cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

General Discussions

kingfish
MVP
‎03-14-2018 01:12 PM

Everything Surrounding These New AMD Security Allegations Reeks of a Hit Job

Everything Surrounding These New AMD Security Allegations Reeks of a Hit Job - ExtremeTech

"AMD was given so little notice, it can’t even state if the attacks are valid or not. The company’s statement reads: “At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings.”

Good security firms don’t put users at risk by launching zero-day broadsides against companies when the security flaws in question could take months to resolve. Good security firms don’t engage in rampant scareism. Good security firms don’t use websites like “AMDFlaws” to communicate technical information, any more than they’d use “IntelSecuritySucks” to communicate security flaws related to Spectre, Meltdown, or the Intel Management Engine. Good security firms do not draw conclusions; they convey information and necessary context."

"We aren’t the only site to notice. There’s a notification on CTS-Labs site that it may have a financial interest in the companies it investigates (shorting AMD stock is practically a pastime in financial circles). Other security researchers have absolutely trashed the manner in which the findings were communicated, the likely financial entanglements, and the way the brief has been communicated."

Update:

CTS-Labs has acknowledged to Reuters that it shares its research with companies that pay for the data and that it’s a firm with just six employees. Meanwhile, Viceroy Research, a short-seller firm, has published a 25-page “obituary” for AMD based on this data in which it declares AMD is worth $0.00 and believes no one should purchase AMD products on any basis, for any reason whatsoever. It also predicts AMD will be forced to file for bankruptcy on the basis of this “report.”

We stand by what we said regarding the flaws themselves — we’ll wait to hear from AMD on how that shakes out and what the risks are — but the actual reporting of the flaws appears to have been done in profound bad faith and with an eye towards enriching a very particular set of clients. ExtremeTech denounces, in the strongest possible terms, this scheme’s apparent perversion of the security flaw disclosure process.

0 Likes
4 Replies
elstaci
MVP
‎03-14-2018 02:54 PM

Everything will be settled as soon as AMD verifies that the flaws are actual or false. Doesn't matter what ulterior motive CTS had in making known the CPU flaws before AMD can investigate and create fixes. "IF" the CPU Flaws are, in fact, true and verifiable by AMD. AMD has a huge PR disaster like Intel with its CPU flaws. Plus it will be a TOP PRIORITY to get the fixes in place as soon as possible since CTS let all the criminal professional Hackers know that those flaws exists before AMD had a chance to fix them.

CTS is a startup company that doesn't seem to know the rules of disclosure when it comes to security matters. If it was purely greed on their part to expose and humiliate AMD by cooperating with AMD enemies, CTS fulfilled their mission. If AMD can prove that the flaws are false then AMD has a excellent case to sue CTS and those that cooperated for millions of dollars for lost profit and destruction of AMD's Reputation.

So, right now it is a waiting game to see who is correct once AMD VERIFIES whether the flaws are real or not.

0 Likes
kingfish
In response to elstaci
MVP
‎03-14-2018 04:50 PM

Yes...sue a company that's been in business less than a year with 6 employees. Damage is done...IF the findings are true.

0 Likes
elstaci
In response to kingfish
MVP
‎03-14-2018 06:03 PM

I also mentioned the other companies that paid and help spread the news if false. So it isn't just a six employee company.

0 Likes
paulmarc
Adept I
‎04-08-2018 05:58 PM

Check the shady and unfounded "logic" of CTS-Lab, from a phone call with Anandtech:

Our Interesting Call with CTS-Labs

It does indeed reek of a low hit job.