Flaws in AMD CPUs.
Security researchers find flaws in AMD chips but raise eyebrows with rushed disclosure Business Security researchers find flaws in AMD chips but raise eyebrows with rushed disclosure Devin Coldewey,TechCrunch 19 hours ago A newly discovered set of vulnerabilities in AMD chips is making waves not because of the scale of the flaws, but rather the rushed, market-ready way in which they were disclosed by the researchers. When was the last time a bug had its own professionally shot video and PR rep, yet the company affected was only alerted 24 hours ahead of time? The flaws may be real, but the precedent set here is an unsavory one. The flaws in question were discovered by CTS Labs, a cybersecurity research outfit in Israel, and given a set of catchy names: Ryzenfall, Masterkey, Fallout, and Chimera, with associated logos, a dedicated website, and a whitepaper describing them. So far, so normal: major bugs like Heartbleed and of course Meltdown and Spectre got names and logos too. The difference is that in those cases the affected parties, such as Intel, the OpenSSL team, and AMD were quietly alerted well ahead of time. This is the concept of "responsible disclosure," and gives developers first crack at fixing an issue before it becomes public. There's legitimate debate over just how much control big companies should exert over the publicity of their own shortcomings, but generally speaking in the interest of protecting users the convention tends to be adhered to. In this case, however, the CTS Labs team sprang their flaws on AMD fully formed and with little warning. The flaws discovered by the team are real, though they require administrative privileges to execute a cascade of actions, meaning taking advantage of them requires considerable access to the target system. The research describes some as backdoors deliberately included in the chips by Taiwanese company ASmedia, which partners with many manufacturers to produce components. The access requirement makes these much more limited than the likes of Meltdown and Spectre, which exploited problems at the memory handling and architecture level. They're certainly serious, but the manner in which they have been publicized has aroused suspicion around the web. Why the extremely non-technical video shot on green screen with stock backgrounds composited in? Why the scare tactics of calling out AMD's use in the military? Why don't the bugs have CVE numbers, the standard tracking method for nearly all serious issues? Why was AMD given so little time to respond? Why not, if as the FAQ suggests, some fixes could be created in a matter of months, at least delay the publication until they were available? And what's with the disclosure that CTS "may have, either directly or indirectly, an economic interest in the performance" of AMD? That's not a common disclosure in situations like this. (I've contacted the PR representative listed for the flaws (!) for answers to some of these questions.) It's hard to shake the idea that there's some kind of grudge against AMD at play. That doesn't make the flaws any less serious, but it does leave a bad taste in the mouth. AMD issued a statement saying that "We are investigating this report, which we just received, to understand the methodology and merit of the findings." Hard to do much else in a day. As always with these big bugs, the true extent of their reach, how serious they really are, whether users or businesses will be affected, and what they can do to prevent it are all information yet to come as experts pore over and verify the data. * This article originally appeared on TechCrunch. ×
On Wed, Mar 14, 2018 at 03:40:26PM +0000, jim bell wrote:
Security researchers find flaws in AMD chips but raise eyebrows with rushed disclosure
What is the problem with "rushed disclosure"? A vulnerability is like an asset and the owner can do whatever he wants with it. Why care about the vendor or its lusers at all? The vendor should invest more in quality instead of selling complete shit. Like the game of life, bugs games are non-cooperative games, don't know if equilibrium always exists. Fucked up vendors must find excuse for the shit they sell and jurnos are soldouts. Did waiting help for the Intel shit?
https://www.amdflaws.com/ https://safefirmware.com/amdflaws_whitepaper.pdf https://safefirmware.com/CTO+Letter.pdf https://www.youtube.com/watch?v=BDByiRhMjVA https://www.youtube.com/watch?v=pgYhOwikuGQ As with Intel's decades of fail, this is yet another salvo exposing the proven laughable security, bullshit, and FUD of closed source products. Recent CPU issues were presumably found by independent researchers. Wait till Snowden style mass corporate leakage begins to hit. Solution, replace such legacy closed source models with... #OpenFabs , #OpenHW , #OpenSW , #OpenDev Create more. Internet analysis growing, including... https://viceroyresearch.files.wordpress.com/2018/03/amd-the-obituary-13-mar-... https://twitter.com/dguido/status/973628511515750400 https://hn.algolia.com/?sort=byDate&dateRange=pastWeek&query=amd https://www.reddit.com/search?q=amd&t=week Interesting that CTS currently states having no plans to ever release full details publicly itself... a throwback to Snowden's third party release model... or just more closed bullshit games by player profiteurs and control agents... were there any difference.
