[–]▶ No.882577>>882587 >>882609 >>882626 >>882797 >>882802 >>882811 >>883220 >>883236 >>885215 [Watch Thread][Show All Posts]
So you thought AMD was not as botnet as Intel, well think again.
These exploits are categorized into 4 main groups.
<Masterkey
The Masterkey vulnerability bypasses Secure Boot. Secure Boot is supposed to ensure that if NSA-kun, or someone else messes with your hardware that your computer will fail to boot. With this vulnerability it is possible to gain arbitrary code execution inside of the security processor inside of the cpu, AMD's equivalent to Intel's management engine. For those unware, these security processors run in ring -2 which is synonymous to saying that the cpu is aware of what it is doing. This means that it can run code, read/write memory, and more without the cpu realizing it.
<Ryzenfall
Ryzenfall is a vulnerability which let's you run code on the security processor of a running system as long as you have administrative privileges. Let me repeat that, a RUNNING system. Additionally, "the malware can spread over the network to other machines."
<Fallout
I do not seem to fully understand what this vulnerability is, but it appears to be related to accessing protected memory if you have administrative privileges on an AMD EPYC server.
<Chimera
Chimera is a class of vulnerabilities in series of motherboards from AMD which are vulnerable to being backdoored. This backdoor requires just knowing a hardcoded password which can lead to arbitrary code execution of the chipset. Keep in mind that the chipset has access to pretty much everything in your computer, your memory, networking, etc.
Note that all of these vulnerabilities need some sort of administrative privileges to install / exploit. Additionally, the release of these vulnerabilities was only ~24 hour after they had contacted AMD about it.
Warning: These vulnerabilities may be fake
There's some reasonable speculation that parts or the whole of this release is fake and may be a FUD campaign to benefit Intel / manipulate AMD's stock. I have not looked into this very much, so feel free to research this idea to help educate all of us. These vulnerabilities are a big deal if true, but are maybe a little too good to be true. Especially considering it being rushed out to the public. For example, one thing I personally noticed was that the (((Israeli))) security team, CTS Labs's website: http://cts-labs.com does not support https.
https://www.techpowerup.com/242328/13-major-vulnerabilities-discovered-in-amd-zen-architecture-including-backdoors
https://archive.fo/R6nQP
https://searx.me:3000/?mortyurl=https%3A%2F%2Fwww.techpowerup.com%2F242328%2F13-major-vulnerabilities-discovered-in-amd-zen-architecture-including-backdoors&mortyhash=bd9871a5dd12b0a53c4b642371ae1cd4a6351b29c05382963e83b7292c0736de
https://amdflaws.com/
archive.fo failed
https://web.archive.org/web/20180314002813/https://amdflaws.com/
https://searx.me:3000/?mortyurl=https%3A%2F%2Fwww.amdflaws.com%2F&mortyhash=a49a8b34c4f97d7378d00900982f1fe1c9276d4ff36fa9b2c7b7f2c2c642786e
http://www.cts-labs.com
https://archive.fo/jSvJ7
▶ No.882579>>882581
It probably is bullshit but we still have no evidence to connect this to Intel. Just a bunch of fanboys bickering at eachother
▶ No.882581>>883014
>>882579
Yeah'll need to wait for AMD's official response about them before anything definite can be said.
It's fishy, but a juicy fish at that.
▶ No.882582>>882703
>exploits require local access to computer, admin login and password, bios password.
https://www.hooktube.com/watch?v=ZZ7H1WTqaeo
Looks like some pretty solid bullshit.
▶ No.882587>>882592
>>882577 (OP)
>Intel-Aviv spammer
shill more kike
▶ No.882592>>882616
>>882587
Me calling both intel and AMD botnet is not shilling. In fact, both are botnet regardless of if these exploits are real.
I posted this as I haven't seen any discussion about it anywhere.
▶ No.882609
>>882577 (OP)
>So you thought AMD was not as botnet as Intel
No I didn't. I know better.
