"amdflaws.com" - What is this?

[IEC]

I nearly avoided this thread due to messenger bashing instead of talking about substance. But I have a burning question. Isn't the biggest potential worry the possibility that the computers are compromised before you even get them? This has happened in the past with the NSA:
https://www.theatlantic.com/technol...tops-purchased-online-install-malware/356548/

In that case, it would be a security risk for any country/entity that isn't in full control of the entire supply chain? It isn't a someone changed the door locks and later robbed the place issue. It is an issue that the original door locks were compromised before you even had a house to lock them with.

This isn't an AMD vs. Intel thing either. Both companies have chips that can be compromised. We should be treating this as a potential threat that can affect us all regardless of which company we root for or against. Ryzen is a great chip. But it isn't perfect. No chip is. Why can't we take any possibility, even if remote, seriously? The issue isn't can a chip from Intel or AMD be compromised. The answer is yes to both. Shouldn't the real issue be "can we detect that a specific chip was compromised?"

The average user (and even corporation) cannot secure against a nation state. Period.

Even if the management and/or security platforms are 100% secure, it is pointless if a nation state has the ability to intercept and modify hardware in transit. Not to mention listening capabilities in critical networking infrastructure everywhere ("No Such Agency").

You will *never* be able to safeguard against that even with full control of production. Which is why going full tinfoil is irrelevant to this hatchet job.

 

[FIVR]

Where did Viceroy research get the money to create all these documents or even test all this stuff? This was a lot of work to find these fake vulnerabilities. Somebody payed hundreds of thousands if not millions of dollars to create this scheme. What are Viceroy's assets?


Very interesting that this scheme is based in Israel, a country notorious for both corruption and cyber espionage... and a country where AMD's largest competitor has a headquarters. It all looks extremely suspicious and deserves an FBI and SEC investigation.

 

[urvile]

I didn't read most of this thread. Has anyone actually produced verifiable POCs that exploit the reported vulnerabilities?

Or is it still purely theoretical at this stage?

 

[DaveSimmons]

I didn't read most of this thread. Has anyone actually produced verifiable POCs that exploit the reported vulnerabilities?

Or is it still purely theoretical at this stage?

Outside of the short-seller sockpuppet company and their hired gun, no one has had time to research this yet. Their paid guy said it took him a week to "verify" the exploits. Give the other research companies a little more time to see how bad the problems really are.

 

[DarthKyrie]

Intel has had research facilities since 1974.
https://www.intel.com/content/www/us/en/corporate-responsibility/intel-in-israel.html
Everything after the Pentium 4 was based of a design done in Haifa.
And it proved them well.
But this CTS labs case really stinks like someone with a "personal" and financial vendetta.


It is always possible that someone knows someone....

http://old.seattletimes.com/html/businesstechnology/2003658346_intelisrael09.html


Added date for clarification.

Doesn't that make the Haifa office responsible for Meltdown/Spectre?

 

[urvile]

Outside of the short-seller sockpuppet company and their hired gun, no one has had time to research this yet. Their paid guy said it took him a week to "verify" the exploits. Give the other research companies a little more time to see how bad the problems really are.

How anyone could believe security researchers (and I use that term loosely) that cannot even produce POC exploits that can be independently verified is beyond me. Unless they have? I wait with baited breath.

 

[nurfe]

Define Admin privileges. My employers' Deskside technicians have administrative rights to the hardware, not the OS. That doesn't mean they have the ability to install unsigned code into the IME.

That's the key thing, the trusted environment allows the execution of untrusted code. Therefore the trusted environment cannot be trusted.

Actually we just went through major security issues with Intel's ME recently: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

It is hard to talk about alleged vulnerabilities without a CVE or a reputable source report. Still, if you have a better understating of the vulnerabilities though, as you implied in a previous post, please expand on it. I'm intrigued.

The entire disclosure up until now, however, even if we'd assume it to be more or less true, is painfully unprofessional and clearly malicious.

