pendragon1
Extremely [H]
- Joined
- Oct 7, 2000
- Messages
- 52,136
sounds like you are trying to conjure a demon...animus contrahendi, balance of probabilities, beyond reasonable doubt, Dolus and Culpa, pactum sunt savanda, inter vivos.
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
sounds like you are trying to conjure a demon...animus contrahendi, balance of probabilities, beyond reasonable doubt, Dolus and Culpa, pactum sunt savanda, inter vivos.
sounds like you are trying to conjure a demon...
Ooops! When you wrote "Security Experts? Well, that's one" I believed that you had identified to Alex Ionescu and then asking me for more experts. I supposed you were familiar with him being a well-known security expert. It is interesting that you seem so worried by my mistake, when I think my mistake was favoring you, but don't worry, I have edited my post to make clear you didn't acknowledge anything. My post now reads:
A link to it is in post #66 of this thread.
https://www.realworldtech.com/forum/?threadid=175139&curpostid=175168
However, if I get chance I will get in touch with Fred Piper and see what his thoughts are on it - he is my definition of a security expert, not the person you quoted.
To back up this claim, it has had its findings reviewed by not less than ONE, yes, just one, company, Trail of Bits.
To further bolster its claim, it has produced one, yes, just one, screenshot of one affected machine where the boot code in the bottom left coroner was replaced with the number "1337."
These findings caused Viceroy Research, another firm with a questionable reputation, to proclaim in a 25-page report on the matter that:
"AMD must cease the sale of Ryzen and EPYC chips in the interest of public safety."
AMD’s flawed chips are components in government and defense products –AMD is pushing Embedded Ryzen and EPYC chips into government and defense industries– from aerospace through to enterprise servers and laptops –through promotion of “advanced security” of its Secure Processor– the very Secure Processor which CTS has found to be fundamentally flawed and open to hacking
By contrast CTS's white paper, which can be found on amdflaws.com, and yet inexplicably hosted by a blank website safefirmware.com, discusses no methodology at all, and for proof of concepts discussed therein offers just one screenshot of a server with a boot screen with "1337" (hacker slang for LEET which is phonetic shortening of ELITE) added to the bottom right hand corner, purportedly by CTS. Due to the lack of any discussion of methodology or technical details in the white paper, it is impossible to verify the veracity of CTS's claims. That said, let's discuss them at face value anyway and see what the worst-case scenario could be.
However, in order to deploy this vulnerability [MASTERKEY], the attacker would have to first get access to the computer, then gain root or administrator privileges, and then finally have the ability to flash (update) the BIOS on the computer.
Further, since the ONLY shred of proof was provided in the Masterkey section, it's not entirely clear if it's even real. To avoid repeating myself, the same goes for Fallout and Chimera.
Fallout uses the same attack vector of a signed driver as Ryzenfall, but on an EPYC processor by targeting the boot loader, with identical results, and identical dubiousness of the proof of concept.
Chimera is the most serious sounding "vulnerability." [...] CTS bases this bold supposition NOT on actual testing, or proof of concept, but on the fact that it claimed to have reviewed the code from AMD's subcontractor, ASMedia, and AMD's chipset code and found similarities between the two code bases. ASMedia reused some of its own code while fulfilling a contract for AMD. What a shock?
Even Dan Guido, the CEO of Trail of Bits, the one and only company hired by CTS to double check its findings, disputes the validity of Chimera in a tweet to reporters.
Further, ExtremeTech published an article where it shows that the same ASMedia chips accused of housing backdoors by CTS also are widely used on any ASUS motherboards with Intel chips. So, why is this categorized as an AMD flaw when it widely affects, if real, both AMD and Intel?
If Fallout and Ryzenfall are indeed real, hopefully AMD will patch them quickly, as those threaten AMD's Secure Encrypted Virtualization system. Chimera just looks like nonsense, unless further proof is provided, and Masterkey requires a BIOS flash. If you can flash the BIOS all bets are off, on ALL systems, from ALL CPU vendors.
