://www.extremetech.com/computi...ith-amd-security-disclosures-digs-deeper-hole

No asmeadiaflaws.com no intelflaws.com

 

[Rroff]

Here is a read for you

https://www.extremetech.com/computi...ith-amd-security-disclosures-digs-deeper-hole

In what way? I never said these people didn't act in bad faith but even that site shows there are (potentially) deeper concerns with some of the stuff like the ASMedia controller which if they are right has a wider impact.

Again I suggest people read the first couple of posts I made in this thread again and see my subsequent posts in the light of that.

 

[SiDeards73]

But you see it in narrow scope versus AMD and obviously dismissive of half of what I do post - spend a bit longer you'll see my approach is reflected in everything whether that is PC hardware or politics or whatever.

You are talking absolutely rubbish - spend awhile browsing the Meltdown thread for instance I'm talking in the same kind of tone, in this case even in reply to you, in respect to Intel:

https://forums.overclockers.co.uk/t...ectre-exploits.18806814/page-15#post-31485718

EDIT: Infact let me reproduce it here as you seem hard of reading

One thread? as opposed to the multitude of threads where you just drag AMD Down where possible? listen, its obvious you have an agenda, im just intrested to know if your paid or if you just do it as thats your personal point of view? i defend AMD as i like their products, i own a Ryzen CPU and an Nvidia GPU, i cannot stand Nvidia, but they make the best GPU's but i dont feel the need to trawl Intel / Nvidia threads where possible just dragging them down.

Its well known theres a few people on these forums that are pro Intel / Nvidia, everyone knows who they are, your name is in that list, now you can either own up and admit it, or maybe take the blinkers off and realize you have pigeon holed yourself there.

My point is it gets tiring having to wade through posts by people who have an agenda, they dont really want to contribute anything active to a discussion other than to use it as a chance to bad mouth the vendor. Many people read these forums for hardware advice and if you have a vocal minority bad mouthing one vendor and promoting others, what do you think these people are going to go with?

Anyhow back on topic, the whole affair with this report, CTS labs etc etc is laughable, the exploit itself is an exploit to ANY piece of hardware that can be flashed, and the required privileges to do so means if it happens to you, you probably deserve it.

There is no story here other than a group of chancers trying to short a stock for their own personal gain, a group with a history of doing exactly that. anything more than that is just slight of hand.

 

[Hotwired]

The bit where you happy to go on grains of information is probably what looks so bad.

I don't doubt they have something but it's obviously such low grade something with such disgusting exaggeration that it's likely as important as the daily bugs that hardware companies deal with.

Tasteless to give them any credit for their performance which it has to be specially underlined, involves massive claims coupled with massive secrecy over actual details to further bait drama.

 

[TrixP10]

In what way? I never said these people didn't act in bad faith but even that site shows there are (potentially) deeper concerns with some of the stuff like the ASMedia controller which is they are right has a wider impact.

Again I suggest people read the first couple of posts I made in this thread again and see my subsequent posts in the light of that.

Well then perhaps you can explain how worried you are about the inherent security flaws in Intel chipsets and why Intel hasn't yet come forward with a statement and planned fixes

 

[Rroff]

The bit where you happy to go on grains of information is probably what looks so bad.

I don't doubt they have something but it's obviously such low grade something with such disgusting exaggeration that it's likely as important as the daily bugs that hardware companies deal with.

Tasteless to give them any credit for their performance which it has to be specially underlined, involves massive claims coupled with massive secrecy over actual details to further bait drama.

Check out the WannaCry thread for instance - I've a reasonably good overall grasp of these kind of subjects - while I lack specialised knowledge in some areas I've a reasonably broad experience to them and can quickly make connections to disparate systems that other people take longer to understand - people were similarly disparaging about my posts in that thread and turned out in the end I was right. (EDIT: Caveat here as per my first couple of posts this is pending on these claims actually verifying when AMD or other experts look into it).

Again just because they are scumbags doesn't mean that everything they say is wrong.

One thread? as opposed to the multitude of threads where you just drag AMD Down where possible? listen, its obvious you have an agenda, im just intrested to know if your paid or if you just do it as thats your personal point of view? i defend AMD as i like their products, i own a Ryzen CPU and an Nvidia GPU, i cannot stand Nvidia, but they make the best GPU's but i dont feel the need to trawl Intel / Nvidia threads where possible just dragging them down.

Its well known theres a few people on these forums that are pro Intel / Nvidia, everyone knows who they are, your name is in that list, now you can either own up and admit it, or maybe take the blinkers off and realize you have pigeon holed yourself there.

My point is it gets tiring having to wade through posts by people who have an agenda, they dont really want to contribute anything active to a discussion other than to use it as a chance to bad mouth the vendor. Many people read these forums for hardware advice and if you have a vocal minority bad mouthing one vendor and promoting others, what do you think these people are going to go with?

Anyhow back on topic, the whole affair with this report, CTS labs etc etc is laughable, the exploit itself is an exploit to ANY piece of hardware that can be flashed, and the required privileges to do so means if it happens to you, you probably deserve it.

There is no story here other than a group of chancers trying to short a stock for their own personal gain, a group with a history of doing exactly that. anything more than that is just slight of hand.

