Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can AMD Vulnerabilities Be Used To Game the Stock Market? (vice.com)

Posted by msmash on from the setting-wrong-precedence dept.

Earlier this week, a little-known security firm called CTS Labs reported, what it claimed to be, severe vulnerabilities and backdoors in some AMD processors. While AMD looks into the matter, the story behind the researchers' discovery and the way they made it public has become a talking point in security circles. The researchers, who work for CTS Labs, only reported the flaws to AMD shortly before publishing their report online. Typically, researchers give companies a few weeks or even months to fix the issues before going public with their findings. To make things even stranger, a little bit over 30 minutes after CTS Labs published its report, a controversial financial firm called Viceroy Research published what they called an "obituary" for AMD. Motherboard reports: "We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries," Viceroy wrote in its report. CTS Labs seemed to hint that it too had a financial interest in the performance of AMD stock. "We may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports," CTS Labs wrote in the legal disclaimer section of its report.

On Twitter, rumors started to swirl. Are the researchers trying to make money by betting that AMD's share price will go down due to the news of the vulnerabilities? Or, in Wall Street jargon, were CTS Labs and Viceroy trying to short sell AMD stock? Security researcher Arrigo Triulzi speculated that Viceroy and CTS Lab were profit sharing for shorting, while Facebook's chief security officer Alex Stamos warned against a future where security research is driven by short selling.

[...] There's no evidence that CTS Labs worked with Viceroy to short AMD. But something like that has happened before. In 2016, security research firm MedSec found vulnerabilities in pacemakers made by St. Jude Medical. In what was likely a first, MedSec partnered with hedge fund Muddy Waters to bet against St. Jude Medical's stock. For Adrian Sanabria, director of research at security firm Threatcare and a former analyst at 451 Research, where he covered the cybersecurity industry, trying to short based on vulnerabilities just doesn't make much sense. While it could work in theory and could become more common in the future, he said in a phone call, "I don't think we've seen enough evidence of security vulnerabilities really moving the stock for it to really become an issue." Further reading: Linus Torvalds slams CTS Labs over AMD vulnerability report (ZDNet).

60 of 106 comments (clear)

  1. Seriously? Peddling the fake propaganda a second t by Anonymous Coward · · Score: 5, Interesting

    The last time this shit was posted, we established that the prerequisites for those "vulnerabilities" were ridiculous, requiring *at least* admin access, or even installing a hacked bios first! We also established that CTS labs were in bed with Intel had created the domain for this only right before publishing it. Apart from the fact that everyone agreed that giving AMD only such a short time to react befor publishing it, was completely unprofessional and a "hit job". (To which I agree.)

    So, do you plan on posting it until people believe it because we have given up on remindig everyone, or have you now brought your sock puppet troll army to silence everyone?

    Seriously, in my world, you need to go to prison over this!

  2. Markets dont care by borcharc · · Score: 2

    Markets have shown little care in the face of computer security issues. You may get a few day drop but nothing lasting. Look at Intel, Target, or anyone else. It's just not that big of a deal to investors or consumers.

    1. Re:Markets dont care by gregfortune · · Score: 1

      I don't think the duration of the drop is really that relevant to the accusation being leveled against CTS Labs. More important is the volume of the drop, the knowledge that it is likely to occur and when it is most likely to occur. If there was indeed collusion and CTS Labs benefited financially from the timing of their announcement, that's illegal.

    2. Re:Markets dont care by borcharc · · Score: 1

      I am not in agreement that its illegal. I can research a company and find something I think is negative about them and sell that information to a 3rd party who intends to short the stock. No one is accusing CTS labs of having material inside information about AMD. The information CTS has was independently discovered by them. If this was illegal every short equity operation (Muddy Waters, etc) would be shut down. The most troubling thing about this is the text of the Viceroy Research report. Saying a company is going to zero and is headed to bankruptcy, if they don't really believe that, could prove problematic, but no one gets in trouble for stuff like that anyway.

      That being said, I think that shorting companies based on security concerns is a good way to lose money. There have been several people that have attempted this and it never ends well. On top of that Intel has had just as bad or worse issues with their management engine and no one outside of the nerds care.

