Ok, so these "AMD flaws" are nowhere near anything like Meltdown or Spectre.

According to their "whitepaper", it lets you pwn your PSP and chipset if you already have root access on the main CPU. In the worst case, it's like the Intel ME BUP bug from december.
It's useful for researchers, coreboot porting, breaking DRM, etc. But it's no use for a remote (or even unprivileged local) attacker.

Their website makes it look way more dangerous than it is.

Then there's a lot of fishy stuff, like
- too much effort went into the website's design
- the website has lots of infographics and not-very-specific text, repeating the same things over and over again
- the whitepaper doesn't look like a whitepaper, and seems to be written with non-technical people in mind, especially the first few pages
- they have a huge legal disclaimer that says they may have financial interest in the value of AMD shares
- cts-labs.com exists for less than 1 year

I'm not saying these "AMD flaws" findings aren't real, but it looks like these people are trying to spread way more fear than necessary.

Follow

Also, this whole "if we found such vulnerabilities, the manufactureres probably pay no attention to security whatsoever" part on the website and at the beginning of the report... it's so obnoxious... and I think it qualifies as FUD. (Couldn't find criteria of when sth is FUD, wikipedia isn't very helpful here :/ )

Sign in to participate in the conversation
niu.moe

We are a cute and loving international community O(≧▽≦)O !