Initial AMD Technical Assessment of CTS Labs Research

[Vya Domus]

Consider those responses in context and what they are responding to, please.

I can't , you don't seem to maintain a coherent narrative in your ideas and , in my opinion , it's a poor attempt at covering yourself and what you say. I guess that's my reason to "pin you down" , though that's just an observation on my part and might not be representative of what you're really trying to say.

 

[EarthDog]

My apologies I cannot make it any more clear in my follow up. I can't help you there big guy. What I will not do is waste another second of my time and those who may come across this thread in continuing to defend and make myself clear.

 

[thebluebumblebee]

This raises chances of an NVIDIA nForce revival.

IIRC, Nvidia quit that business.
What's curious to me is what happened to the ATI chipset? Did AMD cut them, with all of the layoffs that they had?

 

[ikeke]

You say they f-ed up the delivery, I say the delivery was done exactly as it was done just to boost some ulterior motive.

(Viceroy, NineWells & mentions of possible profit due to the "amdflaws" by CTS-Labs)

Every passing day has thusfar only proven this.

 

[thesmokingman]

My apologies I cannot make it any more clear in my follow up. I can't help you there big guy. What I will not do is waste another second of my time and those who may come across this thread in continuing to defend and make myself clear.

Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports. Any other organizations named in this website have not confirmed the accuracy or determined the adequacy of its contents.

 

[DeathtoGnomes]

You say they f-ed up the delivery, I say the delivery was done exactly as it was done just to boost some ulterior motive.

(Viceroy, NineWells & mentions of possible profit due to the "amdflaws" by CTS-Labs)

Every passing day has thusfar only proven this.

Ivew been saying this but moderators seem to think its a low quality response.

Although we have a good faith belief in our analysis and believe it to be objective and unbiased,

you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports. Any other organizations named in this website have not confirmed the accuracy or determined the adequacy of its contents.

is this the viceroy quote or CTS? Doesnt matter, it spells out exactly why this whole event unfolded as it did, stock manipulation.


I find it odd no one mentioned the fact that the CEO (forgot the name already/unimportant now) of CTS (or is it Viceroy) just happens to be a legit fund manager gambling on AMD stock prices. Anyone who watched the video from GN would know that and stop arguing about why they did it as they did it.

 

[ikeke]

is this the viceroy quote or CTS?

https://amdflaws.com/disclaimer.html
Its from the disclaimer on amdflaws.

 

[laszlo]

my last post related to this matter

i think there are hundreds of "flaws" hard&soft from which we're not aware at every manufactures $soft developer

there are&will be smart people who understand how things works and can bypass any security without anyone's knowledge; for some is a question of prestige for other easy money

we'll be never safe unless we disconnect the internet; this not an option so we'll have to take risks and act accordingly to the infos we have and try to protect us as we can..

i understand cts and i don't blame them for releasing these infos because:
-there aren't any mandatory written regulation on how to proceed in matters like this; "general rules" or "gentleman's agreement" mean nothing
-they made money in every possible variant; being paid to do this research; selling the infos in advance for stock manipulation ... and who know maybe they sold the masterkey code already and nobody know ...
-self promotion as nobody heard of them

the only thing i don't like..they seems to have close connections with the israeli nsa equivalent so who knows what is their real goal....

"Good morning, and in case I don't see ya, good afternoon, good evening, and good night! "

 

[dyonoctis]

CTS-labs calls bullshit on AMD claims :
https://safefirmware.com/CTS+comments+on+AMD+response+to+vulnerabilities.pdf

We believe AMD is attempting to downplay the significance of the vulnerabilities

Our view is AMD’s suggested timeline for its patches roll out is drastically optimistic we believe a number of the fixes are likely to take months, not weeks.


Regardless of views on how we communicated the information, the fact remains that this further raises a red flag about the overall state of affairs in AMD Product Security

 

[HTC]

CTS-labs calls bullshit on AMD claims :
https://safefirmware.com/CTS+comments+on+AMD+response+to+vulnerabilities.pdf

Not directed @ you specifically but, in light of what's currently known about CTS-Labs, i call bullshit on this claim.

 

[EarthDog]

CTS-labs calls bullshit on AMD claims :
https://safefirmware.com/CTS+comments+on+AMD+response+to+vulnerabilities.pdf

Sweet jebus, they are all in, aren't they?

I should put links in my sig to things i need to refer back to in 'weeks' to see what happened.... . This is either going to validate the message (not the delivery or motives), or officially hang CTS, who by all accounts, has a noose already there. Some have have already kicked the chair out, others are waiting for a last minute stay of execution.

 

[lexluthermiester]

Not directed @ you specifically but, in light of what's currently known about CTS-Labs, i call bullshit on this claim.

