07/11/17 Three mistakes enterprises make with the cloud
Companies are too eager to move to the cloud due to all the hype surrounding the cloud.
When deciding on moving to the cloud, careful planning is necessary. Here are some of the
most common mistakes companies make.
Moving computing resources on the cloud while keeping the data in-house; your valuable data can be
will face greater security risks and you will have slow access to your data since the data has to travel
from your data center to the cloud.
Firing your current IT staff before making the full transition to the cloud; the transition to the cloud
may take a year or more and you will never completely get all your applications on the cloud.
Your ROI will fall short of your expectations because of all the hype over cloud computing.
Your return will vary a great deal depending on how you plan, transition and train your IT staff to
07/16/2017 Cloud computing and security breaches
In today's high tech environment, you can't go a day without hearing in the news that yet another company has been
hacked and data has been stolen. Even more ominous are the headlines that government entities are involved in the hacks.
Much of the stories involving data breaches have been tied to information stored on the cloud; given the trend to move to the
cloud, it is even more critical that your cloud solution addresses these security concerns. The good news is that if planned
correctly, these security concerns can be mitigated. There are 3 areas that you need to consider in order to address your security
concerns: security measures, data protection and data center security procedures audit rights.
Security measures can include industry standard certifications such as SAS 70 or PCI Security. If industry certifications will not
meet your security needs, you need to discuss your specific needs with the cloud vendors. Also ask where the data centers are
physically located since it may impact governing law and jurisdiction in case there is a dispute. Your organization may also have
regulations that require your data be held in US locations only. Also ask what the procedures are in case of a data breach. How will
you be notified? will you be given the nature of the breach? What information was compromised?
Data protection should include backup plans for your data as well as access to your data at all times. One overlooked detail
is who owns the data; you should clarify that you maintain ownership of the data. Furthermore, it is important to ensure that
your agreement contains provisions for the cloud vendor to provide a complete copy of all your information and data upon a written
request. Vendors may charge a fee and the fee should be determined upfront. Retrieving your data in the event that you terminate
your business relationship with your vendor should also be clarified.
Lastly, your organization should have the ability to conduct an audit of your cloud vendor to ensure compliance with your
security needs. This will allow your organization to be proactive in minimizing security risks. Unfortunately, data breaches
aren't going away anytime soon so your organization needs to be doing everything possible to mitigate your exposure.
07/18/17 Don't jump on the cloud band wagon just yet
We're hearing and reading all the hype about the "Cloud," and cloud services.
Nowadays, there are many reports and articles on how cloud computing and cloud
services will provide opportunities to save on IT costs and although it may, there are
Before jumping into the cloud, there is alot of issues that need to be addressed. First and
foremost is to list out what your business needs are. What type of software will you be running?
What are your security concerns? How will the services be accessed? How will all this new technology
work with your existing IT environment?
About half the companies that adopt cloud technologies without planning end up jury rigging their old
IT environment with cloud technologies and spend year(s) stabilizing their hybrid environment.
07/19/2017 Ransomware on the rise
On May 12th, WannaCry hit networks around the world, locked up computers and held them ransom.
WannaCry hit fast and spread quickly around the world including government entities.
Health organizations, utilities, small and large businesses were all hit; no was was immuned.
WannaCry exploits a vulnerability initially discovered by the U.S. National Security Agency called EternalBlue.
This encrypts data stored and the computer and then demands hundreds of dollars for the decryption key. WannaCry also
uses a timer that when it runs out, data is lost for ever. WannaCry also
has the ability to spread quickly to other computers which allowed it to be quickly identified.
How do you protect ourselves from this type of threat? Keep your computers up to date with the latest security patches
and update legacy OS's like Windows XP. Also employ an endpoint management solution that will help prevent intrusions into
your network. There are plenty of products on the market that will help you with this, but selecting the right one that fits your
specific needs aren't easy so you need to do your homework.
07/20/2017 Cloud is safer when it comes to cyber attacks
WannaCry ransomware hit last month and Petya hit a couple of weeks ago; they both took advantages of security issues
in older operating systems that allowed them to spread. Yet, in the past few years, no major cloud were affected by this
type of attack.
Cloud providers are less likely to be breached because of many reasons; multiple layers of security, pro-active monitoring of
activities, and automatically applying security patches behind the scenes. Very few companies have the resources to keep up
with their security needs and can't keep up with the ever changing environment. While it is true that the cloud had some outages,
but no major cloud provider has been affected by malware attacks in the last few years.
