It begins with a statement which is clearly set up for financial readers as they quote the FTC and by page 2 it is a flurry of mediabites (“bad actors”, “espionage”, “disregard for fundamental security principles”).
-
-
Show this thread
-
The actual footnote about the “FTC audit” is about Asus insecure home routers… Not that anyone reads beyond “FTC!! ZOMG!1!!1!” The sentence “This raises concerning questions regarding security practices, auditing, and quality controls at AMD” is classic financial auditor talk…
Show this thread -
Page 3 plays *up* the value of AMD’s Zen architecture (“In the meantime, the Zen architecture is a tremendous success”) because you need to show “big company” but AMD’s market share is measly compared to Intel… Then claim AMD EPYC / Ryzen are “sold as high-security solutions”...
Show this thread -
But the footnote? Ha, it is a link to AMD’s very own “Aerospace and Defense Applicaiton Brief”, i.e. a *marketing document*. There is zero chance that they are already installed anywhere, the dev cycle is decades-long. They then throw self-driving cars into the mix except they...
Show this thread -
link to a Forbes article saying how *nVidia* has the advantage in self-driving cars (translated: AMD is in the self-driving car business, who wouldn’t be?) Now, finally, having hooked the idiots we get to the Table of Contents on page 4… Nobody reads past page 4 (nor footnotes)
Show this thread -
Now onto the “vulnerabilities”: 1) MASTERKEY: if you allow unauthorised BIOS updates you are screwed. Threat level: No shit, Sherlock! 2) RYZENFALL: again, loading unauthorised code on the Secure Processor as admin. Threat level: No shit, Sherlock!
Show this thread -
3) FALLOUT: vendor-supplied *signed* driver allows access to Secure Processor. Threat level: No shit, Sherlock! 4) CHIMERA¹: outsourced chipset has an internal ucontroller which can be 0wned via digitally signed driver. __ ¹ read about my Chimaera Processor: far sexier stuff.
Show this thread -
Conclusion, re-written: “we wrote an amazing media-whoring whitepaper and website about stuff which is barely beyond obvious so that we can short AMD stock because suckers and TVs will listen to us”. They hope the security community takes note of these findings. Right.
Show this thread -
Free threat analysis: the only one which I’d be worried about if you are a government agency is the chipset vulnerability. Having said this when was the last time you audited your Intel chipset?
Show this thread
End of conversation
New conversation -
-
-
This Tweet is unavailable.
-
Interesting, thanks
End of conversation
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.