Discussione: Molti processori Intel Coffee Lake in arrivo nelle prossime settimane
View Single Post
Old 17-03-2018, 20:28   #16
Nui_Mg
Senior Member
 
L'Avatar di Nui_Mg
 
Iscritto dal: Jan 2007
Messaggi: 6595
Quote:
Originariamente inviato da Bivvoz Guarda i messaggi
Scusa ma di asmedia nella piattaforma ryzen non ci sono solo alcune porte usb?
L'INTERO chipset (quindi tutto quello che offre/esce da lui) attuale e futuro prossimo della piattaforma am4 di AMD è realizzato da asmedia.

Sia chiaro, non voglio convincere nessuno a condividere le mie critiche ad asmedia, non mi interessa minimamente, dico solo che sono anni che cerco e cercherò di evitare il più possibile tale azienda, oltre ovviamente a sperare che quanto avevo già postato in altra sede sia alla fine una gran bufala (a prescindere o meno che i bachi di cui si parla siano sfruttabili solo con accesso root presente):

------------------
we have started researching ASMedia chips about a year ago. After
researching for some time, we have found manufacturer backdoors inside the chip which give you full
control over the chips (ASM1042, ASM1142, ASM1143). We wanted to go public with the findings, but
then saw that AMD have outsourced their chipset to ASMedia. So we decided to check the state of AMD,
we bought a Ryzen computer, and whimsically ran our exploit PoC, and it just worked out of the box. Full
Read/Write/Execute on the AMD Chipset, as is – no modifications. To be honest, we were a bit shocked
by it, how they have not removed the backdoors when integrating ASMedia IP into their chipset is beyond
me. So then we said, ok – what on earth is going on in AMD, and started researching AMD.
It took time to set-up the working environment to start communication with the AMD Secure processor,
but after reaching a full working setup and understanding of the architecture – we started finding
vulnerabilities. One, and another and another. And not complex, crazy logical bugs, but basic mistakes –
like screwing up the digital signatures mechanism. At that point, about once a week we found a new
vulnerability, not in one specific section, but across different sections and regions of the chips. It’s just
filled with so many vulnerabilities that you just have to point, research, and you’ll find something
(obviously a personal opinion).
------------------
Nui_Mg è offline   Rispondi citando il messaggio o parte di esso
 
1