Great follow-up Anandtech. Thank you for asking the obvious but difficult questions for them, especially at the end lol
Great follow-up Anandtech. Thank you for asking the obvious but difficult questions for them, especially at the end lol
In all likelihood they were trying to short AMD stock by using the vulnerabilities[1]. Beyond this I'm not sure why everyone is so up in arms about this whole situation. CTS doesn't owe anyone anything and they don't have any obligation to whatever vendor they might be working on. You could even argue it's probably better they just let it out than sitting on it for months/years.
[1] https://news.ycombinator.com/item?id=16598061
And what exactly did they do that was illegal? Trading on non-public information that you got from your own research and then announcing it is not illegal. How much you stand to gain may be up for debate however.
Shorting stock is not illegal, it's what investors on the stock market do all the time. Using information you have that others don't is not illegal unless that information was gained illegally (e.g. insider trading). The stock market is just another form of gambling where everyone plays every edge they can to it's full advantage, it's not there to be nice and fair.
Of course not, but when it comes to making lots money people are fast to put their morals aside. Look how many people on these forums mine crypto (another form of gambling) despite it basically wasting the earths resources for no real gain, and greasing the wheels of the criminal underworld (you pay for your drugs, guns, slaves, child porn in crypto). Not so much protest for an activity that's making geeks here money despite it being arguably worse then what CTS are doing.
Shorting stock is not illegal, ....ng.
I understand this. What is illegal is the purposeful intent at manipulation of the Stock Price for their own gain. Shorting is merely how they profit from the grift.
How do stocks and shares in pretty well every company in the world move before major announcements are made without people getting sued every time? As far as I know information is not illegal unless it was gained illegally. This information was effectively freely available - anyone could have theoretically discovered the flaws. How is using that information any different then all the other trading that goes on off the back of information someone has got their hands on? I am not saying it's right, but I don't understand how it's illegal.I understand this. What is illegal is the purposeful intent at manipulation of the Stock Price for their own gain. Shorting is merely how they profit from the grift.
David Kanter said:It's telling how quickly they bailed on the call once I started asking about their company. Also, they seemed to not understand "chicken bits" at all or the basic HW design principles. The ramblings about FPGAs were fascinating.
David Kanter said:I'd also point out that the original CTS report contains some claims that are frankly irresponsible. For example, they make claims about which flaws cannot be fixed by hardware/firmware/software. It seems to me that unless they actually have RTL and source code access, they have no idea what how the platform can be tweaked.
Linus said:Guys, CTS Labs is _obviously_ a scam
I understand this. What is illegal is the purposeful intent at manipulation of the Stock Price for their own gain. Shorting is merely how they profit from the grift.
Proving intent in court is extremely difficult,
Lets say you buy stock of company A and then say company A is good. Is that illegal? What happened here with shorting is just the opposite.
Intent is not at all hard to do in a civil lawsuit. This isn't a case you see on CSI. A civil lawsuit, you can use intent and prove it in a much easier fashion.Agreed.
But we have these guys that published "an exploit," knowing full well that it affected every single motherboard and CPU, but said that it was limited to AMD. They contracted with a shady company that is known for this type of FUD, ahead of time, and broke industry standards across the board when it comes to these type of disclosures. Every argument that they have made in defense of their methods has been shot down by industry security peeps. The timing, the press release, the fake website with the fake offices, dealing with known shady short-sellers...how much more of a picture do you need painted for you?
Well I guess what you or I think doesn't matter as much as what a judge thinks, if this ever makes it that far.
Lets say you buy stock of company A and then say company A is good. Is that illegal? What happened here with shorting is just the opposite.
You know what's the most funny part of their whole scam is? Whenever they talk about vendors and companies notified beforehand ASMedia and AsusTek are never among them even though they are the most tangible (however little) technical discussion of their whole "whitepaper".Now I get a clearer picture about this. Like formulav8 said, it should be asmediaflaws.com. As for TrustZone feature (thanks for addressing it, Ian!), somehow it only affects Zen-based CPU and not others.
Viceroy’s founder, Fraser Perring, was adamant about its company's intentions.
“We haven’t hidden the fact that we short the stock," Perring said in a phone call with Motherboard. "Where does a company with these serious issues go? For us you can’t invest in it."
Perring also said that Viceroy has never had any financial relationship with CTS Labs. An anonymous tipster shared CTS Labs’ report with Viceroy last week, Perring said. And once Perring and his colleagues started looking at it, he said they realized the flaws would put AMD’s financial health in danger. Hence, they bought a “short position” in the stock. Translation: they’re betting AMD stock falls, and they will make money if that happens.
