Homepage This page's url is: -crn- Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs HPE Discover 2019 News Cisco Partner Summit 2019 News Cisco Wi-Fi 6 Newsroom Dell Technologies Newsroom Hitachi Vantara Newsroom HP Reinvent Newsroom IBM Newsroom Ingram Micro ONE 2019 News The IoT Integrator Juniper NXTWORK 2019 News Lenovo Newsroom Lexmark Newsroom NetApp Data Fabric NetApp Insight 2019 News Cisco Live Newsroom HPE Zone Intel Tech Provider Zone

CTS Labs' Exploit Findings Rings True, But Concerns Remain

Cybereason's Israel Barak explains why CTS Labs' methodin disclosing AMD processor vulnerabilities was unorthodox.

AMD has acknowledged there’s a problem with its Ryzen and Epyc chips, but concerns remain over the manner by which the security research firm CTS Labs first disclosed the vulnerabilities.

Cybereason’s Israel Barak described it as unorthodox. Recently, he spoke to CRNtv about the unwritten rules when it comes to security disclosures.

"Usually when vulnerabilities are exposed, there’s a deep technical analysis that is attached to the disclosure," said Barak. "So, there is a description of the vulnerability, a description of the mechanism and a description of how that vulnerability was exploited."

CTS Labs did not include a technical analysis. It also has come under fire for notifying AMD of the vulnerabilities 24 hours before disclosing the information to the public, far below the 90 days typically adhered to.

Israel said the technical details are critical for an impacted vendor to adequately address the security issues and says there are ways to disclose that information without tipping off other attackers. In this case, AMD said the vulnerabilities were extremely difficult to exploit because attackers would first need administrative access.

Barak also told CRNtv that he believes it’s time for a new approach to security.

"We need to have a secure architecture in place that looks in depth into the organization," he said. "An attacker doesn’t usually have out of the blue have access to an enterprise endpoint, very high privileges. Something led to that, and things will happen from that point on."

Back to Top

related stories



sponsored resources