Potential technical impact of AMDFlaws
- Code execution in the PSP and SMM (no visibility to typical security products)
- Persistence across OS reinstallation and BIOS updates
- Block or infect further BIOS updates, or brick the device
- Bypass Windows Credential Guard
- Bypass Secure Encrypted Virtualization (SEV)
- Bypass Secure Boot
- Bypass or attack security features implemented on top of the PSP (e.g., fTPM)
Rather than giving AMD a standard 90-day advance notice adopted by Google, Cisco (NASDAQ:CSCO) and others, or the 200-day-plus notice Google gave Intel, AMD, and others before disclosing Meltdown and Spectre, CTS gave AMD less than a day advance notice.
And as stated in #67, the reply is available here
https://www.realworldtech.com/forum/?threadid=175139&curpostid=175180
Does him has access to the full materials?
Linus, unlike a lot of us here, is smart enough to ignore you. But yeah, just like last time, I'll trust Linus over juanrga and his myriad cherry picked links.
And as stated in #67, the reply is available here
https://www.realworldtech.com/forum/?threadid=175139&curpostid=175180
Does him has access to the full materials?
So if replying someone is ignoring him/her, then I guess the Linus claim "CTS is a scam" means that the security flaws are real.
As I said in #87 you can trust and side with anyone whom you want. it will not change a bit the fact that all what I said in my reply to him is correct.
He's on here
http://www.isg.rhul.ac.uk/bin/staff-dir.php?type=V
Henry Becker knows his stuff as well.
Tell you what, If anyone on that page comes out saying it's legitimate then I'll believe it.
But does that people has access to the full material?
The security issues identified by the third-party researchers are not related to the AMD “Zen” CPU architecture or the Google Project Zero exploits made public Jan. 3, 2018. Instead, these issues are associated with the firmware managing the embedded security control processor in some of our products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.
Attacker can circumvent platform security controls. These changes are persistent following a system reboot.
Attacker may install difficult to detect malware in SMM (x86).
Holy fuck, you can't even quote CTS-labs correctly, they said months or maybe not even a year, which was their justification for not informing AMD and waiting the industry standard time.Initial AMD Technical Assessment of CTS Labs Research
https://community.amd.com/community...amd-technical-assessment-of-cts-labs-research
AMD confirms all the flaws: those associated to the Promontory chipset and those associated to the Secure Processor:
AMD confirms the exploits are affected by persistence and difficult detectability:
The only difference between CTS-labs and AMD is that CTS-labs said that mitigations and patches would require "months" and AMD claims only needs "weeks".
Initial AMD Technical Assessment of CTS Labs Research
https://community.amd.com/community...amd-technical-assessment-of-cts-labs-research
AMD confirms all the flaws: those associated to the Promontory chipset and those associated to the Secure Processor:
AMD confirms the exploits are affected by persistence and difficult detectability:
The only difference between CTS-labs and AMD is that CTS-labs said that mitigations and patches would require "months" and AMD claims only needs "weeks".
We still have to see AMD patches for Spectre don't we?
We still have to see AMD patches for Spectre don't we?
This was blown up so some folks could short the stock. Happens all the time. Security problems are real, but not particularly unusual or large. Patch incoming - no performance hit expected.
In short, no big deal. Except I wish I could have shorted AMD roundabout March 7th. I could've made a clanking fortune.
.... To make it absolutely clear: how your company runs your IT department is their problem if they do not take precautions it is their fault and theirs alone.
....
How many of those employees also have the ability to modify firmware or driver code in order to take advantage of these exploits, without crashing the system, before they lose access to the system? IT specialists generally aren't hackers, and the ones who know how to write programs probably don't also know how to modify binaries in such a way that they would still function and be installable without disabling critical security features of the os. Then they could hire someone else to write the exploit, but that person would need to get the modified binary onto the system somehow (usb, cd, remote terminal, etc), which would probably raise flags at any properly secured company.I don't think most people that are commenting on this, on this site and others, truly understand the impact this could have. Probably because most are just desktop users and enthusiasts, and have no inclination of the corporate IT realm.
They seem to think just because you need admin level access to an effected machine, that it's not really an exploit.