07/22/2017 Two cloud security myths
When it comes to cloud security, there are two main groups out there: those that believe that the cloud is systemically unsafe,
and those that believe the cloud is unhackable. They are both wrong and cloud security isn't as black and white as some would have
With the proper planning, your data will likely be more safe in the cloud than in traditional systems. Remember that with all the
data breaches that have been reported in the last few years, no cloud vendors have been involved. The reason is that the cloud
providers are proactive and update their security constantly. Most traditional, on site systems have outdated security and tend
to be reactive when it comes to security.
Just because your cloud vendor proactively take precautions doesn't mean that you don't have to do your part when it comes to
security. Nothing is completely secure; less penetrable doesn't mean impenetrable. You need to be concerned with identity and access
management (IAM), multifactor authentication and encryption. The biggest factors in cloud security are usually related to people:
simple passwords, keeping passwords written down everywhere, and sharing same passwords for multiple accounts.
Cloud security depends on how much time and resources you spend planning out your cloud strategy. Cloud security is not an all or nothing
07/25/2017 Cloud based analytical systems becomes the tipping point for business
Many enterprises need big data analytics for their business intelligence but many balk at the high costs until now;
Cloud computing makes the need for massive, in house infrastructure obsolete. Many enterprises are making the paradigm
shift to the cloud? Here are some reasons why.
Big data requires massive expenditures in infrastructure, computing power, and most of all, time. Cloud based offsets this
by minimizing the burden on in-house IT to purchase and manage the infrastructure. For the most part, all the IT department
needs to provide is an internet connection and an ordinary PC.
Cloud is ideal storage facility for all the generated data. Cloud not only saves money on the storage but also on the specialized
equipment and infrastructure involved in housing the storage. This allows the data scientists to focus on high-end data analytical
issues rather than developmental teething issues.
07/26/2017 The public cloud is fast becoming a strategic tool
There is a shift among forward thinking CIOs; they are no longer looking at the cloud to cut cost but an opportunity
to get out of the business of managing data and focus on strategic, business projects. CIOs think of the cloud as a way to
develop software quicker by embracing flexible devops and design-thinking philosophies. The public cloud enables these changes
and are reflected in the revenue of public cloud services companies.
08/03/2017 New virus doesn't a file during infection
Anti-virus company Trend Micro detected new malware called JS_POWMNET that uses a fileless infection chain. A fileless infection
chain never saves a file to the machine and makes it harder to analize via sandbox. It is unclear whether users unknowingly download it or other malware drops it onto the infected machine. Regardless of how it gets in, an autostart registry entry receives a url to fetch
finally, the favicon is decrypted so it can load up its payload.
To protect against fileless malware, experts recommend segmenting their networks to limit access and to disable Powershell if they
don't use it.
08/04/2017 How Cloud will change IT, look at Microsoft
Microsoft is planning to reorganize it's global sales staff to focus on selling cloud software. What does this mean to your business?
More and more enterprises will outsource their data centers or move them to the cloud. IT staff that are responsible for purchasing
hardware and software will shrink drastically. Executives that fight the cloud and focus on cost heavy, traditional systems will
either change their tune quickly or become a relic.
10/27/2017 Smartwatches that learn your every move
Current smartwathces can recognize a limited number of activities that were programmed in advance. There is a new algorithm that can detect new activities as they happen in real time. It is no longer limited to only a few, predefined set of activites.
The current way recognizing activities is to bundle together bursts of activity to estimate what the person was doing and for how long. An example is when a someone takes a bunch of steps, it is clustered into a walk. The new algorithm tracts ongoing activity, especially to transitioning as well as the activity itself. Up comming watches will be better able to track our activities and learn new activities as we engage in them. This will provide a better picture of our daily lives and can be used in healthcare and behavior research.
10/30/2017 Intel releases first Optane SSD for desktops
Intel just released their Optane SSD 900P series solid state hard drive in 280GB and 480GB sizes. The new drives come in either U.2 or HHHL form factors and have read speeds up to 2500MB/s and write speeds of 2000MB/s. Intel's Optane technology is so fst that it can even be part of the system memory. Optane uses what Intel calls 3D XPoint technology which promises seven times the speed of regular SSDs.
The new drives have some drawbacks, they come with only a 5 year warranty opposed to 10 years for most other SSDs. They also require more power than other SSDs. They priced much than their regular SSD counterparts; $389 for 280GB and $599 for 480GB versions. Up to now, Optane has only been used as an accelerator since Intel was primarily focused on the data center market. Still gamers and other PC enthusiasts are eagarly awaiting their release to the desktop market.
11/03/2017 Nvidia releases GeForce GTX 1070 Ti
Yesterday, Nvidia announced the GeForce GTX 1070Ti graphics card to plug a hole in their lineup between the GTX 1070 and the GTX 1080. It's main competition is the AMD Radeon Vega 56. The GTX 1070 Ti uses the same GP104 GPU as the GTX 1080 and GTX 1070. The CPU speed is close to the GTX 1080, 2560 CUDA cores for the GTX 1080 vs 2432 for the GTX 1070 Ti.
The GTX 1070 Ti clocks in with 1607MHz and 1683MHz boost clock. The card comes with the same vapor chamber cooling and five-phase dual-FET power design as the GTX 1080. It packs 8GB of GDDR5 memory. Like it's little brother the GTX 1070, tie Ti uses a 256-bit bus for a bandwidth of 256GBps. The card has the same 180W TDP and 8-pin power connector as the GTX 1080.
The price of the card slots neatly between the GTX 1070 ( $350 ) and the GTX 1080 ( $500 ) at $450. It will make is appearance in custom PCs as EVGA and PNY variants are being sold. The GTX 1070 Ti challenges both the Radeon Vega 56 and it's big brother the GTX 1080 in both price and specs.
11/07/2017 Intel and AMD team up against Nvidia
For the first time since the 1980's, rivals Intel and Advanced Micro Devices ( AMD ) are partnering to create a new mobile chip that will contain an Intel processor and AMD GPU. It will pit the two companies against Nvidia. The new chip will be tailored for ultra thin laptops that have the processing strenght to play graphics intensive games. The new chip will be part of Intel's eighth generation Intel Core line of processors.
The laptops built with the new chips won't be competing with AMD's own Ryzen chips
. According to AMD, the Ryzen chips aren't specifically designed for serious gaming whereas the new chips will be. The new CPU/GPU architecture is called EMIB
, short for Embedded Multi-die Interconnect Bridge, will allow information to be passed quicky according to Intel.
According to Chris Walker, vice president of Intel's Client Computing Group, this new chip will address a nagging problem: as VR becomes smaller, the notebooks with the graphics horsepower to run VR is still bulky and heavy. This may be what both Intel and AMD needs as it continues the battle in the AI chip market as Nvidia dominates and other, non traditional chip manufacturers enter the market.
11/13/2017 Samsung GDDR6 memory with 16Gbps speeds comming soon
Samsung has stated officially that they will be producing the fastest and lowest power DRAM for next generation products. It has transfer rates of 16Gbps with a 64GB/s bandwidth while only using 1.35V of power. To put that into perspective, it is able to transfer 12 full, HD DVDs per second. Compared with GDDR5 DRAM, which has 8Gbps and 1.5V power consumption, it is a dramatic improvement in both speed and power usage. GDDR6 will come in 8Gb and 16Gb densities followed by 32Gb densities as production ramps up.
When it comes to potential customers of GDDR6 memory, Nviddia tops the list. Nvidia has already confirmed that the Volta GPU will be using GDDR6 memory next year. AMD didn't make any announcments about using the GDDR6 DRAM and may continue to use HBM2 DRAM on their Vega cards. This may be due to their partnership with Hynix but that may soon change as Hynix may offer GDDR6 memory in the future. Another potential customer may be Intel, who recently hired AMD's ex-graphics technology head, Raja Koduri. They may plan on developing their own discrete GPUs. The future is looking brighter for high end graphics cards in the years to come.
11/17/2017 Two Microsofts: the good and the not so bad
In Microsoft's latest quarterly earnings, even with a booming quarter, it looks like there are two Microsofts, one that is booming and the other that is waning. Microsofts cloud business is doing well but it's OS department is slowly fading.
Microsoft has a major lead in enterprise cloud with Azure. Azure grew 97 percent year over year. The ease of moving enterprise, on-premise infrastructure made up of Windows based servers into the Azure cloud is a major reason that enterprises are moving to Microsoft's Azure. With other cloud services such as Google's Compute, Amazon's AWS, SAP and Oracle is making inroads with their own cloud offerings, Microsoft has a huge lead due to the easy transition. Microsoft's dominance in workstation and sever OS makes the transition very easy compared to the others.
On the other sied, Windows continues to be a sore spot for Microsoft as PC sales slows down, little market share in the tablet OS market and near zero share of the phone OS market. Even Surface's garnered many good reviews, its sales were down. Microsoft's gamble to switch Windoiws from a buy once model to a subscription based model simillar to Microsoft Office 365 may help prevent the slide but it may take 3 to 4 years before it pans out.