On Wed, Mar 14, 2018 at 05:38:54PM -0400, grarpamp wrote:
https://www.amdflaws.com/ https://safefirmware.com/amdflaws_whitepaper.pdf https://safefirmware.com/CTO+Letter.pdf https://www.youtube.com/watch?v=BDByiRhMjVA https://www.youtube.com/watch?v=pgYhOwikuGQ
As with Intel's decades of fail, this is yet another salvo exposing the proven laughable security, bullshit, and FUD of closed source products.
Recent CPU issues were presumably found by independent researchers. Wait till Snowden style mass corporate leakage begins to hit.
Solution, replace such legacy closed source models with...
#OpenFabs , #OpenHW , #OpenSW , #OpenDev
Ack! There are many solvable issues with openfabs such as: - trustability - people (Juan for openfab accountability executive FTW :) - jurisdictions (e.g. USA vs RUS fabs) - purchase/ pre-order scale/ cost of fab chip production runs Some thoughts on some approaches: - trustable processes to minimize requirement to trust individuals, e.g. auditability, and actual random audits (at each level of the manufacturing pipeline - design/ schematics, fab process, chips fabbed, boards shipped, end products received by human citizens) - build networks of people you trust/ those who will support with pre-buys/ promise to buy etc, IRL - sugar-daddy investors who have a spare $ billion here or there to guarantee/ bankroll, regardless of purchase commitments - but do NOT rush on this (Jordan Peterson gets this well), since such steps are doomed to failure if done before most or all of the key issues above (and others yet to be thunked), are actually solved, in place, ready to go - some dickwad will come in, proclaiming to be the messiah, and blow that $ billion before you can finish saying "ponzi scheme" - slow and steady, "grass roots" openhw tech stack presumably far better than flash in the pan of anything - consciousness of end users, therefore education ever important
Create more.
Internet analysis growing, including... https://viceroyresearch.files.wordpress.com/2018/03/amd-the-obituary-13-mar-... https://twitter.com/dguido/status/973628511515750400 https://hn.algolia.com/?sort=byDate&dateRange=pastWeek&query=amd https://www.reddit.com/search?q=amd&t=week
Interesting that CTS currently states having no plans to ever release full details publicly itself... a throwback to Snowden's third party release model... or just more closed bullshit games by player profiteurs and control agents... were there any difference.
Jim Bell's thought that it's a "revenge from Intel" might be "relevant (including military) contracts were shifting to AMD, at least temporarily whilst Intel fixed their FUBARs, and this was put in motion to release now that Intel's latest chips have been updated and they wants more precious claw backs contracts my precious... perfect timing (for Intel) on a few fronts.
It is evident that due to carelessness, malice, and powerful conspiracy, all closed source CPUs have holes that governments take advantage of. Chinese CPUs are not so bad, because the Chinese empire is smaller than the US empire. I don't really care if China spies on me, since all my identities are outside Chinese control and influence, and if I ever create an identity that is a resident of a region under Chinese hegemony, that identity will be non political and a loyal supporter of the party. I have therefore purchased some 64 bit Orange Pi PC2s running Ubuntu 16.04 server, for a ridiculously affordable computer cluster. This is actually cheaper than having a bunch of Oracle VMs running on my main computer, because a computer capable of adequately running a bunch of Oracle VMs gets quite expensive. So after a while, any VM that runs a lot gets moved to my cluster. Note to the Communist party, which can probably locate the real location and identity of the person sending this email: All my identities totally support Chinese hegemony over the current area of Chinese hegemony and Africa south of the equator, I oppose US efforts for color revolution in the nuclear powers China and Russia, and oppose US efforts to instigate color revolutions in areas currently under the hegemony of other nuclear powers, and if such efforts lead to nuclear war, as seems increasingly possible, that war will be the result of US aggression. (I notice the outrage at Trump being polite and friendly when talking to the leader of another nuclear power.) I support Chinese efforts to influence the US university system so that it stops training Chinese students to instigate color revolution in China, and if attempted color revolution in China leads to nuclear war, that will be entirely the fault of the US and Harvard.
jamesd@echeque.com wrote:
I have therefore purchased some 64 bit Orange Pi PC2s
On 3/22/2018 11:58 AM, juan wrote:
so you assume the allwinner chip is backdoored by the chinese and your US corporate masters don't have access to it?
I think the party would be most unhappy if my US corporate masters got access to it. They want to backdoor China, but they do not want the US to backdoor China.
On Thu, Mar 22, 2018 at 11:22:09AM +1000, jamesd@echeque.com wrote:
I have therefore purchased some 64 bit Orange Pi PC2s running Ubuntu 16.04 server, for a ridiculously affordable computer cluster. This is actually
Are these non-capitalist systems? Genuinely commies CPUs? Not cloned reversed chips? About 30-40 years ago the commie block cloned Apple II and Intel 8086 in own chips and the computers worked.
On Thu, Mar 22, 2018 at 11:22:09AM +1000, jamesd@echeque.com wrote:
I have therefore purchased some 64 bit Orange Pi PC2s running Ubuntu 16.04 server, for a ridiculously affordable computer cluster.
On 3/22/2018 6:10 PM, Georgi Guninski wrote:
Are these non-capitalist systems? Genuinely commies CPUs? Not cloned reversed chips? About 30-40 years ago the commie block cloned Apple II and Intel 8086 in own chips and the computers worked.
Communism is what the party says communism is - which these days is a good deal more capitalist than the US. The original CPU design was purchased from the US, but a variety of chip makers have been improving on the design in a variety of ways, so it is not US cloned, but is US descended - rather distantly descended by now.
On Thu, Mar 22, 2018 at 09:24:24PM +1000, jamesd@echeque.com wrote:
The original CPU design was purchased from the US, but a variety of chip makers have been improving on the design in a variety of ways, so it is not US cloned, but is US descended - rather distantly descended by now.
according to the interwebz, your system is ARM based and in addition ARM is vulnerable to spectre. how many vulnerabilities like spectre affect the "US design"?
On 3/23/2018 2:00 AM, Georgi Guninski wrote:
On Thu, Mar 22, 2018 at 09:24:24PM +1000, jamesd@echeque.com wrote:
The original CPU design was purchased from the US, but a variety of chip makers have been improving on the design in a variety of ways, so it is not US cloned, but is US descended - rather distantly descended by now.
according to the interwebz, your system is ARM based and in addition ARM is vulnerable to spectre. how many vulnerabilities like spectre affect the "US design"?
The Orange Pi Cpu does not do speculative execution, therefore is not vulnerable to spectre.
On Sun, 25 Mar 2018 07:48:06 +1000 jamesd@echeque.com wrote:
On 3/23/2018 2:00 AM, Georgi Guninski wrote:
On Thu, Mar 22, 2018 at 09:24:24PM +1000, jamesd@echeque.com wrote:
The original CPU design was purchased from the US, but a variety of chip makers have been improving on the design in a variety of ways, so it is not US cloned, but is US descended - rather distantly descended by now.
according to the interwebz, your system is ARM based and in addition ARM is vulnerable to spectre. how many vulnerabilities like spectre affect the "US design"?
The Orange Pi Cpu does not do speculative execution, therefore is not vulnerable to spectre.
I think some ARM processors do? Not sure if the arm core that allwinner chip uses does though. Anyway, the SoC probably uses so called 'intellectual property' from different designers including americunt ones. And there are other components on the board of course. Point being, it seems hard, even for the chinese govt, to know for sure that the system isn't backdoored by many of the western scum 'players' in the 'industry'.
On 3/25/2018 8:07 AM, juan wrote:
On Sun, 25 Mar 2018 07:48:06 +1000 jamesd@echeque.com wrote:
On 3/23/2018 2:00 AM, Georgi Guninski wrote:
On Thu, Mar 22, 2018 at 09:24:24PM +1000, jamesd@echeque.com wrote:
The original CPU design was purchased from the US, but a variety of chip makers have been improving on the design in a variety of ways, so it is not US cloned, but is US descended - rather distantly descended by now.
according to the interwebz, your system is ARM based and in addition ARM is vulnerable to spectre. how many vulnerabilities like spectre affect the "US design"?
The Orange Pi Cpu does not do speculative execution, therefore is not vulnerable to spectre.
I think some ARM processors do?
Possibly they do. There are a lot of Arm processors. Pretty sure the new Samsung ARM processor does speculative execution, but I don't have any concrete information - it is just that they threw everything fashionable into that processor, or claimed to do so. And if it does not have speculative execution, throwing everything fashionable into a processor is likely to result in some other security holes.
Point being, it seems hard, even for the chinese govt, to know for sure that the system isn't backdoored by many of the western scum 'players' in the 'industry'.
Again, Orange Pi is all Chinese manufacture, plus western open source. Hence I would expect all Chinese backdoors. Speculative execution puts smarts on the chip that really belong in the compiler. It is a bad design choice, the wrong way to do things, that was probably implemented to keep information in house, that they did not want to put into an open source compiler under the GNU license. Had they done it right, would have had to put that technology into the GNU compiler, since everything has to run linux, or a linux derived operating system such as android, and thus had to license the technology to everyone. And every other chip maker in the entire world would have been able to copy what they did, and adapt to their own architecture.
