• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

"amdflaws.com" - What is this?

Page 9 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
dullard said:
I nearly avoided this thread due to messenger bashing instead of talking about substance. But I have a burning question. Isn't the biggest potential worry the possibility that the computers are compromised before you even get them? This has happened in the past with the NSA:
https://www.theatlantic.com/technol...tops-purchased-online-install-malware/356548/

In that case, it would be a security risk for any country/entity that isn't in full control of the entire supply chain? It isn't a someone changed the door locks and later robbed the place issue. It is an issue that the original door locks were compromised before you even had a house to lock them with.

This isn't an AMD vs. Intel thing either. Both companies have chips that can be compromised. We should be treating this as a potential threat that can affect us all regardless of which company we root for or against. Ryzen is a great chip. But it isn't perfect. No chip is. Why can't we take any possibility, even if remote, seriously? The issue isn't can a chip from Intel or AMD be compromised. The answer is yes to both. Shouldn't the real issue be "can we detect that a specific chip was compromised?"
Click to expand...

The average user (and even corporation) cannot secure against a nation state. Period.

Even if the management and/or security platforms are 100% secure, it is pointless if a nation state has the ability to intercept and modify hardware in transit. Not to mention listening capabilities in critical networking infrastructure everywhere ("No Such Agency").

You will *never* be able to safeguard against that even with full control of production. Which is why going full tinfoil is irrelevant to this hatchet job.
 
Where did Viceroy research get the money to create all these documents or even test all this stuff? This was a lot of work to find these fake vulnerabilities. Somebody payed hundreds of thousands if not millions of dollars to create this scheme. What are Viceroy's assets?


Very interesting that this scheme is based in Israel, a country notorious for both corruption and cyber espionage... and a country where AMD's largest competitor has a headquarters. It all looks extremely suspicious and deserves an FBI and SEC investigation.
 
I didn't read most of this thread. 🙂 Has anyone actually produced verifiable POCs that exploit the reported vulnerabilities?

Or is it still purely theoretical at this stage?
 
urvile said:
I didn't read most of this thread. 🙂 Has anyone actually produced verifiable POCs that exploit the reported vulnerabilities?

Or is it still purely theoretical at this stage?
Click to expand...

Outside of the short-seller sockpuppet company and their hired gun, no one has had time to research this yet. Their paid guy said it took him a week to "verify" the exploits. Give the other research companies a little more time to see how bad the problems really are.
 
William Gaatjes said:
Intel has had research facilities since 1974.
https://www.intel.com/content/www/us/en/corporate-responsibility/intel-in-israel.html
Everything after the Pentium 4 was based of a design done in Haifa.
And it proved them well.
But this CTS labs case really stinks like someone with a "personal" and financial vendetta.


It is always possible that someone knows someone....

http://old.seattletimes.com/html/businesstechnology/2003658346_intelisrael09.html


Added date for clarification.
Click to expand...

Doesn't that make the Haifa office responsible for Meltdown/Spectre?
 
DaveSimmons said:
Outside of the short-seller sockpuppet company and their hired gun, no one has had time to research this yet. Their paid guy said it took him a week to "verify" the exploits. Give the other research companies a little more time to see how bad the problems really are.
Click to expand...

How anyone could believe security researchers (and I use that term loosely) that cannot even produce POC exploits that can be independently verified is beyond me. Unless they have? I wait with baited breath.
 
Phynaz said:
Define Admin privileges. My employers' Deskside technicians have administrative rights to the hardware, not the OS. That doesn't mean they have the ability to install unsigned code into the IME.

That's the key thing, the trusted environment allows the execution of untrusted code. Therefore the trusted environment cannot be trusted.
Click to expand...

Actually we just went through major security issues with Intel's ME recently: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

It is hard to talk about alleged vulnerabilities without a CVE or a reputable source report. Still, if you have a better understating of the vulnerabilities though, as you implied in a previous post, please expand on it. I'm intrigued.

The entire disclosure up until now, however, even if we'd assume it to be more or less true, is painfully unprofessional and clearly malicious.
 
Last edited:
urvile said:
How anyone could believe security researchers (and I use that term loosely) that cannot even produce POC exploits that can be independently verified is beyond me. Unless they have? I wait with baited breath.
Click to expand...

TPU has apparently contacted CTS about it and they said this:
TPU said:
CTS Labs stated to TechPowerUp that it has sent AMD, along with other big tech companies a "complete research package," which includes "full technical write-ups about the vulnerabilities," "functional proof-of-concept exploit code," and "instructions on how to reproduce each vulnerability." It stated that besides AMD, the research package was sent to Microsoft, HP, Dell, Symantec, FireEye, and Cisco Systems, to help them develop patches and mitigation.
Click to expand...
 
Regardless of the stock manipulation, and bad press and other things that are probably true... The bottom line is that these need admin privs to be installed. That makes the entire issue dead.

Now I do see the possibility of someone intercepting the new hardware and flashing bios, but wait, a simple bios update fixes that, using a trusted download from the vendor ?
 
IEC said:
The average user (and even corporation) cannot secure against a nation state. Period.

Even if the management and/or security platforms are 100% secure, it is pointless if a nation state has the ability to intercept and modify hardware in transit. Not to mention listening capabilities in critical networking infrastructure everywhere ("No Such Agency").

You will *never* be able to safeguard against that even with full control of production. Which is why going full tinfoil is irrelevant to this hatchet job.
Click to expand...

Intelligence agencies also have the ability to compromise people and I don't mean social engineering. I mean compromising them for real. Nation states have been compromising people as a means to an end long before they were compromising computer systems.
 
Dayman1225 said:
TPU has apparently contacted CTS about it and they said this:
Click to expand...

And we will wait and see if it's true or not. Does it mention whether TPU contacted any of those companies to verify those claims?*

As someone who has been on the periphery of cyber security for years. I am finding the whole thing very odd.

*Just to add. I don't exactly get my information on the latest vulnerabilities and exploits from publications like TPU. So I am not going to bother reading the article.
 
urvile said:
And we will wait and see if it's true or not. Does it mention whether TPU contacted any of those companies to verify those claims?

As someone who has been on the periphery of cyber security for years. I am finding the whole thing very odd.
Click to expand...
Doesn't appear that TPU followed up with those companies, guess we gotta wait and see...
 
DarthKyrie said:
Doesn't that make the Haifa office responsible for Meltdown/Spectre?
Click to expand...

No. I do not think so.
Spectre is an issue also with ARM cpu's and to some extent AMD and these were not designed at Intel.
I do have always wondered, if it is a specific patent that caused the spectre vulnerability.
And the meltdown issue, well that is a good one. I do not know which cpu from Intel is the oldest design that has athe meltdown flaw.
That may also be a patent that turns out to have a flaw. Keeps me wondering who the patent owners are.
All cpu are so much alike and there is so much patents in cpu designs that i am sure that ARM , Intel and AMD all have perhaps used the same patent for spectre.
And the meltdown issue may be also be based of a patent (speculative execution) but the implementation is flawed.
 
FIVR said:
Where did Viceroy research get the money to create all these documents or even test all this stuff? This was a lot of work to find these fake vulnerabilities. Somebody payed hundreds of thousands if not millions of dollars to create this scheme. What are Viceroy's assets?


Very interesting that this scheme is based in Israel, a country notorious for both corruption and cyber espionage... and a country where AMD's largest competitor has a headquarters. It all looks extremely suspicious and deserves an FBI and SEC investigation.
Click to expand...

...from its other short-selling schemes

It makes money from short-selling, then spreading false information and tanking stocks

https://www.businesslive.co.za/bd/c...y-research-names-its-new-target-capitec-bank/

Viceroy Research names its new target: Capitec Bank
Its shares fell as much as 20%, before recovering most of the loss, after Viceroy called it a 'loan shark ... masquerading as a community finance provider'
Click to expand...

25us9ra.png
 
Last edited:
FIVR said:
Where did Viceroy research get the money to create all these documents or even test all this stuff? This was a lot of work to find these fake vulnerabilities. Somebody payed hundreds of thousands if not millions of dollars to create this scheme. What are Viceroy's assets?


Very interesting that this scheme is based in Israel, a country notorious for both corruption and cyber espionage... and a country where AMD's largest competitor has a headquarters. It all looks extremely suspicious and deserves an FBI and SEC investigation.
Click to expand...

If they can make $10 million by investing $1 million...

Let's put it this way, if they really believe (which would be stupid) that they can bankrupt AMD and were also the ones with a fake buyout rumor last week, they could have shorted the stock. That's basically almost doubling your money per share short.

But more logically they could have leverage tons of put contracts which would yield huge gains. If they were successful, they could have purchased $9.50 put options for 2 cents and yielded what ever it falls below.
 
Dayman1225 said:
Doesn't appear that TPU followed up with those companies, guess we gotta wait and see...
Click to expand...
There is that lack of a verifiable POC again. Given all of the questions swirling around CTS Labs.

Not verifying their claims is some really sloppy journalism.

The wait continues.
 
turtile said:
If they can make $10 million by investing $1 million...

Let's put it this way, if they really believe (which would be stupid) that they can bankrupt AMD and were also the ones with a fake buyout rumor last week, they could have shorted the stock. That's basically almost doubling your money per share short.

But more logically they could have leverage tons of put contracts which would yield huge gains. If they were successful, they could have purchased $9.50 put options for 2 cents and yielded what ever it falls below.
Click to expand...

I really doubt that Viceroy Research thought that it can bankrupt AMD.

It was just short-selling AMD and hoping that AMD's stock would tank so that it can cash in.
 
William Gaatjes said:
No. I do not think so.
Spectre is an issue also with ARM cpu's and to some extent AMD and these were not designed at Intel.
I do have always wondered, if it is a specific patent that caused the spectre vulnerability.
And the meltdown issue, well that is a good one. I do not know which cpu from Intel is the oldest design that has athe meltdown flaw.
That may also be a patent that turns out to have a flaw. Keeps me wondering who the patent owners are.
All cpu are so much alike and there is so much patents in cpu designs that i am sure that ARM , Intel and AMD all have perhaps used the same patent for spectre.
And the meltdown issue may be also be based of a patent (speculative execution) but the implementation is flawed.
Click to expand...

Yes but this is most important, it today many ARM SoC-s most commonly used is Cortex A53(or his successor A55) he is not affected.😎

https://forums.anandtech.com/thread...scussion-thread.2532563/page-21#post-39245556
 
Mockingbird said:
I really doubt that Viceroy Research thought that it can bankrupt AMD.

It was just short-selling AMD and hoping that AMD's stock would tank so that it can cash in.
Click to expand...

It looks like they failed for now. There are a ton of put options (over 1,000,000 shares) that expire at $10.00 on Friday and even more at $11.00 next week. Now we will just have to see if they cover the short positions or come up with a new plan of attack.
 
turtile said:
It looks like they failed for now. There are a ton of put options (over 1,000,000 shares) that expire at $10.00 on Friday and even more at $11.00 next week. Now we will just have to see if they cover the short positions or come up with a new plan of attack.
Click to expand...

what is put and what does all that mean?
 
turtile said:
It looks like they failed for now. There are a ton of put options (over 1,000,000 shares) that expire at $10.00 on Friday and even more at $11.00 next week. Now we will just have to see if they cover the short positions or come up with a new plan of attack.
Click to expand...

Yeah but they could of sold the options if they didn't get the drop they wanted. Seems like with the theta decay the put options at 10 and 11 still went down today although the loss wasn't much.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top