Microsoft's dual pronged strategy may payoff in the long run as cloud computing gains momentum. Get people hooked on the Microsoft Windows model to ease their transition to Microsoft's Azure. Currently, almost two-thirds of its revenue comes from it's cloud offering. The Business software such as Office 365 and Dynamics 365 is on par with the consumer division ( Windows and Xbox ). PC OS is shrinking but business productivity and cloud offerings are more than making up for the decline. Microsoft is activly transitioning from an OS company to a cloud company and if it is successful in converting Windows to a subscription based service, Microsoft will continue to dominate the computer industry.
11/27/2017 Security flaw in Mac OS High Sierra
There is a serious security flaw on the newly released Mac OS High Sierra. This flaw allows even the most inept hacker in by just typing in "root". All anyone has to do is type in "root" when prompted for a username and password to gain administrator access. Malware designed to exploit this could fully install itself deep within the computer with no password required. Alot of malware tries to escalate privileges to gain root access and Apple made it extremely easy to get.
The fact that the attack could be used on any logged out account raises the threat that someone with physical access could set a root password then regain access anytime they want. Apple is aware of this an is expected to roll out a security patch quickly. In the meantime, you can protect yourself by simply setting a password for the root user. This critical bug is only one of the latest in a disturbing series of bugs that have plagued High Sierra. On the day it was launched, a malicious code was found running that could steal the contnets of its keychain without a password. Another serious bug showed the user's password as a password hint when they try to unlock an encrypted partition on their machine known as APFS container. These serious flaws being may have been avoided if Apple offered a reward to catch security vulerabilities in its software as most other companies do.
12/01/2017 Microsoft launches Windows 10 on ARM
Windows used to run on x86 processors from Intel and AMD but today, Microsoft launched Windows 10 for ARM processors. Microsoft experimented with using ARM based processors when it launched the Surface RT and Windows RT in 2012 and it was costly. The system could only run a small set of applications that have been compiled for the ARM and you couldn't install whatever app you wanted. That was 2012 and today, Microsoft is relaunching Windows for ARM. This time around, you will be aple to run any program. Even though Microsoft isn't releasing an ARM based Surface device, HP has announced a new line of laptops that will.
The benefit of using ARM-based chips is that you get the same user experience that you are used to with smartphones. They feature wsireless LTE connectiviy and mosst importantly, much longer battery life. Asus and HP, which both worked with Microsoft, claim over 20 hours of active use batter life and 30 days of standby. Asus announced their NovaGo line which is powered by the QualComm Snapdragon 835 chip and HP is bringing in the Envy x2 which offers 4G LTE2 support.
Microsoft GM of Windows, Erin Chapple stated that there is no emulation at the operating system level. The team spent alot of time defining the boundaries between the operating system and the emulated layer. In the end, Microsoft decided to natively compile all the DLL ( Windows libraries ) and set the emulation level above that. Everything that is above this needs to be emulated and Microsoft uses a dynamic binary translator to translate x86 code into ARM64 code on the fly. Because of this, most applications should run with near native performance since Microsoft apps tend to call the operating system APIs directly.
12/07/2017 Nvidia announces Titan V CPU
Nvidia announced the release of their Titan V GPU. They are billing as "the most powerful GPU ever created." According to Nvidia, it represents a more significant leap than most products that have made that claim. It is the first GPU based around Nvidia's new Volta architecture. It may be a bit of a stretch to call this a "consumer" card; the Titan V costs $2,999 and is focused around AI and scientific simulation processing. Nvidia claims 110 teraflops and that it consists of 21.1 billion transistors. It is also loaded with 12GB of HBM2 memory, 5120 CUDA cores, and 640 "tensor cores" that are seaid to offer up to 9 times the deep learning performance of its predecessor. Visually, the card is gold and black.
Currently, it is being marketed to researchers and scientists and ther is no word whether Volta might make its way to the gaming-focused GPUs. Nvidia's current Pascal architecture, which was introduced a year and a half ago still remains one of the best gaming GPUs available. Volta GPUs are more costly for Nvidia to produce so the company may continue to use the Pascal for the gaming market as long as they can. The Titan V is available today and is limited to two per customer.
