It looks like you're new here. If you want to get involved, click one of these buttons!
Dude, root access is a fairly easy concept to understand, lol. And if you're so easily annoyed by people making assumptions based on the information currently available, then I hope you don't work in IT; that's like 75% of troubleshooting in IT administration.someforumguy said:I never said it is irrelevant, but I just got annoyed with the OP for not even seeming to understand what root access means. Instead of asking, he assuming things. And that he thought possibly hardware needs to be scrapped because of this.Quizzical said:Now that we've seen AMD's explanation, we know that flashing the BIOS to fix a problem is only necessary if the hacker had previously flashed the BIOS in order to get access to a particular vulnerability. In that case, it should be obvious why flashing the BIOS again to restore the proper one is essential--and would still be necessary even if the vulnerabilities didn't exist. In no case should the vulnerabilities make it necessary to replace hardware.someforumguy said:SedrynTyros said:I wouldn't say "impossible" to get rid of, but I would say that the procedure to remove it is likely more involved than the average IT tech would consider necessary. So raising awareness of these issues makes sense, even if it may bruise the egos of some AMD enthusiasts as a consequence ...Quizzical said:If you have root on a system, then you have the power to:
Read all files
Edit all files
Copy arbitrary files off of the machine
Copy arbitrary files onto the machine
Run arbitrary programs
See all running processes
Kill running processes
Create user accounts
Delete user accounts
Modify user passwords
Reboot the system
And a whole lot of other things. And you need to have the power to do all of that and a whole lot more before you can even start any of the new "exploits". If an adversary already has the power to do all of that on your computer, you've already lost.
SedrynTyros seems to think that the exploits will make it possible to install malware that is impossible to get rid of. I'm extremely skeptical of that. It might make it possible to install malware that formatting the hard drive alone isn't enough to get rid of. But I'd be shocked it if can't be mitigated by a procedure of, to make sure that you really reset everything, also do something additional to undo whatever this exploit does.
Stop please. From your first comment in this thread it already shows that you don't understand this topic.
Somehow you don't seem to understand that the requirement for root access basically makes this vulnerability pointless. With root access you can install any malware, you don't need a hardware vulnerability anymore.
And about removing malware. In extreme cases (when it can't be removed or you are not sure if it was all) you can always just replace the harddisk(for efficiency, not because it needs to be scrapped lol) and flash the BIOS. Put back the OS image. Bye bye malware. Something any average IT tech can do. They have simple procedures for this.
And no hardware needs to be scrapped ffs.
EDIT: This kind of reminds me of those silly tv shows where IT is treated like magic. For example skeleton keys that can hack everything remotely, including physical locks lol.
Clarke famously said, "Any sufficiently advanced technology is indistinguishable from magic." For a lot of people, we're already there.
I wouldn't dismiss the problems as irrelevant. You want to have defense in depth, so that one flaw doesn't give a hacker access to do absolutely everything. Make it so that a hacker needs to find independent several flaws in order to do what he wants, and if you patch any as they're found, it's much harder for the hacker to simultaneously have everything he needs.
That said, needing to have root access on a box before you can use the flaws is a massively less severe problem than, say, something that gives you root access on a box.
My extreme example (harddisk replacement, BIOS flash) was more about a scenario where IT is not sure (yet) about the extend of a malware infection and a system needs to be up and running again as soon as possible. And that this is not a complicated thing.
Fun quote from Clarke, but that has nothing to do with my example about the tv shows I am talking about TV shows where writers deliberately turn IT into fantasy. I am not talking about how large the distance can be between tech and understanding.
Ofc AMD is going to patch this. If only for their reputation. But it was a shitty move from the company that discovered this. But it is not a serious threat.
Yeah, but to use your analogy, if somebody breaks into your house and you catch them the police can take them to jail; you don't have to burn the whole house down and start over. Whereas in the case with the vulnerabilities you would have to do that.t0nyd said:Yea but, all computers are vulnerable with physical contact and/or root access. This is like saying that your house is vulnerable if someone has a key or your phone is vulnerable if someone steals it.
Yeah, the evidence I've seen so far indicates that this entire scenario has been orchestrated to intentionally undermine the value of AMD's net worth. That doesn't mean the vulnerabilities aren't real, though.t0nyd said: