A security researcher claims to have access to the full (non-public) technical r... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		paulmd on March 13, 2018 \| parent \| context \| favorite \| on: Security Researchers Publish Ryzen Flaws, Gave AMD... A security researcher claims to have access to the full (non-public) technical report as well as PoC exploits for it. He says they're legit, and they are flaws, not just "you can do admin things with an admin password". https://twitter.com/dguido/status/973628511515750400 Sounds like the capabilities include the ability to jump outside a VM sandbox, take over the PSP, and pivot to the firmware or BIOS exploits. https://www.techpowerup.com/242328/13-major-vulnerabilities-...

pishpash on March 14, 2018 [–]

How do we know this guy's not a conspirator?

paulmd on March 14, 2018 | [–]

Track record of research/publications in the field?

https://www.trailofbits.com/research-and-development/publish...

Ian Cutress of Anandtech appears to be quasi-vouching for Dan Guido. Ian is also interviewing CTS Labs tomorrow morning, and looking for questions.

https://twitter.com/IanCutress/status/973678700687450113

https://twitter.com/IanCutress/status/973697525071994880

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact