Dubious Research Discovers Ryzen vulnerabilites

[TrixP10]

Wonder if its possible to actually bring a criminal case against these morons for deliberate collusion with other organisations with the sole attempt to lower shares prices for personal gain?

If i was these guys id be looking over my shoulder for a long while, if they have indeed been paid by another company with a vested interest in keeping AMD down, that company would no doubt not hesitate to throw this bunch of imbeciles to the wolves if it meant they did not get any grief from the fall out.

That Anand interview was mindblowing, the level of incompetence these idiots showed about Corporate networks etc was unbelievable.

I'm been thinking the same. Right now AMD's approach is to keep a low profile (busy time) but the fact that they imply Ryzen & Epic cpu's are flawed coupled with the fact they create web site such as as AMDflaws etc. it is plainly obvious that they are trying to tarnish the company. Links to market manipulators is also a fact.
Their implication that AMD cpu' are flawed is WRONG. If AMD sues I think then there will be much more info about their shady financial dealings.
I sincerely hope that someone takes them to task.

 

[sideways14a]

The talk about enterprise computing ... i nearly fell off my seat laughing.
They have not got a scooby.. i wonder if they are reading the forums looking at all the posts about there lack of knowledge.

 

[TrixP10]

AMD Security Flaw Narrative Falls Flat

https://seekingalpha.com/article/4157053-amd-security-flaw-narrative-falls-flat

CTS-labs was evasive about its customers, research funding sources, and motives. Essentially, we now have a confirmation that the issue has been hyped beyond reason for reasons that are likely nefarious. At this point, it appears the CTS-labs and Viceroy research may have colluded to manipulate AMD stock. We submit that this short narrative was severely overhyped, has no legs, and can now be put to bed.

 

[Rroff]

I'm been thinking the same. Right now AMD's approach is to keep a low profile (busy time) but the fact that they imply Ryzen & Epic cpu's are flawed coupled with the fact they create web site such as as AMDflaws etc. it is plainly obvious that they are trying to tarnish the company. Links to market manipulators is also a fact.
Their implication that AMD cpu' are flawed is WRONG. If AMD sues I think then there will be much more info about their shady financial dealings.
I sincerely hope that someone takes them to task.

AMD's PR approach is completely wrong (and typical of why I'm critical of AMD - they mouth off when they have nothing to say and stay silent when they should be talking) - they are letting the headlines be lead and while some tech sites like Anandtech are starting to produce more factual information the average person the first thing they see is "AMD IS FLAWED AND BROKEN AND THE WORLD IS GOING TO END!!!" AMD should be taking charge of the media here not being mostly silent other than some brief disclosure to their investor channel.

As for not being flawed - we have no real idea - there is potentially some not insignificant issues even if this is second stage stuff related to security of the chipset, practises over secure memory space, etc. - even the Anandtech article notes that some actual industry experts have looked at it and their initially response hasn't been "Oh LOL LOL this is completely gibberish".

EDIT: There is no doubt this information is being weaponised to use against AMD but that doesn't mean that it is all completely wrong.

People are in such a hurry to defend AMD here they aren't looking beyond the face value.

 

[Silent_Scone]

Well said. I think personally there are genuine concerns being discovered, but they're being inflated by what at this stage can safely be called sock puppets.

 

[humbug]

AMD Security Flaw Narrative Falls Flat.

https://seekingalpha.com/article/41...g93:9b71e336d4ff0e58d5bef892486dff5f&uprof=55

At last, sanity prevails!

• CTS-labs narrative on AMD security issues is now discredited by the security company CTS hired to evaluate the exploit.
• CTS-labs methods, motives, and processes are called into question by interviewers at AnandTech and RealWorldTech.
• The security flaw driven short story has now fallen flat.

“There is no immediate risk of exploitation of these vulnerabilities for most users. Even if the full details were published today, attackers would need to invest significant development efforts to build attack tools that utilize these vulnerabilities. This level of effort is beyond the reach of most attackers (see here, Figure 1)

Thank you sanity.

 

[Rroff]

Well said. I think personally there are genuine concerns being discovered, but they're being inflated by what at this stage can safely be called sock puppets.

A few things don't make sense to me as more info comes out - if this was a planned hit they'd have most likely done the equivalent of a link and run or had it all down pat with a full technical disclosure ready - CTS now seem to be scrambling to backfill information and do testing that wasn't done in the first place. IMO this is a fledgling company that found some not "unserious" but largely unremarkable flaws and in a hurry to make a name for themselves went off half-cocked and got taken advantage of by a 3rd party with a vested interest in seeing AMD take a hit. They are probably feeling pretty rueful now in the middle of a **** storm they were too inexperienced to foresee.

 

[humbug]

Roff has me on his naughty list and can't read what i just posted, someone tell him the security firm CTS-Labs hired to confirm their findings has just discredited them, he would find that interesting.

 

[Silent_Scone]

Roff has me on his naughty list and can't read what i just posted, someone tell him the security firm CTS-Labs hired to confirm their findings has just discredited them, he would find that interesting.

They're now downplaying the vulnerability, not discrediting it entirely. Damage control before the proverbial sh hits the fan.

