After our analysis about the vulnerability disclosures this week on AnandTech, and continuing discussions on Twitter, TechTeamGB, a Great Britain based Youtube technology channel, invited Senior Editor Ian Cutress on the Thursday show to discuss the recent news surrounding the AMDFlaws website, the ramifications of the announcement, the company behind the announcement, and what it means to the community at large.

Through the 96 minute discussion, Ian vocalised a lot of what has been covered on AnandTech already, and discussed some of the more esoteric claims in the wild that may or may not have elements of truth in them. This show was broadcast before posting our interesting call with CTS-Labs, the company behind the vulnerability disclosure, but has a number of snippets that are mirrored in that article.

A small Q&A from the TechTeamGB audience happens at the end of the show. The show is hosted by TechTeamGB Host, Andrew McDonald.

If you prefer your content in audio and video form, here it is.

Related Reading

POST A COMMENT

16 Comments

View All Comments

  • npz - Friday, March 16, 2018 - link

    I do not consider TrustZone security processor "flaws" to even be worthy of this kind of news. It is ridiculous how they are trying to classify it as some kind of real risk when it requires REFLASHING the firmware with a compromised, untrusted image first. That I consider to be even less likely than the a social engineering flaw.

    Their presentation of specifically citing AMD and naming the ASMedia chip flaws as "amdflaws" is also completely disingenious especially when it is used widely on Intel chipsets, especially older ones which relied on them and some newer Intel chipset board makers which include ASMedia chips for extra ports

    And then there are two parts that I did not see addressed here: these guys former Intel connection (they were after all entrusted by Intel to research Meltdown and Spectre way before it became public) and the stupidly suspicious Viceroy shorting and ridiculous investor analysis of imminent bankruptcy and stock evaluation of $0. CTSLabs even made mention elsewhere about admitting to having some ambiguous financial third party interest but wouldn't go any further than that. I am disappointed this wasn't addressed at all.

    I am also dissapppointed Ian didn't pushback on the TrustZone processor issue requirement of reflashing with a compromised bios as something even CERT worthy
    Reply
  • mode_13h - Tuesday, March 20, 2018 - link

    All good points.

    I look at the TrustZone reflash as akin to saying there's a security flaw in (name OS here) because installing a hacked kernel (or device driver) can expose sensitive data to attackers. Like, um, yeah.
    Reply
  • DrizztVD - Friday, March 16, 2018 - link

    You need to look at Windows Defender Application Guard: https://docs.microsoft.com/en-us/windows/security/...

    It spins up/spins down hyper-v session and places Edge browsing into a virtual environment that gets destroyed when the page is closed. This will defend against attacks from all of these recent vulnerabilities.
    Reply
  • npz - Friday, March 16, 2018 - link

    For the kind of flaws they are discussing with ASMedia it probably won't help. Ironically it's the kind of flaw that is currently already inherent in Thunderbolt and previously in Firewire where the chip can do unititiated dma to any memory location (so a program that is not web based could still exploit it). The only way to prevent that is to use iommu in non-virtualized environment, which is currently not done by Windows or Linux (I think you can in Linux but it iommu dma remapping is not the default for the host environment) Reply
  • mode_13h - Wednesday, March 21, 2018 - link

    Wow, it's uncomfortable watching the TechTeamGB kid. They should really study how broadcast TV news edits interviews, where you only cut to the interviewer when he has a question. Then, he just needs to practice his poise, when the camera is on him. Again, just watching newscasters for a bit would go a long way.

    Of course, there are other interesting things they could show, such as a timeline or a bullet point summary of what Ian is saying. But that obviously takes work. Just a simple editing job should be a quick thing to do.
    Reply
  • microking4u - Monday, March 26, 2018 - link

    Ian, Can you or your other reviewers please look into issues with AMD Ryzen RAID utilizing an PCIE NVME SSD as your boot and 2x SSD drives on SATA in a RAID 0 config for storage and try and transfer DATA between the two. There seems to be major issues with AMD chipset drivers and their RAID drivers in this configuration and stability of the drivers. I cannot even upgrade the drivers on my ASRock AB350 chipset itx motherboard and the RAID driver can only be installed at Windows 10 Installation and then get random blue screens and cannot upgrade the driver. We need to have this issue fixed and you bringing it to light will hopefully get them moving on this issue!? Thanks Ian! Reply

Log in

Don't have an account? Sign up now