Closed

Breaking Down The New Security Flaws In AMD's Ryzen, EPYC Chips

A breakdown of the four main classes of vulnerabilities that CTS-Labs found in AMD's Ryzen and EPYC processors.

Breaking Down The New Security Flaws In AMD's Ryzen, EPYC Chips : Read more
32 answers Last reply
More about breaking security flaws amd ryzen epyc chips
  1. Making articles on a flaw that has little to no credibilty... wow
    Also: "AMD’s disregard for fundamental security principles." @Intel meltdown???
  2. Oh, and digging more onto their web page and youtube, especially youtube:
    https://i.imgur.com/OkWlIxA.jpg
  3. I guess they are forcing us back to RISC processors.
  4. seriously chimera has a hardware back door? NOT COOL!.
  5. Actual news story:
    CTS partnered with Viceroy to make some whitepapers to short AMD.
  6. Who paid CTS-Labs to write this report?
    I don't think the report is even worth acknowledging until they either prove how they are funded, or until the flaws are validated by a 3rd party.
    They clearly weren't trying to claim any kind of bug bounty, as they went public without giving AMD a chance to fix it.
  7. Brought to you by Viceroy
  8. Giroro said:
    Who paid CTS-Labs to write this report?
    I don't think the report is even worth acknowledging until they either prove how they are funded, or until the flaws are validated by a 3rd party.
    They clearly weren't trying to claim any kind of bug bounty, as they went public without giving AMD a chance to fix it.


    Viceroy Research. They are a very shady short seller company (I don't even know who's behind them, might be just 1 person).
    Look at their other shorts, like the -75% on Pro Sieben.
    They are suggesting AMD's fair value to be at $0 in their very professionally made research paper (irony).
    https://viceroyresearch.files.wordpress.com/2018/03/amd-the-obituary-13-mar-2018.pdf
  9. What is amazing is how every online media outlet is reporting on a piece from ONE source that has been in business for 7 months. The research company started up just before the Spectre and Meltdown flaws were released and now we have 13 AMD ONLY flaws and no mention at all about ANY possible Intel or ARM exploits either.

    Tom's Hardware has ZERO Journalistic Integrity.

    https://imgur.com/OkWlIxA

    I am ABSOLUTELY CERTAIN this entire piece is Securities Fraud and Tom's Hardware is a very willing participant. TH did not vet the source nor did they CHECK ANY FACTS.
  10. Somehow I doubt this is fake news as some are suggesting here, as AMD would wring them out to their last cent if this report were a fabrication;
    as it will affect their share price, their reputation and consumer confidence in their products.
  11. "amd would wring them out to there last cent if this report is a fabrication"

    We will see what AMD does. it takes more than a day to analyze the report, test the allegations, prove fraud, and then file an (international) lawsuit. That could take months, at which point the alleged security company could be long-gone - meaning there is nobody left to sue.
    Until AMD or a third party confirms it, there isn't any proof that the security flaws actually exist. I'm not saying that to defend AMD, but you always have to be skeptical when it comes to the news. "pics or it didn't happen" is an important tradition in a post-internet world. Until somebody proves that all of these accusations are true, then it doesn't hold any more weight than any random youtuber or conspiracy nut with a blog.
  12. I think Tom's does everyone a disservice when they print stories like this which cite only 1 dubious source.

    If AMD sues this company all they do is make it more of a story and add more fuel to the fire. Best they can do is research the said flaws themselves and address them if they are real quietly.
  13. futures?
  14. Tom's Hardware become FakeNewsware too.. shame on you.
  15. Giroro said:
    "amd would wring them out to there last cent if this report is a fabrication"

    We will see what AMD does. it takes more than a day to analyze the report, test the allegations, prove fraud, and then file an (international) lawsuit. That could take months, at which point the alleged security company could be long-gone - meaning there is nobody left to sue.
    Until AMD or a third party confirms it, there isn't any proof that the security flaws actually exist. I'm not saying that to defend AMD, but you always have to be skeptical when it comes to the news. "pics or it didn't happen" is an important tradition in a post-internet world. Until somebody proves that all of these accusations are true, then it doesn't hold any more weight than any random youtuber or conspiracy nut with a blog.


    I would assume AMD will go after the people involved if the company goes out of business and it turns out to be fake.