If the exploits are indeed as described, the problem is in not being able to detect changes to the hardware, and persistence of those changes, regardless of storage on the system.
Think of it this way. I work for a company with several thousands of machines on their network, located all over the eastern US. There are hundreds of employees with us, that have admin access to most of those machines. Any one of them could decide for whatever reason, they want to compromise or otherwise harm the company.
Now without these exploits, the company could go behind the culprit and "clean up" the network, undoing whatever was done, formatting drives and such, thus mitigating or completely reversing the damage done.
However, with these exploits, the company could not determine which machines are infected or compromised, and no amount of storage level manipulation would solve the issues. The hardware itself would need to be replaced, and since we can not know which devices are infected, ALL devices would need to be replaced. Considering this network is responsible in part, for the transportation and logistics involved with that transport, of all classes of hazardous materials, what do you think the impact would be?
You have to have admin access, but admins are not saints, and once these exploits are implemented, there is no mitigating them outside of replacing the hardware, assuming you have discovered they are being used at all.
This is of course assuming they truly cannot be mitigated or fixed through other means, which is still not determined as of yet.
I have a nagging suspicion though, that many other architectures are going to found to have similar exploits, not just ASmedia and AMD. This level of exploitation is where the focus is headed, and I fear the repercussions of that focus on not just the industry as a whole, but society itself.
We have taken for granted a certain level of privacy and security with our technology. What if every device that we trust was compromised? Not just our personal computing devices. What about anything and everything connected to a network. Even your modern automobiles are connected and most are "fly by wire", having all electronic control systems.
This issue should not be dismissed just because of the motives of the parties involved.
How many of those employees also have the ability to modify firmware or driver code in order to take advantage of these exploits, without crashing the system, before they lose access to the system? IT specialists generally aren't hackers, and the ones who know how to write programs probably don't also know how to modify binaries in such a way that they would still function and be installable without disabling critical security features of the os. Then they could hire someone else to write the exploit, but that person would need to get the modified binary onto the system somehow (usb, cd, remote terminal, etc), which would probably raise flags at any properly secured company.
Tell me again, which security measures they bypassed or disabled without someone being notified? They have to get the exploited binary on the system or they can't do anything with these flaws. Or else, they have to modify the firmware/microcode themselves using a program that's probably not installed by default...
Right, but then you have a notification of the computer being disconnected from the network, an external media being inserted, some weird/unusual binary being copied to the system (it has to be loaded into memory before it runs) or else a weird script being run from portable media. You're telling me nobody would investigate this kind of suspicious activity? The notification doesn't just not happen because the computer was disconnected while the act was in progress.Are you serious?
Unplug cable, write image, inject code from portable media, rewrite image, plug back in cable. That's only if they are SUPER paranoid.
Right, but then you have a notification of the computer being disconnected from the network, an external media being inserted, some weird/unusual binary being copied to the system (it has to be loaded into memory before it runs) or else a weird script being run from portable media. You're telling me nobody would investigate this kind of suspicious activity? The notification doesn't just not happen because the computer was disconnected while the act was in progress.
Ah, yeah that could work. I doubt if someone would bat an eye at a system restore as long as you had a good explanation lined up, too. Good system policy might require network access or a secure key to grant system restore powers, but a sysadmin would probably have easy access to such a thing anyway, and requiring network access might be considered overkill (plus could make fixing network issues difficult in some circumstances).First off, machines drop off the network all the time, ours do once a week for system maintenance. We are talking thousands of machines over hundreds of thousands of square miles. Anything done to the machine while off network can be erased with the image restore. What's worse is the size of deployments are so small now, it could be done in minutes. Not all networks are the same, you must be thinking of some large workstation deployments.
Ah, yeah that could work. I doubt if someone would bat an eye at a system restore as long as you had a good explanation lined up, too. Good system policy might require network access or a secure key to grant system restore powers, but a sysadmin would probably have easy access to such a thing anyway, and requiring network access might be considered overkill (plus could make fixing network issues difficult in some circumstances).
Maybe there is a better change of me slipping on a banana peel or getting hit by an asteroid ...Depending on where you live, and how malicious the culprit, it may be YOUR problem.