I spent all morning talking to reporters, mostly to correct twitter hot takes. Yes, all the flaws require admin privs but all are _flaws_ not expected functionality.https://twitter.com/cynicalsecurity/status/973595697902706688 …
-
Show this thread
-
You can find a measured take that includes my commentary on these vulnerabilities from
@lorenzoFB@motherboard:https://motherboard.vice.com/en_us/article/kzpm5x/amd-secure-processor-ryzen-epyc-vulnerabilities-and-backdoors …7 replies 48 retweets 61 likesShow this thread -
Dan Guido Retweeted Dan Guido
Adding a FAQ based on the last 24 hours: - "Tell me more about how you were paid"https://twitter.com/dguido/status/973687926692466689 …
Dan Guido added,
2 replies 0 retweets 0 likesShow this thread -
"In a situation like this, would it be common for your firm to discuss disclosure with the vendor?" Yes, and we did. I discussed pros/cons of various options with them and recommended that they report the vulnerabilities to a CERT.
1 reply 0 retweets 0 likesShow this thread -
Dan Guido Retweeted Dan Guido
"Were you made aware of the plans to go public?" No.https://twitter.com/dguido/status/973633990639878144 …
Dan Guido added,
1 reply 1 retweet 1 likeShow this thread -
Dan Guido Retweeted Dan Guido
"How did CTS Labs find you? What is your relationship to them?" Mutual friend. No ongoing relationship.https://twitter.com/dguido/status/973675763319885825 …
Dan Guido added,
3 replies 0 retweets 0 likesShow this thread -
Dan Guido Retweeted Dan Guido
"Do you have any financial position or interest in AMD or Intel stock?" No.https://twitter.com/dguido/status/973986464789868547 …
Dan Guido added,
3 replies 1 retweet 4 likesShow this thread -
Dan Guido Retweeted Trail of Bits
If you're looking for clear, technical information about the flaws then see the blog we just published:https://twitter.com/trailofbits/status/974345028498804737 …
Dan Guido added,
1 reply 8 retweets 8 likesShow this thread -
Dan Guido Retweeted OSTIF Official
This is my favorite take on the AMD Flaws. They are effectively a "jailbreak" for AMD CPUs.https://twitter.com/OSTIFofficial/status/974348788163928064 …
Dan Guido added,
4 replies 18 retweets 35 likesShow this thread -
Dan Guido Retweeted
This is the truest comment anyone has made about my week so far: https://twitter.com/wildcardNP/status/973921044170989568 …
Dan Guido added,
This Tweet is unavailable.3 replies 1 retweet 7 likesShow this thread
AMD published an initial technical assessment of the flaws from CTS and, by all indications, it agrees with our own. They even linked to our blog post! https://community.amd.com/community/amd-corporate/blog/2018/03/20/initial-amd-technical-assessment-of-cts-labs-research …
-
-
Replying to @dguido @daveaitel
Your own report sounded like you were walking back your initial assessments. "There is no immediate risk of exploitation of these vulnerabilities for most users."https://www.itwire.com/security/82115-israeli-firm-was-advised-to-use-cert-to-disclose-amd-flaws.html …
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Replying to @dguido
Thanks for the report and congrats. Doesn't this report pretty much go against all the image CTSL tried to form? All the flaws look to be 3rd party firmware flaws that need root access to begin with? Looks significantly less dramatic.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.