Hardware & Technical Ryzen chips part of AMD security flaw

MickyG1982

M
There's no chip that's ever going to be capable of defeating any highly skilled and determined hacker. Intel is every bit as bad.

Either way, like you I'm probably going to hold on for another year, my system is still capable of delivering decent performance at 720p (limited by the screen I use) so I guess I can live with it a little while longer.
 
Last edited:

-VR- Max Factor

-VR- Max Factor
Zak Gordon said:
'A raft of flaws in AMD chips makes bad hacks much, much worse':

https://arstechnica.com/information...-in-amd-chips-make-bad-hacks-much-much-worse/

My next build was likely to be a Ryzen based one (in truth this is unlikely to take place for a few years until the bitcoin thing blows over) so i'll be keeping a close eye on this.
Click to expand...
Most of those exploits need your password to enter the computer to use these flaws. If they have your password then they can do anything on your PC anyway.
 

Robert Maynard

Volunteer Moderator
Robert Maynard
The timing is beginning to sound like it's been manipulated to permit the "security research" firm to profit from shorting AMD stock....

.... and apparently the issues do not affect RyZen CPUs as they lack the additional ARM security processor.
 

CMDR MAIN SEQUENCE

CMDR MAIN SEQUENCE
Yeah whilst these exploits might be genuine there is something very fishy going on here - the so-called security firm have acted very unprofessionally. These guys have ripped them to shreds:

http://www.guru3d.com/news-story/am...he-day-after-seems-financially-motivated.html
https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs

Zak Gordon said:
My next build was likely to be a Ryzen based one (in truth this is unlikely to take place for a few years until the bitcoin thing blows over) so i'll be keeping a close eye on this.
Click to expand...

These exploits are not on the Meltdown/Spectre level so I wouldn't make a purchasing decision based on it.
 

beneuto

beneuto
Max Factor said:
Most of those exploits need your password to enter the computer to use these flaws. If they have your password then they can do anything on your PC anyway.
Click to expand...

Exactly this. These particular exploits require admin rights on your PC to put into effect. If a hacker has admin rights they will go to town regardless of what CPU you have. It's a bit like the storm in a teacup over how people can hack your car - if they are sitting in your passenger seat and hook up to the data point.

This is why the released the info early - to gain some notoriety before AMD can put together an information pack showing how non-consequential it really is. Not to say it isn't something that should be addressed by AMD, but most hackers wont even bother when there are easier methods.
 
Last edited:

Shadowdancer

Shadowdancer
All shadiness aside, keep an eye out for BIOS updates anyway. It seems like there may be some genuine basic issues like lacking validation of what you're trying to write into firmware, and possibly more complete ways to disable PSP coming up. Disabling the security system is not much of a problem for consumer desktops (much like intel's "ME" that also answers questions nobody asked), but would AFAICT suck for servers since it enables pretty strong separation of virtual machines through transparent memory encryption. AMD have so far been fairly responsive when it came to fixing those or at least for providing workarounds.
 

Zak Gordon

Zak Gordon
The whole disclosure about wanting to profit from stock price fluctuations did make me pause on posting, then again the exploits had been peer-reviewed and verified so i figured it was a good idea to let folks know (as i have not seen it reported that widely). I guess from the user viewpoint i just hope AMD take note and fix these exploits, just as Intel has been with the Meltdown and Spectre issues.
 

Robert Maynard

Volunteer Moderator
Robert Maynard
Indeed - a heads up is always good (even if it transpires that the claims are either exaggerated or motivated in some way).
 

Shadowdancer

Shadowdancer
Zak Gordon said:
then again the exploits had been peer-reviewed and verified so i figured it was a good idea to let folks know (as i have not seen it reported that widely).
Click to expand...
The problem is that those snakeoil merchant criminals bypassed any decency (that is already a rare commodity in the misnamed "responsible disclosure" community) and gave AMD one whole day of notice. In that light, I hope those idiots get their pants sued off and maybe some bonus criminal charges for wanton endangerment or whatnot.
 

Zak Gordon

Zak Gordon
Hmm i wonder if their disclosure about their motives in some way protects them from legal problems? Still i agree 100% these are not white hat chaps doing it the right way, and i hope there is indeed some fallout for them (AMD shares not really moving much might be some of the 'karma' getting back at them!).
 

CMDR Cosmic Spacehead

CMDR Cosmic Spacehead
Even if there is a security flaw, what are the real chances someone is going to exploit it, on your PC?

If someone tried to hack my PC, I have a natural defence anyway...

My internet.

It'll likely just cut them off. And if they did try to upload anything important, it'd take them a week. :D

Or my PC will randomly lock up, rendering the attack useless. Lol
 

Shadowdancer

Shadowdancer
CMDR_Cosmicspacehead said:
Even if there is a security flaw, what are the real chances someone is going to exploit it, on your PC?
Click to expand...
People are still running around doing dumb crap like arbitrarily running stuff as admin and advising others to do so, so I'd say it's pretty easy to exploit on consumer systems :( It's technically hard, but luckily human stupidity keeps those vectors open.
 
You must log in or register to reply here.
Back
Top Bottom