AMD Processors And Chipsets Reportedly Riddled With New Ryzenfall, Chimera And Fallout Security Flaw

[ForgottenSeer 58943]

Linux's creator said he thinks CTS Labs' AMD chip security report "looks more like stock manipulation than a security advisory"

"When was the last time you saw a security advisory that was basically 'if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem?' Yeah."

Linus Torvalds slams CTS Labs over AMD vulnerability report | ZDNet

 

[DeepWeb]

They gave AMD only 24 hours to come up with a patch... Whoever did this only had the intention to do damage. Very fancy website with videos and all, too which means they spent more time creating this website and all the media than they gave AMD time to patch. Very phony. Has Intel written all over it.

Edit:

@Marko :) Thanks for the link. I'll put funny quote here, from the website www.amdflaws.com:

"Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports."

I guess it talks by itself.

Jesus. They're not even trying to hide their intentions..

 

[Deleted member 65228]

https://safefirmware.com/CTO+Letter.pdf

 

[ForgottenSeer 58943]

They gave AMD only 24 hours to come up with a patch... Whoever did this only had the intention to do damage. Very fancy website with videos and all, too which means they spent more time creating this website and all the media than they gave AMD time to patch. Very phony. Has Intel written all over it.

Edit:

Jesus. They're not even trying to hide their intentions..

You guys need to realize something.. This hit job has Israeli names all over it. Most people don't realize this but Intel, since 1974 has largely - each year - become more of an Israeli company. Meltdown, quite possibly, was Israeli Intelligence's most prized possession. It's also possible our own govt. didn't even know about Meltdown, but the Israeli Govt. most likely did. It's even possible this was one of the reasons Unit8200 was so adept at spying, this particular exploit. 60% of Intel's workforce is in Israel. Intel is the largest employer in Israel. A significant portion of Israeli Budget comes from Intel. The CEO of Intel said in a keynote speech that 'Intel is an Israeli company more than a US company.'. Intel sources billions upon billions of dollars exclusively from Israeli suppliers further stimulating their economy.

Haifa ›
Intel's Israel Development Centre (IDC) was established in 1974 as Intel's design and development center.
Jerusalem ›
The Israel Development Centre has expanded geographically to several Israel locations, including Jerusalem, where the focus is on network and communications components.
Petach Tikva ›
Intel's design and development center in Petach Tikva is leading the development of components and software in the cellular communications market.
Qiryat Gat ›
Intel's fab in Qiryat Gat represents the largest single investment ever made in Israel by the private sector.
Yakum ›
The Intel design and development center in Yakum provides chipsets for mobile platforms.

So now, please tell me why this hit job as Israeli names and Israeli shadow firms all over it? Also please convince me Israeli Intelligence wasn't involved with Meltdown and that perhaps, this was their Ark of the Covenant for spying. Also please tell me, why Intel, a major defense contractor has spent decades moving mission critical development and manufacturing to a different country?

I'd place some big bets on the fact that this Meltdown thing has a purposeful implantation from the research teams at those facilities. I would bet Meltdown starting to be closed off and people moving to non-Intel chips risk their little backdoors. Taking bets the new Intel chips are also backdoored? The more people that use AMD or other chipsets probably cost Israel a LOT of lost intelligence. The world is going dark to them and they need to stem the tide.. That's why this entire thing appears to be an intelligence based hit job, they were sloppy, the internet is full of sleuths.

How Intel came to be Israel’s best tech friend

 

[Deleted member 65228]

Furthermore to what @ForgottenSeer 58943 has said, the Meltdown vulnerability seems like one you would not expect from a vendor like Intel with such large resources. You're telling me that you have thousands of employees with amazing qualifications who managed to overlook the security regarding proper trust verification? C'mon.

The software-level vulnerabilities don't patch the vulnerability, it hides it from view. The underlying problem will still exist. It's a bit like an alcoholic who drowns themselves in booze to get away from their problems - once they wake up sober, the problems never really left and come back to haunt them because the booze did not solve them, it only temporarily hid them.