We're all aware that anything post Bulldozer is botnet.
▶ No.882616>>882621 >>882628 >>882676
>>882592
>I posted this as I haven't seen any discussion about it anywhere.
>>882204
▶ No.882621
>>882616
That thread is full of OP being a flamboyant cocksucker who came from a thread on /v/ and is filling his own thread with shitposts
▶ No.882626>>882629 >>882691
>>882577 (OP)
Wait for Zen 2 and Navi.
It will probably be the end of the line on 7nm, and AV1 hardware acceleration and decoder will be a must have by then.
▶ No.882628>>883234
>>882616
Looks like I ignored that thread since it had an "Discuss" level OP and the posters in it didn't seem like /tech/ies.
Normally, I'd delete this thread since it's a duplicate, but the original one is terrible, so I'll leave it up to the mods.
▶ No.882629>>882641
>>882626
Read their website. It reads like a parody of security research and exploit disclosures. Me thinks this entire thing is an elaborate ruse
▶ No.882636
https://8ch.net/tech/res/882204.html
Already a thread on this needle dick.
▶ No.882640>>882656 >>882787
this shit is 100% FUD and is used to smear AMD. you need local admin access to perform these "exploits" (so it works on any system, not just AMD), the actual whitepaper has absolutely 0 technical details, viceroy and cts both constantly use emotionally charged language and fearmonger, cts has shutterstock images for backgrounds and logo, and cts gave AMD no time to look into these findings and even notified the media before them.
this sounds like blatant kikery to me
▶ No.882641>>882655
>>882629
so you think it is done by AMD as a "false flag" tactic?
▶ No.882655
>>882641
I think it's an April Fools prank that got leaked early
▶ No.882656>>882657 >>882708 >>882996
>>882640
>viceroy
https://viceroyresearch.org/
>n light of CTS’s discoveries, the meteoric rise of AMD’s stock price now appears to be totally unjustified and entirely unsustainable. We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries.
This whole thing is literally a fucking prank and you autists are taking it seriously
▶ No.882657>>882658
>>882656
What's the prank?
▶ No.882658>>882659 >>882708 >>882719
>>882657
Autist can't recognize a parody website?
▶ No.882659>>882660
>>882658
They manipulate stock prices for money. What's the parody?
▶ No.882660>>882661 >>882708 >>882719
>>882659
You seriously need mental help
▶ No.882661>>882662
>>882660
>Viceroy Research shot to fame in South Africa over its report on Steinhoff’s accounting irregularities.
>based in New York, who describe themselves as a “group of individuals that see the world differently”, have been blamed for driving down the share price of Aspen, Africa’s biggest generics drugmaker and that of real estate investment trusts such as Resilient Reit, Nepi Rockcastle, Fortress Reit A and B.
Go fuck yourself retard.
▶ No.882662>>882665 >>882708 >>882719 >>882743
>>882661
> We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries.
It must really suck having a legitimate mental illness that prevents one from being able to read obvious parody
▶ No.882665
>>882662
You're an obvious parody fagtron.
▶ No.882676
>>882616
Is there any discussion going on in that thread?
▶ No.882691>>883114
>>882626
yeah, remember how vega was going to be the greatest leap in GPU ever? I was using integrated graphics for almost three years because of you shills.
▶ No.882696
do not trust x86
do not trust SMM
do not trust UEFI
do not trust Secure Boot
do not trust
Let's go play on RISC instead
▶ No.882703
▶ No.882707
>Secure Boot is supposed to ensure that if NSA-kun, or someone else messes with your hardware that your computer will fail to boot.
You glow in the dark, you know that? Secure Boot is proprietary MS's backdoor, don't confuse it with Trusted Boot which is the one controlled by User. And in fact this ""vulnerability"" is actually good, so hackers can start working on debotnetting AMD CPUs as an alternative to Intel's.
Don't bump this shit thread.
