Page 2 of 2 FirstFirst 1 2
Results 11 to 19 of 19
  1. #11
    ROG Guru: Yellow Belt Array
    Join Date
    May 2017
    Reputation
    32
    Posts
    165

    Quote Originally Posted by xeromist View Post
    Initial reports have indicated that the vulnerabilities were verified by a 3rd party researcher as real, but the way this was all dumped on the public was likely theater designed to embarrass AMD and/or manipulate stock prices. The risk is definitely being exaggerated.
    what if they went a step ahead and made up a 3rd party researcher to add to credibility? seems plausible.

  2. #12
    ROG Guru: Yellow Belt Array
    Join Date
    May 2017
    Reputation
    32
    Posts
    165

    Quote Originally Posted by Silent Scone View Post
    HAHAH
    ---

    IC: Can you describe how you came up with the names for these exploits?

    YLZ: It was our creativity and fervent imagination.

    IC: Did you pre-brief the press before you spoke to AMD?

    ILO: What do you mean by pre-brief the press?

    IC: We noticed that when the information went live, some press were ready to go with relevant stories and must have had the information in advance.

    ILO: Before our announcement you mean?


    IC: Correct.

    ILO: I would have to check the timing on that and get back to you, I do not know off the top of my head.


    DK: I think the biggest question that I still have is that ultimately who originated this request for analysis – who was the customer that kicked this all off?

    ILO: I definitely am not going to comment on our customers.

    DK: What about the flavor of customer: is it a semiconductor company, is it someone in the industry, or is it someone outside the industry? I don’t expect you to disclose the name but the genre seems quite reasonable.

    ILO: Guys I’m sorry we’re really going to need to jump off this call but feel free to follow up with any more questions.
    Last edited by BigJob; 03-19-2018 at 02:22 AM.

  3. #13
    ROG Guru: Black Belt Array Korth PC Specs
    Korth PC Specs
    MotherboardASUS X99 R5E (BIOS2101/1902)
    ProcessorHaswell-EP E5-1680-3 SR20H/R2 (4.4GHz)
    Memory (part number)Vengeance LPX 4x8GB SS DDR4-3000 (CMK32GX4M4C3000C15)
    Graphics Card #1NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Graphics Card #2NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Sound CardJDS Labs O2+ODAC (RevB), USB2 UAC1
    MonitorASUS PG278Q
    Storage #1Samsung 850 PRO 512GB SSDs, 4xSATA3 RAID0
    Storage #2Comay BladeDrive E28 3200GB SSD, 8xPCIe2
    CPU CoolerRaijintek NEMESIS/TISIS, AS5, 2xNH-A14
    CaseObsidian 750D (original), 6xNH-A14
    Power SupplyZalman/FSP ZM1250 Platinum
    Headset Pilot P51 PTT *modded*
    OS Arch, Gentoo, Win7x64, Win10x64
    Network RouterActiontec T3200M VDSL2 Gateway
    Accessory #1 TP-Link AC1900 Archer T9E, 1xPCIe
    Accessory #2 ASUS/Infineon SLB9635 TPM (TT1.2/FW3.19)
    Accessory #3 ASUS OC Panel I (FW0501)
    Korth's Avatar
    Join Date
    Mar 2015
    Reputation
    152
    Posts
    2,719

    https://amdflaws.com/ is a proxy site registered through godaddy.com ... lol, not professional not legit.

    Purpose? To generate hits on CTS Labs website, lol. Maybe also to look savvy and important, maybe also to bash and hate on AMD.
    "All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

    [/Korth]

  4. #14
    TeamROG Moderator Array xeromist PC Specs
    xeromist PC Specs
    Laptop (Model)Dell Inspiron 15 7567
    MotherboardMSI x470 Gaming Plus
    ProcessorAMD 2600X
    Memory (part number)16GB Crucial Ballistix Elite 3600
    Graphics Card #1ASUS GTX 1080 Strix
    MonitorBenQ BL3200PT
    Storage #1Intel 600p NVMe
    CPU CoolerWraith
    Casecustom Antec 900
    Power SupplyCorsair HX1000
    Keyboard Logitech Orion Spark
    Mouse Logitech MX500
    Headset Plantronics 777 with Oregon Aero upgrade
    xeromist's Avatar
    Join Date
    Jul 2010
    Reputation
    301
    Posts
    7,472

    Quote Originally Posted by BigJob View Post
    what if they went a step ahead and made up a 3rd party researcher to add to credibility? seems plausible.
    Dan Guido founded Trail of Bits in 2012. So no he's not a sock puppet. Whatever you believe about the piss poor way CTS handled the disclosure, the vulnerabilities are real.
    * Support disease research with Folding@Home *

    < < < Click the drop-down above my avatar for my PC specs!

