Wednesday, March 14th 2018

Linus Torvalds Slams Security Researchers Without Taking Names

Linus Torvalds has, without taking names, slammed the direction in which the IT security industry is going. The timing of Torvalds' comments is key. They come on a day when CTS-Labs published a press-release chronicling what they claim to be 13 critical security vulnerabilities with AMD "Zen" CPU microarchitecture. "It looks like the IT security world has hit a new low," Torvalds begins. "If you work in security, and think you have some morals, I think you might want to add the tag-line: "No, really, I'm not a whore. Pinky promise" to your business card. Because I thought the whole industry was corrupt before, but it's getting ridiculous," he continues. "At what point will security people admit they have an attention-whoring problem?"

CTS-Labs classified their 13 new discoveries into four categories, complete with a Meltdown/Spectre-esque graphics package, infographics, and a YouTube video with amateur-level green-screen stock footage behind the only 3 people the company has on its payroll. Their disclosures invited scorn from the public, particularly for not following the unwritten guideline of IT-sec industry that you have to give hardware/software manufacturers at least 90 days to respond/mitigate your findings before taking your work public. CTS-Labs gave AMD barely 24 hours. Some of the more skeptic voices suggest that these disclosures are part of a purpose-built stock shorting scheme that's currently engaged in devaluing AMD.
AMD itself took an exception to this guerrilla-ambush tactic adopted by the researchers. "This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings." AMD stock performance approaching closing-bell Tuesday suggests that the company's investors are giving it the benefit of doubt, that its corporate-communications and investor-relations teams are on overdrive, and that it would be prudent to hear what the company has to say. At least now that it has the investors' and public's attention, we won't hear of incidents like its senior execs dumping company stock, something that can't be said for AMD's biggest competitor. Source: Linus Torvalds (Google+)
Add your own comment

27 Comments on Linus Torvalds Slams Security Researchers Without Taking Names

#1
jigar2speed
This was really a low blow to AMD by this security company. Really sad situation.
Posted on Reply
#2
Chaitanya
"jigar2speed said:
This was really a low blow to AMD by this security company. Really sad situation.
If you read the comments Linus is not too happy with overly eagre PIMPs(Press in my pocket).
Posted on Reply
#3
xkm1948
So you gonna retract your previous fake news?
Posted on Reply
#4
btarunr
Editor & Senior Moderator
"xkm1948 said:
So you gonna retract your previous fake news?
I'll retract it once AMD refutes CTS-Labs in a press-release. It is currently investigating.
Posted on Reply
#5
esrever
"btarunr said:
I'll retract it once AMD refutes CTS-Labs in a press-release. It is currently investigating.
Maybe you (and the rest of the press) should have given AMD enough time to even comment on it before publishing unsubstantiated libel. But then again, you got so many clicks from the bait so I'm sure you don't regret it one bit.
Posted on Reply
#6
RejZoR
Explot finding scene turned into cracking scene. Everyone wants to be the first publishing something dramatic they found. 24 hours is an unreasonable timeframe. There is no way anyone can even evaluate, let alone address anything in such short time. CTS Labs should be ashamed of their "tactics". Makes you wonder if they made an under the table deal with Intel to release this info so quickly to make AMD look bad because there is no way AMD can evaluate, respond and fix the problems.
Posted on Reply
#7
Chaitanya
"esrever said:
Maybe you (and the rest of the press) should have given AMD enough time to even comment on it before publishing unsubstantiated libel. But then again, you got so many clicks from the bait so I'm sure you don't regret it one bit.
They will regret if AMD drags these media outlets for defamation and the way this story was published to spread FUD without research I won't be too surprised.
Posted on Reply
#8
xkm1948
I like how GN did it
<div class="youtube-embed" data-id="ZZ7H1WTqaeo"><img src="https://i.ytimg.com/vi/ZZ7H1WTqaeo/hqdefault.jpg" /><div class="youtube-play"></div><a href="https://www.youtube.com/watch?v=ZZ7H1WTqaeo" target="_blank" class="youtube-title"></a></div>
Posted on Reply
#9
R-T-B
"esrever said:
Maybe you (and the rest of the press) should have given AMD enough time to even comment on it before publishing unsubstantiated libel.
Technically they are only rereporting someone elses libel, if it turns out to be false. They would make CTS labs or what have you the ones responsible. The only way TPU can be wrong here is if they continue to print the story after it's proven false, ala "pizzagate" or similar.