▶ No.882708>>882941
>>882658
>>882656
>>882660
>>882662
Hello Viceroy, how's the weather in Tel-Aviv?
▶ No.882713>>882787 >>882809
this whole thread in one sentence:
>you can rm -rf as root user and BAAAAD things happen spoopy!
▶ No.882714>>882715 >>882809
this whole thread in one sentence:
>you can rm -rf as root user and BAAAAD things happen spoopy!
▶ No.882715>>882735
>>882714
>what is evil maid
▶ No.882719
▶ No.882735
>>882715
>being so lazy that you hire a maid
>not knowing that maids are infamous for being evil
you deserve it
▶ No.882743
>>882662
great damage control, (((Viceroy)))
▶ No.882776
"quick bet on the stocks and short it" - viceroy after consulting with their research partners
▶ No.882787
>>882713
>you can rm -rf as root user and BAAAAD things happen spoopy!
Are you seriously equating deleting system files with being able to run arbitrary code on the security processor?
>>882640
>admin access
It's not like people brute force root accounts over ssh. It's not like priveledge escalation attacks have not been discovered before.
>>882640
>so it works on any system
Blatantly wrong. I can't run arbitrary code on my IME even though I have root access, nor could someone with a PSP. At least for IME the code needs to be signed by intel or it can't be run. If it were possible people would make Linux disable the IME. Feel free to correct me and tell me how this can be done on any system.
▶ No.882797
▶ No.882802
>>882577 (OP)
>No demonstrations.
>No exploit examples.
Pure FUD.
▶ No.882809>>882859
>>882713
>>882714
>delete files from filesystem
>this also erases firmwares of various devices
>implying this is completely fine
▶ No.882859>>882917
>>882809
>mounting external firmwares with write permissions
>not soldering write protection pins to ground planes
It's not my fault you're using systemcocks and don't own your party-issued hardware, Ivan.
▶ No.882911>>882928
You should put the warning that its might be a scam at the top, not the bottom you fucking shill
▶ No.882917
>>882859
It's mostly about internal firmwares, like EFI/BIOS
And where exactly is my fault? Maybe in failing to single handedly stop a fucking cartel of (((corporations))) so that bullshit never gets to production?
You seem to vastly overestimate my powers. And if I could do this, I'd probably not be posting here.
▶ No.882928
>>882911
I had considered doing so, but opted to put it just after the preliminary explanation of what it was. At least it is high enough in the post that it doesn't get cut off on the index page.
If I was a shill, I wouldn't have put that section in at all, let alone put the warning in big red text so that people don't skim past it.
▶ No.882933>>882936 >>883388
▶ No.882936>>882941 >>882976 >>882996
>>882933
It was supposed to be a joke but unfortunately most "tech enthusiasts" have autism and clickb8 e-celebs are just adding fuel to this autism fire
▶ No.882976
>>882936
>i-i-it's just a prank bro!
▶ No.882983>>882987
>>882941
>retarded e-celeb fuels conspiritard fire for clickb8
No thanks
▶ No.882987>>882990
>>882983
A legitimate journalist is not an eceleb, Viceroy
▶ No.882990>>882995
>>882987
A "legitimate journalist" that's monetized on YouTube has as much interest in blowing up sensationalist bullshit as Arstechnica or any other bullshit fake news retards doing this
And why the fuck would I be a shill when I'm the one for the fact a paper documenting "exploits" on AMD processors is clearly a fucking lie? Do you have any braincells at all?
▶ No.882995>>882998
>>882990
First off, you're moving the goalposts, second, he has made his argument plain and simple, so if you want to refute it go ahead, it would be easy.
As things stand, it's obvious Viceroy has propped up CTS as a sockpuppet to control the losses they have incurred in their shorting AMD stock. The evidence is there, the reasoning makes sense, and Viceroy having built a name for themselves by running company reputations into the ground is a well documented fact.
Please explain how any of this could be false.
