Personal computing discussed

Moderators: Flying Fox, morphine

 
biffzinker
Gerbil Jedi
Topic Author
Posts: 1990
Joined: Tue Mar 21, 2006 3:53 pm
Location: AK, USA

Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 11:01 am

Techpowerup wrote:
Security researchers with Israel-based CTS-Labs, have discovered a staggering thirteen critical security vulnerabilities for AMD's "Zen" CPU micro-architecture, which are as damning the three recent "Meltdown" and "Spectre" vulnerabilities that affect various CPU manufacturers at varying degrees (Intel, AMD, and ARM). The thirteen new CVEs are broadly classified into four groups based on the similarity in function of the processor that they exploit: "Ryzenfall," "Masterkey," "Fallout," and "Chimera."

The researchers have redacted their whitepapers on each of the 13 new vulnerabilities, and have given AMD time for a response, before threatening to publish their whitepapers. The laws call for a 90-day notice period before a vulnerability is made public, so hardware/software manufacturers have time to address it. The Google Project Zero teams behind Meltdown/Spectre CVEs entered NDAs with chip-makers that lasted months, before they could make their findings public, earlier this year.


Sources: Techpowerup, AMDFlaws
Last edited by biffzinker on Tue Mar 13, 2018 11:40 am, edited 1 time in total.
It would take you 2,363 continuous hours or 98 days,11 hours, and 35 minutes of gameplay to complete your Steam library.
In this time you could travel to Venus one time.
 
just brew it!
Gold subscriber
Administrator
Posts: 51939
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Vulnerabilities Discovered in AMD's Zen Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 11:07 am

Fun times.
Nostalgia isn't what it used to be.
 
NTMBK
Gerbil XP
Posts: 306
Joined: Sat Dec 21, 2013 11:21 am

Re: Vulnerabilities Discovered in AMD's Zen Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 11:13 am

Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports. Any other organizations named in this website have not confirmed the accuracy or determined the adequacy of its contents.

https://amdflaws.com/disclaimer.html
 
biffzinker
Gerbil Jedi
Topic Author
Posts: 1990
Joined: Tue Mar 21, 2006 3:53 pm
Location: AK, USA

Re: Vulnerabilities Discovered in AMD's Zen Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 11:17 am

I'm waiting for a reponse AMD might have to these suppose exploits. Is this a smear campaign from Intel?
It would take you 2,363 continuous hours or 98 days,11 hours, and 35 minutes of gameplay to complete your Steam library.
In this time you could travel to Venus one time.
 
DancinJack
Maximum Gerbil
Posts: 4154
Joined: Sat Nov 25, 2006 3:21 pm
Location: Kansas

Re: Vulnerabilities Discovered in AMD's Zen Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 11:18 am

NTMBK wrote:
Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports. Any other organizations named in this website have not confirmed the accuracy or determined the adequacy of its contents.

https://amdflaws.com/disclaimer.html

Security researchers with Israel-based CTS-Labs, have discovered a staggering thirteen critical security vulnerabilities for AMD's "Zen" CPU microarchitecture...
i7 6700K - Z170 - 16GiB DDR4 - GTX 1080 - 512GB SSD - 256GB SSD - 500GB SSD - 3TB HDD- 27" IPS G-sync - Win10 Pro x64 - Ubuntu/Mint x64 :: 2015 13" rMBP Sierra :: Canon EOS 80D/Sony RX100
 
NTMBK
Gerbil XP
Posts: 306
Joined: Sat Dec 21, 2013 11:21 am

Re: Vulnerabilities Discovered in AMD's Zen Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 11:21 am

Jeff Kampman wrote:
I rarely call FUD but this AMD security news is high-budget FUD. Whitepaper is extremely thin, poorly sourced, and relies on lots of diagrams to convey appearance of technical legitimacy without actually saying much of anything.

https://twitter.com/jkampman_tr/status/ ... 6647689216
 
Bauxite
Gerbil Elite
Posts: 770
Joined: Sat Jan 28, 2006 12:10 pm
Location: electrolytic redox smelting plant

Re: Vulnerabilities Discovered in AMD's Zen Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 11:21 am

That "company" and report stink to high heaven. The timing of the domain registration is also quite conveniently close to the time something real was reported to a certain other company.

Also, if I can trick you to run something as administrator or root on any system, its already game over and who gives a damn.
2018: at 120 Zen cores and counting, so pretty much done with intel on the desktop.
E5 2696v4 22c44t 2.2~3.7Ghz - The last great gleam of the pre-nerf HEDT era.
E5 1680v2 8c16t 4.5Ghz - "Yes Virginia, there were unlocked xeons" /weep for them.
 
