TR Forums

Techpowerup wrote:

Security researchers with Israel-based CTS-Labs, have discovered a staggering thirteen critical security vulnerabilities for AMD's "Zen" CPU micro-architecture, which are as damning the three recent "Meltdown" and "Spectre" vulnerabilities that affect various CPU manufacturers at varying degrees (Intel, AMD, and ARM). The thirteen new CVEs are broadly classified into four groups based on the similarity in function of the processor that they exploit: "Ryzenfall," "Masterkey," "Fallout," and "Chimera."

The researchers have redacted their whitepapers on each of the 13 new vulnerabilities, and have given AMD time for a response, before threatening to publish their whitepapers. The laws call for a 90-day notice period before a vulnerability is made public, so hardware/software manufacturers have time to address it. The Google Project Zero teams behind Meltdown/Spectre CVEs entered NDAs with chip-makers that lasted months, before they could make their findings public, earlier this year.

Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports. Any other organizations named in this website have not confirmed the accuracy or determined the adequacy of its contents.

NTMBK wrote:

Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports. Any other organizations named in this website have not confirmed the accuracy or determined the adequacy of its contents.

https://amdflaws.com/disclaimer.html

Security researchers with Israel-based CTS-Labs, have discovered a staggering thirteen critical security vulnerabilities for AMD's "Zen" CPU microarchitecture...

Jeff Kampman wrote:

I rarely call FUD but this AMD security news is high-budget FUD. Whitepaper is extremely thin, poorly sourced, and relies on lots of diagrams to convey appearance of technical legitimacy without actually saying much of anything.

TechPowerup wrote:

AMD provided us with the following statement: "At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings."

derFunkenstein wrote:

The domain registrations for AMDFLAWS.com and for safefirmware.com (which is where the whitepaper is hosted) is totally obfuscated. Maybe that's common, but it seems fishy to me.

screencap on the Tweeter: https://twitter.com/TVsBen/status/973600066752729089

At this point AMD has not confirmed any of the issues brought forth in the CTS-Labs whitepaper, so we cannot confirm in the findings are accurate. It has been brought to our attention that some press were pre-briefed on the issue, perhaps before AMD was notified, and that the website that CTS-Labs has setup for the issue was registered on February 22nd, several weeks ago. Given the level of graphics on the site, it does look like a planned ‘announcement’ has been in the works for a little while, seemingly with little regard for AMD’s response on the issue.

All of the exploits require elevated administrator access, with MasterKey going as far as a BIOS re-flash on top of that. CTS-Labs goes on the offensive however, stating that it ‘raises concerning questions regarding security practices, auditing, and quality controls at AMD’, as well as saying that the ‘vulnerabilities amount to complete disregard of fundamental security principles’.

Glorious wrote:

https://twitter.com/GossiTheDog/status/973610507100983296

FIRE UP THE FUD ENGINES

(I have no idea what viceroy is, but that kind of stated position is invariably "lol we're shorting now" as typically indicated elsewhere in this sort of document)

chuckula wrote:

As for AMD stock, I think this is a dumb idea if the people behind the attacks think they are going to make money on a short.

cynan wrote:

Especially seeing as how, after a brief dip, AMD's stock is currently up 3.5% for the day. If this was orchestrated to drive AMD's stock down, doesn't look like it's working so well so far.

We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops.

ludi wrote:

cynan wrote:

Especially seeing as how, after a brief dip, AMD's stock is currently up 3.5% for the day. If this was orchestrated to drive AMD's stock down, doesn't look like it's working so well so far.

It was a reverse-psychology play to make AMD stock go up when the obvious deception became obvious! Will the conspiracy never end??!!1

DancinJack wrote:

derFunkenstein wrote:

The domain registrations for AMDFLAWS.com and for safefirmware.com (which is where the whitepaper is hosted) is totally obfuscated. Maybe that's common, but it seems fishy to me.

screencap on the Tweeter: https://twitter.com/TVsBen/status/973600066752729089

Nah, that's common enough it's not something that would make me think anything bad. Lots of private registrations all over the web.

Walkintarget wrote:

Screw it .. Cyrix, HERE I COME !!!!