 

[Dayman1225]

How anyone could believe security researchers (and I use that term loosely) that cannot even produce POC exploits that can be independently verified is beyond me. Unless they have? I wait with baited breath.

TPU has apparently contacted CTS about it and they said this:

CTS Labs stated to TechPowerUp that it has sent AMD, along with other big tech companies a "complete research package," which includes "full technical write-ups about the vulnerabilities," "functional proof-of-concept exploit code," and "instructions on how to reproduce each vulnerability." It stated that besides AMD, the research package was sent to Microsoft, HP, Dell, Symantec, FireEye, and Cisco Systems, to help them develop patches and mitigation.

 

[Markfw]

Regardless of the stock manipulation, and bad press and other things that are probably true... The bottom line is that these need admin privs to be installed. That makes the entire issue dead.

Now I do see the possibility of someone intercepting the new hardware and flashing bios, but wait, a simple bios update fixes that, using a trusted download from the vendor ?

 

[urvile]

The average user (and even corporation) cannot secure against a nation state. Period.

Even if the management and/or security platforms are 100% secure, it is pointless if a nation state has the ability to intercept and modify hardware in transit. Not to mention listening capabilities in critical networking infrastructure everywhere ("No Such Agency").

You will *never* be able to safeguard against that even with full control of production. Which is why going full tinfoil is irrelevant to this hatchet job.

Intelligence agencies also have the ability to compromise people and I don't mean social engineering. I mean compromising them for real. Nation states have been compromising people as a means to an end long before they were compromising computer systems.

 

[urvile]

TPU has apparently contacted CTS about it and they said this:

And we will wait and see if it's true or not. Does it mention whether TPU contacted any of those companies to verify those claims?*

As someone who has been on the periphery of cyber security for years. I am finding the whole thing very odd.

*Just to add. I don't exactly get my information on the latest vulnerabilities and exploits from publications like TPU. So I am not going to bother reading the article.

 

[Dayman1225]

And we will wait and see if it's true or not. Does it mention whether TPU contacted any of those companies to verify those claims?

As someone who has been on the periphery of cyber security for years. I am finding the whole thing very odd.

Doesn't appear that TPU followed up with those companies, guess we gotta wait and see...

 

[William Gaatjes]

Doesn't that make the Haifa office responsible for Meltdown/Spectre?

No. I do not think so.
Spectre is an issue also with ARM cpu's and to some extent AMD and these were not designed at Intel.
I do have always wondered, if it is a specific patent that caused the spectre vulnerability.
And the meltdown issue, well that is a good one. I do not know which cpu from Intel is the oldest design that has athe meltdown flaw.
That may also be a patent that turns out to have a flaw. Keeps me wondering who the patent owners are.
All cpu are so much alike and there is so much patents in cpu designs that i am sure that ARM , Intel and AMD all have perhaps used the same patent for spectre.
And the meltdown issue may be also be based of a patent (speculative execution) but the implementation is flawed.

 

[Mockingbird]

Where did Viceroy research get the money to create all these documents or even test all this stuff? This was a lot of work to find these fake vulnerabilities. Somebody payed hundreds of thousands if not millions of dollars to create this scheme. What are Viceroy's assets?


Very interesting that this scheme is based in Israel, a country notorious for both corruption and cyber espionage... and a country where AMD's largest competitor has a headquarters. It all looks extremely suspicious and deserves an FBI and SEC investigation.

...from its other short-selling schemes

It makes money from short-selling, then spreading false information and tanking stocks

https://www.businesslive.co.za/bd/c...y-research-names-its-new-target-capitec-bank/

Viceroy Research names its new target: Capitec Bank
Its shares fell as much as 20%, before recovering most of the loss, after Viceroy called it a 'loan shark ... masquerading as a community finance provider'

 

[turtile]

Where did Viceroy research get the money to create all these documents or even test all this stuff? This was a lot of work to find these fake vulnerabilities. Somebody payed hundreds of thousands if not millions of dollars to create this scheme. What are Viceroy's assets?


