|
Shy posted:Cool, thanks. B450 is released simultaneously with the CPUs, right? It should be but there's no hard release date given and most of the info we have is from leaked slides.
|
# ? Mar 14, 2018 12:42 |
|
|
# ? Apr 26, 2024 18:43 |
|
The timelines on the leaked slides here suggest that X470 will launch with CPUs and B450 will follow approximately three months later.
|
# ? Mar 14, 2018 12:46 |
|
I wonder how much they were funded over the last 6 months, and how happy the benefactors were with this "BRO FLASH YOUR BIOS WITH DIS AND SEE HOW SECURE YOU ARE" and "BRO, LEMME CATCH YOUR MACHINE OUTSIDE ALONE AND SEE WHAT HAPPENS" style document, featuring 0 POC code & shutterstock images used as office backgrounds :
|
# ? Mar 14, 2018 12:51 |
|
Exploit #14: RyzeNside In our lab we were able to replace the AMD motherboard and CPU with an Intel combo that doesn't have microcode updates. At this point we actually owned the machine pretty hard without getting too fancy.
|
# ? Mar 14, 2018 13:22 |
|
Setzer Gabbiani posted:Has there been any testing to make sure it's 100% disabled?
|
# ? Mar 14, 2018 14:08 |
What does the IME even do because I recall processors working before that was a thing.
|
|
# ? Mar 14, 2018 15:03 |
Here's a thread of some actually well-respected infosec Twitter people: https://twitter.com/taviso/status/973622044200919040 Consensus seems to be that yes, they're legit vulnerabilities, but not much worse than the average "having root access allows arbitrary code execution" caliber vulnerability.
|
|
# ? Mar 14, 2018 16:05 |
Theris posted:Consensus seems to be that yes, they're legit vulnerabilities, but not much worse than the average "having root access allows arbitrary code execution" caliber vulnerability. If they can do it for Super Mario World, they can do it for processors
|
|
# ? Mar 14, 2018 16:08 |
|
I love how 1/2 of the exploits are IF you have root AND you have some signed drivers then you=win.
|
# ? Mar 14, 2018 16:24 |
|
I hear you can get hosed if you reflash the bios.
|
# ? Mar 14, 2018 16:26 |
|
PerrineClostermann posted:I hear you can get hosed if you reflash the bios. That's the golden one
|
# ? Mar 14, 2018 16:32 |
|
PerrineClostermann posted:I hear you can get hosed if you reflash the bios.
|
# ? Mar 14, 2018 16:39 |
|
Khorne posted:Are people intentionally ignoring you can generally reflash the bios from the OS? Does that not apply here for some reason? Still requires root + signed BIOS from the Vendor. It's not a question of CAN you, but how difficult would this be to exploit. If you already have root and signed drivers it's well past the, game over man, stage of things.
|
# ? Mar 14, 2018 16:46 |
|
.
sincx fucked around with this message at 05:50 on Mar 23, 2021 |
# ? Mar 14, 2018 17:03 |
|
sincx posted:It's like saying "thieves can steal your money if they have your debit card and pin number!" Duh. Or that they can do bad things with your SSN
|
# ? Mar 14, 2018 17:40 |
|
PC LOAD LETTER posted:I don't really know why both AMD or Intel insist on doing this poo poo. Like I get why in theory its great to have and all but the real world implementations are clearly falling short here. The customers that actually matter because they buy the most hardware want remote management that can do things like surviving a user savvy enough to leverage physical access into an unauthorized OS root, so they're drat well gonna get it. Then AMD has to do it for feature parity. IDK how you make it more secure than requiring root or physical access plus signed code to run. As in, unless there's a problem with the signature verification or the private key is public, that's a secure setup.
