Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

Comments

  • jenkkijenkki Member

    Intel has to pour salt in its competitors' underpants after out of failures :smiley:

  • MikeAMikeA Member, Patron Provider
    edited August 9

    I think this comment on here sums it up.
    https://news.ycombinator.com/item?id=41205168

    If you're screwed by this (and many other vulnerabilities) you're screwed in the first place.

    Thanked by 2tentor mrTom
  • jenkkijenkki Member

    What's more interesting is the process of the search itself.

    Thanked by 1ErawanArifNugroho
  • ChuckChuck Member

    This is not "news". AMD and Intel have to have A backdoor. So that government agencies could use it.

    it became "news" after someone discovered it.

  • jsgjsg Member, Resident Benchmarker
    edited August 9

    The "heroes" of wired said:
    Nissim and Okupski note that exploiting the bug would require hackers to already have obtained relatively deep access to an AMD-based PC or server

    Blown up BS.

    I think, @jenkki put it well. AMD reacted politely and cool and stated that Epycs and Ryzens can be "cured" and even for their embedded processors a cure will be available soon.

    Not so for intels cancer.

    So, f_ck off, IOActive. I hope you got paid well by intel - or are you a cheap whore?

    Written on a Ryzen by a happy Ryzen and Epyc user

    Thanked by 1etcrooty
  • LeviLevi Member

    Pay walled article.

  • rustelekomrustelekom Member, Patron Provider

    At least in the near future, you will have the option to choose between services from American, Chinese, and Russian secret services. The market should be competitive, allowing for a variety of options for users.
    PS. That is sarcasm of course.

    061a68541f975a0109a27176a89a7697.jpg

  • bobertbobert Member
    edited August 11

    @MikeA said: If you're screwed by this (and many other vulnerabilities) you're screwed in the first place.

    But doesn't this mean if you buy a used AMD CPU or rent a dedicated server, you run the risk of having unremovable malware permanently on the CPU?

    I'm sure many providers here are buying used or renting.

  • What is happening these days for Intel and AMD? Giving each other market share? 😁😆

  • MikeAMikeA Member, Patron Provider

    @bobert said:

    @MikeA said: If you're screwed by this (and many other vulnerabilities) you're screwed in the first place.

    But doesn't this mean if you buy a used AMD CPU or rent a dedicated server, you run the risk of having unremovable malware permanently on the CPU?

    I'm sure many providers here are buying used or renting.

    I suppose yes, if you are a dedicated server provider it would be a problem. For virtualization and home users it's not a concern really.

  • bobertbobert Member

    @MikeA said: I suppose yes, if you are a dedicated server provider it would be a problem. For virtualization and home users it's not a concern really.

    But the users don't know if the host they are using are renting or bought a used amd cpu.

  • LeviLevi Member

    Imagine scenario:

    Malice actor buys 1000 cpu dies. Pre-load with malware. Target some company and sell those dies at discounted price. Time passes and malice actor goes to action…

    That is nightmare. But amd already launched fix?

  • bobertbobert Member
    edited August 11

    @Levi said: Malice actor buys 1000 cpu dies. Pre-load with malware. Target some company and sell those dies at discounted price. Time passes and malice actor goes to action…

    This is exactly the issue. Or they rent the servers from OVH/Hetzner/ReliableSite/Datapacket/GSL, load malware, don't renew, 90% of lowendtalk hosts rents it and uses it sells vps here.

    @Levi said: That is nightmare. But amd already launched fix?

    They aren't fixing every CPU and who knows if the CPUs are already infected. The only way to tell is to physically touch the motherboard with a special device.

  • jsgjsg Member, Resident Benchmarker

    Lets be realistic! Every processor and/or computer should be regarded as severely flawed in terms of security.

    I like my AMD system and yes, AMD currently seems to be less dangerous than intel, but I see no reason to really trust their processors either.
    Note that "known vulnerabilities" just is a subset of "existing vulnerabilities" which also contains the (likely not small) subset "well known but not yet nor ever made known vulnerabilities"!

    Finally, no matter the manufacturer, x-86 compatibility, along with a strong need to stay compatible, highly likely is the primary source for ever "new" problems/vulnerabilities.

    Thanked by 1default
Sign In or Register to comment.