News AMD Discloses Vulnerabilities in EPYC Processors’ Secure Encrypted Virtualization

ginthegit

Distinguished
BANNED
Nov 15, 2012
201
31
18,610
0
Love it, Just like Intel, it seems that the features meant to increase security actuually decreases it!

Some would almost say they have yielded to the FBI in their desired want for Backdoors for spying on its citizens.

LOL Security features = Failed security
 

waltc3

Prominent
Aug 4, 2019
148
70
660
0
Yawn, both vulnerabilities require Administrator access...another dud "report" from university hackers that a company has to respond to. No exploits (of course)...and the sensational tech press strikes out again, imo.
 

NatalieEGH

Distinguished
Nov 23, 2012
30
0
18,540
1
If this is a vulnerability that must be addressed then EVERY system administrator in the world should be fired.

The so-called vulnerability requires a system administrator to be physically connected with the system. That means on-site using a trusted console (the one used to start, restart after a termination (hopefully from a system shutdown done at that terminal and not a system abort/crash, application of updates, initiate system debugging, ...). The system administrator should be a "Trusted User". They have all power on the machine.

Okay they discovered the system administrator working from the system console has the ability to cause the injection of code into a running virtual system. BIG FREAKING DEAL.

I was a system programmer/system administrator for years. I actually broke the system (luckily a development and testing system with only a few hundred users on) on more than one occasion. I regularly was working on extraction of information from the OS and when needed injection/modification of information. IT WAS MY JOB. PEOPLE KNEW WHEN I WAS BEING DANGEROUS.

Maybe there was no intention to allow the system administrator that particular ability. Maybe if the administrator is a thief, terrorist, or just stupid prankster they can cause problems. If a site hires an administrator and gives them the complete set of keys to the kingdom (including in this case a few keys not known on the key chain), they are stupid and the HR personnel, the supervisor, and everyone involved in the hiring should be fired.

To be honest depending on what was done and whether I consider the person was a further danger, if I was the boss, I would consider hiring the person to be head of the department with a salary big enough the person will stay legal just because of the legal/respectable/small bragging rights lifestyle they would be living.

This might be a flaw in the intended way the chip works but it is hardly a security issue.
 

ASK THE COMMUNITY