New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections
Any cause for concern?
Comments
Intel has to pour salt in its competitors' underpants after out of failures
I think this comment on here sums it up.
https://news.ycombinator.com/item?id=41205168
If you're screwed by this (and many other vulnerabilities) you're screwed in the first place.
What's more interesting is the process of the search itself.
This is not "news". AMD and Intel have to have A backdoor. So that government agencies could use it.
it became "news" after someone discovered it.
Blown up BS.
I think, @jenkki put it well. AMD reacted politely and cool and stated that Epycs and Ryzens can be "cured" and even for their embedded processors a cure will be available soon.
Not so for intels cancer.
So, f_ck off, IOActive. I hope you got paid well by intel - or are you a cheap whore?
Written on a Ryzen by a happy Ryzen and Epyc user
Pay walled article.
https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/
At least in the near future, you will have the option to choose between services from American, Chinese, and Russian secret services. The market should be competitive, allowing for a variety of options for users.
PS. That is sarcasm of course.
But doesn't this mean if you buy a used AMD CPU or rent a dedicated server, you run the risk of having unremovable malware permanently on the CPU?
I'm sure many providers here are buying used or renting.
What is happening these days for Intel and AMD? Giving each other market share? 😁😆
I suppose yes, if you are a dedicated server provider it would be a problem. For virtualization and home users it's not a concern really.
But the users don't know if the host they are using are renting or bought a used amd cpu.
Imagine scenario:
Malice actor buys 1000 cpu dies. Pre-load with malware. Target some company and sell those dies at discounted price. Time passes and malice actor goes to action…
That is nightmare. But amd already launched fix?
This is exactly the issue. Or they rent the servers from OVH/Hetzner/ReliableSite/Datapacket/GSL, load malware, don't renew, 90% of lowendtalk hosts rents it and uses it sells vps here.
They aren't fixing every CPU and who knows if the CPUs are already infected. The only way to tell is to physically touch the motherboard with a special device.
earlier CPU REALITY/JOKE https://lowendtalk.com/discussion/comment/2979599/#Comment_2979599
Lets be realistic! Every processor and/or computer should be regarded as severely flawed in terms of security.
I like my AMD system and yes, AMD currently seems to be less dangerous than intel, but I see no reason to really trust their processors either.
Note that "known vulnerabilities" just is a subset of "existing vulnerabilities" which also contains the (likely not small) subset "well known but not yet nor ever made known vulnerabilities"!
Finally, no matter the manufacturer, x-86 compatibility, along with a strong need to stay compatible, highly likely is the primary source for ever "new" problems/vulnerabilities.