On Wed, Mar 14, 2018 at 3:16 PM, Adam Carter <adamcart...@gmail.com> wrote:
> On Wed, Mar 14, 2018 at 12:32 PM, Philip Webb <purs...@ca.inter.net>
>> 180313 Ian Zimmerman wrote:
>> > https://v.gd/PZkiuR
>> > Does anyone know more details?
>> See LWN. It is being described as a scam by people shorting AMD stock.
> Dan Guido / Trail of Bits was paid to review the exploits and has
> confirmed they work. I don't think he'd burn his reputation on this.
> The language around AMD shares being worth $0 is clearly absurd and that
> source should be ignored.
Jake Williams, founder and president of Rendition Infosec, commented on the
above quoted disclaimer via Twitter
<https://twitter.com/MalwareJake/status/973608157208461312>, saying, "I'm
pretty well convinced that this is designed to manipulate stock prices.
That doesn't make the vulnerabilities fake or any less dangerous (though
you need admin access to exploit most)."
Arrigo Triulzi, a security consultant based in Switzerland, described
<https://twitter.com/cynicalsecurity/status/973591954096381952> the paper
as "over-hyped beyond belief" and added, "This is a whitepaper worthy of an
ICO [cryptocurrency initial coin offering]. And yes, that is meant to be an
Google security researcher Tavis Ormandy, responding to Triulzi wrote
<https://twitter.com/taviso/status/973622044200919040>, "Nothing in this
paper matters until the attacker has already won so hard it's game over.
Not something I'm too interested in, but maybe DFIR [Digital Forensics and
Incident Response] people are?"
Ormandy is referring to the fact that exploiting these supposed flaws
require local administrative access, making them significantly less
dangerous than vulnerabilities that can be exploited by a remote,