Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday March 14 2018, @12:34PM   Printer-friendly
from the I'm-going-back-to-using-an-Abacus dept.

Security Researchers Publish Ryzen Flaws, Gave AMD 24 hours Prior Notice

Through the advent of Meltdown and Spectre, there is a heightened element of nervousness around potential security flaws in modern high-performance processors, especially those that deal with the core and critical components of company business and international infrastructure. Today, CTS-Labs, a security company based in Israel, has published a whitepaper identifying four classes of potential vulnerabilities of the Ryzen, EPYC, Ryzen Pro, and Ryzen Mobile processor lines. AMD is in the process of responding to the claims, but was only given 24 hours of notice rather than the typical 90 days for standard vulnerability disclosure. No official reason was given for the shortened time.

[...] At this point AMD has not confirmed any of the issues brought forth in the CTS-Labs whitepaper, so we cannot confirm in the findings are accurate. It has been brought to our attention that some press were pre-briefed on the issue, perhaps before AMD was notified, and that the website that CTS-Labs has setup for the issue was registered on February 22nd, several weeks ago. Given the level of graphics on the site, it does look like a planned 'announcement' has been in the works for a little while, seemingly with little regard for AMD's response on the issue. This is compared to Meltdown and Spectre, which was shared among the affected companies several months before a planned public disclosure. CTS-Labs has also hired a PR firm to deal with incoming requests for information, which is also an interesting avenue to the story, as this is normally not the route these security companies take. CTS-Labs is a security focused research firm, but does not disclose its customers or research leading to this disclosure. CTS-Labs was started in 2017, and this is their first public report.

CTS-Labs' claims revolve around AMD's Secure Processor and Promontory Chipset, and fall into four main categories, which CTS-Labs has named for maximum effect. Each category has sub-sections within.

Severe Security Advisory on AMD Processors from CTS.

Also at Tom's Hardware, Motherboard, BGR, Reuters, and Ars Technica.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Informative) by deimtee on Thursday March 15 2018, @11:47AM

    by deimtee (3272) on Thursday March 15 2018, @11:47AM (#652904) Journal

    I work in printing. This pisses me off no end. The original purpose of PDF was a format that looked the same everywhere. Set it up on your screen, PDF it, check the PDF and then send it to me. The printed copy will look identical to what you saw on your screen when looking at the PDF. That was the purpose of PDF. (and up to PDF4 worked great)
    Then fucking Adobe got greedy, tried to add shit to PDF that was not compatible with static formats to 'take over the web', fucked it up for printing, and it's still shit for everything else they try to foist it off onto. Arseholes the lot of them.

    --
    If you cough while drinking cheap red wine it really cleans out your sinuses.
    Starting Score:    1  point
    Moderation   +2  
       Informative=2, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4