"amdflaws.com" - What is this?

[ElFenix]

Hey guys, can you keep it a bit more to the alleged flaws (and alleged manipulation) and less on forum drama over at [H]?

Thanks

AT Moderator ElFenix

 

[DrMrLordX]

Probably for the best. If we keep invoking the name or memory of he-who-shall-not-be-named, he may come here and smite us all.

I think the only major issue wrt CTS and their shenanigans is to follow the money. To date, I haven't seen much solid information about who paid for what is obviously a hit-job on AMD's CPU products. We may never know for sure.

 

[krumme]

Is this perhaps because someone in the Israel government or system is trying to protect Israel jobs?

We know Israel feel betrayed by US after the Iranian nuclear deal.
They will try to protect themselves. They feel more alone than ever.

And that fight is now even more about jobs than military actions. Eg recently Netanyahu met the CEO of Teva a major company with demands he could not cut jobs.

Jobs is national safety.

We know the US used advanced virus and coding to blow up Iranian centrifuges.
We know the Israeli have that knowlege now. We also know the american is angry because the Israel blow the cover by using to agressive code. Didnt help the relationship.

Now one of these CTS guys is former Israel military intelligence agency. This agency certainly have the knowledge about all vulnerabilities eg in chipsets whatnot. And then some.

Now did someone from inside this agency tip these guys with the idea or some basic knowledge? Knowing full well it would go something like the "Viceroy" way. And that the net result would be favorably for Israel jobs via Intel.

The political climate and precedence is certainly there to take such actions.

 

[CHADBOGA]

Is this perhaps because someone in the Israel government or system is trying to protect Israel jobs?

We know Israel feel betrayed by US after the Iranian nuclear deal.
They will try to protect themselves. They feel more alone than ever.

And that fight is now even more about jobs than military actions. Eg recently Netanyahu met the CEO of Teva a major company with demands he could not cut jobs.

Jobs is national safety.

We know the US used advanced virus and coding to blow up Iranian centrifuges.
We know the Israeli have that knowlege now. We also know the american is angry because the Israel blow the cover by using to agressive code. Didnt help the relationship.

Now one of these CTS guys is former Israel military intelligence agency. This agency certainly have the knowledge about all vulnerabilities eg in chipsets whatnot. And then some.

Now did someone from inside this agency tip these guys with the idea or some basic knowledge? Knowing full well it would go something like the "Viceroy" way. And that the net result would be favorably for Israel jobs via Intel.

The political climate and precedence is certainly there to take such actions.

LOL That is such a whacky take on things.

 

[piesquared]

Is this perhaps because someone in the Israel government or system is trying to protect Israel jobs?

We know Israel feel betrayed by US after the Iranian nuclear deal.
They will try to protect themselves. They feel more alone than ever.

And that fight is now even more about jobs than military actions. Eg recently Netanyahu met the CEO of Teva a major company with demands he could not cut jobs.

Jobs is national safety.

We know the US used advanced virus and coding to blow up Iranian centrifuges.
We know the Israeli have that knowlege now. We also know the american is angry because the Israel blow the cover by using to agressive code. Didnt help the relationship.

Now one of these CTS guys is former Israel military intelligence agency. This agency certainly have the knowledge about all vulnerabilities eg in chipsets whatnot. And then some.

Now did someone from inside this agency tip these guys with the idea or some basic knowledge? Knowing full well it would go something like the "Viceroy" way. And that the net result would be favorably for Israel jobs via Intel.

The political climate and precedence is certainly there to take such actions.

There is likely a lot of truth in that. I doubt very much that the motivation behind this has anything to do with this "security firms" concerns about security, and very much to do with geopolitics. Fearmongering/false flag type of operations are a standard practice of the deep state (project northwoods, gulf of Tonkan, 911, etc to mention a few of the many) and given the ties and connections of those involved, this appears to be right up that alley. The Zionist backed publications run the cover of a short seller motivation while the real motivation remains uncovered. Tech forums are no longer tech enthusiast forums, they are basically state and corporate run propaganda outlets that have unfortunately been taken over by the same forces that control the main stream media. The mass population of people wander along aimlessly like good little sheeple. This whole thing is a sham, but the conspirators will continue to pound the drum and as it lingers in the news cycle it will eventually become part of the mainstream narrative, and people will accept it as the way it is or become a victim to attrition and give up opposing the obvious manipulation. Just talk to anyone that follows cable news like religion, the psychology is the same. It is absolutely painful to see how blind the mass population are and how willing they are to have their chains yanked. Mass manipulation and exploitation.

 

[FIVR]

^Lizard people confirmed

 

[DrMrLordX]

Gee, I was thinking that it was Intel trying to smear AMD to take heat off of them (Intel) for Meltdown? I am clearly outclassed in the conspiracy department.

 

[formulav8]

They're back. I wonder what happened to their spiffy computer rooms from their interviews?

 

[formulav8]

As expected, commenting is disabled.

 

[Stuka87]

The question is, where did they get the source code for the bios? Or would the attacker have to use an open source BIOS, and hope its compatible with the machine being attacked?

