AMD Security Vulnerability – The Day After - Seems Financially Motivated
Click here to post a comment for AMD Security Vulnerability – The Day After - Seems Financially Motivated on our message forum
Kaleid
inside intel? 😉
AsiJu
Excellent investigative journalism Hilbert! Goes to show how a little checking-up can make all the difference...
fantaskarsef
AsiJu
Yeh interesting to see how they respond.
Regardless, and I've said this before, seems every week some, or maybe thirteen, critical exploits are found. Now. All of a sudden.
To the point I don't even read about them anymore. I keep my PC as safe as possible and use it as smartly as possible. Has been enough for 20+ years to avoid exploits.
At least that I know of....
Spider4423
This is jut a ruse to put AMD in a bad spot.
Its all too convenient specially with the release of Zen+.
There are market players that do not want Intel and AMD to get competitive again. Might drive the prices down and God forbid innovation.
coth
It doesn't matter if vulnerabilities are real.
fantaskarsef
coth
So it's ok? If someone finds critical holes in software and hardware - they are safe not to get fixed in case they found by someone who has a tooth?
fantaskarsef
xIcarus
Had the exact same feeling when I saw the initial news - starting from name alone. This may sound picky, but 'amdflaws' as a name clearly tries to instigate a negative feeling towards AMD. Professional security firms always stay neutral with regards to the affected companies, like what happened not long ago with Spectre and Meltdown.
The lack of technical data in the whitepaper made me doubt further - but what topped it off for me was that these flaws looked like software vulnerabilities, but at the same time they were compared to Meltdown? Doesn't make any sense.
And now I see that for the vulnerabilities to actually be exploited you need admin permission on the machine? That's not even remotely comparable to Meltdown.
Great article Hilbert, I love the way you pieced the information together.
David3k
Romulus_ut3
386SX
First of all: Thank you Hilbert for putting those strange observations together. I already noticed some of them, but not all.
But does anyone really give a f*ck about this? Really? I mean you get no "elevation of privileges" out of those. Most (or all?) of them require you to be admin. Did nobody tell anyone it is always bad to have complete admin rights (and probably UAC turned off all together?)? Do you trust and therefore run any program without thinking about it first?
To be clear: You have to run the hack as admin. If malware runs as admin without any elevation of privileges before, you are / were already owned / pwned.
And think of Intel ME. It is the very same thing as they describe AMD now. You are able to hack Intel ME, therefore there are guides on the net to flash the Intel ME firmware with some dummy one to minimize the risks.
And their (amdflaws.com) disclaimer lets the sh!t hit the fan:
The report and all statements contained herein are opinions of CTS and are not statements of fact. To the best of our ability and belief, all information contained herein is accurate and reliable, and has been obtained from public sources we believe to be accurate and reliable. Our opinions are held in good faith, and we have based them upon publicly available facts and evidence collected and analyzed, which we set out in our research report to support our opinions.
Opinions? Really? "are no statements of facts"???!!! REALLY???!!! Public sources??? Publicly available facts and evidence collected and analyzed??? Do they mean analyzed as in anal? 'Cause this is complete BS they may shovel up their .... you know what I want to say. 🙂
http://cdn.thedailystar.net/sites/default/files/styles/big_2/public/feature/images/plagiarism.jpg
EDIT: @Romulus_ut3 : If I could I would like your post a thousand times in a row!!
nevcairiel
Independent security researchers have in the meantime confirmed that the exploits are real.
And while it does require admin, its not the only exploit that requires a certain degree of access. Being able to easily infest the firmware of the chipset/cpu once you combine it with a privilege escalation attack, you could plant hidden malware which remains unseen for ever.
Combining attacks with other attacks is pretty common mode of operation, get entry to the system with exploit A, take it over with exploit B, etc. This is not something you can just ignore.
scatman839
This is pretty mad. Some insider trading for sure
drzoidberg33
Hilbert Hagedoorn
Administrator
You are totally right, fixed.
D3M1G0D
NaturalViolence
We'll see about this as more info. is released. At the moment there really isn't enough hard evidence to support either side. I would also like to point out that even if it's done for malicious reasons pointing out legit security flaws with the product is still a good thing long term for the consumer.
David3k