|
# ? Mar 14, 2018 18:15 |
|
Paul MaudDib posted:Yeah the exploits are pretty serious but I don't see any reason this won't be patched in a week or two, and so far the technical details/PoCs themselves aren't in the open. The technical details are thin because it’s not clear things aren’t working as intended. Yes, if you have admin rank and know enough about the remote computer and have enough skill to engineer a signed driver or (more likely) make a modified BIOS and flash it with a Windows utility, you can then launch attacks on the system’s remaining components. But that makes a lot of presumptions about the attacker and, practically speaking, limits it to state-run espionage. A self-proclaimed Intel engineer on Reddit is panicking about the possibility of cascading operation of exploits, using Spectre initially to reach the system remotely to gather information and deploy your initial payload. And that’s about the only aid remote users getX everyone else would be better just being physically close to the machine. If anything should be done to “fix” this, I imagine it would be to stop letting users update BIOS from within Windows, and require a reboot into BIOS to do it.
|
# ? Mar 14, 2018 18:56 |
|
Stanley Pain posted:Still requires root + signed BIOS from the Vendor. It's not a question of CAN you, but how difficult would this be to exploit. If you already have root and signed drivers it's well past the, game over man, stage of things. I don't think these exploits are significant. Khorne fucked around with this message at 19:18 on Mar 14, 2018 |
# ? Mar 14, 2018 19:15 |
|
SSJ_naruto_2003 posted:What does the IME even do because I recall processors working before that was a thing. One part the sort of thing DRAC and ILO stuff used to do for servers - remote management and control for a business. One part is handling the various fiddly bits of power management and the like, which can be done with the first but disabled.
|
# ? Mar 14, 2018 19:22 |
|
Craptacular! posted:If anything should be done to “fix” this, I imagine it would be to stop letting users update BIOS from within Windows, and require a reboot into BIOS to do it. I would be so for this solely on the basis that I am freaking tired of laptops that can only get BIOS updates from Windows. It uh... makes things awkward as a primary Linux user. ...or when a BIOS is so messed up it makes the system incredibly unstable when booted. I'm just really tired of pretty much all BIOS writers at this point for so many reasons.
|
# ? Mar 14, 2018 23:18 |
|
Khorne posted:I just meant, dismissing it on "flashing bios" grounds seems kinda weird. Why not dismiss it on "this only effects state/corporate espionage" type arguments instead? No one is dismissing anything. They are indeed exploits. You could do the exact same thing to X platform if you have: code:
|
# ? Mar 14, 2018 23:25 |
This whole thing just stinks of BS, the "exploits" are things that need such low level access that you are hosed either way and the people making such noise about them are people who short tech company stocks to make money, it doesn't take a genius to put two and two together and figure out that something fishy is going on. This is all to scare tech illiterate investors into dropping AMD stock.
|
|
# ? Mar 15, 2018 01:53 |
|
One of the Safe Firmware guys posted a letter that basically says, "I don't believe in private disclosure windows because unknown exploits might be in the wild anyway." I can't find Luk-Zilberman's age officially listed anywhere, but he looks like he finished his University courses probably sometime in the last decade, so he's not aware he did a Naive Thing Young People Do and assumed the disclosure period is entirely for the benefit of the manufacturer. It's also for the benefit of the researcher, because when you go public loving immediately like they did you are putting yourself out there as a responsible party for any damages incurred. They better hope nothing happens or they're going to be co-defendents in court against huge corporations for years.
|
# ? Mar 15, 2018 01:59 |
|
Has that co-defendant thing happened with computer security issues? I can’t call a case to mind.
|
# ? Mar 15, 2018 02:58 |
|
.
sincx fucked around with this message at 05:50 on Mar 23, 2021 |
# ? Mar 15, 2018 04:26 |
|
I doubt they’ll face SEC consequences being in Israel. Lawsuits are more likely.
|
# ? Mar 15, 2018 10:08 |
|
This is totally legal btw it's what short sellers do all the time. It'd be really hard to show stock bashing since these are in fact vulnerabilities.
|
# ? Mar 15, 2018 12:11 |
|
Malcolm XML posted:This is totally legal btw it's what short sellers do all the time. It'd be really hard to show stock bashing since these are in fact vulnerabilities. I believe you, but it'd be nice if there were consequences to lying with the truth.