 

[Rroff]

They're now downplaying the vulnerability, not discrediting it entirely. Damage control before the proverbial sh hits the fan.

Pretty much what we assumed from the start - confirming that largely these vulnerabilities have minimal impact on home users and limited scenarios where they are useful - latest information suggests it would require the resources of a state sponsored group to do much with it - but that isn't discrediting these issues as being real.

 

[humbug]

They're now downplaying the vulnerability, not discrediting it entirely. Damage control before the proverbial sh hits the fan.

Did you read it?

Right, they are not discrediting the vulnerabilities, they are discrediting CTS-Labs, why? because, and as i have said all along these vulnerabilities are not unique to AMD, they also apply to Intel, they are infact not a vulnerabilities that are inherent to any CPU flaw, in this case there isn't any in regards to AMD or Intel's CPU's, its that this is software hacking AMD or Intel are not responsible for mitigating, its a plain hack of the vanilla sort while also too difficult and unlikely to warrant a public interested concern.

To that effect don't give strangers access to your BIOS and you'll be fine, this applies to any system and your own responsibility.

 

[humbug]

Did you read it?

Right, they are not discrediting the vulnerabilities, they are discrediting CTS-Labs, why? because, and as i have said all along these vulnerabilities are not unique to AMD, they also apply to Intel, they are infact not a vulnerabilities that are inherent to any CPU flaw, in this case there isn't any in regards to AMD or Intel's CPU's, its that this is software hacking AMD or Intel are not responsible for mitigating, its a plain hack of the vanilla sort while also too difficult and unlikely to warrant a public interested concern.

To that effect don't give strangers access to your BIOS and you'll be fine, this applies to any system and your own responsibility.

In summery this quote sums it up, if you don't want to read all of it.

It appears that CTS Labs first found vulnerabilities in Asustek’s chipsets and validated them (likely on Intel (NASDAQ:INTC) x86 systems). Then, the Company went to look for those same errors and others in AMD x86-based systems. However, instead of pointing out that security problems existed in tens, if not hundreds, of millions of systems with Intel and AMD chips, CTS decided to target AMD.

I mean how else was this going to turn out? it was very obvious right from the very start CTS-Labs had some sort of Anti AMD agenda with it.

Edit i just realized TrixP10 posted the article before me, sorry TrixP10 i didn't mean to step on your toes

 

[CAT-THE-FIFTH]

Apparently David Kanter is not good enough for some,LOL.

 

[TrixP10]

A few things don't make sense to me as more info comes out - if this was a planned hit they'd have most likely done the equivalent of a link and run or had it all down pat with a full technical disclosure ready - CTS now seem to be scrambling to backfill information and do testing that wasn't done in the first place. IMO this is a fledgling company that found some not "unserious" but largely unremarkable flaws and in a hurry to make a name for themselves went off half-cocked and got taken advantage of by a 3rd party with a vested interest in seeing AMD take a hit. They are probably feeling pretty rueful now in the middle of a **** storm they were too inexperienced to foresee.

Nope

 

[TrixP10]

Pretty much what we assumed from the start - confirming that largely these vulnerabilities have minimal impact on home users and limited scenarios where they are useful - latest information suggests it would require the resources of a state sponsored group to do much with it - but that isn't discrediting these issues as being real.

So the earth is round after all

 

[TrixP10]

In summery this quote sums it up, if you don't want to read all of it.



I mean how else was this going to turn out? it was very obvious right from the very start CTS-Labs had some sort of Anti AMD agenda with it.

Edit i just realized TrixP10 posted the article before me, sorry TrixP10 i didn't mean to step on your toes

No problem. In fact the more alerts to that info the better (especially for the 'flat earth brigade')

 

[humbug]

lol ^^^

 

[Rroff]

Nope

Only that is exactly what the information coming out now is tending to point at. If you have a different opinion maybe expound on it.

 

[Mercutio]

If these check out there are two possible considerations for corporate/networked environments - one potential angle is that someone with high enough, but still low level, privileges could use these to plant a dropper or rootkit type infection that was undetected by normal security audits and could survive normal machine wipes allowing them to harvest information and credentials they shouldn't have access to. The other which seems a bit of a wildcard is that there could be a way to expose the ARM Cortex embedded system so that it could be attacked with something like Spectre remotely and then used to compromise the system - this seems to rely on possible, that might or might not exist, undocumented (for security reasons) functionality related to SPS or one of the 3rd party microcontrollers.

It will be interesting to see what a proper AMD response says.

So... "if someone is able to screw with your machine, they can use these to enable them to screw with your machine" **** I guess we're all screwed then... /sarcasm.
Clearly dodgy, you're about the only one here swallowing it.

 

[humbug]

Does Roff even know about this?

It appears that CTS Labs first found vulnerabilities in Asustek’s chipsets and validated them (likely on Intel (NASDAQ:INTC) x86 systems). Then, the Company went to look for those same errors and others in AMD x86-based systems. However, instead of pointing out that security problems existed in tens, if not hundreds, of millions of systems with Intel and AMD chips, CTS decided to target AMD.

Because... the way he's still acting......