Hilbert Hagedoorn:

The timing of this whitepaper, website release and even press-releases on pro PR agencies like BusinessWire are just so suspicious. It feels like it was deliberately released as a payload, to create damage. This is research is extensive, VERY extensive - it likely has been funded in full, as the scope of it goes very deep, months if not an entire year of work maybe even? Yesterday AMD had their one year Ryzen anniversary, they're about to launch Zen+ as well. So who benefits from all this the most? It's pure speculation, but didn't Intel have activities in Israel as well? Yep, they invested $15 billion in a plant, and let me quote the Intel CEO: “We think of ourselves as an Israeli company as much as a US company,” Krzanich said at a Jerusalem press conference" It's not an accusation, but come on it is suspicious. Also, CTS was founded as a privately held company in... 2017. Regardless of that remark, if the vulnerabilities are for real they, of course, should be out in the open. But only after AMD would have had enough time for this.

I initially saw "Israel based CTS-Labs..." , and read "Intel Sponsored CTS-Labs..." in my head without even thinking. It's beyond blatant.

nevcairiel:

Both AMD and Intel are US companies, surely thats evidence that they are one and the same and secretly working together? Please, countries are big places. If this was a US company, you would certainly not try to make this alleged connection, despite Intel being in the US?

You know. normally I'd totally agree with you, it would be too stupid to do it like that. But all this seems designed as a payload to damage AMD, who's to benefit from that?, who is AMD's main processor competitor? Who would love to see AMD vanish from this earth? CTS started their company in 2017, who are they? This is all they have been doing all year long?, why?, how? Why would they dig specifically into the AMD processors?, the smallest share of the market pie, compared to Intel. Unless such research was funded by some sort of company? Answer me that and then let me know if that thesis still sounds so weird. In the end, it's merely my opinion, which I hardly, if ever, give out as an editor. But yeah sorry, I find that suspicious.

Wow this is shady as f**k.. I mean if the vulnerabilities are real then obviously they need to be addressed and whoever this startup is did their job but the way they went about this is super sketchy. On one hand sure, they did everyone a favour by finding vulnerabilities but at the same time also put everyone at risk by making this public for all to exploit before anyone has had the chance to make patches etc. I say Intel was the instigator of this and depending on how this plays out i may be pushed even further away from buying anything of theirs..

Anyway, those are not Meltdown level exploits. meltdown works without administrative access, random execution in browser was all it took to take over unprotected system. Here Attacker 1st needs administrative rights. And even then one which attack BIOS/FW needs it to be in OS writable mode (not all are, as some boards can disable it). So, yes, these (if true) are quite bad things, but severity is same as giving someone physical access 1st or having your system hacked already.

as lot of enlightened readers have pointed out the holes in this story, and i agree with most of them, was leaning towards i5 8400 but now going to but ryzen 2600 for sure. am for one, will not support shady tactics and fear mongering by any company period.

I take it Ryzen 2 will have the same security vulnerabilities and built in backdoors?

Fox2232:

Anyway, those are not Meltdown level exploits. meltdown works without administrative access, random execution in browser was all it took to take over unprotected system. Here Attacker 1st needs administrative rights. And even then one which attack BIOS/FW needs it to be in OS writable mode (not all are, as some boards can disable it). So, yes, these (if true) are quite bad things, but severity is same as giving someone physical access 1st or having your system hacked already.

Yeah, I find it funny how many of the exploits state that admin-level privilege is required for the exploit. I mean, if a hacker has admin rights then the system is already compromised beyond measure. I too think this is super-shady and a smear job (also, like some others here, when I read "Israel-based" I immediately thought of Intel, LOL). Little impact on AMD stock so investors seem to be seeing through the BS as well.

Wow, the news is only a few hours old and already people are blaming Intel. Can we please wait for AMD to response before pointing fingers?

WHOIS LOOKUP amdflaws.com is already registered* Domain Name: AMDFLAWS.COM Registry Domain ID: 2230797110_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2018-03-07T13:43:59Z Creation Date: 2018-02-22T13:52:35Z Registry Expiry Date: 2020-02-22T13:52:35Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: [EMAIL]abuse@godaddy.com[/EMAIL] Registrar Abuse Contact Phone: 480-624-2505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS-1129.AWSDNS-13.ORG Name Server: NS-1902.AWSDNS-45.CO.UK Name Server: NS-20.AWSDNS-02.COM Name Server: NS-830.AWSDNS-39.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ Last update of whois database: 2018-03-13T14:05:09Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. WHOIS LOOKUP cts-labs.com is already registered* Domain Name: CTS-LABS.COM Registry Domain ID: 2136949702_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2017-06-26T14:29:07Z Creation Date: 2017-06-25T05:56:44Z Registry Expiry Date: 2018-06-25T05:56:44Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: [EMAIL]abuse@godaddy.com[/EMAIL] Registrar Abuse Contact Phone: 480-624-2505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS-138.AWSDNS-17.COM Name Server: NS-1442.AWSDNS-52.ORG Name Server: NS-1807.AWSDNS-33.CO.UK Name Server: NS-812.AWSDNS-37.NET DNSSEC: unsigned

