CTS Labs Make Mountains Out of Molehills over Minor Secondary Vulnerabilities

Discussion in 'Hardware Components and Aftermarket Upgrades' started by don_svetlio, Mar 13, 2018.

  1. don_svetlio

    don_svetlio In the Pipe, Five by Five.

    Reputations:
    338
    Messages:
    3,616
    Likes Received:
    1,822
    Trophy Points:
    231
    So apparently a smear campaign has been launched today aimed at bringing down AMD's stock. The company claims to have found 13 "vulnerabilities" in AMD's Zen cores but in most cases those require physical or administrative access to a machine (at which point you basically have full control over the system). The shady company - CTS Labs - (whose offices are apparently stock footage: https://www.reddit.com/r/Amd/comments/846gpm/how_cts_labs_created_their_offices_out_of_thin_air/) are backed by an even shadier doomsaying company - Viceroy - who are basically screaming apocalypse. To make things even more ridiculous, CTS only gave AMD 24 hours to fix these so-called bugs where the minimum legal requirement (I think) is 90 days or about 2160 hours. Spectre and Meltdown, for example, had a 6-month (4220-hour) period in which the companies had time to address them.

    The full ****show can be found here: https://linustechtips.com/main/topi...scovered-in-amd-zen-processors-amds-meltdown/

    PS: Post #5 basically debunks everything the "researchers" claimed.
     
  2. Arrrrbol

    Arrrrbol Notebook Evangelist

    Reputations:
    613
    Messages:
    478
    Likes Received:
    502
    Trophy Points:
    106
    I can't even imagine why people would do that. Bringing down AMD won't make Intel get magically better.
     
    hmscott likes this.
  3. TANWare

    TANWare Just This Side of Senile, I think. Super Moderator

    Reputations:
    2,320
    Messages:
    9,018
    Likes Received:
    4,168
    Trophy Points:
    431
    I have been posting in the Ryzen thread, this is a 100% scam. bad domains, just made youtube channel etc.etc.etc......
     
  4. saturnotaku

    saturnotaku Notebook Prophet

    Reputations:
    3,685
    Messages:
    6,897
    Likes Received:
    2,274
    Trophy Points:
    331
    Meh. This is a bigger story as far as I'm concerned:

     
  5. Carrot Top

    Carrot Top Notebook Evangelist

    Reputations:
    74
    Messages:
    319
    Likes Received:
    273
    Trophy Points:
    76
    Holy title gore. I was about to report this as spam.
     
  6. don_svetlio

    don_svetlio In the Pipe, Five by Five.

    Reputations:
    338
    Messages:
    3,616
    Likes Received:
    1,822
    Trophy Points:
    231
    Trying to make it precise and simple :)
     
    hmscott likes this.
  7. Mr. Fox

    Mr. Fox Undefiled BGA-Hating Elitist

    Reputations:
    23,767
    Messages:
    32,554
    Likes Received:
    46,484
    Trophy Points:
    931
    A self-fulfilling prophecy. Now team red get's to be the drive-by media's whipping post and object of overblown security hype and hooplah. Sigh... I suppose the OCD kiddos always need a crisis of some kind.
    déjà vu... c'est la vie... flashback to the Intel security hype thread...
     
    jclausius and Dr. AMK like this.
  8. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,915
    Messages:
    17,287
    Likes Received:
    21,213
    Trophy Points:
    931
    As @TANWare said there are a number of posts about this in the Ryzen thread:
    http://forum.notebookreview.com/thr...ga-polaris-gpus.799348/page-414#post-10694963
    http://forum.notebookreview.com/thr...ga-polaris-gpus.799348/page-414#post-10694917
     
  9. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,915
    Messages:
    17,287
    Likes Received:
    21,213
    Trophy Points:
    931
    Alleged AMD Zen Security Flaws Megathread
    https://www.reddit.com/r/Amd/comments/845w8e/alleged_amd_zen_security_flaws_megathread/

    "The Accusers:
    AMDFlaws

    Viceroy Research

    Media Articles:

    AnandTech:

    Security Researchers Publish Ryzen Flaws, Gave AMD 24 hours Prior Notice

    Guru3D:
    13 Security Vulnerabilities and Manufacturer 'Backdoors Exposed' In AMD Ryzen Processors

    CNET:
    AMD has a Spectre/Meltdown-like security flaw of its own

    TPU:
    13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

    Phoronix:
    AMD Secure Processor & Ryzen Chipsets Reportedly Vulnerable To Exploit

    HotHardware:
    AMD Processors And Chipsets Reportedly Riddled With New Ryzenfall, Chimera And Fallout Security Flaws

    [H]ardOCP:
    AMD CPU Attack Vectors and Vulnerabilities

    TomsHardware:
    Report Claims AMD Ryzen, EPYC CPUs Contain 13 Security Flaws

    Breaking Down The New Security Flaws In AMD's Ryzen, EPYC Chips

    Motherboard:
    Researchers Say AMD Processors Have Serious Vulnerabilities and Backdoors

    Other Threads:
    Updates:
    CNBC Reporter was to discuss the findings of the CTS Labs report
    He provided an update saying it is no longer happening


    AMDs Statement via AnandTech:
    At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings

    Second AMD Statement via AMD IR:
    We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops.

    How "CTSLabs" made their offices from thin air using green screens!

    We have some leads on the CTS Labs story. Keep an eye on our content. - Gamers Nexus on Twitter

    Added some new updates, thanks to motherboard. dguido from trailofbits confirms the vulnerabilities are real. Still waiting on AMD. CTS-Labs has also reached out to us to have a chat, but have not responded to my email. Any questions for them if I do get on a call - Ian Cutress, Anandtech on Twitter

    Linus Torvalds chimes in about CTS:

    Imgur

    Google+

    Paul Alcorn from TomsHardware has spoken to CTS, article soon!

    Twitter Thread by Dan Guido claiming all the vulnerabilities are real and they knew a week in advanced

    Goddamnit, Viceroy again?! (Twitter Thread)

    @CynicalSecurity, Arrigo Triulzi (Twitter Thread)

    I'm off for tonight, updates will continue tomorrow

    More news will be posted as it comes in."

    Wow, pretty in depth, lots of info...
     
    Dennismungai, Ashtrix and Dr. AMK like this.
  10. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,915
    Messages:
    17,287
    Likes Received:
    21,213
    Trophy Points:
    931
    Last edited: Mar 13, 2018
    Ashtrix, TANWare and Dr. AMK like this.
Loading...

Share This Page