CTS Labs Posts Some Clarifications on AMD "Zen" Vulnerabilities

[jabbadap]

It's censorship if we delete posts. This is our new anti-sh**post feature. You can still click on that bar to view the sh**post.

That actually sounds like a good new feature... On the topic though is there still any CVEs released by them? I don't really see any new information on this piece of news, which aren't already talked trough on tpu.

 

[R0H1T]

All the butt-hurt amd girls raging above, so pathetic.

Yes sure, you should criticize the messenger...

Also, how many people are running windows in admin mode even without knowing it? Yeah, a shitload of them!
SO if all it takes is to run an exe file and then it will be sitting low level and even OS reinstall can't flush it out, then it's a huge fucking problem and amd should be balls grilled for it! Anyone who says otherwise is a brainwashed idiot and a fanboi.

You mean running as admin & also disabling UAC, or are you new to Windows

Even with admin rights there's tons of protection on various platforms, not to mention AV are also a last line of defense.

 

[Aldain]

All the butt-hurt amd girls raging above, so pathetic.

Yes sure, you should criticize the messenger...

Also, how many people are running windows in admin mode even without knowing it? Yeah, a shitload of them!
SO if all it takes is to run an exe file and then it will be sitting low level and even OS reinstall can't flush it out, then it's a huge fucking problem and amd should be balls grilled for it! Anyone who says otherwise is a brainwashed idiot and a fanboi.

are you stupid??? did you even read online about this scam before you posted here

 

[OneMoar]

yup i spent most of the day writing this addon, it should be useful for many threads. other staff said "just delete those useless posts", i wanted to at least keep them around to not censor

Edit: this is not enabled yet for the main site post view (in case you were looking for those hidden posts)

I can't even being to list the ways that this is wrong

just no wizzard you know full well that bot-moderation is about the worst thing on the internet it never works its always wrong and its more trouble then its worth
--- on topic
and I am with xor this garbage should not be given the time of day it should not be on techpowerup along with several other craptacular articles that have been put up as of late cts has repeately proven they aren't worthy of the most basic respect granted to even amature security researchers and this is turning into a bunch of parroting

 

[rtwjunkie]

CTS labs is newly created. So to even post anything by this unproven, unrated, unqualified company whose first official report and obvious intention is to slam AMD is a new low for TPU.

It may be that CTS is trolling, but your assertion is off-base. For TPU to be the only site to not cover this, as you appear to want, would have been a sure way for a site-owner like W1zzard to have their site relegated to a back burner, to be 2nd or 3rd tier. People won’t go to sites that they realize just don’t cover events.

 

[DeathtoGnomes]

I can't even being to list the ways that this is wrong

just no wizzard you know full well that bot-moderation is about the worst thing on the internet it never works its always wrong and its more trouble then its worth
--- on topic
and I am with xor this garbage should not be given the time of day it should not be on techpowerup along with several other craptacular articles that have been put up as of late cts has repeately proven they aren't worthy of the most basic respect granted to even amature security researchers and this is turning into a bunch of parroting

the GN video mentions who is behind CTS/Viceroy and report. if the opinions in the report didnt have so much opinion in it and stuck to the facts, it would much shorter and look less like an attack on AMD.

It may be that CTS is trolling, but your assertion is off-base. For TPU to be the only site to not cover this, as you appear to want, would have been a sure way for a site-owner like W1zzard to have their site relegated to a back burner, to be 2nd or 3rd tier. People won’t go to sites that they realize just don’t cover events.

I was implying TPU is above other sites and might actually note that the report is unconfirmed.

 

[dyonoctis]

Hardware.fr released their take on this:
- some of the flaws seems to be similar to some that were already discovered in the Project zero of Google
- the flaw linked to the Asmedia chip could be a vulnerability on every board using an asmedia ASM1142 or even ASM1042
- of course exlpoiting those flaws means that you were already screw to begin with.

https://translate.googleusercontent...700201&usg=ALkJrhjmo8J86hVfQr-rKfZwQNQ2rl8BZg

 

[owen10578]

Couldn't you guys at least be more skeptical instead of just regurgitating what CTS says? I guess it brings in clicks huh?

 

[the54thvoid]

If I have admin rights on a PC with an Intel chipset, can I not flash tha BIOS with a malware infected version or do Intel CPU's detect that tampering?

 

[OneMoar]

I mean its not like bios write protect has existed since msdos or anything right ....
totally could't patch this at ring0 either...
or hey lets not allow mounting /uefi as rw in linux

or I don't know maybe just get AMD the month it would have taken to patch this instead of declaring it was unpatchable to short stock

 

[dicktracy]

There is exactly ZERO evidence to debunk CTS Labs’ claims. Only thing AMD reddit death squad have is defamation of CTS Labs and cut-n-paste green-screen conspiracy picture that has nothing to do with the argument. CTS Lab can be funded by ISIS but the argument still stands until proven otherwise. You can’t have bias like some sites where it’s okay to crap on Intel for security flaws but then suppress the news when it’s the underdog AMD.

 

[Steevo]

All the butt-hurt amd girls raging above, so pathetic.

Yes sure, you should criticize the messenger...

Also, how many people are running windows in admin mode even without knowing it? Yeah, a shitload of them!
SO if all it takes is to run an exe file and then it will be sitting low level and even OS reinstall can't flush it out, then it's a huge fucking problem and amd should be balls grilled for it! Anyone who says otherwise is a brainwashed idiot and a fanboi.

First, you would have to have an exploit running to maliciously download the payload, so your system would already be compromised, on top of then you would have to allow all programs to run with administrative privilidge and windows 7/8/10 does NOT allow that out of the box, so a user would have to be savvy enough to turn that functionality on, then be stupid enough to click OK when windows asked if the unrecognized program to run, while not running any form of security software that would immediately interrupt an attempt to write a BIOS.