▶ No.882996>>883031
>>882656
>>882936
This
If you anyone actually bothered reading the description of each "exploit" it's obvious this was supposed to be a joke. Since everything they describe can be done on any machine even with standard security features. Literally read the OPs text. Its pretty funny. "amdflaws" was probably written in the same vein as the Dihydrogen Monoxide hoax website. But people fell for that too
http://www.dhmo.org/facts.html
▶ No.882998>>883000
>>882995
>As things stand, it's obvious Viceroy has propped up CTS as a sockpuppet to control the losses they have incurred in their shorting AMD stock. The evidence is there, the reasoning makes sense, and Viceroy having built a name for themselves by running company reputations into the ground is a well documented fact.
No its not and that video is the definition of an argument via assertion fallacy. Sorry retard. But you got pranked
▶ No.883000>>883004
>>882998
Please start arguing or you'll look a lot like Viceroy damage control
▶ No.883001>>883004 >>883007 >>883016
> the meteoric rise of AMD’s stock price now appears to be totally unjustified and entirely unsustainable. We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries.
>People still take this seriously and don't realize it was a joke
▶ No.883004>>883007
>>883000
see
>>883001
A symptom of autism is the inability to understand hyperbole or metaphor. You got pranked nigger
▶ No.883007>>883010
>>883001
>>883004
How do you explain Viceroy's involvement given their business plan? Do you think a company which produces actual results like them would joke when they have something to gain from messing with anybody?
▶ No.883010>>883134
>>883007
>Do you think a company which produces actual results like them would joke when they have something to gain from messing with anybody?
Their website literally looks lime someones personal blog. And they didn't actually produce "results" if you actually read the OPs fucking text (seriously nigger you don't even have to visit their website, the OP copy-pasted the "exploit" descriptions, it's tongue-in-cheek as fuck)
And they have jack shit to gain because investors don't have mental disabilities because you need some certification to start investing and nobody is going to fall for this shit. Thank goodness none of you are investors.
▶ No.883015
>>883014
It's almost as if they were a fake company meant to parody off of known security research firms and exploit whitepapers made by a group of shitposters
▶ No.883016>>883019 >>883022
>>883001
The average person is completely retarded. More than likely this was intended to be taken seriously by the average person.
▶ No.883017>>883019
oh wow it must be a prank this shill is samefagging the fuck out of the thread as a prank bro. He just wants us to think he's a dumb shill haha he tricked us all.
▶ No.883019>>883026 >>883135
>>883016
I think its more likely this was meant to only be shared around the security research community with the pretense they're not retarded but clickb8 news blew it up and exposed it to normalfags. If anything they were the ones being paid off by Intel
>>883017
Do you actually believe ANYTHING in the whiteaper is a real exploit? Did you bother reading it at all? Do you have a mental disability?
▶ No.883022>>883023 >>883119
>>883016
Scareing lots of small investors who don't know much about tech but have a small amount of AMD stock as part of their diversified portfolio is their intention. If lots of small guys panic sell then it can cause a snowball effect where even the big guys sell everything and AMD stock goes to nothing.
Given the short positions on AMD by these guys it's obvious they are salty about it going up.
▶ No.883023
>>883022
>Scareing lots of small investors who don't know much about tech but have a small amount of AMD stock as part of their diversified portfolio is their intention. If lots of small guys panic sell then it can cause a snowball effect where even the big guys sell everything and AMD stock goes to nothing.
Your Occam's Razor is getting awfully dull there m8. And small investors who want to maintain a diverse portfolio are the least likely to sell off their stock in a given company
▶ No.883026>>883027
>>883019
>reading the whitepaper
hahah you got fucking parodied son. lmao your sitting there reading that crap being like oh I can tell it's a prank from some of the pixels and I'm like nah bro you just got played.
▶ No.883027
>>883026
So you didn't read it? Gotacha
▶ No.883031
>>882996
>Since everything they describe can be done on any machine even with standard security features.