12/11/2017 Microsoft releases quantum computing development kit preview
Microsoft announced that it was going to be in the future of quantum computing at the Microsft Ignite Conference in September. Today, Microsoft took a step towards that goal by releasing a preview of its quantum computing development kit
. This kit includes all the pieces a developer needs to get started including Q# language and compiler, a Q# library, a local quantum computing simulator, a quantum trace simulator and a Visual Studio extension.
Since it is a preview, it is aimed at early adopters who want to understand what it takes to develop programs for quantum computers which operate very different from the traditional ones. With a traditional computer, a bit can only be a 1 or a 0 ( on or off ), whereas in quantum computers, a qubit ( quantum bit ) can be in multiple states at the same time. Microsoft's Krysta Svore stated in September that the idea was to offer a comprehensive full stack solution for controlling the quantum computer and writing applications for it. Microsoft isn't alone in being a player in quantum computing, IBM has had quantum computing servies available for programmers for a year now and has released a 20 qubit quantum computer
. IBM also announced a 50 qubit prototype. Google and Intel are also working on quantum computing research as well as a host of other companies and startups. It is still the early days of quantum computing and we have a while to go but hte potential is so great that alot of companies including Microsoft want to get in as early as possible.
12/11/2017 UNSW unveils a complete quantum computer chip design
University of New South Wales' ( UNSW ) team of engineers unveiled their design of a working chip that can integrate quantum interactions. Acorrding to UNSW, the design, which can be manufactured using mostly standard industry processes and components, comprises a "novel architecture" that allows quantum calculations to be performed using existing CMOS components. Quantum computing may be the next giant leap in technology but the designing a quantum computer on a single chip was been elusive until now. Also another dramatic change that comes from this release is that quantum computers can be made using existing semiconductor manufacturing plants.
The design was published in the journal Nautre Communications by Andrew Dzurak, director of the Australian National Fabrication Facility at UNSW and Dr Meno Veldhorst, who is the lead author of the paper and a research fellow at UNSW. The design incorporates conventional silicon transistor switches to turn on operations between qubits in a vast two dimensional array, using grid based "word" and "bit" select protocol similar to that used on select bits in a conventional compute memory chip. Veldhorst adds "By selecting electrodes above a qubit, we can control a qubit's spin, which store the quantum binary code of a 0 or a 1. And by selecting electrodes between the qubits, two-qubit logic interactions or calculations can be performed between qubits." The design employs error correcting codes that use multiple qubits to store a single piece of data.
Dzurak was instrumental in building a quantum logic gate in silicon which made the calculations between two qubits of information possible. At the time, it was not possible to make two quantum bits "talk" to each other and create a logic gate using silicon. What the announcement means is that all the fundemental building blocks required to make a full scale quantum chip are now available and that we are out of the research phase and can move into the engineering and manufacturing stage. This announcement may revolutionize the world.
01/03/2018 Intel processors security bug fix could slow down PCs
A security flaw in Intel processors has led to a redesign Linux and Windows kerfnels. Programmers have been working for the last two months to protect against a hardware bug in Intel CPUs that could let attackers access security keys and passwords and cached filoes from disk. Security patches will be required for both Windows and Linux systems and may slow down performance. The security bug affects Intel processors manufactured over the last 10 years which means alot of systems will require updates.
The Intel bug is related to the way apps and programs can discover the contents of protected kernal memory areas. Kernels have complete control over the entire system and connects applications to the processor, memory and other hardware. There is a flow in Intel processors that let attackers bypass kernel access protections so that apps can read the contents of kernel memory. To protect against this, programmers have been separating the kernel's memory away from user processes which is being called "Kernel Page Table Isolation." While Linux and MacOs patches have been rolling out over the past month, Windows patches are not yet available.
01/05/2018 College students mine cryptocurrency in dorms
Mining cryptocurrency is yet another way college students use to make money. One would think that college students are at a disadvantage when it comes to mining cryptocurrencies since it requires enormous computer resources but the largest portion of expenses comes from electricity consumption. This is where the students living in dorms have the advantage since the university pays for the electricity. Resourceful students are repurposing old computers by adding a graphics card to do the processing. There are several ming software readily availabe to start mining cryptocurrencies.
There are some downsides that students are putting up with, the two biggest downsides are heat and noise. Students are running multiple computers 24/7 which adds alot of heat to the room. Another issue is noise, with all the computers running and producing heat, that heat has to be dissipated and that requires alot of fans not just in the computer but in the rooms. Another major issue is tripping the circuit breakers; run too many computers and the student not only loses power to their alarm clock, but countless others as well, especially in older dorms.