But I will tell you this, if I had to draw that Venn diagram of someone stupid enough, and just savvy enough I bet your would be in the overlap.

 

[thebluebumblebee]

So Viceroy is trying to do with CTS what the Democrats did with Fusion GPU and the whole Russian collusion thing. Funny. Is this what he future holds? Manufactured fake info? In the past, companies have tried to do this themselves, like Microsoft did with their FUD campaign against DR DOS. (Win. 3.x ran better for me on DR DOS 6 than MS DOS 5!)

 

[ssdpro]

I call load of BS on the exploit(s). Wouldn't any system be vulnerable to some DBAG running a malicious executable file with admin rights? I don't understand why AMD is being so quiet about this. No update to their blog post and 3 days now to investigate? AMD's response and handling is so bad I would wonder if the opposite of the speculation is true. Did AMD do this as a false flag then prove it wrong and boost their own stock? It is the worst most ineffective short and pump if not. This is really strange stuff.

 

[OneMoar]

all this crap over cts's credibility was standing BEFORE viceroy chimed in
so yea

and I pretty much covered debucking cts's claims already

bios write protect is usually defaulted to on if its not it can be enabled

this is totally patchable by microsoft at there level via ring0 or kernel patch/fixing the borked driver

a bios update would address all of this

and again if you have administrative access you are already PWN3D everything on the machine is now tainted everything done on the machine is tainted all passwords and logins should be considered compromised

the whole issue is that the bugs in question are presented in such as way as to generate maximum fud/drama and or make amd look bad (which they really don't need any help with)
-
btw intel's ME has been known for a long time to have the same kind of exploites

 

[WikiFM]

In my humble opinion, you people shouldnt tell TPU staff what news to post or not, they have the right to post whatever they think is relevant, if you dont like it please dont read it, you can always read news somewhere else.
Going back to topic, AMD hasnt confirmed or denied the flaws yet, so this is still relevant.

 

[TheoneandonlyMrK]

No shit, somebody runs something with local admin privilege and my machine is hacked. What was it called? F*ucking common sense?

Just go kill yourself already CTS clowns.

I agree and need say no more though that last bits just not me ,they are clowns though

still not good but there's more to come yet imo.

 

[ssdpro]

Going back to topic, AMD hasnt confirmed or denied the flaws yet, so this is still relevant.

This. I find it very strange AMD has stayed so quiet in last 72 hours. We still only have the STRANGE blog post about "certain of our processors" that doesn't even have a date.

 

[sresener]

Tpu is a business and have expenses so I agree that they should post articles that draw traffic to there site.
As long as the story is based on valid information. It leaves us the reader the right to make our own judgements on whatever we read.
If they decide to use resources on such an article, well I'm pretty sure they can monitor there web traffic and I bet can make a decision on putting more effort in updating the article.
So why give them a hard time for posting news thats out there. If it bothers you don't read it.

Now My opinion on CTS releasing the information to public to speed up patches is absurd. Not only does AMD have to make patches, they have to make sure there patches are going to work with tons of different hardware configurations. I'm pretty sure this will take time. Pirates or hackers have one goal and one target and I'm pretty sure software compatibility with the hardware isn't a concern.
Now if ALL these vulnerabilities need admin privileges, well to me there has to be an alternative motive for CTS. And if that is the case lets hope they get spanked with some legal action that sticks.

 

[FatLeeAdama]

I think its very poor form for moderators to hide only posts that are critical of TPU. That's all I see at the moment. I would think feedback would be welcome on what news is posted here. I mean you are only going to alienate your audience with this "low quality" business. I am new around here. There is nothing toxic I see that isn't on any other online forum. Seriously thought this site was better than this....

 

[ShurikN]

Is TPU going to write another editorial about not getting Navi or whatever launches first...

 

[dicktracy]

I think its very poor form for moderators to hide only posts that are critical of TPU. That's all I see at the moment. I would think feedback would be welcome on what news is posted here. I mean you are only going to alienate your audience with this "low quality" business. I am new around here. There is nothing toxic I see that isn't on any other online forum. Seriously thought this site was better than this....

It’s a good move to prevent this community from becoming a mirror of AMD subreddit. Just take a good look at Anandtech’s forum where it’s 24/7 AMD circlejerk with no balance of voice.

 

[yesyesloud]

And all the "you just flash a BIOS". Motherboards often die when you flash them with official and specifically designed BIOS for the board. And these people make it sound like you can just patch any BIOS easily and make it a persistent threat/backdoor.

^case closed

 

[GhostRyder]

all this crap over cts's credibility was standing BEFORE viceroy chimed in
so yea

and I pretty much covered debucking cts's claims already

bios write protect is usually defaulted to on if its not it can be enabled

this is totally patchable by microsoft at there level via ring0 or kernel patch/fixing the borked driver

a bios update would address all of this

and again if you have administrative access you are already PWN3D everything on the machine is now tainted everything done on the machine is tainted all passwords and logins should be considered compromised

the whole issue is that the bugs in question are presented in such as way as to generate maximum fud/drama and or make amd look bad (which they really don't need any help with)
-
btw intel's ME has been known for a long time to have the same kind of exploites

Great post that sums things up nicely!

I started laughing really hard when I read the exploits, almost fell out of my chair!

 

[Cybrnook2002]

yup i spent most of the day writing this addon, it should be useful for many threads. other staff said "just delete those useless posts", i wanted to at least keep them around to not censor

Edit: this is not enabled yet for the main site post view (in case you were looking for those hidden posts)

Let's get the user "Ignore" feature working main site post view too if you start down that road.