13 flaws found in AMD processors, AMD given little warning

 

CTS-Labs of Israel claims it found 13 critical vulnerabilities in AMD processors, and gave AMD only 24 hours notice before disclosing them.

It’s probably a good thing AMD didn’t rub Intel’s nose in the Meltdown and Spectre flaws too much because boy, would it have a doosy of a payback coming to it. A security firm in Israel has found 13 critical vulnerabilities spread across four separate classes that affect AMD’s hot new Ryzen desktop and Epyc server processors.

However, the handling of the disclosure is getting a lot of attention, and none of it good. The company, CTS-Labs of Israel, gave AMD just 24 hours notice of its plans to disclose the vulnerabilities. Typically companies get 90 days to get their arms around a problem, and Google, which unearthed Meltdown, gave Intel six months.

Prease to read more here:

https://www.networkworld.com/article/3262976/security/13-fla...

--
Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!

...

Malicious hackers don’t give any advance notice, or perhaps any notification at all. Best thing for AMD is to get a competent vulnerability detection team to find problems first.

Hopefully now that they were informed of this situation, they can improve their product.

Tossed my AMD 850

I finally tossed my AMD 850 processor into the trash heap - just in time I guess.

--
romanviking

That's

kind of scary. Wonder what processor my 350 & 370 have.

Fred

BS

Further in the article:

Its white paper is replete with disclaimers, like this:

The report and all statements contained herein are opinions of CTS and are not statements of fact. To the best of our ability and belief, all information contained herein is accurate and reliable, and has been obtained from public sources we believe to be accurate and reliable. Our opinions are held in good faith, and we have based them upon publicly available facts and evidence collected and analyzed, which we set out in our research report to support our opinions. We conducted research and analysis based on public information in a manner that any person could have done if they had been interested in doing so. You can publicly access any piece of evidence cited in this report or that we relied on to write this report. Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports. Any other organizations named in this website have not confirmed the accuracy or determined the adequacy of its contents.

--
nüvi 3790T | nüvi 775T | Those who make peaceful revolution impossible, will make violent revolution inevitable ~ JFK

It has been about eight

It has been about eight years since my last computer build and the time had come to build a new system. I'm buying parts piecemeal to build a new system and just recently bought a new Intel i5 8400 processor for a great price, under $200.

Maybe staying away from AMD was a good move given these circumstances.

I've always preferred Intel

I've always preferred Intel over AMD. Now I'm more convinced than ever.

The fanboys were hard at it

BarneyBadass wrote:

It’s probably a good thing AMD didn’t rub Intel’s nose in the Meltdown and Spectre flaws too much

I don't know just what AMD said fully, but their advocates on an investment discussion website I read were energetically claiming that the meaningful trouble was all on the Intel side, with negligible real risk on the AMD side from the previously disclosed problems in this class.

I thought they were overstating the case. Possibly these new findings will alter the discussion, but on past record the fanboys will find ways to discount any problem, possibly just by citing the disclaimers mentioned in this thread.

--
personal GPS user since 1992

I just provided

archae86 wrote:
BarneyBadass wrote:

It’s probably a good thing AMD didn’t rub Intel’s nose in the Meltdown and Spectre flaws too much

I don't know just what AMD said fully, but their advocates on an investment discussion website I read were energetically claiming that the meaningful trouble was all on the Intel side, with negligible real risk on the AMD side from the previously disclosed problems in this class.

I thought they were overstating the case. Possibly these new findings will alter the discussion, but on past record the fanboys will find ways to discount any problem, possibly just by citing the disclaimers mentioned in this thread.

the data from the site in my initial post..

I didn't have any opinion.. one way or the other..

--
Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!

security

I don't think there was ever a cpu made that didn't have security flaws some were worse than others and the brand name didn't make a difference . the only difference I see is the performance difference. I build my own computers, performance is the controlling factor and it bounces back and forth between brands each time a new processer is developed .

That's All?

Only 13?

--
GPSMAP64s, iPhone XR w/Garmin North America, Yaesu VX-8R w/GPS.

I think its good they anounced it fast

Giving AMD or anybody time to fix also give hackers time to hack without us knowing the risk!

AMD vs. Intel

I prefer Intel also even though I have an AMD laptop now. Next one will be Intel.

I'll let y'all draw your own conclusions...

Plenty of Intel motherboard systems are similarly "vulnerable"

"the same Asmedia chips that make up AMD’s Promontory chipset for Ryzen CPUs have been shipping on motherboards, including hundreds of Intel motherboards models, for at least the past six years."

https://www.extremetech.com/computing/265695-cts-labs-respon...

I used quotes for "vulnerable" because commentators have noted that "the flaws, if legitimate, were blown out of proportion as they mostly needed administrator access to a system's BIOS and core functions, whereby anyone is then in a position to wreak security havoc whether a chip has flaws or not."

https://www.theinquirer.net/inquirer/news/3028437/amd-ryzen-...

In addition "There’s a notification on CTS-Labs site that it may have a financial interest in the companies it investigates (shorting AMD stock is practically a pastime in financial circles)."

https://www.extremetech.com/computing/265582-everything-surr...