cybersecurity

3843 readers

71 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

Google researchers uncover critical security flaw in all AMD Zen processors (www.techspot.com)

submitted 1 week ago by floofloof to c/cybersecurity@infosec.pub

3 comments fedilink hide all child comments

top 3 comments

sorted by: hot top controversial new old

[–] cron@feddit.org 9 points 1 week ago* (last edited 1 week ago)

The researchers discovered that AMD had been using a publicly available example key from NIST documentation since Zen 1, which allowed them to forge signatures and deploy arbitrary microcode modifications.

I wish these sorts of errors were not that common.

[–] thebardingreen@lemmy.starlightkel.xyz 8 points 1 week ago (1 children)

The researchers discovered that AMD had been using a publicly available example key from NIST documentation since Zen 1,

lol... sigh...

[–] floofloof 2 points 1 week ago* (last edited 1 week ago)

Just like all the BIOSes that have turned out to be using keys called things like TEST ONLY - NOT FOR PRODUCTION, rendering Secure Boot not. I have a couple of computers like this.