PS: The drill press is a must have in every clean operating environment!

 

[krumme]

Gee, I was thinking that it was Intel trying to smear AMD to take heat off of them (Intel) for Meltdown? I am clearly outclassed in the conspiracy department.

I try to bring arguments to the table. And bring a new perspective not seen elsewhere.

Its perfectly fine to disagree and my analysis is probably wrong. But its well argumented with loads of facts. I would like to hear argument counter it.

I would like people to read it without some evil zionist or evil Intel thinking.

 

[MrTeal]

The question is, where did they get the source code for the bios? Or would the attacker have to use an open source BIOS, and hope its compatible with the machine being attacked?

PS: The drill press is a must have in every clean operating environment!

First, we drill into the BIOS to allow code injection...

 

[Stuka87]

First, we drill into the BIOS to allow code injection...

He starts out loading a modified BIOS. Which means he had to start with source that could be modified. I would hope America Megatrends does not release their BIOS source code.

 

[HutchinsonJC]

Volume Up... he types at least a 10 character length password as near as I can tell as part of his remote in process. He says at ~4:20 he's gonna do this just like an attacker would... what attacker has the password to just type in like he does?

 

[Stuka87]

Volume Up... he types at least a 10 character length password as near as I can tell as part of his remote in process. He says at ~4:20 he's gonna do this just like an attacker would... what attacker has the password to just type in like he does?

Don't all attackers use Power Shell remoting as an attack vector?

 

[Dayman1225]

AMD Confirms CTS-Labs Exploits: All To Be Patched In Weeks

Big Ol' Nothing Burger

 

[formulav8]

Just about to post it. Nice

Edit: Here is the Corporate link

Initial AMD Technical Assessment of CTS Labs Research

 

[piesquared]

Hmm. I thought these 'experts' said it couldn't be fixed, and that was their excuse for not giving the vendor the industry standard 90 days before releasing the findings...

 

[formulav8]

AMD Confirms Chip Vulnerability, Says Report Exaggerated Danger

• Company asking for investigation of unusual stock trading
• All potential exploits to be fixed with software within weeks

CTS estimated that it would take “many months” to address the issue. The researcher didn’t give AMD that amount of time to fix the holes before drawing public attention to them, something that goes against standard practice in these situations.

“I fault CTS Labs for not following industry-standard coordinated disclosure procedure,” said Ben Gras, a researcher at Vrije University in Amsterdam who focuses on hardware security flaws. “A widely accepted practice in these situations is to coordinate with the vendor and affected parties during a window of confidentiality before publicizing security sensitive information, reducing the impact of the research while still maintaining transparency. As it stands, this leads me to believe they are not acting in good faith, and make me interpret other aspects of this report skeptically.”

 

[krumme]

AMD Confirms CTS-Labs Exploits: All To Be Patched In Weeks

Big Ol' Nothing Burger

Yep. Standard knowledge on the Unit 8200 trainee program

 

[Topweasel]

Hmm. I thought these 'experts' said it couldn't be fixed, and that was their excuse for not giving the vendor the industry standard 90 days before releasing the findings...

Because they are so easy to fix. It's clearer and clearer why this happened.

Chances are they had access to, or knew how to use Asmedia USB for elicit connections for a while. My guess is this info is probably siphoned from state sponsored hacking. When Ryzen came out a success last year and they saw how much AMD's stocks fluctuated and realized that Asmedia actually developed the chip-set they probably set some stuff in motion. They probably were licking their chops when they saw how meltdown had affected both AMD and Intel stock and figured a large list of "Huge Bugs" at AMD would send the stock spiraling. Everything else is basically an offshoot of that. Their limited attack vectors and the fact that they require extreme knowledge of the systems to work probably made validators miss the vector. But realistically as AMD has stated. It's like one or two minor loops to close off and boom no insecurity from something relatively insignificant in the first place. Chances are if they gave AMD the 90 days, AMD could have patched them months before hand as a normal security update and no one would ever know who CTS-Labs are and Viceroy couldn't have shorted their stock for profit (which they probably didn't anyways because AMD barely budged).

 

[krumme]

Man...
I actually thought they had more than just what was enabled by admin access at the metal. Good grief.
As Papermaster says.
"Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research.”
It borders on the comical. Like the green screen footage.

As i wrote in the first post in this thread these guys should be glad if they are not found dead in a year by some accident.

Everyone and their brother will now ask where they got the admin access from.

 

[Mockingbird]

Initial AMD Technical Assessment of CTS Labs Research

https://community.amd.com/community...amd-technical-assessment-of-cts-labs-research

 

[ondma]

LOL That is such a whacky take on things.

It is the inverse occam's razor approach.

 

[IEC]

Hmm. I thought these 'experts' said it couldn't be fixed, and that was their excuse for not giving the vendor the industry standard 90 days before releasing the findings...

Fixes coming so soon strengthens the case that the over-hyping of these vulnerabilities was for stock price manipulation.