After looking through more of the data available, I'm inclined to agree with CTS. AMD did side-step one of the real problems. The option to disable the PSP is the best solution for some of those vulnerabilities. IMHO, it was a mistake to include a not-so-secret piece of hardware completely beyond user control. And before anyone calls me an Intel fanboy, I have the same conclusion over Intel's version of same. The difference being that most system bios' allow for disabling of it in one way or another and if not, simply not installing the drivers/software package solves the problem. With AMD's PSP there are no such options and it is open for attack and exploitation.

 

[R-T-B]

The difference being that most system bios' allow for disabling of it in one way or another and if not, simply not installing the drivers/software package solves the problem.

Most bios? How about none. Disabling the ME is some hardcore hackery that requires modded firmware.

Not installing the drivers does not shield you on either side, you just make the OS even less aware of what the ME/PSP is doing.

 

[lexluthermiester]

Most bios? How about none. Disabling the ME is some hardcore hackery that requires modded firmware.

Not installing the drivers does not shield you on either side, you just make the OS even less aware of what the ME/PSP is doing.

I was talking only of Intel's ME. And yes it can be disabled.

 

[R-T-B]

I was talking only of Intel's ME. And yes it can be disabled.

It can, but it's not a simple bios setting. Google fought long and hard to develop hacked firmware to disable it for their servers because no intel products with a disable option exist.

This was in the news not too long ago. It's also never truly completely disabled, only more neutered. Some reading:

https://hothardware.com/news/resear...-off-intel-management-engine-11-thanks-to-nsa

 

[lexluthermiester]

It can, but it's not a simple bios setting. Google fought long and hard to develop hacked firmware to disable it for their servers because no intel products with a disable option exist.

This was in the news not too long ago. It's also never truly completely disabled, only more neutered. Some reading:

https://hothardware.com/news/resear...-off-intel-management-engine-11-thanks-to-nsa

Ah, I see your point. Perhaps then I should restate. In this example "disabled" was meant inaccessible, null and/or unusable. There are bios options in all affected Intel based bios/uefi settings where disabling all virtualization options and management engine associated settings, including the built in LAN. Then by using a USB based, non-Intel chipset based LAN/WIFI adapter as well as not installing or provisioning the AMT, Intel ME is effectively disabled because it is unable to function outside the boot sequence and can not be accessed remotely.

 

[Vya Domus]

CTS-labs calls bullshit on AMD claims :
https://safefirmware.com/CTS+comments+on+AMD+response+to+vulnerabilities.pdf

Regardless of views on how we communicated the information, the fact remains that this further raises a red flag about the overall state of affairs in AMD Product Security.

I find it hilarious how they mentioned that without actually addressing those concerns but then they go on to say that the "red flag" is actually at AMD. What a poor attempt to shift the focus away from them.

Finally, and perhaps most concerning of all, is the fact that six security researchers, albeit highly experienced, managed to identify 13 distinct security vulnerabilities in the flagship products of an $11B company with comparably infinite budget for security, and over a period of only six months.

It's not concerning , it's actually suspicious as fuck how a security firm out of nowhere managed to do that in such a short amount of time without major help from some other big company who would've had the required resources. Again , they are trying to avoid addressing that.

 

[Prince Valiant]

Sweet jebus, they are all in, aren't they?

I should put links in my sig to things i need to refer back to in 'weeks' to see what happened.... . This is either going to validate the message (not the delivery or motives), or officially hang CTS, who by all accounts, has a noose already there. Some have have already kicked the chair out, others are waiting for a last minute stay of execution.

If they haven't already hung themselves with the rest of the industry I'd be shocked. Even if they're right about the fix times you don't follow up an attempt at crapping on a company with another attempt at crapping on the company. How is it that things have progressed from impossible to fix to months?

 

[EarthDog]

Like I said, they seem to be all in, LOL!

 

[RejZoR]

CTS is just a remaining "fragrance" of a fart someone left behind. Move on everyone, nothing to see here. CTS has shown multiple times they are bunch of annoying imbeciles crawing for attention or money. Or both. When someone gives company 24 hours to respond and then has the nerve to continue calling them names, who will ever take them seriously? I know I wouldn't. CTS labs, be gone you thot.

 

[AlwaysHope]

These "bugs" are merely spyware for the CCP to keep western consumers under surveillance.

 

[DeathtoGnomes]

These "bugs" are merely spyware for the CCP to keep western consumers under surveillance.

raising the dead?

 

[Caring1]

These "bugs" are merely spyware for the CCP to keep western consumers under surveillance.

I hope that was said tongue in cheek.
Pretty sure China isn't the only one doing that.

 

[AlwaysHope]

I hope that was said tongue in cheek.
Pretty sure China isn't the only one doing that.

The cold war never went away, it morphed into version 2.0