|
# ? Mar 15, 2018 17:01 |
|
Munkeymon posted:I believe you, but it'd be nice if there were consequences to lying with the truth. I think you're looking for misrepresenting the truth.
|
# ? Mar 15, 2018 18:45 |
|
Leakers gonna leak. Looks like R7 2700X is hitting 4.35GHz and some benchmark leaks going on as well. https://videocardz.com/75305/amd-ryzen-7-2700x-2700-and-ryzen-5-2600x-2600-benchmarks-leak-out I like that there are considerable clock differences this time around between 2*00 and 2*00X variants.
|
# ? Mar 15, 2018 22:37 |
|
Ian Cutress has his writeup of the joint talk with CTS and Kanter. https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs
|
# ? Mar 16, 2018 01:26 |
|
NewFatMike posted:I like that there are considerable clock differences this time around between 2*00 and 2*00X variants. I can't imagine the X series aren't better binned variants pre-OCed for your convenience again. The 2600X is worthwhile just because AMD stopped over-equipping the cooler to save half a cent on a block of aluminum, but the 2700X looks like the "too lazy to do my own OC" part the last X chips were.
|
# ? Mar 16, 2018 01:29 |
|
also, Wraith Max actually finally getting released
|
# ? Mar 16, 2018 01:31 |
|
Craptacular! posted:I can't imagine the X series aren't better binned variants pre-OCed for your convenience again. The 2600X is worthwhile just because AMD stopped over-equipping the cooler to save half a cent on a block of aluminum, but the 2700X looks like the "too lazy to do my own OC" part the last X chips were. Yeah, more like the top end of a 1700 OC'd isn't much different from the top end of a 1700X. There are 40W of difference between the second generation counterparts, so you're right in that it still may get close manually.
|
# ? Mar 16, 2018 01:38 |
|
SwissArmyDruid posted:Ian Cutress has his writeup of the joint talk with CTS and Kanter. This reads like a good cop/bad cop routine, and probably hacker guy with some talent found a thing (Li On) and now his buddy with a known finance background who is trying to exploit it for monetary gain (Luk-Zilberman). You'll notice Li On explains most of the technical stuff while Luk-Zilberman handles the "can you explain your lovely handling of this" questions and otherwise just seems to be in charge of making the thing sound as catastrophic as possible. At some point Li On corrects him when he tries to claim that there's some flaw from last year that still hasn't been patched. The one time he does get to talk about disclosure... quote:ILO: We have submitted everything we have to US Cert and we are still waiting to hear back from them.
|
# ? Mar 16, 2018 01:49 |
|
Looks like Pinnacle Ridge will have retail availability on April 19th.
|
# ? Mar 16, 2018 16:45 |
|
Doublepost, how about a leaked review with all sorts of tasty bits (no gaming benchmarks though): https://videocardz.com/75381/amd-ryzen-7-2700x-ryzen-5-2600-review-posted-ahead-of-launch Looks like the rumors about better cache bandwidth and latency were right, in the neighborhood of 10% uplift in some tests. Of course, the officially supported max ram clock has gone up 9%, so that may play into it with infinity fabric scaling with clock speed. Probably won't know until we get some benchmarks at identical ram timings. Some of the tests show a more or less linear performance growth with the clockspeed bump, so IPC is roughly the same as the first gen as expected. Here are the more hype worthy graphs:
|
# ? Mar 16, 2018 21:36 |
|
Dat thicc L3 bandwidth on the 2600.
|
# ? Mar 16, 2018 22:35 |
|
Cygni posted:Looks like Pinnacle Ridge will have retail availability on April 19th. Will it actually be available for purchase? Or will stock levels be crazy low for a bit?
|
# ? Mar 16, 2018 23:13 |
|
|
# ? Apr 26, 2024 18:43 |
|
Ugh, the patience needed to wait for Zen2 TR.
|
# ? Mar 17, 2018 04:39 |