©ASUSTEK COMPUTER INC. ALL RIGHTS RESERVED.

andy_lamp · ‎03-13-2018

If you thought SPECTRE/Meltdown was bad... then take a look at what was released today: https://amdflaws.com/

I am pretty sad actually...

BigJob · ‎03-18-2018

xeromist wrote:
Initial reports have indicated that the vulnerabilities were verified by a 3rd party researcher as real, but the way this was all dumped on the public was likely theater designed to embarrass AMD and/or manipulate stock prices. The risk is definitely being exaggerated.

what if they went a step ahead and made up a 3rd party researcher to add to credibility? seems plausible.

xeromist · ‎03-19-2018

BigJob wrote:
what if they went a step ahead and made up a 3rd party researcher to add to credibility? seems plausible.

Dan Guido founded Trail of Bits in 2012. So no he's not a sock puppet. Whatever you believe about the piss poor way CTS handled the disclosure, the vulnerabilities are real.

A bus station is where a bus stops. A train station is where a train stops. On my desk, I have a work station…

BigJob · ‎03-20-2018

xeromist wrote:
Dan Guido founded Trail of Bits in 2012. So no he's not a sock puppet. Whatever you believe about the piss poor way CTS handled the disclosure, the vulnerabilities are real.

ahhhh damnnnn
this was one of the reasons i was avoiding an intel upgrade.
grrr

xeromist · ‎03-20-2018

BigJob wrote:
ahhhh damnnnn
this was one of the reasons i was avoiding an intel upgrade.
grrr

You still might be on the right track. Since this disclosure was even more abrupt than the Intel vulnerabilities we haven't seen much solid info yet. It could be that most of this is solved through OS patches or a BIOS update and there is no performance hit. We'll just have to see.

A bus station is where a bus stops. A train station is where a train stops. On my desk, I have a work station…

Arne_Saknussemm · ‎03-16-2018

Someone came into my house today and asked for my bank details and passwords...I gave it to them 'cos they said they liked puppies and small children...they then used my AMD computer to steal money from my account!

Why AMD? just why are you selling these horribly compromised items?!

I have called this AMD exploit DeathDoomEndTimesDoom and written a white paper...

I may benefit substantially by publishing this paper

Shalom

😄

ARNE’S GUIDE TO PC BUILDING HAPPINESS

ARNE'S GUIDE TO OVERCLOCKING HAPPINESS

Korth · ‎03-18-2018

https://amdflaws.com/ is a proxy site registered through godaddy.com ... lol, not professional not legit.

Purpose? To generate hits on CTS Labs website, lol. Maybe also to look savvy and important, maybe also to bash and hate on AMD.

"All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

[/Korth]

xeromist · ‎03-21-2018

And AMD has announced fixes. Ars Technica has details:
https://arstechnica.com/gadgets/2018/03/amd-promises-firmware-fixes-for-security-processor-bugs/

A bus station is where a bus stops. A train station is where a train stops. On my desk, I have a work station…

segfaulted · ‎04-08-2018

Curious, AMD states there are BIOS updates from vendors to address these. I don't however see anything listed from ASUS?

The bugs btw are _nothing_ like Spetre or Meltdown. If anything they are more like INTEL's IME/SP exploits.

paulmarc · ‎04-08-2018

Most importantly: vulnerabilities are exploitable if you have physical access and execute expert commands, sometimes even needing to open the computer case...
If the "hacker" has this level of access, better to take the storage drives and be on his merry way... Or plug a USB and infect the system. So many other "major" threats out there, for this level of security...

As for the patches themselves, I haven't found anything yet to download/patch/install, although as mentioned, AMD did acknowledge and stated it will provide patches.

The Ryzen/TR have MAJOR flaws.