No quiero ser fantoche, pero ganamos el debate: López Obrador
Alexis Sanchez thanked Arsenal boss Arsene Wenger over texts
Trump says man Stormy Daniels claims threatened her is 'nonexistent'
Southwest opposed engine maker on stepped-up FAA inspections
AMD Ryzen and EPYC has big security flaws
26 Marcha 2018, 02:38 | Bibiana Flor
AMD Ryzen and EPYC has big security flaws
While this appears to be bad news, let's leave the exact fix criteria to AMD, of which, has not responded (as of the writing of this post) to the annoucement from CTS-Labs (reportedly, the time-frame was a 24-hour notice, rather than the industry standard notification of 90 Calendar Days...).
AMD developers stated that they've just found out about these new vulnerabilities and said they will investigate this further to see if the vulnerabilities are real and if they are really unsafe to the devices powered by AMD CPUs.
An Israeli security firm called CTS Labs has released a white paper to the press detailing various vulnerabilities affecting current AMD CPUs.
Curtis Dukes, executive vice president at the Center for Internet Security and a former director of the National Security Agency's Information Assurance Directorate, told FCW it would be "disappointing" if it turned out that CTS-Labs gave AMD short notice about the vulnerabilities before going public.
CTD-Labs's legal disclaimer also states that it may have a financial interest in stock movements of companies that it provides security reports on. In nearly every responsible vulnerability disclosure, companies are given at least 90 days to fix a flaw - which can be extended, if agreed to by the discoverer, if certain conditions are met.
AMD must not lend any credence towards the legitimacy of those CTS-Labs Questionable Vulnerability Classification Scheme Names (Ryzenfall, Etc.) and Graphics that are obviously there to Pander to that Fear Uncertainty and Doubt. It feels like a hit job on AMD, aimed at torpedoing its stock price. CTS-Labs are not concered with any security threats reduction they are only taking advantage of any threats, actual or not actual, to target AMD/AMD's reputation.
Researchers said the security flaws are so numerous and rudimentary that CTS researchers questioned whether the chip manufacturer was conducting adequate oversight of its products.
The disclosure process itself also raised questions. In other words, they don't want to enable those attacks by revealing too much.
The chipmaker said in a statement Tuesday that it is "actively investigating and analyzing" findings by CTS Labs, a largely unknown Tel Aviv-based cybersecurity startup founded past year. "We will update this blog as news develops".
The four vulnerability classes (13 individual vulnerabilities in total) have been labelled Masterkey, RyzenFall, Fallout and Chimera, and require attackers to first gain administrative control of a targeted network or computer (not an impossible feat).
Masterkey, according to CTS-Labs, allows the injection of persistent malware into the Secure Processor, among other attacks.
The findings had security researchers on edge all day. That technical information is not available on the public website.
Altogether, it seems that AMD customers may be justified in worrying about these vulnerabilities.
The third, dubbed Fallout, consists of three design-flaw vulnerabilities inside the boot loader component of EPYC's Secure Processor.
But that brings us back to the curious fact that AMD had little time to respond to these allegations. TR friend and occasional podcast guest David Kanter told Ars that "all the exploits require root access [.] if someone already has root access to your system, you're already compromised".
"When we were looking into the security of chips made by a Taiwanese company called ASMedia, we discovered that many of ASMedia's products contain backdoors that could be used by hackers to inject malicious code into the chip", said Ido Li On, chief executive of CTS-Labs.
Guardiola's tactical 'gift' is 'second to none in the world'
One bought from Germany, one locally developed. "You must compete against the best to get to the final and, of course, to win it". There simply isn't a country on the continent that comes close to matching their excellence on the European stage.
Messi Scores As unbeaten Barca Defeat Bilbao
Barcelona's strong attacking pedigree of having Lionel Messi in sublime form reflected in the UEFA Champions League as well. The Portuguese striker has now netted 22 times in the league this season, trailing Messi by just three goals.
Colombia venció 3-2 a los Galos en París
Los galos ganaban 2-0 en París a Colombia por los tantos de Olivier Giroud y de Thomas Lemar , pero los cafeteros dieron el golpe. Los dirigidos por Didier Deschamps han sido superiores y su velocidad ha puesto en problemas en varias ocasiones a nuestra zaga.
TIPS: How to unlink Facebook account from third party apps
The tech company holding that title in 2018 is Facebook. "Privacy and data protections are fundamental to every decision we make". However, after the firm missed the deadline, Denham told Britain's Channel 4: "I'll be applying to the court for a warrant".
Zuckerberg asked to appear before UK MP's
The company, Cambridge Analytica, has been accused of improperly using information from more than 50 million Facebook accounts. When investors buy a share in a company, they're essentially betting its profits will improve and the company will get bigger.