EDIT: Should clarify I am speaking legally, not ethically.
Posted on Reply
#10
xkm1948
CTS-Lab is a throw away chess piece. Whoever behind this smearing campaign would have made perfectly sure that no traces can be used to track them down. So no, that will be a dead end. Who ever did this is pretty clever. If it worked, hell yeah, smearing and manipulation done! If failed, they just throw away bunch of losers that they hired as their "security firm employees and CTOs"


However we do know their domains were registered on GoDaddy.com

Any transaction will leave trails. unless they are at the level of shadow government.
Posted on Reply
#11
TheGuruStud
"xkm1948 said:
CTS-Lab is a throw away chess piece. Whoever behind this smearing campaign would have made perfectly sure that no traces can be used to track them down. So no, that will be a dead end. Who ever did this is pretty clever. If it worked, hell yeah, smearing and manipulation done! If failed, they just throw away bunch of losers that they hired as their "security firm employees and CTOs"


However we do know their domains were registered on GoDaddy.com

Any transaction will leave trails. unless they are at the level of shadow government.
I'll save everyone the trouble.

It was Intel or an executive working in the interest of Intel. We all know how much they have to lose with Epyc this year.
Posted on Reply
#12
RejZoR
@xkm1948

That Intel statement at the end of GN video. Yeah, like Intel is going to admit it even if they did have hands in it lol
Posted on Reply
#13
Sempron Guy
I like how the tech media will come clean after this even though they are used(voluntarily or involuntarily) as medium to push shady agenda. Got to love the power of free press.
Posted on Reply
#14
TheGuruStud
"RejZoR said:
@xkm1948

That Intel statement at the end of GN video. Yeah, like Intel is going to admit it even if they did have hands in it lol
He was being a little cheeky with his tongue.
Posted on Reply
#15
IceShroom
"TheGuruStud said:
I'll save everyone the trouble.

It was Intel or an executive working in the interest of Intel. We all know how much they have to lose with Epyc this year.
Or it could be Nvidia.
Posted on Reply
#16
TheGuruStud
"IceShroom said:
Or it could be Nvidia.
Seems a little sloppy for Nvidia, though. Intel isn't as bright lol.
Posted on Reply
#17
IceShroom
"TheGuruStud said:
Seems a little sloppy for Nvidia, though. Intel isn't as bright lol.
Why not, AMD supplied the GPP story. As counter they could do that.
Posted on Reply
#18
Imsochobo
"IceShroom said:
Why not, AMD supplied the GPP story. As counter they could do that.
This is over a year in the making.
I doubt intel has anything major to do with this either.

This is someone who have betted on amd stocks going further down and when they shot up because of ryzen and so on they had to manipulate.
Posted on Reply
#19
Xzibit
"xkm1948 said:
I like how GN did it
<div class="youtube-embed" data-id="ZZ7H1WTqaeo"><img src="https://i.ytimg.com/vi/ZZ7H1WTqaeo/hqdefault.jpg" /><div class="youtube-play"></div><a href="https://www.youtube.com/watch?v=ZZ7H1WTqaeo" target="_blank" class="youtube-title"></a></div>
That Viceroy piece sure sounds like some of the people who post in these forums. :laugh:
Posted on Reply
#20
lynx29
"xkm1948 said:
I like how GN did it
<div class="youtube-embed" data-id="ZZ7H1WTqaeo"><img src="https://i.ytimg.com/vi/ZZ7H1WTqaeo/hqdefault.jpg" /><div class="youtube-play"></div><a href="https://www.youtube.com/watch?v=ZZ7H1WTqaeo" target="_blank" class="youtube-title"></a></div>
yep I agree, I watched that earlier and Gamers Nexus presents a very educated and objective argument that pretty much destroys CTS lol
Posted on Reply
#21
cowie
all of us are far more guilty then this on the web.
funny what if the last business/person/item/sports team you talked shit about right here on these forums comes after you?
don't kill the messenger
Posted on Reply
#22
Vayra86
"esrever said:
Maybe you (and the rest of the press) should have given AMD enough time to even comment on it before publishing unsubstantiated libel. But then again, you got so many clicks from the bait so I'm sure you don't regret it one bit.
News is news, if you want your news vetted and quality checked before publication, go live in China or Russia. They're pretty good at it, I hear. And we're already moving that direction over here in the West too... its scary

Over here, we can make up our own minds about what's credible and what's not - something people are actually capable of as one can read clearly in the article.
Posted on Reply
#23
Dave65
The fan babies will be so upset when they find out this was fake news.
I hope AMD nails their hides to a post.
Posted on Reply
#24
_Flare
Intel ... Israel ... CTS-Labs ... anyone ?
Posted on Reply
#25
Boatvan
Regardless of your feelings on the AMD situation, you have to admit, Linus tells it like it is. Releasing that after 24 hours notice is a dick move.
Posted on Reply
Add your own comment