Ok, so these "AMD flaws" are nowhere near anything like Meltdown or Spectre.

According to their "whitepaper", it lets you pwn your PSP and chipset if you already have root access on the main CPU. In the worst case, it's like the Intel ME BUP bug from december.
It's useful for researchers, coreboot porting, breaking DRM, etc. But it's no use for a remote (or even unprivileged local) attacker.

Their website makes it look way more dangerous than it is.

Then there's a lot of fishy stuff, like
- too much effort went into the website's design
- the website has lots of infographics and not-very-specific text, repeating the same things over and over again
- the whitepaper doesn't look like a whitepaper, and seems to be written with non-technical people in mind, especially the first few pages
- they have a huge legal disclaimer that says they may have financial interest in the value of AMD shares
- cts-labs.com exists for less than 1 year

@Wolf480pl also they only gave AMD 24 hours notice. 'responsible' disclosure my ass.

@samis @Wolf480pl I don't know what website you two are talking about, but picking on researchers for disclosing PSP flaws is, IMO, ridiculous.

PSP itself is a flaw. A malignant tumor that shouldn't exist.

Shame on you two for defending it.

@taoeffect @samis
I'm not defending PSP, but it's problematic only as long as we can't control it.

And I'm not picking on researchers for disclosing the flaws. I'm picking on them for making it look like a CPU flaw, like-Meltdown-except-worse. And telling people that their network is in danger because of it.

Also, the researchers didn't disclose any technical details, ust a bunch of noise.
It just looks like a hoax or an attempt to harm AMD by spreading FUD.

amdflaws.com/

@Wolf480pl @samis PSP is like-Meltdown-except-worse. I see nothing wrong with that description of it.

@taoeffect @samis No it isn't. You can't exploit a flaw in PSP from an unprivileged process. Or from JS running in the browser. You have to be root to exploit PSP. At which point, why bother doing that, you got root anyway.

@Wolf480pl @samis Meltdown doesn't give you total control over a computer. PSP does (my understanding), and it does so with no defense or mitigation possible.

A purposefully-built unstoppable backdoor is worse than an accidental design-flaw.

@taoeffect @samis But you have to already have total control over a computer in order to use PSP to gain total control over the computer.

@Wolf480pl @samis Eh, I doubt that. Is there proof that there's no master key?

@Wolf480pl @samis I'm more than OK with websites bringing up PSP and Intel ME and throwing as much fear and doubt on those abominations as possible. Not enough of that being done.

@taoeffect @samis

But this is false information. They're telling people that because of these vulns, their computers are in danger, while in fact they aren't.

Also, they're doing it asymmetrically. It looks like it's designed to make everyone switch from AMD to Intel. And even if it's not on purpose, that'll be the effect. And Intel has enough power as it is.

@Wolf480pl @samis

> while in fact they aren't.

Who says they aren't? There's every reason to believe they are. Again, show me proof a master key doesn't exist.

(Does PSP have a built-in server constantly listening in like Intel ME?)

> It looks like it's designed to make everyone switch from AMD to Intel.

Where do they do that? "Intel" isn't mentioned on the page.

@taoeffect @samis
>"Intel" isn't mentioned on this page
Think for a minute.
This page is clearly not made with tech gurus who know RISC-V in mind. It's for an average reader who knows just 2 CPU makes: Intel and AMD. It says AMD is bad. If you have only AMD and Intel to choose from, and AMD is bad, you buy Intel.

Follow

@Wolf480pl @samis I don't care.

They'll go to ask their friends about this, and their friends will instantly point to the more widely known and heard of "Intel ME", same thing, possibly even worse.

Β· Web Β· 0 Β· 0 Β· 0

@Wolf480pl @samis This website helps move the conversation forward. A heck of a lot more than what most people are doing.

Sign in to participate in the conversation
Mastodon

Fast, secure and up-to-date instance, welcoming everyone around the world. Join us! 🌍
Up since 04/04/2017. βœ…

Why should you sign up on mstdn.io?

This instance is not focused on any theme or subject, feel free to talk about whatever you want. Although the main language is english, we accept every single language and country.

We're connected to the whole OStatus/ActivityPub fediverse and we do not block any foreign instance nor user.

We do have rules, but the goal is to have responsible users. So far we haven't had any issue with moderation

The instance uses a powerful server to ensure speed and stability, and it has good uptime. We follow state-of-the-art security practices.

Also, we have over 300 custom emojis to unleash your meming potential!


Looking for a Kpop themed instance? Try kpop.social