    3. Re:Markets dont care by KruiserX · · Score: 1

      They do care about opinions/reports, that's where Viceroy thrives. They were up to similar antics in South Africa, that time in banking. https://www.fin24.com/Companie...

    4. Re:Markets dont care by HiThere · · Score: 1

      Your assertion that those actions aren't illegal is, at best, questionable. IIUC they would be guilty of stock market manipulation and you would be and accessory before the fact.

      OTOH, it is true that such crimes are rarely prosecuted, and are difficult to detect. This doesn't keep them from being crimes.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    5. Re:Markets dont care by gregfortune · · Score: 2

      Sure. So did you find information in your research that's publicly available? No harm, no foul from what I understand.

      How about information that is not publicly available? Now we're in a little different spot. Now let's add that you intentional disseminate that information publicly after having sold the privileged information to a third party who acted on that information to purchase a security with an expectation that your public release of the information will affect price of the security? From what I understand, now you're dealing with securities fraud. I am in no way an expert on the associated laws, but section 9.a.5 of the Securities Exchange Act of 1934 (page 87) seems to apply directly to this situation. You would have to prove intent with that section, but it seems pretty obvious in this case.

      We'd be talking about the same thing if a member of Google Project Zero shorted Intel stock just before the public release of the Meltdown/Spectre fiasco. The purpose behind the regulation is to prevent an unfair advantage in cases where only a select group can be "in the know" and use that information to manipulate the stock price or act on expected changes to the price based on that privileged information.

  3. Even if true... by fazig · · Score: 3, Funny

    Invulnerabilities of the Security Processor had been reported to AMD last year by researchers from Google. Apparently AMD found a workaround by letting people disable the entire PSP. Considering that both the "Masterkey" and "Ryzenfall" vulnerability groups allegedly depend on exploiting the PSP, these problems already appear to be fixed by AMD, somewhat.
    So if someone with a Ryzen is concerned there's something they can do about it. Source: https://www.bleepingcomputer.c...

    1. Re:Even if true... by fazig · · Score: 2

      Well, I meant vulnerabilities there, not invulnerabilities.

    2. Re:Even if true... by ravenshrike · · Score: 1

      Clearly you should find out by sneaking into CTS Labs, stealing the technical data on the vulnerabilities they purportedly found, hack the PSP itself without removing the code to disable it, and test the hacked PSP while it's disabled to see if it can execute code. Until you do that however, you're just pissing upwind and splattering everyone with it.

  4. Securities fraud by Bruce+Perens · · Score: 4, Insightful

    Just in case it isn't clear enough to you, buying a security with insider knowledge of an unannounced problem with the company, then announcing the problem in the expectation that the announcement will manipulate the price of the stock, and attempting to profit from that, is securities fraud. It is the kind of thing that should be investigated by the Securities and Exchange Commission, and charges should be filed if appropriate.

    --
    Bruce Perens.
    1. Re:Securities fraud by Bruce+Perens · · Score: 3, Informative

      And yes, this also applies to purchasing short positions in the same stock before that sort of announcement.

      --
      Bruce Perens.
    2. Re:Securities fraud by macklin01 · · Score: 1, Redundant

      Thanks, Bruce. That was my first question at this story, and I appreciate hearing it from your expertise!!!!

      --
      OpenSource.MathCancer.org: open source comp bio
    3. Re:Securities fraud by ebcdic · · Score: 2

      But is information you have found out yourself, or from someone unrelated to the company, "insider knowledge"? In what sense are these people insiders?

    4. Re:Securities fraud by Actually,+I+do+RTFA · · Score: 2

      Look at Mark Cuban's investor newspaper. Its business model was to research and publish news about companies, but between research and publication Mark would invest in them (long or short positions). The SEC sued him. His blog has a lot of details.

      --
      Your ad here. Ask me how!
    5. Re:Securities fraud by Luthair · · Score: 3, Informative

      Its not clear that this would be considered insider knowledge to me. The normal modus operandi for short sellers is to do a significant amount of research on companies looking for flaws, wrong doing, etc. purchase a position then try to build uncertainty by hyping a press release.