Very interesting that this scheme is based in Israel, a country notorious for both corruption and cyber espionage... and a country where AMD's largest competitor has a headquarters. It all looks extremely suspicious and deserves an FBI and SEC investigation.

If they can make $10 million by investing $1 million...

Let's put it this way, if they really believe (which would be stupid) that they can bankrupt AMD and were also the ones with a fake buyout rumor last week, they could have shorted the stock. That's basically almost doubling your money per share short.

But more logically they could have leverage tons of put contracts which would yield huge gains. If they were successful, they could have purchased $9.50 put options for 2 cents and yielded what ever it falls below.

 

[urvile]

Doesn't appear that TPU followed up with those companies, guess we gotta wait and see...

There is that lack of a verifiable POC again. Given all of the questions swirling around CTS Labs.

Not verifying their claims is some really sloppy journalism.

The wait continues.

 

[Mockingbird]

If they can make $10 million by investing $1 million...

Let's put it this way, if they really believe (which would be stupid) that they can bankrupt AMD and were also the ones with a fake buyout rumor last week, they could have shorted the stock. That's basically almost doubling your money per share short.

But more logically they could have leverage tons of put contracts which would yield huge gains. If they were successful, they could have purchased $9.50 put options for 2 cents and yielded what ever it falls below.

I really doubt that Viceroy Research thought that it can bankrupt AMD.

It was just short-selling AMD and hoping that AMD's stock would tank so that it can cash in.

 

[Asterox]

No. I do not think so.
Spectre is an issue also with ARM cpu's and to some extent AMD and these were not designed at Intel.
I do have always wondered, if it is a specific patent that caused the spectre vulnerability.
And the meltdown issue, well that is a good one. I do not know which cpu from Intel is the oldest design that has athe meltdown flaw.
That may also be a patent that turns out to have a flaw. Keeps me wondering who the patent owners are.
All cpu are so much alike and there is so much patents in cpu designs that i am sure that ARM , Intel and AMD all have perhaps used the same patent for spectre.
And the meltdown issue may be also be based of a patent (speculative execution) but the implementation is flawed.

Yes but this is most important, it today many ARM SoC-s most commonly used is Cortex A53(or his successor A55) he is not affected.

http://www.portvapes.co.uk/?id=Latest-exam-1Z0-876-Dumps&exid=thread...scussion-thread.2532563/page-21#post-39245556

 

[turtile]

I really doubt that Viceroy Research thought that it can bankrupt AMD.

It was just short-selling AMD and hoping that AMD's stock would tank so that it can cash in.

It looks like they failed for now. There are a ton of put options (over 1,000,000 shares) that expire at $10.00 on Friday and even more at $11.00 next week. Now we will just have to see if they cover the short positions or come up with a new plan of attack.

 

[moinmoin]

Should I give up hope for a meaningful update to the AnandTech article on this topic?

 

[inf64]

Someone is getting nervous

 

[Mockingbird]

It looks like they failed for now. There are a ton of put options (over 1,000,000 shares) that expire at $10.00 on Friday and even more at $11.00 next week. Now we will just have to see if they cover the short positions or come up with a new plan of attack.

It would be poetic justice if Viceroy Research ends up losing money.

 

[VirtualLarry]

I didn't read most of this thread. Has anyone actually produced verifiable POCs that exploit the reported vulnerabilities?

Or is it still purely theoretical at this stage?

Where are the CVEs, show me the CVE numbers...

 

[positivedoppler]

It looks like they failed for now. There are a ton of put options (over 1,000,000 shares) that expire at $10.00 on Friday and even more at $11.00 next week. Now we will just have to see if they cover the short positions or come up with a new plan of attack.

what is put and what does all that mean?

 

[jpiniero]

It looks like they failed for now. There are a ton of put options (over 1,000,000 shares) that expire at $10.00 on Friday and even more at $11.00 next week. Now we will just have to see if they cover the short positions or come up with a new plan of attack.

Yeah but they could of sold the options if they didn't get the drop they wanted. Seems like with the theta decay the put options at 10 and 11 still went down today although the loss wasn't much.