I spent ages typing out a long reply to this but you know what I'm bored with it get a life and get a grip.

Well then perhaps you can explain how worried you are about the inherent security flaws in Intel chipsets and why Intel hasn't yet come forward with a statement and planned fixes

You can see roughly how worried I am about it in the quote I reproduced about Intel AMT above. Intel need to up their game - one thing that has often been overlooked with Intel as well is that for a long time relatively unchallenged they've been banking R&D progress instead of rolling it out to end users and that as much includes things on the security front unfortunately as it does features and performance, etc.

 

[humbug]

Here is a read for you

https://www.extremetech.com/computi...ith-amd-security-disclosures-digs-deeper-hole

No asmeadiaflaws.com no intelflaws.com

In what way? I never said these people didn't act in bad faith but even that site shows there are (potentially) deeper concerns with some of the stuff like the ASMedia controller which if they are right has a wider impact.

Again I suggest people read the first couple of posts I made in this thread again and see my subsequent posts in the light of that.

Intel are also using ASmedia Chipsets.

It’s absolutely fair to characterize and test the flaws in AMD’s chipsets. But as CTS Labs’ white paper makes clear, the same Asmedia chips that make up AMD’s Promontory chipset for Ryzen CPUs have been shipping on motherboards, including hundreds of Intel motherboards models, for at least the past six years.

 

[CAT-THE-FIFTH]

Intel are also using ASmedia Chipsets.

Forgot about that! Good spot.

 

[Cyber-Mav]

lol once amd is finished patching out these security flaws their performance is be back to bulldozer levels.
guess going forwards its best to wait 6 months before jumping on the latest and greatest cpu.

 

[humbug]

lol once amd is finished patching out these security flaws their performance is be back to bulldozer levels.
guess going forwards its best to wait 6 months before jumping on the latest and greatest cpu.

Chipsets have nothing to do with CPU performance and so far AMD have not needed to make any patches that effect performance because AMD CPU's are invulnerable to Meltdown.

Also, did you not ready what i just said? Intel also use ASmedia Chipsets.

 

[4K8KW10]

lol once amd is finished patching out these security flaws their performance is be back to bulldozer levels.
guess going forwards its best to wait 6 months before jumping on the latest and greatest cpu.

Location detected : Trollandia lol

 

[Rroff]

lol once amd is finished patching out these security flaws their performance is be back to bulldozer levels.
guess going forwards its best to wait 6 months before jumping on the latest and greatest cpu.

Most of these won't have much if any impact on performance - being able to circumvent signed code checks for instance should be fixable without any performance impact.

Some of the areas which manage to break out what is supposedly fenced memory might I don't really know enough about the potential fixes for stuff like that but largely in this case it isn't connected to anything much performance heavy in general there might be some impact on things like AES relevant performance but I don't think any of this really impacts that enough.

Most of these potential exploits lie in areas that aren't used in day to day tasks for the most part aside from the controllers for stuff like USB but the problems there are due to sanity checks that aren't regularly called in day to day usage.

 

[DragonQ]

lol once amd is finished patching out these security flaws their performance is be back to bulldozer levels.
guess going forwards its best to wait 6 months before jumping on the latest and greatest cpu.

This is not the kind of bug that requires fixes that reduce performance. Maybe read more before posting.

 

[smilingcrow]

Intel are also using ASmedia Chipsets.

Do you mean that motherboard manufacturers use 3rd party chipsets including ASmedia on Intel platform motherboards to add additional features?
Are the ASmedia controllers embedded in the AMD CPU itself meaning that they are a core feature so disabling them might be more serious?
I'm not unduly concerned about this issue but good to be clear on what the facts are.

 

[humbug]

Do you mean that motherboard manufacturers use 3rd party chipsets including ASmedia on Intel platform motherboards to add additional features?
Are the ASmedia controllers embedded in the AMD CPU itself meaning that they are a core feature so disabling them might be more serious?
I'm not unduly concerned about this issue but good to be clear on what the facts are.

The first one. its the same for both AMD and Intel.

 

[Rroff]

Do you mean that motherboard manufacturers use 3rd party chipsets including ASmedia on Intel platform motherboards to add additional features?
Are the ASmedia controllers embedded in the AMD CPU itself meaning that they are a core feature so disabling them might be more serious?
I'm not unduly concerned about this issue but good to be clear on what the facts are.

The on-die south bridge is provided by ASMedia as part of the so called promontory chipset. AFAIK this only requires admin/super user access to be able to upload firmware to it and not dependant on a compromised BIOS to be able to avoid the signed code checks. If this checks out it means malware injected in this fashion can survive normal system wipes, undetected by normal security software and audits and being moved from system to system.

EDIT: Guessing you are quoting someone I have on ignore as re-reading your post doesn't come across quite how I first thought when initially reading it.

I'm not 100% on the Intel side but in my experience the ASMedia chipset is used on the board to provide additional SATA and USB connections, etc. and not as part of the Intel CPU - hence why people prefer the Intel SATA ports which are "more directly" connected to the CPU over those provided by a 3rd party such as Marvell or ASMedia.

 

[humbug]

Life here becomes difficult when you have half the forum on ignore ^^^^