1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Dubious Research Discovers Ryzen vulnerabilites

Discussion in 'CPUs' started by jwilliamson47, Mar 13, 2018.

  1. humbug

    Caporegime

    Joined: Mar 17, 2012

    Posts: 26,893

    If this is what it appears to be AMD need to be sure of it, call it and the madeup company a lie.

    Force them to defend themselves.
     
  2. David Bisset

    Wise Guy

    Joined: Oct 31, 2012

    Posts: 2,208

    Location: Edinburgh

    Haha need physical access and admin privs? If you've got that the target is boned already. What a poorly done hatchet job.
     
  3. Hotwired

    Soldato

    Joined: Aug 17, 2009

    Posts: 6,176

  4. drunkenmaster

    Caporegime

    Joined: Oct 18, 2002

    Posts: 32,435

    Like I said, if this is the best Intel has AND they've pushed this right now, months after Meltdown/Spectre and frankly no one is really even talking about it any more to me it says this is trying to muddy the waters before another big security flaw comes to light. If true I also think it would have to be soon based on the same reasoning. No one is even talking about Meltdown any more and it's only really been 2 months, people stopped talking about it a month after the fact well before Intel actually had fixes for older chips available. If this is a smoke screen to again as Intel tried to do the first time, imply AMD is just as vulnerable as Intel, then I would think something is due to be released in the next couple of weeks.

    Will certainly be interesting to see if that is the case.
     
  5. sideways14a

    Hitman

    Joined: Aug 31, 2017

    Posts: 949

    I doubt Intel is behind this, they are bent but not that stupid.
    If they are then this will surely backfire in a very big way for them, its getting torn to pieces on the web so far.
     
  6. humbug

    Caporegime

    Joined: Mar 17, 2012

    Posts: 26,893

    This is the insane thing about it.

    The whole point of Meltdown and Spectre was that you could access memory stored items remotely.
    AMD's argument was that this did not effect them because you would have to be physically at the target machiene and hack into it.

    So along come this fake security company claiming to have found 13 security flaws in Ryzen CPU's by hacking into a physical machine locally, its not even really a hack, they simply disabled all Windows security and then infected the machine with malware, WTF? you can do this with any computer, its not the fault of the CPU.

    Wow, mind blown....
     
  7. David Bisset

    Wise Guy

    Joined: Oct 31, 2012

    Posts: 2,208

    Location: Edinburgh

    Seems too dumb to be Intel, maybe some vendor company or fan group or similar? Be interesting to see what comes up.
     
  8. Killer7xx

    Gangster

    Joined: Dec 27, 2008

    Posts: 315

    It is fake. Look at how few details they gave and the fact this was dropped with zero notice. Any reputable research report would contain exact details of which version of Windows they used, which CPUs they tested, what other software they were running on Windows and a test with an Intel CPU to ensure they are not affected. This is like claiming that your CPU is vulnerable because you ran "virus.exe" with admin rights and it bricked your windows OS. They have no proof it was due to AMD's specific architecture and not a flaw in Windows.
     
  9. TrixP10

    Gangster

    Joined: May 26, 2017

    Posts: 127

    From their website

    We specialize in a variety of communications areas. Our team of influencers will help you develop a customized communications plan that is uniquely designed to drive success for your business.

    :p
     
  10. humbug

    Caporegime

    Joined: Mar 17, 2012

    Posts: 26,893

    The thing is this is already all over Seeking Alpha and other 'Investment news groups'

    So what has it actually done to AMD share price today? is it down 20%? 10%? maybe just a little, 5%? nope... its all pretty normal, in fact its up a little today.

    So no one believes it.

    [​IMG]
     
  11. TrixP10

    Gangster

    Joined: May 26, 2017

    Posts: 127

  12. CAT-THE-FIFTH

    Capodecina

    Joined: Nov 9, 2009

    Posts: 16,966

    Location: Planet Earth

    So,where is the corresponding Intelflaws?? Maybe someone can investigate what links this company might have with Intel.

    Hmm,they look rather dodgy too:

    https://news.ycombinator.com/item?id=16576516
    https://www.reddit.com/r/Amd/comments/844o3c/amd_security_flaw_found_in_ryzen_epyc_chips/

    https://amdflaws.com/disclaimer.html

    WTF??

    They talk about a company called Viceroy who does dodgy stuff:

    https://m.fin24.com/Economy/treasury-slams-viceroys-capitec-report-as-reckless-20180201

    Look who is trying to push AMD stock price down:

    https://viceroyresearch.files.wordpress.com/2018/03/amd-the-obituary-13-mar-2018.pdf

    Apparently they "wrote that" in a few hours.

    There appears to be a concerted effort to push AMD stock price down:

    https://www.thestreet.com/video/144...concerted-effort-to-keep-the-stock-lower.html

     
  13. CAT-THE-FIFTH

    Capodecina

    Joined: Nov 9, 2009

    Posts: 16,966

    Location: Planet Earth

    I had a quick look - where is that posted on their website??
     
  14. 4K8KW10

    Mobster

    Joined: Sep 2, 2017

    Posts: 2,729

    "13" "flaws" "discovered or revealed" on the 13th day of the month by some random troll hackers?!

    I do wonder why we are wasting our time with this crap.
     
  15. crinkleshoes

    Capodecina

    Joined: Jun 9, 2009

    Posts: 11,005

    Location: 720S, M4 or SR3

    Yeah... I normally added privacy... the first one I forget to add it, I added my mobile... derp... it was more frequent... but even 1 year later... it's still about one per week.
     
  16. Silent_Scone

    Capodecina

    Joined: Sep 5, 2011

    Posts: 11,628

    Location: Surrey

    Of course they were paid, it's more than obvious. That said, is this any surprise? Zen is a mongrel, the outsourcing on this platform alone leaves a lot of room for these types of things.
     
  17. Hotwired

    Soldato

    Joined: Aug 17, 2009

    Posts: 6,176

    I don't know, how vulnerable is any system really when Step #1 of exploiting a vulnerability is to have admin access or be in a position to flash the BIOS.

    That is what they have specified as necessary...
     
  18. Hotwired

    Soldato

    Joined: Aug 17, 2009

    Posts: 6,176

  19. Rroff

    Man of Honour

    Joined: Oct 13, 2006

    Posts: 56,286

    Most of that is irrelevant to potential hardware flaws that give sideband memory access, etc. a lot revolves around the specific implementation of AMD's SPS and specific to the architecture so testing an Intel CPU makes zero sense and doesn't depend on OS, etc.

    Someone has been planning this for awhile - a month ago there was rumbles released around certain parts of a potential buffer overrun that can be used to execute code within the SPS that doesn't require such elevation - put the two together and it doesn't seem like coincidence.

    Now granted they don't actually give a technical report - but assumedly such details were given to AMD or they'd have shot them down already or will do so very quickly.
     
    Last edited: Mar 13, 2018
  20. Hotwired

    Soldato

    Joined: Aug 17, 2009

    Posts: 6,176