On Sun, 25 Mar 2018 09:10:36 +1000 jamesd@echeque.com wrote:
Point being, it seems hard, even for the chinese govt, to know for sure that the system isn't backdoored by many of the western scum 'players' in the 'industry'.
Again, Orange Pi is all Chinese manufacture, plus western open source.
Hence I would expect all Chinese backdoors.
OK, I'll assume at least it's better than the broadcom/raspberry stuff.
Speculative execution puts smarts on the chip that really belong in the compiler. It is a bad design choice, the wrong way to do things, that was probably implemented to keep information in house, that they did not want to put into an open source compiler under the GNU license.
Yeah put some optimizations on the chip, so as to pretend that chip designers are creating 'value' and charge for it. Makes sense. From the point of view of corporate thieves. Regardless, as far as I understand it, the problem is not speculative execution per se, but shitty implementations that don't take security into account. Because the engineers responsible for them are incompetent or/and corrupt.
Had they done it right, would have had to put that technology into the GNU compiler, since everything has to run linux, or a linux derived operating system such as android, and thus had to license the technology to everyone. And every other chip maker in the entire world would have been able to copy what they did, and adapt to their own architecture.
On 3/25/2018 9:34 AM, juan wrote:
Regardless, as far as I understand it, the problem is not speculative execution per se, but shitty implementations that don't take security into account. Because the engineers responsible for them are incompetent or/and corrupt.
It is hard to do speculative execution right - which is another reason why it belongs in the compiler, which is a lot easier to fix, than on the chip.
On Sun, Mar 25, 2018 at 02:09:55PM +1000, jamesd@echeque.com wrote:
On 3/25/2018 9:34 AM, juan wrote:
Regardless, as far as I understand it, the problem is not speculative execution per se, but shitty implementations that don't take security into account. Because the engineers responsible for them are incompetent or/and corrupt.
It is hard to do speculative execution right - which is another reason why it belongs in the compiler, which is a lot easier to fix, than on the chip.
Other benefits of software (e.g. compiler) level occupation of the optimization space - lower energy usage (compiler pre-calculation of the optimizations which the hardware otherwise has to just guess at) and less complexity of hardware (again, either lower energy usage, or transistors which can be put to other functions).
its obvious James don't know anything about CPU's -------- Original Message -------- On Mar 22, 2018, 4:24 AM, wrote:
On Thu, Mar 22, 2018 at 11:22:09AM +1000, jamesd@echeque.com wrote:
I have therefore purchased some 64 bit Orange Pi PC2s running Ubuntu 16.04 server, for a ridiculously affordable computer cluster.
On 3/22/2018 6:10 PM, Georgi Guninski wrote:
Are these non-capitalist systems? Genuinely commies CPUs? Not cloned reversed chips? About 30-40 years ago the commie block cloned Apple II and Intel 8086 in own chips and the computers worked.
Communism is what the party says communism is - which these days is a good deal more capitalist than the US.
The original CPU design was purchased from the US, but a variety of chip makers have been improving on the design in a variety of ways, so it is not US cloned, but is US descended - rather distantly descended by now.
On 03/14/2018 11:40 AM, jim bell wrote:
Security researchers find flaws in AMD chips but raise eyebrows with rushed disclosure
[... ]
Why the extremely non-technical video shot on green screen with stock backgrounds composited in? Why the scare tactics of calling out AMD's use in the military? Why don't the bugs have CVE numbers, the standard tracking method for nearly all serious issues? Why was AMD given so little time to respond? Why not, if as the FAQ suggests, some fixes could be created in a matter of months, at least delay the publication until they were available? And what's with the disclosure that CTS "may have, either directly or indirectly, an economic interest in the performance" of AMD? That's not a common disclosure in situations like this.
* This article originally appeared on TechCrunch.
Why? Well, why not? I will guess that the folks at CTS Labs shorted AMD and made other "side bets" to cash in on the impact of the disclosure. They may have also quietly negotiated some direct compensation from AMD's competitors. Why else skip the traditional advance warning to the vendor, and spend money directly attacking AMD's reputation in the market? I for one approve of this approach to bug disclosure for a couple of reasons. First, the bigger the impact on AMD shareholder value, the more shareholders will demand AMD and comparable vendors spend money on quality assurance programs to reduce their exposure on this front. In the broader context of software markets, a trend toward monetizing bug reports by maximizing their cost to affected vendors will do more harm to closed commercial enterprises than free & open ones, both because the commercial vendors ship more and worse bugs, and because that's where money can be made just by disparaging the product. If this business model becomes a trend, I think it will result in better quality across the board in affected products and markets. :o)
participants (8)
-
Georgi Guninski -
grarpamp -
jamesd@echeque.com -
jim bell -
juan -
rooty -
Steve Kinney -
Zenaan Harkness