Beta Key Giveaway Week 3: Winners have been selected!

Page 3 of 3 FirstFirst
1
2
3
  1. #41
    Quote Originally Posted by Fascinate View Post
    What i find baffling is why do these stories get so much traction, why do people care? The fixes are already out for intel and ive seen zero performance degredation (fully updated bios and windows 10) if this AMD flaw is a real thing it should be able to get fixed in a similar manner.
    You are comparing these to meltdown which is a very bad comparison. Meltdown didn't require elevated access and was very widespread. These issues are very similar to a AMD PSP issue that was discovered last year. The timeline for fixing that issue is as follows:

    09-28-17 - Vulnerability reported to AMD Security Team.
    12-07-17 - Fix is ready. Vendor works on a rollout to affected partners.
    01-03-18 - Public disclosure due to 90 day disclosure deadline.

    What's worse is that the ASMedia flaw actualy effects Intel CPU's too. That doesn't make it any more severe. It's been around for 6 years. The amount of access required to make use of it is what makes it a low level threat.

    The whole argument by these clown as to the severity and the difficulty in fixing the issues is absurd.

    You should read this https://blog.trailofbits.com/2018/03...nical-summary/

    It gives some technical information about the issues. The most relavent quote is probably "There is no immediate risk of exploitation of these vulnerabilities for most users. Even if the full details were published today, attackers would need to invest significant development efforts to build attack tools that utilize these vulnerabilities. This level of effort is beyond the reach of most attackers.". About the only people who could do this would be governments.

    - - - Updated - - -

    Quote Originally Posted by Gaidax View Post
    Apparently Embedded Vulnerabilities that allow permanent modification on the production line or in service centers to breach security of servers even before they reach the customers are fine with some people here.

    Don't kid yourselves, it is a serious vulnerability and it opens up a lot of unpredictable attack vectors, simply with the case mentioned above where the machine supplied is already compromised.

    The fact that this is AMD and not Intel does not suddenly make it a non-issue, even if the source is loaded.
    There are two issues here:

    1. The company that released the flaws and their motivation for releasing them the way that they did - It's very clear that these guys were trying to make money here by short selling AMD. Everything about what they say is overblown. The high level of risk, that it will take AMD years to fix the issues, etc. None of these are true. Their excuses for releasing the information the way that they did also doesn't make sense. Basically, everything about the company is a scam.
    2. The flaws - This should not be confused with the company. If the flaws are valid, which they appear to be, we shouldn't ignore them because the company that reported the issues are a bunch of idiots. But in the same vein, we can't take the word of that company as to the severity of the issue because they are trying to blow up the issue as big as possible to make money. It's far better to look at an independent analysis (or wait for AMD) like the one I just posted where they provide information on the flaws and how severe they are. You say "it is a serious vulnerability" but how do you know? Don't take those idiots word for it because they have a vested interest. Look at independent analysis of the problem. The difficulty in making use of the flaw make it very unlikely that anyone other than governments could create something using the flaw. And they would have to already have compromised your system to use it. If they have compromised your system then you are already in big trouble and this sort of issue is the least of your problems. Especially as it will probably be patched in about 2 months (going by the timeframe for the other AMD PSP vulnerability). That patching would overwrite any "compromised" code.

    I doubt you could even give me a single use case for this bug that would justify the investment required to implement something to take advantage of it.

    This has nothing to do with and Intel/AMD argument. It's just the simple facts. Oh, and the ASMedia flaw also effects Intel.

  2. #42
    Elemental Lord Dukenukemx's Avatar
    Join Date
    Sep 2010
    Location
    Better part of NJ
    Posts
    8,123
    Quote Originally Posted by Fascinate View Post
    What i find baffling is why do these stories get so much traction, why do people care? The fixes are already out for intel and ive seen zero performance degredation (fully updated bios and windows 10) if this AMD flaw is a real thing it should be able to get fixed in a similar manner.

    I guess buzzwords like "vulnerabilities" and "backdoor" and "steal your dataz" really get people worked up lol.
    Because recently Intel's meltdown got a lot of attention, especially when the fixes do cause a slow down. You may not notice it, but people running expensive servers certainly did. This made Intel look like a dancing clown who wasn't putting any effort into security. AMD though was actually the least effected among all the CPU's out there. It was Google who found the flaws, not someone with a green screen and stock images.

    This is just trying to attack AMD with extremely questionable claims. Not that there aren't bugs on the CPU, but that you needed root access to use them. Which if someone has root access, you have bigger concerns than the CPU bugs. Meltdown is far worse as you have the ability to read memory that you don't have permission.

  3. #43
    I'm not saying it is not intel, oh wait, I am saying it's intel.


  4. #44
    Scarab Lord Triggered Fridgekin's Avatar
    Join Date
    Jul 2011
    Location
    Nova Scotia, Canada
    Posts
    4,339
    The lengths one would have to willingly go to allow any of these to happen leaves me to wonder whether or not the house even has a door on it.
    A soldier will fight long and hard for a bit of colored ribbon.

  5. #45
    Stood in the Fire wunksta's Avatar
    Join Date
    Mar 2012
    Location
    Austin, TX
    Posts
    489
    https://community.amd.com/community/...-labs-research

    tl;dr:
    the exploits required the system to already be compromised but they are being patched
    Exploration is in our nature. We began as wanderers, and we are wanderers still. We have lingered long enough on the shores of the cosmic ocean. We are ready at last to set sail for the stars.

  6. #46
    Elemental Lord Dukenukemx's Avatar
    Join Date
    Sep 2010
    Location
    Better part of NJ
    Posts
    8,123
    Quote Originally Posted by larix View Post
    I'm not saying it is not intel, oh wait, I am saying it's intel.

    I knew it!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •