PCPartPicker

  • Log In
  • Register

Forum Search

Guidelines

  • Be respectful to others
  • No spam
  • No NSFW content
  • No piracy or key resellers
  • No link shorteners
  • Offensive content will be removed

Topic

Comments Sorted by:

Gilroar 1 Build 8 points 13 months ago

Turns out all 13 attacks were true and AMD will be releasing BIOS revisions to patch the issues.

https://community.amd.com/community/amd-corporate/blog/2018/03/20/initial-amd-technical-assessment-of-cts-labs-research

gorkti200 3 Builds 2 points 13 months ago

lmfao you even provided the post from AMD themselves confirming these are actually real (which is what OP asked, "Is it just a smear campaign or is there some truth to what theyre saying?") and at least two people downvote you. Ridiculous. Especially cause you highlighted above how these vulns are really not a big concern.

Have my upvote, it's the most I can do.

Gilroar 1 Build 1 point 13 months ago

Thanks.

tragiktimes101 1 Build 1 point 13 months ago

The fanboyism hit overdrive when Gilroar "hated" on AMD by providing facts and references....oh boy.

Gilroar 1 Build 0 points 13 months ago

It isn't just a random tech or engineer either making the post.

https://www.amd.com/en-us/who-we-are/corporate-information/leadership/mark-papermaster

It doesn't get much more official then that.

Pcjulian12343 5 points 13 months ago

amdflaws. com

This looks pretty fake to me.

Cnet on the other hand raises some suspicion, but i wouldn't get to worried about it.

tragiktimes101 1 Build 2 points 13 months ago

What? That sounds like a completely reputable and objective website. Definitely no bias there.

[comment deleted by staff]
Jersey.Devils 4 points 13 months ago

GN just did a video on this, this is the epidemy of fake news.

robot_zombie 2 points 13 months ago

Now, I'm no AMD fanboy. I think one should always pick whatever best suits your specific needs at the lowest price...

...but this is clearly foul play. I'm sure there's truth in it. I'm sure that it's a very serious vulnerability under very specific circumstances. I'm also sure that the way its been presented has been completely overblown. There's a lot of hoops to jump through between here and there. It's not like click clack boom and they're in like sin. But that's how they're making it sound! Without even providing a real explanation to boot...

Given what they DO say about what it takes to actually exploit these vulnerabilities, I'm willing to bet virtually every machine out there, not just AMD, has vulnerabilities that could be just as damaging. But you've gotta parse those possibilities with reality... what does it take to actually get at a vulnerability like that?

I mean, based on what I've read, it seems that these vulnerabilities are only an issue if you're not already doing what you already ought to be doing to protect yourself from any other security threats. A little awareness makes it pretty much completely preventable. For these things to come into play, there needs to be some serious negligence on the part of the user. It wouldn't just happen.

tragiktimes101 1 Build 1 point 13 months ago

It's not like click clack boom and they're in like sin.

+1 for this comment alone.

jwrjordan submitter 1 point 13 months ago

thats what i thought but its been popping up everywhere.. thanks for your comment!

alexttt 2 points 13 months ago

wait for more reputable sorces also it might be realy packable wlaws that wont realy affect porormance

DopeAF123 1 point 13 months ago

has amd themselves spoken about the issue?

Gilroar 1 Build 2 points 13 months ago

They have said they are looking into the claims.

But even if true...

Giving the issues all require administrators access and install to even work means they are pretty much less of an issue then most malware out now.

Downside to these though is if you are tricked into installing them getting them out will be a pain.

alexttt 1 point 13 months ago

not that i know of

TheShadowGuy 1 point 13 months ago

There's some bits that smell fishy. IE, 'security researchers' that gave less than 24 hours notice to AMD before releasing their results to the public? Sensational comment from the CFO? Very little in the way of proof-of-concept code or testing from other labs?

The most interesting one to me is that malware could be installed on the chipset.

jwrjordan submitter 1 point 13 months ago

Looks like the news is coming out. Curious timing and strange that they gave AMD no warning. Operating in very bad faith.

Pcjulian12343 1 point 13 months ago

And got a 24 hour warning, whereas Intel ARM and AMD got almost a 6 months notice when Spectre and meltdown were found out about.

[comment deleted by staff]
TikantiXD 2 Builds 1 point 13 months ago

https://www.digitaltrends.com/computing/amd-ryzenfall-vulnerabilties/

Get ready for the influx of Intel fan-boys to comment on the matter.

(Of which I may or may not be)

Gilroar 1 Build 2 points 13 months ago

Shouldn't be any because of what is required for all the exploits to work.

Physical access is not required. An attacker would only need to be able to run an EXE with local admin privileges on the machine.

https://safefirmware.com/Whitepaper+Clarification.pdf

That makes them little different then many other forms of Malware other then if they are correct that they are persistent through reboots, security scans, BIOS flashes, and OS wipes.

But giving the level of access needed you could easily craft the same style attack on a Intel system possibly excluding the attack through the chipset with identical results. And after having what version of Linux they are using on the ME outed not long ago its somewhat surprising it hasn't already happened.

[comment deleted by staff]
[comment deleted]
[comment deleted by staff]
BetrayedPredator 1 point 13 months ago

Intel got fined 1.25 billion dollars for trying to strong-arm AMD, they wouldn’t risk it again.

[comment deleted by staff]
[comment deleted by staff]