DragonDaddyBear
Gerbil Elite
Posts: 786
Joined: Fri Jan 30, 2009 8:01 am

Re: Vulnerabilities Discovered in AMD's Zen Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 11:27 am

From what I read they didn't even give AMD the industry-standard 60-90 day window to fix the alleged issues, just a single day. That's pretty rotten. Meltdown and Spectre came out early because someone did some sluthing and they wanted to tell the story rather than someone who disected the patches.
 
biffzinker
Gerbil Jedi
Topic Author
Posts: 1990
Joined: Tue Mar 21, 2006 3:53 pm
Location: AK, USA

Re: Vulnerabilities Discovered in AMD's Zen Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 11:32 am

TechPowerup wrote:
AMD provided us with the following statement: "At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings."
It would take you 2,363 continuous hours or 98 days,11 hours, and 35 minutes of gameplay to complete your Steam library.
In this time you could travel to Venus one time.
 
derFunkenstein
Gold subscriber
Gerbil God
Posts: 24751
Joined: Fri Feb 21, 2003 9:13 pm
Location: Comin' to you directly from the Mothership

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 11:44 am

There's just a ton of marketing speak and that disclaimer sets off all sorts of alarm bells.

The domain registrations for AMDFLAWS.com and for safefirmware.com (which is where the whitepaper is hosted) is totally obfuscated. Maybe that's common, but it seems fishy to me.

screencap on the Tweeter: https://twitter.com/TVsBen/status/973600066752729089
I do not understand what I do. For what I want to do I do not do, but what I hate I do.
 
DancinJack
Maximum Gerbil
Posts: 4154
Joined: Sat Nov 25, 2006 3:21 pm
Location: Kansas

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 11:48 am

derFunkenstein wrote:
The domain registrations for AMDFLAWS.com and for safefirmware.com (which is where the whitepaper is hosted) is totally obfuscated. Maybe that's common, but it seems fishy to me.

screencap on the Tweeter: https://twitter.com/TVsBen/status/973600066752729089

Nah, that's common enough it's not something that would make me think anything bad. Lots of private registrations all over the web.
i7 6700K - Z170 - 16GiB DDR4 - GTX 1080 - 512GB SSD - 256GB SSD - 500GB SSD - 3TB HDD- 27" IPS G-sync - Win10 Pro x64 - Ubuntu/Mint x64 :: 2015 13" rMBP Sierra :: Canon EOS 80D/Sony RX100
 
flptrnkng
Gerbil In Training
Posts: 3
Joined: Wed Jun 13, 2012 12:50 pm

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 11:49 am

I want to see perp walks after this gets fully uncovered.

Sadly, the SEC is a toothless tiger...nothing will come of it. Manipulators will keep their easy money. Real investors have been and will be harmed.

My guess... no one held accountable.
 
biffzinker
Gerbil Jedi
Topic Author
Posts: 1990
Joined: Tue Mar 21, 2006 3:53 pm
Location: AK, USA

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 11:52 am

At this point AMD has not confirmed any of the issues brought forth in the CTS-Labs whitepaper, so we cannot confirm in the findings are accurate. It has been brought to our attention that some press were pre-briefed on the issue, perhaps before AMD was notified, and that the website that CTS-Labs has setup for the issue was registered on February 22nd, several weeks ago. Given the level of graphics on the site, it does look like a planned ‘announcement’ has been in the works for a little while, seemingly with little regard for AMD’s response on the issue.


All of the exploits require elevated administrator access, with MasterKey going as far as a BIOS re-flash on top of that. CTS-Labs goes on the offensive however, stating that it ‘raises concerning questions regarding security practices, auditing, and quality controls at AMD’, as well as saying that the ‘vulnerabilities amount to complete disregard of fundamental security principles’.


CTS-Labs also hired a PR firm?

Quoted text from: https://www.anandtech.com/show/12525/se ... to-respond
It would take you 2,363 continuous hours or 98 days,11 hours, and 35 minutes of gameplay to complete your Steam library.
In this time you could travel to Venus one time.
 
Waco
Gold subscriber
Minister of Gerbil Affairs
Posts: 2581
Joined: Tue Jan 20, 2009 4:14 pm
Location: Los Alamos, NM

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 11:58 am

I glanced at the "whitepaper". It's basically...if you have root, you can do bad things with firmware/UEFI/BIOS. Even assuming it's true...no ****!
Desktop: Z170A Gaming Pro Carbon | 6700K @ 4.4 | 16 GB | GTX Titan Xm | XSPC RX360 | Heatkiller R3 | Samsung 4K 40" | 2048 + 240 + LSI 9207-8i (128x8) SSD
NAS: 1950X | Designare EX | 32 GB ECC | 7x8 TB RAIDZ2 | 8x2 TB RAID10 | FreeNAS | ZFS | LSI SAS
 
just brew it!
Gold subscriber
Administrator
Posts: 51939
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 12:16 pm

Oooh, looks like this could be a good ol' fashioned astroturfing. I'll bet someone is short AMD (or holds some put options).
Nostalgia isn't what it used to be.
 