In January, Viceroy got a lot of attention for shorting a South African holding company after writing a damning report on its financials. Just this week, the German financial regulators accused Viceroy of breaching laws with a critical report on a German media company that sent its share price down 9 percent.
There’s no evidence that CTS Labs worked with Viceroy to short AMD. But something like that has happened before. In 2016, security research firm MedSec found vulnerabilities in pacemakers made by St. Jude Medical. In what was likely a first, MedSec partnered with hedge fund Muddy Waters to bet against St. Jude Medical’s stock.
For Adrian Sanabria, director of research at security firm Threatcare and a former analyst at 451 Research, where he covered the cybersecurity industry, trying to short based on vulnerabilities just doesn’t make much sense.
"While it could work in theory and could become more common in the future, he said in a phone call, “I don't think we've seen enough evidence of security vulnerabilities really moving the stock for it to really become an issue."
Viceroy’s take that AMD is doomed is just “propaganda manufactured to hurt confidence in AMD,” Sanabria told me.
“It’s a ridiculous piece. It’s beyond exaggerated,” he added.
And, for now, it doesn’t seem like investors are heeding its advice.
Just trust juanrga. He never makes things up, and he's never a shill for some random company.
Asking for links is rude.
And the fact that one of the co-founders is also a hedge fund manager is just coincidence.
/s.
Guys, CTS Labs is _obviously_ a scam, and juanrga has drunk the koolaid. Not the first time he shills for crazy stuff.
Linus
The way they went about all of this is highly unethical, especially if they were in league with Viceroy and others.
I understand you're upset, but he is correct. It's not illegal to short the stock market. IMO shorting is legalized gambling but it's perfectly legal to do. The way they went about all of this is highly unethical, especially if they were in league with Viceroy and others. Not even telling AMD about the issue first and going straight to the press is obviously the wrong thing to do. But I don't see AMD bringing them to court.
It looks like CTS's plan is backfiring as well. And I definitely don't see anyone using their services in the future.
And i expect these kinds of situations to increase.
That's why I am hoping viceroy get hammered by the relevant regulatory authorities. CTS labs appear to be a bunch of clowns who are clearly part of viceroys money making scheme.
Probably would have been more profitable for them to just sell the exploits. Wouldn't have made them a laughing stock either.
The problem with buying an hardware specific exploit means that this is not very useful when your target does not own that specific hardware.
They cannot ask much for it. And the ones buying these kind of exploits are usually not the most friendly and forgiving when they find out it is hardware specific.
And i think that is the reason they went this route.
Intel vs AMD amount of cpu's sold is still significant.
Asmedia do indeed provide the "chipset" IP for Ryzen. It actually identifies as an ASMEDIA ASM2016(A, B or C depending on X370/B350/A320 I think it is).
But the "chipset" isn't really the chipset, as Ryzen is a full-on SoC with its own FCH on die (which coincidentally is all the X300/B300 would be). The "chipset" Asmedia provides is really just a glorified PCIe I/O breakout box. All the important stuff is happening on-die inside Ryzen.
Depends on who they sell it to I guess. I am sure governments would buy from a l337 h4x0r crew like CTS labs. Governments see exploits as just one part of the strategy. Of course this is predicated on these exploits actually existing.
Has there been any POC exploits released yet?
AMD announced it has landed Baidu as a customer and partner. It’s a significant win for AMD; Baidu doesn’t really have a US presence, but it controls 76 percent of the PC search market in China and 82 percent of the mobile and tablet markets.
Specifically, Baidu is opting to adopt single-socket Epyc servers. AMD currently offers a range of single-socket CPUs, from the Epyc 7601 (32 cores, 2.2GHz base, 3.2GHz turbo) to the Epyc 7251 (8 cores, 2.1GHz base, 2.9GHz turbo). Reviews of Epyc have generally been favorable — the CPU doesn’t always beat Intel but it competes far better than anything AMD has had in-market since Interlagos launched in September, 2011.
Baidu is using AMD CPUs for AI, big data, and cloud computing services, with additional data center expansions beginning in Q1 2018.
Evaluated against AMD’s own stated goal of a slow ramp, AMD appears to be doing quite well. It’s announced deals with Microsoft and Baidu, two of the top eight cloud service/hyperscale providers. NextPlatform identifies these as Amazon, Facebook, Google, and Microsoft in the US and Alibaba, Baidu, China Mobile, and Tencent in China. Baidu is standardizing on AMD’s single-socket systems, which tend to be cheaper than their Xeon equivalents while containing 128 PCIe lanes — far more than Intel provides in an equivalent configuration. AMD still doesn’t expect its server business to be a major profit driver in 2018, but these early wins could foreshadow larger long-term achievements.