Page 1 of 2 12 LastLast
Results 1 to 15 of 26

Thread: Ryzen chips part of AMD security flaw

  1. #1

    Ryzen chips part of AMD security flaw

    'A raft of flaws in AMD chips makes bad hacks much, much worse':

    https://arstechnica.com/information-...ch-much-worse/

    My next build was likely to be a Ryzen based one (in truth this is unlikely to take place for a few years until the bitcoin thing blows over) so i'll be keeping a close eye on this.

  2. #2
    There's no chip that's ever going to be capable of defeating any highly skilled and determined hacker. Intel is every bit as bad.

    Either way, like you I'm probably going to hold on for another year, my system is still capable of delivering decent performance at 720p (limited by the screen I use) so I guess I can live with it a little while longer.

  3. #3
    Originally Posted by Zak Gordon View Post (Source)
    'A raft of flaws in AMD chips makes bad hacks much, much worse':

    https://arstechnica.com/information-...ch-much-worse/

    My next build was likely to be a Ryzen based one (in truth this is unlikely to take place for a few years until the bitcoin thing blows over) so i'll be keeping a close eye on this.
    Most of those exploits need your password to enter the computer to use these flaws. If they have your password then they can do anything on your PC anyway.

  4. #4
    The timing is beginning to sound like it's been manipulated to permit the "security research" firm to profit from shorting AMD stock....

    .... and apparently the issues do not affect RyZen CPUs as they lack the additional ARM security processor.

  5. #5
    Yeah whilst these exploits might be genuine there is something very fishy going on here - the so-called security firm have acted very unprofessionally. These guys have ripped them to shreds:

    http://www.guru3d.com/news-story/amd...motivated.html
    https://www.gamersnexus.net/industry...earch-cts-labs

    Originally Posted by Zak Gordon View Post (Source)
    My next build was likely to be a Ryzen based one (in truth this is unlikely to take place for a few years until the bitcoin thing blows over) so i'll be keeping a close eye on this.
    These exploits are not on the Meltdown/Spectre level so I wouldn't make a purchasing decision based on it.

  6. #6
    Originally Posted by Max Factor View Post (Source)
    Most of those exploits need your password to enter the computer to use these flaws. If they have your password then they can do anything on your PC anyway.
    Exactly this. These particular exploits require admin rights on your PC to put into effect. If a hacker has admin rights they will go to town regardless of what CPU you have. It's a bit like the storm in a teacup over how people can hack your car - if they are sitting in your passenger seat and hook up to the data point.

    This is why the released the info early - to gain some notoriety before AMD can put together an information pack showing how non-consequential it really is. Not to say it isn't something that should be addressed by AMD, but most hackers wont even bother when there are easier methods.

  7. #7
    Interestingly, the AMD stock price doesn't seem to have been affected by it too much, yet anyway....

  8. #8
    Seems shifty as hell, more an attempt to manipulate stock prices than anything else. While the exploits are genuine, everything else about this news stinks...

  9. #9
    Every exploit listed requires admin access. This is largely non-news, even if completely accurate.

  10. #10
    biggest security flaw with computers is between the keyboard and chair

  11. #11
    All shadiness aside, keep an eye out for BIOS updates anyway. It seems like there may be some genuine basic issues like lacking validation of what you're trying to write into firmware, and possibly more complete ways to disable PSP coming up. Disabling the security system is not much of a problem for consumer desktops (much like intel's "ME" that also answers questions nobody asked), but would AFAICT suck for servers since it enables pretty strong separation of virtual machines through transparent memory encryption. AMD have so far been fairly responsive when it came to fixing those or at least for providing workarounds.

  12. #12
    Nothing can stop the dark force

    There will be always of security flaws

  13. #13
    The whole disclosure about wanting to profit from stock price fluctuations did make me pause on posting, then again the exploits had been peer-reviewed and verified so i figured it was a good idea to let folks know (as i have not seen it reported that widely). I guess from the user viewpoint i just hope AMD take note and fix these exploits, just as Intel has been with the Meltdown and Spectre issues.

  14. #14
    Indeed - a heads up is always good (even if it transpires that the claims are either exaggerated or motivated in some way).

  15. #15
    Originally Posted by Zak Gordon View Post (Source)
    then again the exploits had been peer-reviewed and verified so i figured it was a good idea to let folks know (as i have not seen it reported that widely).
    The problem is that those snakeoil merchant criminals bypassed any decency (that is already a rare commodity in the misnamed "responsible disclosure" community) and gave AMD one whole day of notice. In that light, I hope those idiots get their pants sued off and maybe some bonus criminal charges for wanton endangerment or whatnot.

Page 1 of 2 12 LastLast