Más de 25 muertos y 600 heridos por el terremoto en Albania
El magnate Bloomberg se suma a la pugna por la candidatura demócrata
Ordenan toque de queda en Bogotá tras manifestaciones
Desestima Pompeo testimonio de embajador
Maduro declara "victoria" ante supuesto intento de golpe de EEUU
AMD Ryzen and EPYC has big security flaws
26 Marcha 2018, 02:38 | Bibiana Flor
AMD Ryzen and EPYC has big security flaws
While this appears to be bad news, let's leave the exact fix criteria to AMD, of which, has not responded (as of the writing of this post) to the annoucement from CTS-Labs (reportedly, the time-frame was a 24-hour notice, rather than the industry standard notification of 90 Calendar Days...).
AMD developers stated that they've just found out about these new vulnerabilities and said they will investigate this further to see if the vulnerabilities are real and if they are really unsafe to the devices powered by AMD CPUs.
An Israeli security firm called CTS Labs has released a white paper to the press detailing various vulnerabilities affecting current AMD CPUs.
Curtis Dukes, executive vice president at the Center for Internet Security and a former director of the National Security Agency's Information Assurance Directorate, told FCW it would be "disappointing" if it turned out that CTS-Labs gave AMD short notice about the vulnerabilities before going public.
CTD-Labs's legal disclaimer also states that it may have a financial interest in stock movements of companies that it provides security reports on. In nearly every responsible vulnerability disclosure, companies are given at least 90 days to fix a flaw - which can be extended, if agreed to by the discoverer, if certain conditions are met.
AMD must not lend any credence towards the legitimacy of those CTS-Labs Questionable Vulnerability Classification Scheme Names (Ryzenfall, Etc.) and Graphics that are obviously there to Pander to that Fear Uncertainty and Doubt. It feels like a hit job on AMD, aimed at torpedoing its stock price. CTS-Labs are not concered with any security threats reduction they are only taking advantage of any threats, actual or not actual, to target AMD/AMD's reputation.
Researchers said the security flaws are so numerous and rudimentary that CTS researchers questioned whether the chip manufacturer was conducting adequate oversight of its products.
The disclosure process itself also raised questions. In other words, they don't want to enable those attacks by revealing too much.
The chipmaker said in a statement Tuesday that it is "actively investigating and analyzing" findings by CTS Labs, a largely unknown Tel Aviv-based cybersecurity startup founded past year. "We will update this blog as news develops".
The four vulnerability classes (13 individual vulnerabilities in total) have been labelled Masterkey, RyzenFall, Fallout and Chimera, and require attackers to first gain administrative control of a targeted network or computer (not an impossible feat).
Masterkey, according to CTS-Labs, allows the injection of persistent malware into the Secure Processor, among other attacks.
The findings had security researchers on edge all day. That technical information is not available on the public website.
Altogether, it seems that AMD customers may be justified in worrying about these vulnerabilities.
The third, dubbed Fallout, consists of three design-flaw vulnerabilities inside the boot loader component of EPYC's Secure Processor.
But that brings us back to the curious fact that AMD had little time to respond to these allegations. TR friend and occasional podcast guest David Kanter told Ars that "all the exploits require root access [.] if someone already has root access to your system, you're already compromised".
"When we were looking into the security of chips made by a Taiwanese company called ASMedia, we discovered that many of ASMedia's products contain backdoors that could be used by hackers to inject malicious code into the chip", said Ido Li On, chief executive of CTS-Labs.
Warrant out for Cambridge Analytica
On Sunday a whistleblower called Christopher Wylie claimed most of this personal information had been taken without authorisation. In a Twitter post, Stamos confirmed that his "role did change", but that he's also still "fully engaged" with work at Facebook.
Messi named Player of the Week — Champions League
They also forced their full backs into so many individual errors and nailed them when they switched off during the game. As such his services are still appreciated by the fans who follow the club home and away, every where they go.
Zuckerberg asked to appear before UK MP's
The company, Cambridge Analytica, has been accused of improperly using information from more than 50 million Facebook accounts. When investors buy a share in a company, they're essentially betting its profits will improve and the company will get bigger.
Colombia venció 3-2 a los Galos en París
Los galos ganaban 2-0 en París a Colombia por los tantos de Olivier Giroud y de Thomas Lemar , pero los cafeteros dieron el golpe. Los dirigidos por Didier Deschamps han sido superiores y su velocidad ha puesto en problemas en varias ocasiones a nuestra zaga.