AMD Responds To CPU Security Flaw Report

Status
Not open for further replies.

clutchc

Titan
Ambassador
So, what's the bottom line for the consumer? Update the board's BIOS when one comes available? Or will the patch come directly from AMD in the form of a download?

Also, is this something older AMD processors are affected by? Phenoms, Athlons, FX?
 

Druidsmark

Commendable
Aug 22, 2016
43
1
1,530
I for one am kinda glad CTS Labs did it this way as it forces AMD to react and fix the problems sooner.

As my Asus computer is over to years old, I don't know if I will see an update for my M32BF A10-7800, hopefully they will update my motherboard once AMD start releasing the patches for these security vulnerabilities.
 

Alerean

Reputable
Aug 20, 2015
11
0
4,520
You have nothing to worry about...someone who has your administrative privileges is going to have control of your system without these exploits anyway...
 

Ilya__

Reputable
Jan 7, 2016
118
1
4,710


Exactly, if someone has your credentials you are screwed already. Open Chrome, then Cntrl+H...you are done for XD
 


Just to be clear, you are aware that TH and anandtech are sister sites right?
 


Seeing that CTS has made no mention of the older lines and focused solely on Ryzen for what still amounts to rather sketchy targeting based on the upcoming refresh, I doubt it. While it is still a possibility, nothing is assured in any sense. While I applaud AMD for taking prompt and effective counters to the reported issues, I still feel this to be a stock shorting move and little else. It's all too convenient and stinks no matter how much they want to cover it up.
 

nobspls

Reputable
Mar 14, 2018
902
12
5,415


Really skewering Tom's so quickly. What has Tom's done? Fool me once shame on you right? CTS fooled all sorts of people. Tom's is eager to report the news no doubt, and may have been quick on the trigger, but I'm pretty sure Tom's not falling for CTS shenanigans any time soon I would hope.

 

clutchc

Titan
Ambassador


It does sound fishy since Intel is suffering right now with spectre and meltdown
 

A Stoner

Distinguished
Jan 19, 2009
325
100
18,960
So, CTS was started after Spectre and Meltdown were known but not released to the public. This sounds like Intel, a company I actually like, or someone with a large amount of their shares, started the company specifically to attack AMD.
 

rafael_1414

Honorable
Apr 22, 2012
11
0
10,510
For people who don't know how short selling works: a buyer sells stock that he doesn't own, but has borrowed. When the stock price goes down, he can buy cheap stock and repay the debt at low cost.

Example: borrow AMD stock; sell for 10 million to a third party; wait until AMD stock drops 20 percent; purchase the same amount of AMD stock for 8 million to repay the debt. Profit is 2 million minus the borrowing fees.

Some companies go short and try to influence the market by 'exposing' a potential weakness in the company they went short on.

So if this was an attack on AMD shares, it was not done by Intel or somebody who owns Intel stock. It was done (if it was an attack) by somebody who went short on AMD shares.
 

plateLunch

Honorable
Mar 31, 2017
89
29
10,560
For those who like to play with money as well as PCs, tomorrow should be AMD Short Squeeze Day. Because of the way stock shorting works, a company like CTS who was probably shorting the stock, will have to buyback their borrowed shares. This will cause the price of AMD to go up as the shorters lose money. That is a "short squeeze". Watch AMD's stock price throughout the day. I should be a steady ramp as CTS and Viceroy lose money. If you want to get in on the fun, you can put down a few thousand at your local [strike]casino[/strike] broker and join in the fun. You might even make enough to buy yourself a Ryzen or two.
 


And you are aware that Ian Curtis and David Kanter debug the thing on the second day with their interview and their unbias analysis of the matter?

And you are aware that Toms didn't even questioned the content of the story and didn't analyze the element at plays?

And you are aware that the 24 hours BS was because the flaws were benign and that AMD would have patched them before the disclosure time making this whole story a non-existent issue?

Toms didn't saw anything, didn't questioned anything. They shown the typical anti-AMD bias they always propagate.

https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs

Check the comments... I told you so.