    Some of the other articles I've read have shown the staff so the people involved are identifiable and will be held liable regardless of the companies status i would think.
    if they're legit then AMD is in trouble, that's for sure.
  16. AMD should make an example of a few journalists who've aided and abetted the raid *cough*.
  17. This story is garbage.

    "CTS" in their "Disclaimer" made clear that all their information came from public sources and not original research. They are in no way a real computer security company and state that they own interests effected by the story they created.

    It makes the work of Russian bots seem subtle.

    I agree that Tom's should not be propagating this info.
  18. Read this CTS Website Disclaimer before reading any of the rest of their info:

    https://amdflaws.com/disclaimer.html
  19. I have to agree, there is no real evidence for now, it's just someone trying to sh** all over AMD. Why not write an article about Intel CPU's all having integrated ARM processors inside for all sorts of purposes, one of them being SMART connect - also a hardware backdoor, implemented by Intel intentionally. Let's be clear, even if there's proof for Chimera backdoor being a real threat, I'd hold a grudge against AMD for that, because those things are almost always intentional.

    To be clear, I am not a fanboy, just don't like shit article like this one.
  20. So during the time Intel knew it's CPUs were affected by Meltdown, but before it was made public, Intel happily continued to sell its affected CPUs. media outlets are not calling them out on that fact.
    but those same media outlets will dump out accusations of AMD security flaws, without scientific evidence.
  21. I would be more interested in an investigative reporter tracing the funding of they new "research organization" as I suspect Intel is behind it.
  22. I have lost a bit of respect for this site for propagating this report.
  23. littleleo said:
    I think Tom's does everyone a disservice when they print stories like this which cite only 1 dubious source.

    If AMD sues this company all they do is make it more of a story and add more fuel to the fire. Best they can do is research the said flaws themselves and address them if they are real quietly.


    "...address them ...quietly..."? What is wrong with you? If allegations were right, addressing can not be "quietly" by no means.
  24. What a garbage! With Admin access, any processors, i.e. intel, amd, yaddi-yaddi-yadda, are subject to whatever the accessor's action. I can't believe people who actually this article and re-write this articles. That just show how many god damn death deserving idiots and organizations, yes you included Tom's Hardware for being stupid and brainless, there are in this world. And here's an advice to the investors who sold their shares based on this and other similar publications - stop investing!!! You are a moron and too stupid to trade! And you are a shame to society and bring unnecessary shame to smart investors.
  25. REDDITT has A huge Fake News thread and more than one calls CTS a stock manipulator - & further notes the CEO of CTS runs a hedge fund [shorting AMD].
    ???
  26. Reddit has a FAKE news alert thread on CTS as less than credible & as CTS as a stock manipulator....Tom's-who is CTS?
  27. Is this AMD story the only story or info on the website?
  28. Myrmidonas said:
    littleleo said:
    I think Tom's does everyone a disservice when they print stories like this which cite only 1 dubious source.

    If AMD sues this company all they do is make it more of a story and add more fuel to the fire. Best they can do is research the said flaws themselves and address them if they are real quietly.


    "...address them ...quietly..."? What is wrong with you? If allegations were right, addressing can not be "quietly" by no means.
    They don't need to add gas to the fire just check if it is real, if so fix it. Then they can rig the bell have the brass band play to announce there was an issue but it was fixed.
  29. Hey TH, I have a great idea for article #5 following-up on this topic:

    "4 articles, 150 community postings = not one person believes this lame brained hack-job!"
  30. hixbot said:
    So during the time Intel knew it's CPUs were affected by Meltdown, but before it was made public, Intel happily continued to sell its affected CPUs. media outlets are not calling them out on that fact.
    but those same media outlets will dump out accusations of AMD security flaws, without scientific evidence.


    From this article; "In theory, the [PSP] chip is there to create a secure environment that’s isolated from operating system malware. However [..] just like Intel’s ME, it could be used as a backdoor without the user knowing any better."

    Translation: "In theory, if what we think could hypothetically be possible to maybe in some way perhaps compromise AMD's PSP, it would be exactly like what really actually happened with Intel's ME!"

    +1 @hixbot :lol:
  31. AMD fanbois losing their bowels over this is so funny. Lol
  32. Viceroy must own stock in Purch.
Ask a new question

Read More

Security Hardware