I'm seeing a lot of people say this. Who is pushing this argument? I'd figure an eceleb because it is wrong.
Please explain how you can currently exploit AMD's PSP or Intel's ME to run arbitrary code. You say that is possible on any machine so you better have facts to prove that it is possible. As I've said earlier in the thread, it would be very beneficial to know how to run arbitrary code on the security processor so we can put it in an infinite spinlock so we don't have to worry about it.
>>883014
I meant about the validity of the vulnerabilities. I already know they've acknowledge the fact they've received a report.
▶ No.883114
>>882691
That's because you don't understand things yourself, so you misread others and get mad not knowing what happened.
▶ No.883119>>883136
>>883022
If someone wants a diversified portfolio, they can just by an index fund. It's been that way since the 70's.
▶ No.883134
>>883010
>they didn't actually produce "results"
I'm not talking about this instance, I'm talking about the past history of this group, like the time they fucked with that African pharma company
>And they have jack shit to gain
Their continued existence refutes you
▶ No.883135
>>883019
>I think its more likely this was meant to only be shared around the security research community
Except this has been brought to the media by CTS themselves first, then to AMD, so this is utterly false.
▶ No.883136
>>883119
>people can only do things my way
▶ No.883138>>883154 >>883208 >>883458
>>883014
>http://ir.amd.com/news-releases/news-release-details/view-our-corner-street-0
what the fuck does this crap want?
I gave it first-party scripts and it still doesn't show shit
▶ No.883154
>>883138
Their site is terrible, you can't even scroll the driver downloads page without js, and the actual link gives an error when refers are disabled. Fuck Windows.
▶ No.883208>>883222
>>883138
Disable CSS completely for the site. I have to do that very often these days to read the text underneath the crap.
▶ No.883220>>883239
>>882577 (OP)
>You can do stupid bullshit if you're logged into root
Nobody is surprised.
▶ No.883222
>>883208
You also view->no style which does the samr
▶ No.883226>>883381
>Meanwhile in Intel-Aviv
>Err....do I get it right, that a possibly vulnerable CPU (from 2016) is still vulnerable to MELTDOWN but a newer BIOS *fakes* the CPU flags so the MELTDOWN "detection code" says, "this CPU is NOT vulnerable"
https://marc.info/?l=openbsd-misc&m=152100351927304&w=2
https://marc.info/?l=openbsd-misc&m=152080420804198&w=2
▶ No.883234
>>882628
>but the original one is terrible
It focuses on the important part (jews) while your wastes pixels on irrelevant technicalities.
▶ No.883236>>883238 >>883239
>>882577 (OP)
>Ryzenfall is a vulnerability which let's you run code on the security processor of a running system as long as you have administrative privileges.
I don't get it. Under what circumstances would you have administrative privileges but *not* be able to run code? Is "sudo wine malware.exe" considered a hardware bug now?
▶ No.883238>>883273
>>883236
>on the security processor
learn to read faggot
▶ No.883239>>883273 >>883405
>>883220
This is a privilege escalation from root to the highest privilege in which it is invisible to the whole CPU minus the security processor which your code is currently controlling.
>>883236
You are not normally able to run code on the security processor which is an ARM based processor in the CPU. This security processor is able to do operations undetectable by the regular CPU. For example, it could read or write any value of any progress without having to communicate with the kernel.
▶ No.883273>>883379 >>883827
>>883238
>>883239
Yeah, but you still need administrative privileges in the OS running on the primary processor, right? If a hacker gains root access to your OS, your system is compromised anyway.
▶ No.883371>>883379 >>883388
Can someone spoon-feed me why CTS Labs is getting the amount of hate that they are? I get that they are jewish and probably funded by Intel, but wouldn't the bottom line of this be more secure processors for everyone?
▶ No.883379>>883405 >>883605
>>883273
What if there was a vulnerability where you could become root from a normal user. Do you think that's fine not to fix because if someone has access to a nonprivileged account they can launch a DOS attack? A bug is a bug.