Captain Ned
Gold subscriber
Global Moderator
Posts: 27407
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 12:25 pm

Humans sleep soundly in their beds because rough cats stand ready in the night to visit violence on those who would do us harm.
 
Glorious
Gold subscriber
Gerbilus Supremus
Posts: 11292
Joined: Tue Aug 27, 2002 6:35 pm

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 12:27 pm

https://twitter.com/GossiTheDog/status/ ... 7100983296

FIRE UP THE FUD ENGINES

(I have no idea what viceroy is, but that kind of stated position is invariably "lol we're shorting now" as typically indicated elsewhere in this sort of document)
 
K-L-Waster
Gerbil XP
Posts: 315
Joined: Thu Feb 12, 2015 8:10 pm
Location: Hmmm, I was *here* a second ago...

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 12:34 pm

Glorious wrote:
https://twitter.com/GossiTheDog/status/973610507100983296

FIRE UP THE FUD ENGINES

(I have no idea what viceroy is, but that kind of stated position is invariably "lol we're shorting now" as typically indicated elsewhere in this sort of document)


Wow -- that Viceroy post has even Brian Krzanich asking "hey, are you guize for realz?"
Main System: i7-8700K, ASUS ROG STRIX Z370-E, 16 GB DDR4 3200 RAM, MSI GTX 1080 TI, 1 TB CRUCIAL MX500, Corsair 550D

HTPC: I5-4460, ASUS H97M-E, 8 GB RAM, GTX 970, CRUCIAL 256GB MX100, SILVERSTONE GD09B
 
thecoldanddarkone
Gold subscriber
Minister of Gerbil Affairs
Posts: 2403
Joined: Wed Mar 26, 2003 4:35 pm

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 12:34 pm

Ryzenfall, Masterkey, Fallout, and Chimera.

Yeash.

Details are lacking to say the least. Local admin needed......

That article is buzzword central.

Who is cts labs?
I7 4930k, 32 GB Ballistix DDRL3@2133 , 1.2 TB Intel 750 AIC, 500 GB mx200, Sapphire R9 Fury, asus x79 ws, HP ZR24w, edifier s730
HP Pro x2 612- i5-4302Y, 8 gigs of memory, 256 ssd
 
chuckula
Gold subscriber
Gerbil Jedi
Posts: 1888
Joined: Wed Jan 23, 2008 9:18 pm
Location: Probably where I don't belong.

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 12:36 pm

Most of the initial hype sounds overblown but we'll see if any of the vulnerabilities are actually of interest. And given the idiot tweets coming out, it sounds like there may be nothing of interest at all.

As for AMD stock, I think this is a dumb idea if the people behind the attacks think they are going to make money on a short.

Much like people who love to spin conspiracy theories about Krzanich selling Intel shares in 2017 weren't all that bright considering he would have made more money waiting until after Spectre/Meltdown became public knowledge in 2018 given Intel's stock price rise and the fact that taxes have gone down.
4770K @ 4.7 GHz; 32GB DDR3-2133; GTX-1080 sold and back to hipster IGP!; 512GB 840 Pro (2x); Fractal Define XL-R2; NZXT Kraken-X60
--Many thanks to the TR Forum for advice in getting it built.
 
cynan
Gold subscriber
Graphmaster Gerbil
Posts: 1133
Joined: Thu Feb 05, 2004 2:30 pm

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 12:42 pm

chuckula wrote:
As for AMD stock, I think this is a dumb idea if the people behind the attacks think they are going to make money on a short.



Especially seeing as how, after a brief dip, AMD's stock is currently up 3.5% for the day. If this was orchestrated to drive AMD's stock down, doesn't look like it's working so well so far.
 
derFunkenstein
Gold subscriber
Gerbil God
Posts: 24751
Joined: Fri Feb 21, 2003 9:13 pm
Location: Comin' to you directly from the Mothership

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 12:57 pm

Whoever heard of a security research company getting their website hacked? What was the credential, admin/123?

https://web.archive.org/web/20120313153 ... bs.com:80/
I do not understand what I do. For what I want to do I do not do, but what I hate I do.
 
ludi
Lord High Gerbil
Posts: 8130
Joined: Fri Jun 21, 2002 10:47 pm
Location: Sunny Colorado front range

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 12:58 pm

cynan wrote:
Especially seeing as how, after a brief dip, AMD's stock is currently up 3.5% for the day. If this was orchestrated to drive AMD's stock down, doesn't look like it's working so well so far.

