|
|
Log in / Subscribe / Register

Numerous vulnerabilities in AMD processors

Numerous vulnerabilities in AMD processors

Posted Mar 13, 2018 23:57 UTC (Tue) by rahvin (guest, #16953)
Parent article: Numerous vulnerabilities in AMD processors

The scary stuff to me is that Intel has development facilities in Israel where this originated. The company in question has zero contact information and came into being 6 months ago (it looks like a shell company), the vulnerability domain was purchased just a few days ago. And above all they gave AMD 24 hours notice.

This looks like an Intel hit job to me. Maybe I'm paranoid but the people behind this should step into the light and prove they aren't affiliated with Intel and that this researched wasn't paid for by Intel.

to post comments

Numerous vulnerabilities in AMD processors

Posted Mar 14, 2018 0:42 UTC (Wed) by nix (subscriber, #2304) [Link] (2 responses)

There are a *lot* of tech companies in Israel. You might as well worry that some security companies are on the US west coast so therefore anything coming from them *obviously* must be a hit job from (insert name of random big tech company here).

Numerous vulnerabilities in AMD processors

Posted Mar 16, 2018 0:32 UTC (Fri) by rahvin (guest, #16953) [Link] (1 responses)

Focusing on the statement about Israel is foolish. I brought it up because unlike Tech in General Intel only has a handful of offices engaged in x86 processor design and outside their main office Israel houses the second largest site for this design. But it's not this factor alone.

The company is 6 months old, according to the information out there they provide vulnerability testing for "clients". The claimed AMD can't fix these vulnerabilities. And there is a dozen other things about this that are just plain suspicious not to mention how underwhelming the "vulnerabilities" are. They didn't disclose the vulnerabilities to AMD, but they sent full code and details to Microsoft, HP, DELL and other OEM's. (AMD that I'm aware of still doesn't have the full details). Take a look at the "vulnerability" website amdflaws.com and tell me that doesn't look like someone spent a week and a bunch of money developing that site and overplaying how bad the vulnerabilities are. And the kicker is CTS paid an outside company $26,000 to validate their findings. How on earth can a company founded 6 months ago with 6 employees afford something like that without a client covering an expense like that?

Anandtech did a interview with CTS (the company behind the release) :
https://www.anandtech.com/show/12536/our-interesting-call...

Tech Crunch lays out some of the things that are very suspicious about this:
https://techcrunch.com/2018/03/13/security-researchers-fi...

This screams paid hit job to me, and given Intel has done stuff like this in the past and AMD appears to be doing quite well with both Ryzen and Epyc sales and market uptakes. Given what Meltdown did to the PC marketplace it wouldn't surprise me in the least if Intel hired some people and setup a shell company to do a hit piece on this. This doesn't even cover the huge purchase of put options that occured a few days before and the stock advisor in Germany that declared AMD was going bankrupt.

Numerous vulnerabilities in AMD processors

Posted Mar 16, 2018 5:42 UTC (Fri) by marcH (subscriber, #57642) [Link]

Hey, considering the state of quality and security in the industry, whatever has the tiniest chance of finally scaring a bit clueless (program) managers telling you to "pull in the schedule"and to "ship it" is a Good Thing. I hope consumers will trust computers less and less which should create a gap to fill with decent engineering at last.

The stock market doesn't need that story to be a joke in the first place, this would be at worst a drop in the ocean.

Nice to see some people still have ideals about big business though :-)

Numerous vulnerabilities in AMD processors

Posted Mar 14, 2018 1:30 UTC (Wed) by atai (subscriber, #10977) [Link]

Israel must have been a small place no one heard of before...

Numerous vulnerabilities in AMD processors

Posted Mar 14, 2018 13:41 UTC (Wed) by mgk (guest, #74833) [Link] (3 responses)

AMD really isn't much of a competitor for Intel, anymore. An acquisition target, maybe. And, ditto previous comments that a LOT of tech is in Israel. A lot of Intelligence Tech too.

Numerous vulnerabilities in AMD processors

Posted Mar 14, 2018 19:31 UTC (Wed) by xtifr (guest, #143) [Link] (1 responses)

Intel is unlikely to acquire AMD for the same reason Microsoft never really tried to acquire Apple--the existence of a plausible (but only moderately effective) competitor helps divert anti-trust claims. AMD isn't a threat, but can be painted as one for PR purposes.

At the same time, the recent revelation of a severe Intel-only vulnerability (Meltdown) may have started to drive a few more sales towards AMD. It's not *completely* implausible to suggest that Intel may be trying to herd people back by trying to highlight (and possibly exaggerate) some AMD-specific problems in turn.

I'm not much of one for conspiracy theories in general, but there's enough oddness around the way this is being handled to raise questions.

Numerous vulnerabilities in AMD processors

Posted Mar 18, 2018 16:42 UTC (Sun) by marcH (subscriber, #57642) [Link]

> It's not *completely* implausible to suggest that Intel may be trying to herd people back by trying to highlight (and possibly exaggerate) some AMD-specific problems in turn.

While this type of "competitive marketing analysis" has existed since forever for performance and others, it didn't seem to happen for security until recently. One can imagine many possible explanations but for sure users and consumers didn't benefit from that lack of competition.

Short of liability, "name and shame" is the only way that stands some chance to make some difference. Yes there will be more "fake news" now but I still prefer that to no security news at all. For the moment I trust the tech press more than the mainstream one.

Numerous vulnerabilities in AMD processors

Posted Mar 18, 2018 16:27 UTC (Sun) by marcH (subscriber, #57642) [Link]

> A lot of Intelligence Tech too.

What a surprise for a country in that type of situation (not).


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds