cancel
Showing results for 
Search instead for 
Did you mean: 

The Ryzen/TR have MAJOR flaws.

andy_lamp
Level 7
If you thought SPECTRE/Meltdown was bad... then take a look at what was released today: https://amdflaws.com/

I am pretty sad actually...
276 Views
18 REPLIES 18

xeromist wrote:
Initial reports have indicated that the vulnerabilities were verified by a 3rd party researcher as real, but the way this was all dumped on the public was likely theater designed to embarrass AMD and/or manipulate stock prices. The risk is definitely being exaggerated.


what if they went a step ahead and made up a 3rd party researcher to add to credibility? seems plausible.

BigJob wrote:
what if they went a step ahead and made up a 3rd party researcher to add to credibility? seems plausible.


Dan Guido founded Trail of Bits in 2012. So no he's not a sock puppet. Whatever you believe about the piss poor way CTS handled the disclosure, the vulnerabilities are real.
A bus station is where a bus stops. A train station is where a train stops. On my desk, I have a work station…

xeromist wrote:
Dan Guido founded Trail of Bits in 2012. So no he's not a sock puppet. Whatever you believe about the piss poor way CTS handled the disclosure, the vulnerabilities are real.


ahhhh damnnnn
this was one of the reasons i was avoiding an intel upgrade.
grrr

BigJob wrote:
ahhhh damnnnn
this was one of the reasons i was avoiding an intel upgrade.
grrr


You still might be on the right track. Since this disclosure was even more abrupt than the Intel vulnerabilities we haven't seen much solid info yet. It could be that most of this is solved through OS patches or a BIOS update and there is no performance hit. We'll just have to see.
A bus station is where a bus stops. A train station is where a train stops. On my desk, I have a work station…

Arne_Saknussemm
Level 40
Someone came into my house today and asked for my bank details and passwords...I gave it to them 'cos they said they liked puppies and small children...they then used my AMD computer to steal money from my account!

Why AMD? just why are you selling these horribly compromised items?!

I have called this AMD exploit DeathDoomEndTimesDoom and written a white paper...

I may benefit substantially by publishing this paper

Shalom

😄

Korth
Level 14
https://amdflaws.com/ is a proxy site registered through godaddy.com ... lol, not professional not legit.

Purpose? To generate hits on CTS Labs website, lol. Maybe also to look savvy and important, maybe also to bash and hate on AMD.
"All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

[/Korth]

xeromist
Moderator
And AMD has announced fixes. Ars Technica has details:
https://arstechnica.com/gadgets/2018/03/amd-promises-firmware-fixes-for-security-processor-bugs/
A bus station is where a bus stops. A train station is where a train stops. On my desk, I have a work station…

Curious, AMD states there are BIOS updates from vendors to address these. I don't however see anything listed from ASUS?

The bugs btw are _nothing_ like Spetre or Meltdown. If anything they are more like INTEL's IME/SP exploits.

Most importantly: vulnerabilities are exploitable if you have physical access and execute expert commands, sometimes even needing to open the computer case...
If the "hacker" has this level of access, better to take the storage drives and be on his merry way... Or plug a USB and infect the system. So many other "major" threats out there, for this level of security...

As for the patches themselves, I haven't found anything yet to download/patch/install, although as mentioned, AMD did acknowledge and stated it will provide patches.