 


They are responsible for the contents on their website. They were some of the firsts to report this garbage and all the major medias just trusted the tech sites that blindly reported the news like TH. They have a responsibility with that whole story. It was the external actors who debugged the story... and a couple of website that did their job as tech journalists.
 

sykozis

Distinguished
Dec 17, 2008
1,759
5
19,865


The PSP/fTPM flaw that Google disclosed in January, was patched in less than 90 days, without public disclosure and without stock manipulation. Also without risk of endangering the public. Zero day disclosure is a risk to the public. If I were in the tech industry, I'd be avoiding CTS_Labs like the plague. They went so far as to brief the media before they even notified AMD of the "flaws". They also mis-represented the true impact and the affected systems. Even Intel systems are affected by the claimed ASMedia "vulnerabilities"....but CTS_Labs was specifically targeting AMD for stock manipulation, so no mention of Intel who has tens or millions, if not hundreds of millions, or boards using "affected" ASMedia USB Hubs....
 

truerock

Distinguished
Jul 28, 2006
299
40
18,820
OK... sure, AMD fixed these hacks. But - what if someone breaks into your PC and replaces the motherboard with a compromised motherboard! This would be persistent across reboots!
 


Please point to exactly where I disagreed or otherwise commented on the content of your post?
Oh right, I didn't. I was asking a question, one you still didn't answer.
 
Redgarl, I agree with you.
Many people who now use this website don't realise what Tom's used to be, before it got bought out by clown media. As for also buying Anandtech, I guess in his contract they are not allowed to sensationalise stories.
 

Olle P

Distinguished
Apr 7, 2010
720
61
19,090
The fixes aren't out yet, but sure should be well inside the regular 90 days.

Probably new UEFI from motherboard manufacturer, which will take some time after AMD has finished their job.

Other CPUs shouldn't be affected, but some (many?) motherboards with other sockets (for Intel and AMD alike) are affected because they have the same ASmedia circuits.
 
And just like that the saga will end with some BIOS updates in a matter of weeks. A far cry from CTS Labs doom and gloom scenario that would see Ryzen sales halted and years to fix the flaws.

Not exactly the AMD ruining mess Viceroy made it out to be either.

How small did CTS Labs think AMD was? I mean, a small company might have taken years, but AMD is a surprisingly large company, its x86 market share notwithstanding. This two year expectation would be deeply insulting if I were an AMD employee. We are talking about a company that offers a wide range of products from specialty chips, to embedded options, to graphics processors, and piles of other stuff. AMD isn't a feeble kickstarter company that can be shattered by a handful of problems. This is a company that predates Intel, and can design their own processors and GPUs from the ground up. Obviously they are no strangers to adversity.

Wow.
CTS and Media: AMD DOOMED!
AMD: No problem. We've got this. Give us a few weeks.
 

spdragoo

Expert
Ambassador



I don't think you read the original article (http://www.tomshardware.com/news/amd-flaws-ryzenfall-masterkey-fallout-chimera,36656.html) as closely as you claim.

They pointed out how CTS Labs didn't follow usual protocol for these matters:

CTS-Labs released the information in an unusual fashion. Typically, semiconductor vendors are given 90 days to respond to vulnerabilities before they're disclosed to the public, but CTS-Labs provided AMD with only a 24-hour notice.

And they refrained from making any judgement calls either way as to the validity of the claims or not:

The unusual nature of the disclosure, and the lack of any supporting evidence, makes it difficult to asses the impact (be it real or imagined) of the alleged AMD security flaws. It is noteworthy that the three different groups of researchers that discovered the Spectre/Meltdown vulnerabilities provided the industry with 200 days of notice to prepare mitigations, which was unraveled by The Register.
(emphasis added)

Not to mention prolific use by TH of words like "allege", "claim", "unverified", & "without evidence" to describe CTS Lab's reports. Unless I'm misreading my dictionary, those words indicate that TH was not simply accepting CTS Lab's "report" as gospel, but was rather reporting it as, "this is a story people should be aware of, but we are noting that we don't have all of the details yet".
 
Status
Not open for further replies.