This whole thing just stinks as I and others have pointed out. Too many holes and stuff that just does not make sense. I know for a fact flashing any type of modded bios on the Ryzen motherboards is not an easy feat and requires a UEFI boot disk with powershell working and a ton of switches plus 2 different flashing programs one written for just this purpose over at overclock net. Also the USB stick has to be created a certain way via UEFI boot for any of this to work. Afuefix64 name_bios.cap /P /B /N /K /X /CLRCFG (this action we clean all parameters from old bios and update the bios itself and is require otherwise it will fail to program everything correctly) Then you have to flash Afugan name_bios_mod.rom /GAN With all this said, you cannot modify the .cap bios and flash it by any means. And no the old flashback methods just do not work either where we could do that on 990FX motherboards. We just do not have all the keys you must have. I have cross flashed my C6H Wifi to the update C6H 6001 official bios and then the modded to show hidden bios options. There is no other way to accomplish this bios flash without doing these steps. So there. 😎 Also the PSP chip cannot be updated other then bios flashing..unlike the MEI on Intel. Full disclosure I have both a Ryzen 1700X system and Intel Skylake 6600k system as well as my older 990FX system.

As pointed out by the article and a few users here, this requires admin access. How is this worth concerning over? If a hacker or malware has admin access to your system, you have much worse things to worry about than these exploits. Seeing as they didn't reveal the specifics as to how to utilize these exploits, it's much easier to just simply wreak havoc on a system in "traditional" ways. If I have malicious intent and root access to your system, I'm not going to get crafty with these exploits, I'm just going to run a simple batch script. Hardware exploits that require root/admin access are like bringing a gun to a knife fight - it doesn't matter whether your gun is automatic or contains explosive rounds, you already "cheated" in the fight and you're going to win regardless. All that being said, I don't think AMD really has any need to fix these "issues". Unfortunately, they're kinda obligated to fix it or else FUD is going to spread (case in point: many users in this forum).

so what do the Google researchers say about this? they found earlier exploits right?

This is a phishing expeditions for the stock market. There will be no white pages to be read as it is phishing to lure traders.

Somebody is trying to get some AMD stock on the cheap. LOL

Well, stock dips, I buy. The website couldn't be more dubious. The company only registered last year, no names to be found anywhere 24h deadline the domain's name and date of birth (only a month old or so) time to market (mainstream media picked up on it within minutes/hours) dead give-aways of the bullshit that's to be expected of the report and I haven't been disappointed going over it.

amd turn to i guess,, idiots of there world need to stop put this stuff out in the public too

Being debunked here interesting read as they break down and break apart 'white pages" they did publish...almost a comical read. https://twitter.com/cynicalsecurity/status/973591954096381952

This smells Very very fishy , all CPUS have vulnerabilities some we know about others will be discovered in the future , those parts are incredibly complex . When the spectre and meltdown vulnerability was discovered by credible researchers they have found faults with both companies Intel and AMD , Intel had more this time around and they knew about it for very long time but that is beside the point here . The exploits have been submitted to the affected companies and reasonable time was given for them to react and find solutions , these vulnerabilities are in reality very hard to exploit in my opinion , but they have caused hysteria . Now some unknown source claims that they have identified multiple vulnerabilities on AMD chips only , providing no evidence at all , giving amd less than 24 hours to react hahaha (big companies don't function like this and these people clearly know that ) . Then there is the naming ,.... I am not even going to continue here , this is obvious ;-)

mtrai:

Being debunked here interesting read as they break down and break apart 'white pages" they did publish...almost a comical read. https://twitter.com/cynicalsecurity/status/973591954096381952

..... That sums it all up really , people need to start using their own brains instead of just believing what is served to them ...

Funny how half the posts say this is Intel's fault lol. Are we really saying Intel secretly makes AMD chips now? Flaws are flaws, everyone's got em regardless of who discovered them. Just fix them. Also, who benefits looks like AMD - stock up 0.39 today! AMD did their own damage by releasing Ryzen. Stock was at 14.94 on Ryzen launch day. Now it sits at 11.88 at a lower volume one year later against a market up 20%.