01/08/2018 Microsoft Meltdown-Spectre update crashes AMD PCs
Microsoft's security patch for Meltdown and Spectre vulnerabilities are casuing problems for many computers with the AMD Athlon CPUs. The security patch is for Windows 10 Fall Creators Update, KB4056892
. The symptoms are that after installing the update, only the Windows logo is displayed and after several failed boots, it does a rollback and then gets the error , 0x800f0845. Unfortunately, users cannot disable the automatic Windows updates without gpedit so it continues through the loop.
It isn't clear how widespread the problem is even if it is the result of Microsoft's patches for the Meltdown and Spectre vulnerability. What is known is that the AMD CPU involved is the AMD Athlon X2 6000+, which is 10 years old. Since KB4056892 contains more than just the Meltdown and Spectre fixes, it is not clear if security patches for Meltdown and Spectre are the cause. AMD chips aren't vulnerable to the Meltdown attack but is vulnerable to the Spectre attack.
02/15/2018 Intel put a quantum computer on a chip
Dutch quantum computing company QuTech, aong with US chip maker Intel, announced a two-qubit quantum computer running on a silicon chip. Quantum computers are supposedly able to do things that no "conventional" computer could do such as unhackable communications and complex molecular simulations. Despite all the potential, we are still in the early stages of development and research. The technology is incredibly fragile, takes up huge amounts of resources and can only do a few thing currently. In short, quantum computers aren't ready for prime time.
Putting quantum computers on a chip could change that. Researchers for the two companies used a special type of qubit called spin quibits to run two different quantum algorithms on a chip. Intel's other quantum system, the 49-qubit computer
, rely on superconducting materials and near absolute zero temperatures. A spin qubit doesn't require either, it is an electron that has been agitated by microwave pulses. While not as useful as other quantum systems, spin qubit systems have the potential to work with existing, all electrical operation according to the white paper
published by the team.
The two-qubit systems are still experimental right now but the experiment proves that the concept works. It will take more experiments to create systems to get to the point where they'll be more powerful than conventional computers. Quantum computers may be the future but before they can exist anywhere other than laboratories, someone will have to figure out a way to manufacture them and silicon chips looks like a great place to start.
03/05/2018 Google moves towards quantum supremacy with 72-qubit computer
Researchers from Google are testing a 72-qubit computer - a big step up from the company's previous 9-qubit chip. The researcehrs hopes to use the larger quantum chip to demonstrate quantum supremacy for the first time, performing a calculation that is impossible with traditional computers. Achieving quantum supremacy requires a computer of more than 50 qubits, but scientists are still struggling to control so many quantum entities at once. Unlike traditional bits that have either a 0 or a one, a qubit can be 0, 1, or any combination of the two thanks to a quirk known as superposition.
The chip is nicknamed Bristlecone because its qubits are arranged in a pattern similar to a pinecone. According to phyicist John Martinis from the University of California, Santa Barbara, the quantum supremacy demonstration could come within a few months if everything works well.
03/17/2018 AMD investigating reports of critical vulnerabilities found in Ryzen chips
Researchers found serveral security vulnerabilities in various AMD chops which allows attackers to steal sensitive data and malware on systems powered by AMD CPUs. An Isreali company, CTS-Labs discovered 13 critical vulnerabilities that affect AMD's EPYC servers and Ryzen workstations. The security report was issued to AMD, Microsoft and a handful of companies.
According to the researchers, the flaws stem from the design of AMD's "security gatekeeper" Secure Processor, which is the area of the processor where devices store sensitive data including passwords and encryption keys. The white paper
CTS-Labs released outlines those flaws. Researchers found four primary type of vulnerabilities that can be leveraged to attack the processors. One nasty vulnerability is called Chimera which was discovered in the Ryzen CPU. Chomera has two sets of manufacturer backdoor flaws - one in firmware and the allow in hardware. This allows malicious code to be injected into Ryzen chipsets.
Another vulerability found is Ryzenfall. Ryzenfall allows malicious ode to take complete control over the AMD Secure Processor and leverage the privileges to read and write protected memory such as SMRAM and Windows Credential Guard isolated memory. The third flaw impacts the EPYC server chips and has the same vulnerability as Ryzenfall in that it also allows privileges to read and write protected memory areas.
These flaws may lead to hardware based ransomware by causing damage to physical hardware and bricking hardware. This is the latest hit for chip makers after the Spectre and Meltdown flaw disclosed by Google Project Zero. Both AMD and Microsoft are currently working on patches to fix the flaws but it may be months before patches gets released.