  5. #15
    ROG Guru: Yellow Belt Array
    Join Date
    May 2017
    Reputation
    32
    Posts
    165

    Quote Originally Posted by xeromist View Post
    Dan Guido founded Trail of Bits in 2012. So no he's not a sock puppet. Whatever you believe about the piss poor way CTS handled the disclosure, the vulnerabilities are real.
    ahhhh damnnnn
    this was one of the reasons i was avoiding an intel upgrade.
    grrr

  6. #16
    TeamROG Moderator Array xeromist PC Specs
    xeromist PC Specs
    Laptop (Model)Dell Inspiron 15 7567
    MotherboardMSI x470 Gaming Plus
    ProcessorAMD 2600X
    Memory (part number)16GB Crucial Ballistix Elite 3600
    Graphics Card #1ASUS GTX 1080 Strix
    MonitorBenQ BL3200PT
    Storage #1Intel 600p NVMe
    CPU CoolerWraith
    Casecustom Antec 900
    Power SupplyCorsair HX1000
    Keyboard Logitech Orion Spark
    Mouse Logitech MX500
    Headset Plantronics 777 with Oregon Aero upgrade
    xeromist's Avatar
    Join Date
    Jul 2010
    Reputation
    301
    Posts
    7,472

    Quote Originally Posted by BigJob View Post
    ahhhh damnnnn
    this was one of the reasons i was avoiding an intel upgrade.
    grrr
    You still might be on the right track. Since this disclosure was even more abrupt than the Intel vulnerabilities we haven't seen much solid info yet. It could be that most of this is solved through OS patches or a BIOS update and there is no performance hit. We'll just have to see.
    * Support disease research with Folding@Home *

    < < < Click the drop-down above my avatar for my PC specs!

  7. #17
    TeamROG Moderator Array xeromist PC Specs
    xeromist PC Specs
    Laptop (Model)Dell Inspiron 15 7567
    MotherboardMSI x470 Gaming Plus
    ProcessorAMD 2600X
    Memory (part number)16GB Crucial Ballistix Elite 3600
    Graphics Card #1ASUS GTX 1080 Strix
    MonitorBenQ BL3200PT
    Storage #1Intel 600p NVMe
    CPU CoolerWraith
    Casecustom Antec 900
    Power SupplyCorsair HX1000
    Keyboard Logitech Orion Spark
    Mouse Logitech MX500
    Headset Plantronics 777 with Oregon Aero upgrade
    xeromist's Avatar
    Join Date
    Jul 2010
    Reputation
    301
    Posts
    7,472

    And AMD has announced fixes. Ars Technica has details:
    https://arstechnica.com/gadgets/2018...rocessor-bugs/
    * Support disease research with Folding@Home *

    < < < Click the drop-down above my avatar for my PC specs!

  8. #18
    ROG Member Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    18

    Any update?

    Curious, AMD states there are BIOS updates from vendors to address these. I don't however see anything listed from ASUS?

    The bugs btw are _nothing_ like Spetre or Meltdown. If anything they are more like INTEL's IME/SP exploits.

  9. #19
    ROG Member Array paulmarc PC Specs
    paulmarc PC Specs
    MotherboardASUS X399 Zenith Extreme
    ProcessorAMD ThreadRipper 1950X
    Memory (part number)128GB DDR4
    Graphics Card #1nVidia GTX 1080 Ti
    Graphics Card #2nVidia GTX 1080 Ti
    MonitorLG 24" Gaming Monitor
    Storage #12x M.2 NVMe 480GB
    Storage #22x 4TB HDD
    CPU CoolerNZXT Kraken X62
    CaseCougar Panzer Max
    Power SupplyCougar 1050W Gold
    Keyboard Cougar 700K
    Mouse Logitech G700s
    Headset Logitech G930
    Mouse Pad Logitech G440
    OS Linux
    paulmarc's Avatar
    Join Date
    Mar 2018
    Reputation
    10
    Posts
    15

    Post No patches yet but threat isn't big

    Most importantly: vulnerabilities are exploitable if you have physical access and execute expert commands, sometimes even needing to open the computer case...
    If the "hacker" has this level of access, better to take the storage drives and be on his merry way... Or plug a USB and infect the system. So many other "major" threats out there, for this level of security...

    As for the patches themselves, I haven't found anything yet to download/patch/install, although as mentioned, AMD did acknowledge and stated it will provide patches.

Page 2 of 2 FirstFirst 1 2

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •