Originally posted by rene
View Post
Announcement
Collapse
No announcement yet.
AMD PSP Affected By Vulnerability
Collapse
X
-
Last edited by cb88; 12 January 2018, 03:07 AM.
-
Originally posted by cb88 View Post
Heh, Rene I'll raise you a SparcStation 20 with dual SM81s ... and if that isn't enough I have 3 hulks of SS1000 that I'm working getting running on (still) I have enough CPUs and RAM and main board cards to fully populate one with 8x 85Mhz SuperSparc IIs and 4GB ram.... I also have a SparcPlug Minitower I can slap a dual 142Mhz MBus card in... probably the neatest thing I have.
Comment
-
Originally posted by Spooktra View PostThis can't possibly be!!! We have been treated to one article after another and endless posts on forums around the net from all the AMD fanboys crowing that AMD processors are secure and Intel's are crap and blah blah blah. Now we have an article about a security issue with AMD processors. Allow me to beat the AMD faithful in declaring this article FAKE NEWS!!!
Seriously though, I think this article needs to be punched up a bit with a good recipe for crow along with a nice wine recommendation.
Man, I wish I could get a RISC-V based desktop cpu with a nice BSD based OS and leave Linux, Windows, Intel and AMD behind and never look back.
Comment
-
Originally posted by numacross View PostHow are you using a modern computer that's filled with firmware-driven CPUs with DMA?
So as a result you can encapsulate the traffic between the "insecure" and fast machines by using "secure" libre boot machines in specific scenarios.
And for the other scenarios, well, you will have to live with the downsides of modern, powerful machines. But although it might be absolutely wrong in terms of privacy that someone knows which TV station you are currently watching it won't harm you directly in any kind of way. So you can temporarily live with this situation.
(Which doesn't mean you shouldn't flood the servers of the responsible companies and organizations with nasty emails and tell everyone about the insecurity - mass media preferred).
Comment
-
Originally posted by oooverclocker View PostFortunately it is still quite easy not to use such computers for specific tasks that are nearly performance independent while using such machines for tasks that are performance dependend on the other hand.
A floppy drive or ZIP might be a good alternative. Obviously on the parallel port and not the IDE version for the latter.
Originally posted by oooverclocker View PostYou see more and more the scenario to use encapsulated (virtual) machines as well.
Originally posted by oooverclocker View PostSo as a result you can encapsulate the traffic between the "insecure" and fast machines by using "secure" libre boot machines in specific scenarios.
Originally posted by oooverclocker View PostAnd for the other scenarios, well, you will have to live with the downsides of modern, powerful machines. But although it might be absolutely wrong in terms of privacy that someone knows which TV station you are currently watching it won't harm you directly in any kind of way. So you can temporarily live with this situation.
Originally posted by oooverclocker View Post(Which doesn't mean you shouldn't flood the servers of the responsible companies and organizations with nasty emails and tell everyone about the insecurity - mass media preferred).
Comment
-
Originally posted by madscientist159 View PostNews flash: it can't be disabled. Try not to believe every "fact" you hear online.
Or is actually one of "reduce functionality by overwriting some parts but not others so that ME runs for a while and then appears to stop doing the things it usually does" approach by me_cleaner, or the "ask ME/PSP nicely to please disable itself" HAP bit or BIOS setting, which convinced them that ME/PSP can be disabled?
I don't know, but I have no time to think about it now, must respond to the email of a Nigerian Prince who promised me tons of gold if I pay for shipping.
Comment
-
Nobody believed CTS-Labs, but AMD has confessed: https://community.amd.com/community/...-labs-research
They're not so shady now, are they?
Comment
-
Big corporations only admit their "wrongdoings" when they have no other option but to.
(And, they usually do it in a way that downplays the important issues that others have already discovered/revealed...)
Anyway, the PSP and likes are, obviously, here to stay.
So, we will have to look elsewhere, for Privacy and Security.
(Probably to some evolution of "open/free/libre hardware" single-board computers: https://www.crowdsupply.com/eoma68/micro-desktop + https://www.parallella.org/about/)
Comment
-
Originally posted by Vistaus View PostNobody believed CTS-Labs, but AMD has confessed: https://community.amd.com/community/...-labs-research
They're not so shady now, are they?
Their reasons for not waiting the usual 90 days before disclosure are bogus. Then there's the connection to Viceroy, a know short seller that is under investigation in at least Germany for their attempts at stock manipulation through bogus claims. Then there's the beyond silly green-screened videos using stock backgrounds. Then there's the point that they've completely overblown the severity of these "vulnerabilities". Then there's... I'm too lazy to complete the list, but there's more.
- Likes 1
Comment
-
Originally posted by Vistaus View PostNobody believed CTS-Labs, but AMD has confessed: https://community.amd.com/community/...-labs-research
They're not so shady now, are they?
No such vulnerability exists as CTS-Labs said.
Note how on AMDs page each issue is pre-faced with "Issue: Attacker who already has compromised the security of a system..."
All of these exploits require you have have physical access to the machine, to have local root access, to have installed a custom BIOS and have already executed another exploit to gain access to the PSP. The last exploit is also to do with a 3rd party chipset that both AMD and Intel motherboards use.
CTS-Labs are scammers and criminals who deserve prison.
- Likes 1
Comment
Comment