• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

Dubious Research Discovers Ryzen vulnerabilites

BongoHunter said:
Someone somewhere saw what spectre and meltdown did to stock prices, and then decided there's some good money to be made with a well executed short and the right news story.

I have no doubt there are plenty of venurabilities out there in the wild for all vendors - but something is making me doubt the validity of this one on the way it's being handled and presented
Click to expand...

You'd probably find the same kind of "vulnerabilities" in most CPUs once you are talking elevated to super user privileges. It wouldn't surprise me at all to find its an elaborate attempt to manipulate the stock market. There are a couple of interesting aspects for a networked environment though and potentially some avenues with the ARM Cortex in the mix (don't forget it is vulnerable to Spectre) although in theory it should be largely isolated from the main CPU and isn't directly exposed to a network stack (supposedly).
 
Anyone not thinking seriously about stock abuse has to be off their face.

You only give 24h notice to be sure that the company has no time to respond while you make your claims site live.

Admin access and flashing the BIOS as prerequisites is cause for short notice crying of wolf?
 
sideways14a said:
Err... well i wonder who is behind this ..

This ones gonna be fun.
Click to expand...

152096114459237063.gif
 
BongoHunter said:
Someone somewhere saw what spectre and meltdown did to stock prices, and then decided there's some good money to be made with a well executed short and the right news story.

I have no doubt there are plenty of venurabilities out there in the wild for all vendors - but something is making me doubt the validity of this one on the way it's being handled and presented
Click to expand...


No, it's more sinister than that, the domain was registered June 2017, this is when Meltdown/Spectre was unveiled in the industry. In fact a random security group unless they were the ones who found those specific vulnerabilities wouldn't have been looped in that early. This domain was made based on someone who was informed of Meltdown/spectre right around the time it was disclosed to Intel.

If someone saw meltdown/spectre have an affect this domain would have been registered in January at the earliest. The location and style in which this was done, the disclaimers about having a financial interest and that these may not be facts. It could be a stock market push, but it still comes from much further back in origin.


Either way as I and others pointed out, if someone is on site with access to your computer, admin access and ability to flash the bios you are already completely compromised.... spectre/meltdown are so dangerous because neither of these things is the case, someone can get to anyone remotely and steal information they shouldn't have access to. There will never be a way to make a computer safe if someone can change the bios and has admin access already. Any 'security' group knows that without question.

What's the site, seekingalpha (?) that constantly has hit piece articles like this but less official attempting which are clearly written by people who have shares in AMD, Nvidia, Intel and talk about how something from the rival company in question is terrible and going to end the company. This is that, but dressed up to look much more important. No real security analyst would deem this a particular dangerous set of vulnerabilities because of the above, if they have that access already, you're already done. 99% of local security can be dealt with by securing physical access, remote security is the real risk in terms of hardware/software.
 
The amount of dodgyness around this is amazing.
Just look at how its presented, the domain name (lol) who makes up a domain name like that/ Then hides the owners away so no one can see who registered it.
The slickness giving amd only 24 hours notice..

Wow this is some idiots idea of a smear campaign. I just hope Intel aint got its fingers in this, can see the fall out being massive with this one.
 
Hotwired said:
This seems a less sketchy article

https://www.anandtech.com/show/1252...lish-ryzen-flaws-gave-amd-24-hours-to-respond

Also found this disclaimer hilarious when a comment pointed to it:

https://amdflaws.com/disclaimer.html <- site specially created to publicise (smear?)


What a complete BS campaign.

"May" have economic interest behind the claims. Claims not double checked by anyone.

Oh and give AMD a trivial 24h notice beforehand, seems clean right?
Click to expand...

Well at least they are being honest about their intent :D and the apparent "security flaws" are nothing to do with the CPU, if you infect and computer with malware you have a security problem on ANY PC Intel, ARM, AMD, IBM.... its the OS that's let it down, as with any malware. the whole thing is a con.
 
sideways14a said:
The amount of dodgyness around this is amazing.
Just look at how its presented, the domain name (lol) who makes up a domain name like that/ Then hides the owners away so no one can see who registered it.
The slickness giving amd only 24 hours notice..

Wow this is some idiots idea of a smear campaign. I just hope Intel aint got its fingers in this, can see the fall out being massive with this one.
Click to expand...

Due to it being almost exclusively an attack on AMD with fake information, there is a very large chance Intel has their finger in the pie. From an Israeli company as well, and we know who has a large presence in Israel.
 
Killer7xx said:
Due to it being almost exclusively an attack on AMD with fake information, there is a very large chance Intel has their finger in the pie. From an Israeli company as well, and we know who has a large presence in Israel.
Click to expand...

Such a fake information on this scale is illegal, must be the time for a new class action lawsuit against the Israeli attackers.
 
sideways14a said:
From a so called security company????? That doesnt seem to exist lol.

If this really is a targeted attack then i hope AMD crushes whoever is responsible.
Click to expand...

Yup - take say malwaretech.com for instance - wrapped up in WhoisGuard. That is perfectly normal.

4K8KW10 said:
Such a fake information on this scale is illegal, must be the time for a new class action lawsuit against the Israeli attackers.
Click to expand...

There is nothing that is outright lies as far as I can see - they might be leading people's perception of the issue by making connections to Meltdown, etc. but even there it is done by inferred connections rather than direct claims.
 
4K8KW10 said:
That there is a chance that actually it might be true. :rolleyes:
Click to expand...

Well, it probably is true, in fact i have no doubt their findings are true, the problem is what truths they are pushing, if i infect a computer with malware, give that malware administrator rights and disable Windows Defender then i could also claim Intel has 13 more security flaws, and IBM... anyone in-fact.
 
From https://viceroyresearch.org/2018/03/13/amd-the-obituary/

In light of CTS’s discoveries, the meteoric rise of AMD’s stock price now appears to be totally unjustified and entirely unsustainable. We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries.
Click to expand...

WTF, who writes stuff like this and expects it to be taken seriously.
 
You must log in or register to reply here.
Back
Top Bottom