Those of you that have AMD's Ryzen processors should read this.

http://www.guru3d.com/news-story/13-critical-security-vulnerabilities-and-manufacturer-backdoors-discovered-in-amd-ryzen-processors.html

---

I don't buy computers, I build them!!

Those of you that have AMD's Ryzen processors should read this.

http://www.guru3d.com/news-story/13-critical-security-vulnerabilities-and-manufacturer-backdoors-discovered-in-amd-ryzen-processors.html

That should be those of you who own AMD stock should read this ...

Currently, there is speculation that this information release is an attempt to manipulate the stock price of AMD. The short seller Viceroy Research would possibly play a role in this. That company published relatively quickly after CTS the claim that the 'revelations' would be the death blow for AMD.

In the end, this all could be a hoax or plot to damage AMD or for self-benefit (manipulating stock exchange), and as more time passes it seems to be the case that all this is just that, a hoax to create some sort of effect. We'll have to wait and see what AMD makes of this and what their actions will be.

This post from there pretty well sums it up:

I just don't understand whats going on with publishing these vulnerabilities. First Intel and AMD, now just AMD.

Why publish vulnerability now? Did Intel and AMD run out of time to fix these issues? Did documents got leaked? Is it already wide known on dark side of the Internet?

Publishing will cause panic and action, but is it rightly timed?

I think that was precisely the point. Somebody (probably Viceroy Research) was looking to profit from dropping this bombshell, making it look like AMD had serious problems which would cause the stock to tank. If that was the motive then it backfired, as the stock rose instead.

The exploits, as described, don't seem all that serious as they require the systems to already be compromised. From what I've read, the main issue seems to lie with what happens when a hacker gains admin access, making the exploit much worse (e.g., installing malware that continues to exist after a format/wipe). This may indeed be something that AMD needs to look into, but for users who have implemented strong security measures already, it's more-or-less a non-issue. At any rate, it's nothing close to the severity of the Meltdown and Spectre exploits from earlier this year.

I'm hoping we'll know more in the coming days, but it's looking increasingly like someone was trying to manipulate the stock. Hopefully the SEC has a good look and fines whoever is responsible. I'm also sure that AMD will respond soon, and we'll have to see what they say.

EDIT: Oh, and I'd like to add, I don't think Intel was involved in this. Although they've been known to resort to shady/illegal tactics in the past, I don't see this as something they would engage in, especially considering the shoddy/amateurish nature of the actors involved. It's possible that they had some sort of hand in it (can't know for sure at this point) but I wouldn't consider them as the prime instigators. Again, we'll hopefully know more as times goes on.

---

The SEC already took action against one company:

Ms Holmes will lose control of the firm and be fined $500,000.
An SEC official called the fallout an "important lesson for Silicon Valley".

If it's a similar case, whoever's involved will receive a nice sting. :-)

It's looking very much like some stock beatup.
Yes, there are vulnerabilities. However, it's nothing like it was initially presented as.

The salient high-level takeaway from AMD is this:
1.All the issues can be confirmed on related AMD hardware, but require Admin Access at the metal
2.All the issues are set to be fixed within weeks, not months, through firmware patches and BIOS updates
3.No performance impact expected
4.None of these issues are Zen-specific, but relate to the PSP and ASMedia chipsets.
5.These are not related to the GPZ exploits earlier this year.

AMD Confirms CTS-Labs Exploits: All To Be Patched In Weeks

---

Grant
Darwin NT

However, Papermaster emphasized that to exploit the gaps, a potential attacker must have full access to the system. However, with these rights, Ryzenfall & Co. are basically irrelevant again, because if the attacker has managed to exploit the gaps, he already has full system rights and no longer needs the gaps to exploit them. Nevertheless, AMD promised to close the gaps by firmware updates. This should happen in the next few weeks and go hand in hand without loss of performance.

Translated from Planet3DNow.de

---

With each crime and every kindness we birth our future.