Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!




Last Active
Favorite Role
  • "A raft of flaws in AMD chips makes bad hacks much, much worse"

    Quizzical said:
    Quizzical said:
    If you have root on a system, then you have the power to:

    Read all files
    Edit all files
    Create files
    Copy arbitrary files off of the machine
    Copy arbitrary files onto the machine
    Install programs
    Uninstall programs
    Run arbitrary programs
    See all running processes
    Kill running processes
    Create user accounts
    Delete user accounts
    Modify user passwords
    Reboot the system

    And a whole lot of other things.  And you need to have the power to do all of that and a whole lot more before you can even start any of the new "exploits".  If an adversary already has the power to do all of that on your computer, you've already lost.

    SedrynTyros seems to think that the exploits will make it possible to install malware that is impossible to get rid of.  I'm extremely skeptical of that.  It might make it possible to install malware that formatting the hard drive alone isn't enough to get rid of.  But I'd be shocked it if can't be mitigated by a procedure of, to make sure that you really reset everything, also do something additional to undo whatever this exploit does.
    I wouldn't say "impossible" to get rid of, but I would say that the procedure to remove it is likely more involved than the average IT tech would consider necessary.  So raising awareness of these issues makes sense, even if it may bruise the egos of some AMD enthusiasts as a consequence ...

    Stop please. From your first comment in this thread it already shows that you don't understand this topic.

    Somehow you don't seem to understand that the requirement for root access basically makes this vulnerability pointless. With root access you can install any malware, you don't need a hardware vulnerability anymore.

    And about removing malware. In extreme cases (when it can't be removed or you are not sure if it was all) you can always just replace the harddisk(for efficiency, not because it needs to be scrapped lol) and flash the BIOS. Put back the OS image. Bye bye malware. Something any average IT tech can do. They have simple procedures for this.

    And no hardware needs to be scrapped ffs.

    EDIT: This kind of reminds me of those silly tv shows where IT is treated like magic. For example skeleton keys that can hack everything remotely, including physical locks lol.
    Now that we've seen AMD's explanation, we know that flashing the BIOS to fix a problem is only necessary if the hacker had previously flashed the BIOS in order to get access to a particular vulnerability.  In that case, it should be obvious why flashing the BIOS again to restore the proper one is essential--and would still be necessary even if the vulnerabilities didn't exist.  In no case should the vulnerabilities make it necessary to replace hardware.

    Clarke famously said, "Any sufficiently advanced technology is indistinguishable from magic."  For a lot of people, we're already there.

    I wouldn't dismiss the problems as irrelevant.  You want to have defense in depth, so that one flaw doesn't give a hacker access to do absolutely everything.  Make it so that a hacker needs to find independent several flaws in order to do what he wants, and if you patch any as they're found, it's much harder for the hacker to simultaneously have everything he needs.

    That said, needing to have root access on a box before you can use the flaws is a massively less severe problem than, say, something that gives you root access on a box.
    I never said it is irrelevant, but I just got annoyed with the OP for not even seeming to understand what root access means. Instead of asking, he assuming things. And that he thought possibly hardware needs to be scrapped because of this.

    My extreme example (harddisk replacement, BIOS flash) was more about a scenario where IT is not sure (yet) about the extend of a malware infection and a system needs to be up and running again as soon as possible. And that this is not a complicated thing.

    Fun quote from Clarke, but that has nothing to do with my example about the tv shows :p I am talking about TV shows where writers deliberately turn IT into fantasy. I am not talking about how large the distance can be between tech and understanding.

    Ofc AMD is going to patch this. If only for their reputation. But it was a shitty move from the company that discovered this. But it is not a serious threat.
    Dude, root access is a fairly easy concept to understand, lol.  And if you're so easily annoyed by people making assumptions based on the information currently available, then I hope you don't work in IT; that's like 75% of troubleshooting in IT administration. 

    Sure, my assumptions were wrong, but that happens sometimes.  When new information becomes available, you assimilate that, adjust your understanding accordingly and move on.  No big deal.  I knew given the circumstances that information from AMD would be forthcoming and probably clear up a lot of questions, which it did.

    What I think is funny is how sensitive the AMD fans get over this stuff.  I agree it was a shitty move by CTS to handle it the way they did, but it made for some entertaining discussions over the past week.   :D
  • "A raft of flaws in AMD chips makes bad hacks much, much worse"

    And also, killer cars are a thing ... from Nvidia ... at least that's what I heard.
  • Not a troll thread; for people who are interested in playing the game only

    This thread is for people who potentially like the idea of playing Chronicles of Elyria to comment on it and discuss it, which makes it a rare anomaly on this forum.  The usual forum trolls, who create troll thread after troll thread on this forum with impunity, are NOT welcome to post in THIS thread.  I hope that is clear enough. 

    For those who are looking forward to playing this game, I hope you enjoy this rare opportunity to discuss your enthusiasm without the usual trolls baiting you into defending yourself to the point where you get banned from posting while they continue to troll everyone interested in this game without repercussions.  Have fun! :smile:
    Slapshot1188GdemamimystichazeUngoodJamesGoblinKyleranEponyxDamorYashaXAsm0deusShaighand 1 other.
  • "A raft of flaws in AMD chips makes bad hacks much, much worse"

    t0nyd said:
    Yea but, all computers are vulnerable with physical contact and/or root access. This is like saying that your house is vulnerable if someone has a key or your phone is vulnerable if someone steals it.
    Yeah, but to use your analogy, if somebody breaks into your house and you catch them the police can take them to jail; you don't have to burn the whole house down and start over.  Whereas in the case with the vulnerabilities you would have to do that.
  • "A raft of flaws in AMD chips makes bad hacks much, much worse"

    t0nyd said:
    This is an obvious attack and mostly nothing more. Oh noes people can do bad things if they have root access...

    Yeah, the evidence I've seen so far indicates that this entire scenario has been orchestrated to intentionally undermine the value of AMD's net worth.  That doesn't mean the vulnerabilities aren't real, though.