So sure, Windows has been updated to support KPTI and so has OS X and Linux. However the underlying issue with design and security still exists, that doesn't change.

 

[codswollip]

https://safefirmware.com/CTO+Letter.pdf

From the letter

I have written this letter in my own language, without PR proofing, please forgive me if there are any grammatical errors, or not written according to correct writing standards.
...
If you have any technical questions, please contact me at [snip]. I'll try to answer as many questions as I can.

Presuming from the author's own words that English is his primary language, my first question is 'what middle school do you attend?'

 

[ForgottenSeer 58943]

Furthermore to what @ForgottenSeer 58943 has said, the Meltdown vulnerability seems like one you would not expect from a vendor like Intel with such large resources. You're telling me that you have thousands of employees with amazing qualifications who managed to overlook the security regarding proper trust verification? C'mon.

It's super nonsense to think it wasn't a worldwide, multi-decade TAO. The best engineers I know all say they do not believe this was an accident and furthermore, believe that the fact that it existed was carefully covered up. Decades of intelligence resulted from this, intelligence that can't be gathered in any other fashion. As this gets patched up 'someone' is becoming increasingly more worried about having a significant portion of the world go dark on them. Ryzen/Epyc chipsets gaining wider popularity is a risk to their intelligence apparatus.

This would be a concerted effort to attempt to show people that they should continue to stay with intel, or to trust intel and not worry about Meltdown by showing AMD is just as bad as they are. You've probably seen these fear tactics before, right? Sure you have, they are everywhere.. "Kaspersky is dangerous, switch to VIPRE right away"..

I smell desperation everywhere, their systems and scams are unraveling.

 

[darko999]

I don't like to put big names to issues like this. But I have to say that the way these "Exploits or Vulnerabilities" were exposed and how the demand came, was not the proper way. If for example the same had happens but, with Intel being the one demanded, I'd still say the same thing. There are ways to do stuff like this, and in this particular case; it wasn't the right one.
I don't see anything wrong with the basic concept that CTS Labs may have in mind, like that they were doing a good thing. It could be a good thing, you want it or you don't, with a demand like this, AMD will look further into the issue, and check stuff, isn't that good?. However, they also didn't lie much, since they already said they could be part of economic influences, so they pretty much do what they say they do.

 

[Deleted member 65228]

However, they also didn't lie much, since they already said they could be part of economic influences, so they pretty much do what they say they do.

Legal precaution, it's their golden ticket.

It's to prevent them from being sued for trying to damage sales since they outlined they may be apart of economic influence, meaning readers become aware of it and thus they cannot be sued with a case indicating that they were intentionally trying to influence people to harm sales... due to that precaution. Theoretically.

 

[Kuttz]

"CTS executives told Reuters that they had shared their
findings with some clients who pay the firm for proprietary research on
vulnerabilities in computer hardware. They declined to identify their
clients or say when they had provided them with data on the
vulnerability.

“I can’t really talk about my clients,”
said Yaron Luk-Zilberman, chief financial officer at the firm that was
founded in January 2017."
Business & Financial News, U.S & International Breaking News | Reuters...

Any people with a brain knows who the client was

 

[ForgottenSeer 58943]

The very second this came out I started calling it an Israeli Intelligence hit job. Specifically, I pointed to Unit 8200 and that was without any actual evidence, just my knowledge of how operations are conducted. Now it turns out, CTS is just another Unit8200 front company and this entire thing was an Israeli hit job on AMD. Called it!

Our Interesting Call with CTS-Labs
We are three co-founders, graduates of a unit called 8200 in Israel, a technological unit of intelligence.

Add to that, recent Cambridge A. whistleblower activity they stated 'Israeli Intelligence will do virtually anything and kill almost anyone for money.'...