Új hozzászólás Aktív témák
-
S_x96x_S
őstag
Az AMD válasza:
* Aktivan elemzik a dokumentumot.
http://ir.amd.com/news-releases/news-release-details/view-our-corner-street-0Mottó: "A verseny jó!"
-
S_x96x_S
őstag
már "Linus Torvalds" is reagált rá:
"It looks like the IT security world has hit a new low.
If you work in security, and think you have some morals, I think you might want to add the tag-line
"No, really, I'm not a whore. Pinky promise"
to your business card. Because I thought the whole industry was corrupt before, but it's getting ridiculous.
""
I refuse to link to that garbage. But yes, it looks more like stock manipulation than a security advisory to me.
I'd blame the journalists, but let's face it, it's the security industry that has taught everybody to not be critical of their findings. "Think of the children"
""In one breath they'll lament the security circus. In the very next one, they'll talk about their own work and why the security stuff they work on is so important that it should not be questioned.
In the meantime CNET still has that article on its front page, with the title being about security issues rather than being about probable stock manipulation. They've updated their text, but the real story should be about bogus security "research" and manipulation of the coverage."[ Szerkesztve ]
Mottó: "A verseny jó!"
-
S_x96x_S
őstag
Én nem nagyon hiszek abban, hogy az "INTEL" mozgatja a szálakat. ha igaz az "ASMedia ASM1142" sebezhetősége, akkor rengeteg INTEL alaplap is sérülékeny. "Intel Z370 Motherboard Buyer's Guide"
https://www.tweaktown.com/guides/8482/intel-z370-motherboard-buyers-guide/index2.html"99% Motherboards using Asmedia’s ASM1142 and not Intel's Alpine Ridge?" (2016)
http://www.tomshardware.co.uk/answers/id-3122999/motherboards-asmedias-asm1142-intel-alpine-ridge.htmlMottó: "A verseny jó!"
-
S_x96x_S
őstag
Az AnandTech eléggé követi az ügyet és rendszeresen frissitik a ciküket.
Update 3/14 5:00am ET
<--- idézet --->
....Quoted by Ars is David Kanter, founder of Real World Technologies and industry consultant, who verifies that even though these are secondary stage attacks, they can still be highly important. David states that while
"All the exploits require root access - if someone already has root access to your system, you're already compromised. This is like if someone broke into your home and they got to install video cameras to spy on you".
Ars also quotes Dan Guido, who states that all that is needed to enable these exploits is the credentials of a single administrator:
"Once you have administrative rights, exploiting the bugs is unforunately not that complicated."
Mottó: "A verseny jó!"
-
S_x96x_S
őstag
folytatás:
Our Interesting Call with CTS-Labs
by Ian Cutress on March 15, 2018 7:30 PM EST
https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labsMottó: "A verseny jó!"
-
S_x96x_S
őstag
frisebb anyag ( CTS )
"
This is the list of hardware that has been tested in our lab:
- BIOSTAR B350 GT3 Ryzen Motherboard.
- GIGABYTE AB350-GAMING 3
- HP EliteDesk 705 G3 SFF Ryzen Pro machine
- HP Envy X360 Ryzen Mobile Laptop
- TYAN B8026T70AV16E8HR EPYC SERVER
- GIGABYTE MZ31-AR0 EPYC SERVER....
RYZENFALL, FALLOUT
Requirements
o Physical access is not required. An attacker would only need to be able to run an EXE with
local admin privileges on the machine.
Impact:
o Write to SMM memory, leading to code execution in SMM.
o Reading and/or tampering with Credential Guard VTL-1 memory through the PSP.
o Ryzenfall-4, which achieves code execution inside the PSP, leads to all the attacker
capabilities described above, as well as the capability to tamper with the PSP and its security
features.
o An attacker can use RYZENFALL or FALLOUT to bypass Windows Credential Guard, steal
network credentials, and then use these to move laterally through Windows-based
enterprise networks.MASTERKEY
Requirements:
o Physical access is not required. An attacker would only need to be able to run an EXE with
local admin privileges on the machine.
o Wait for reboot......
"
további .... lásd:
https://safefirmware.com/Whitepaper+Clarification.pdfMottó: "A verseny jó!"
-
S_x96x_S
őstag
AMD Confirms CTS-Labs Exploits: All To Be Patched In Weeks
https://www.anandtech.com/show/12556/amd-confirms-exploits-patched-in-weeks"The salient high-level takeaway from AMD is this:
- All the issues can be confirmed on related AMD hardware, but require Admin Access at the metal
- All the issues are set to be fixed within weeks, not months, through firmware patches and BIOS updates
- No performance impact expected
- None of these issues are Zen-specific, but relate to the PSP and ASMedia chipsets.
- These are not related to the GPZ exploits earlier this year."Initial AMD Technical Assessment of CTS Labs Research
https://community.amd.com/community/amd-corporate/blog/2018/03/20/initial-amd-technical-assessment-of-cts-labs-research[ Szerkesztve ]
Mottó: "A verseny jó!"
Új hozzászólás Aktív témák
- A legolcsóbb! Új bontatlan, dobozos, számlás, garanciális i9 13900K CPU akció!
- Beszámítás! Intel Core i3 9100 4 mag 4 szál processzor garanciával hibátlan működéssel
- Intel I5 13600KF 14mag/20szál - Új, Tesztelt - Eladó! 88.000.-
- Intel I7 8700K processzor
- Intel I7 13700K 16mag/24szál - Új, Tesztelt - Eladó! 128.000.-