It was a reverse-psychology play to make AMD stock go up when the obvious deception became obvious! Will the conspiracy never end??!!1
Abacus Model 2.5 | Quad-Row FX with 256 Cherry Red Slider Beads | Applewood Frame | Water Cooling by Brita Filtration
 
biffzinker
Gerbil Jedi
Topic Author
Posts: 1990
Joined: Tue Mar 21, 2006 3:53 pm
Location: AK, USA

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 1:15 pm

Another quick response from AMD on their IR blog:
We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops.

http://ir.amd.com/news-releases/news-re ... r-street-0
It would take you 2,363 continuous hours or 98 days,11 hours, and 35 minutes of gameplay to complete your Steam library.
In this time you could travel to Venus one time.
 
cynan
Gold subscriber
Graphmaster Gerbil
Posts: 1133
Joined: Thu Feb 05, 2004 2:30 pm

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 1:17 pm

ludi wrote:
cynan wrote:
Especially seeing as how, after a brief dip, AMD's stock is currently up 3.5% for the day. If this was orchestrated to drive AMD's stock down, doesn't look like it's working so well so far.

It was a reverse-psychology play to make AMD stock go up when the obvious deception became obvious! Will the conspiracy never end??!!1


Could it be that the "AMDFlaws" website, the potential conflict of interest, and failure to adhere to past disclosure conventions were purposeful chinks in the armor? And that this ins't simply a case, so far, of AMD's competition pulling a stunt, being hoisted by their own petard? You're probably right! AMD has to be behind this one. And given AMD's PR department's amazing track record, that sort of PR masterminding certainly isn't giving them too much credit.
 
derFunkenstein
Gold subscriber
Gerbil God
Posts: 24751
Joined: Fri Feb 21, 2003 9:13 pm
Location: Comin' to you directly from the Mothership

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 1:28 pm

Or maybe it's a bunch of kids (judging from their management team's photos, anyway) trying to make names for themselves. AMD says they had never heard of these guys. I think it's safe to say they have now.

DancinJack wrote:
derFunkenstein wrote:
The domain registrations for AMDFLAWS.com and for safefirmware.com (which is where the whitepaper is hosted) is totally obfuscated. Maybe that's common, but it seems fishy to me.

screencap on the Tweeter: https://twitter.com/TVsBen/status/973600066752729089

Nah, that's common enough it's not something that would make me think anything bad. Lots of private registrations all over the web.

Maybe, but it also seems like the perfect opportunity to use WHOIS as a platform to push their brand, if the research is legit.
I do not understand what I do. For what I want to do I do not do, but what I hate I do.
 
biffzinker
Gerbil Jedi
Topic Author
Posts: 1990
Joined: Tue Mar 21, 2006 3:53 pm
Location: AK, USA

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 2:33 pm

Image
It would take you 2,363 continuous hours or 98 days,11 hours, and 35 minutes of gameplay to complete your Steam library.
In this time you could travel to Venus one time.
 
Walkintarget
Gerbil Team Leader
Posts: 285
Joined: Tue Jan 29, 2008 10:15 am

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 2:51 pm

Screw it .. Cyrix, HERE I COME !!!!
Intel i5 2500K@4.3, Gigabyte Z68XP-UD3-iSSD, Powercolor PCS+ 290x 4GB, Samsung 256GB 850 EVO SSD, 2TB Hitachi HDD, Thermaltake Level 10 GT Snow Ed, Corsair H80, Win 7 Pro
 
chuckula
Gold subscriber
Gerbil Jedi
Posts: 1888
Joined: Wed Jan 23, 2008 9:18 pm
Location: Probably where I don't belong.

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 3:08 pm

Walkintarget wrote:
Screw it .. Cyrix, HERE I COME !!!!


WinChip FTW!
4770K @ 4.7 GHz; 32GB DDR3-2133; GTX-1080 sold and back to hipster IGP!; 512GB 840 Pro (2x); Fractal Define XL-R2; NZXT Kraken-X60
--Many thanks to the TR Forum for advice in getting it built.
 
biffzinker
Gerbil Jedi
Topic Author
Posts: 1990
Joined: Tue Mar 21, 2006 3:53 pm
Location: AK, USA

Re: Vulnerabilities Discovered in AMD's Zen and Vega Security Processor, Including Backdoors in the AsMedia Chipset

Tue Mar 13, 2018 3:53 pm

No try the NexGen Nx586PF instead. Edit: Maybe you don't want a NexGen CPU, I see Branch Prediction Logic.
Image Image
Data sheet source: http://datasheets.chipdb.org/NexGen/2_H ... ecture.pdf
http://datasheets.chipdb.org/NexGen/
It would take you 2,363 continuous hours or 98 days,11 hours, and 35 minutes of gameplay to complete your Steam library.
In this time you could travel to Venus one time.

Who is online

Users browsing this forum: No registered users and 2 guests