>>883371
They have no reputation and didn't make a good first impression.
▶ No.883380>>883404
So did CTS Labs release their PoC's yet or what?
I know some cucky news outlets are still reporting on this, third rate fake news organizations like Bloomberg mostly.
▶ No.883381
>>883226
Holy FUCK that's fucking Jewish of them.
▶ No.883388
▶ No.883404>>883405 >>883419
>>883380
From the Ars Technica article, it sounded like they were shared with a few select security researchers.
▶ No.883405>>883415
>>883404
>>883379
>>883239
Are you aware you have one space in the email field?
▶ No.883415
▶ No.883419
>>883404
Sayanim?
Until CTS publishes properly it's literally nothing and anybody in the security community who goes along with this farce shall be forever branded a lying kike.
▶ No.883458>>883501 >>883628 >>885189
>>883138
>umatrix
>having to fiddle and fuck around with each and every fucking website for 10 minutes to hopefully get the website to work and display the shit which is expected from it and the reason you are visiting it in the first place
Forget it anon, content and botnet are by now intertwined in a siamese manner and it's only to get worse in the future.
▶ No.883501
>>883458
>not being able to tell friend from foe
>not being able to tell man from bot
>not being able to tell content from botnet
the future is looking splendid indeed
▶ No.883605
>>883379
>What if there was a vulnerability where you could become root from a normal user
No, because there are limits on what normal users can do. Once someone has unlimited access to your system, it's pointless to worry about the fact that he's allowed to run arbitrary code on one processor but not another. If anything, this is good, because exposing the PSP to userspace control gives us the opportunity to safely gut it.
▶ No.883611
https://hooktube.com/watch?v=OUBinwlC_RA
^ stallman's thoughts on "secure" boot ^
▶ No.883628
>>883458
>having to disable firewall because otherwise no matter how you configure it, program abc won't work properly
>having to disable ublock/umatrix because otherwise no matter how you configure them, website xyz won't work properly
▶ No.883827
>>883273
Pwned OS can be detected and wiped clean. Much harder to do with a pwned botnet processor.
▶ No.884997
Hahaha the mods got butt flustered and received an injection of Jewish cash and deleted the other thread.
CTS labs has damaged the Jewish state's veracity in IT, nobody will trust those kikes now.
▶ No.885189
>>883458
>clicking on a thing a couple times is too hard
The utter state of phone posters.
▶ No.885215
>>882577 (OP)
>the state of pootel
▶ No.886040>>886178 >>886195
AMD confirmed they are real but to exploit them you need root access and flashing a custom bios. You are hosed anyway no matter what chip you have. It's a completely moot point that the chip has flaws if to exploit them you would be able to fully take over any chip ever.
▶ No.886178
>>886040
>AMD confirmed they are real
No they didn’t. The kikes still haven’t provided AMD with anything either.
This was all a Jewish plot to hurt AMD and it is likely that Intel was behind it.
▶ No.886180
▶ No.886195>>886813
>>886040
With root you are not normally able to run code on the security processor.
<A priveledge escalation attack from a local user to root doesn't matter because I would have to be compromised first before it could be used.
▶ No.886813>>886823
>>886195
>security processor
This is such a scam, from the user's perspective it is exactly the opposite.
▶ No.886823
>>886813
doubleplusgood processor
▶ No.886833>>886932
>>886788
>Attacker requires Administrative access.
▶ No.886932>>886945
>>886833
Forgive me, but if you can write into PSP firmware that with root access is that still a (((exploit))) that we can use to actually fuck with the PSP?
Also, if that is an exploit that's still retard stupid, if you can't keep the damn system physically secure they might as will just swap your entire system note in the Snowden leak
▶ No.886945
>>886932
All it took to fix was a BIOS update. It's not like these flaws were hardware flaws at all. The fact that people think that the AMD flaws were as bad as Meltdown are evidence this whole thing against AMD was rigged and exaggerated.