      Previously unknown security vulnerabilities don't seem much different than accounting fraud assuming neither has a source inside the company.

    6. Re:Securities fraud by Train0987 · · Score: 1

      First, the SEC only has civil jurisdiction, meaning they can ONLY fine people and companies. The SEC brings civil suits, most of which are settled for pennies while the targets never have to admit any wrongdoing. Only the most egregious fraud gets the attention of the FBI who can pursue criminal charges.

      Oh, and everything being claimed in the article is completely legal if the author of the hit pieces disclosed their position. And yes, saying "we may or may not have a financial interest in publishing this" is a valid disclosure according to the law.

      These rules exist because of the caveat emptor principle: buyer beware. There used to be a time when people didn't automatically believe whatever they read, and average spectators weren't gambling in financial markets like it's a nickel slot.

    7. Re:Securities fraud by Train0987 · · Score: 3, Insightful

      Manipulating the markets even without insider knowledge is also technically illegal but virtually impossible to prove or prosecute. People are allowed to have opinions and publish them even if they are wrong. People are also allowed to speculate financially based on their opinions.

    8. Re:Securities fraud by borcharc · · Score: 2

      Wrong. If a 3rd party independently discovers information that is non-public but adverse to a public company they can do whatever they wish with it. If AMD employees in possession of non-public information made trades based on it, they would be in trouble. But in that situation, AMD would have had to know prior to any public release. As it stands now, the information is public and anyone can trade based on it.

    9. Re:Securities fraud by DivineKnight · · Score: 1

      Indeed. But now we have to contend with mismanaged funds (always a problem), and idiot savants using AI algorithms to scour newsfeeds for good / bad information (and automatically engage in buying / selling).

      And they really went SEO over this one. The Asus forums I frequent all had interesting "posts" about this problem, typically followed by a single post stating that one must acquire admin rights before anything can be exploited (and if they already have admin rights, they don't exactly need an exploit at that point...).

    10. Re:Securities fraud by Train0987 · · Score: 1

      "Someone looks in the trashcan, picks up the folder, reads the results, and decides to trade on the stock based on the financial results. This person is NOT guilty of insider trading."

      Tell that to Martha Stewart. She went to prison for selling her position in ImClone based on a tip from a broker who noticed ImClone's CEO was dumping his stock. That's all it took for her to be guilty of insider trading.

      Trading based on information not known to the public at large is all it takes to be in violation of insider-trading laws regardless of how you came into that information.

    11. Re:Securities fraud by ripvlan · · Score: 1

      ah ha - answered my own question

      https://en.wikipedia.org/wiki/...

      This might be considered "Short and Distort"

    12. Re:Securities fraud by Khyber · · Score: 1

      "People are allowed to have opinions and publish them even if they are wrong."

      Not if it involves being done to intentionally damage a company and is wholly misleading and defamatory, it sure as fuck is not.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    13. Re:Securities fraud by imrahilj · · Score: 2

      "Someone looks in the trashcan, picks up the folder, reads the results, and decides to trade on the stock based on the financial results. This person is NOT guilty of insider trading."

      Tell that to Martha Stewart. She went to prison for selling her position in ImClone based on a tip from a broker who noticed ImClone's CEO was dumping his stock. That's all it took for her to be guilty of insider trading.

      Trading based on information not known to the public at large is all it takes to be in violation of insider-trading laws regardless of how you came into that information.

      Didn't she go to prison for lying about what she did, rather than directly for what she did?

    14. Re:Securities fraud by ravenshrike · · Score: 1

      I wonder how they got the digitally signed drivers to test with. Depending on any contracts signed that very well could put them in the wheelhouse of insider trading. Either that or that portion of the 'security flaws' is entirely a theoretical attack with no actual proof of concept done on it at all.

    15. Re:Securities fraud by DRJlaw · · Score: 1

      Here's the problem with your post, the second they disclosed it to AMD, legally they became insiders.

      Not even close. An "insider" is a person with a fiduaciary or similar duty to the company, and "insider trading" requires trading on information obtained from such a person, whether one is an insider or not.

      An outsider disclosing information to AMD does not become a fiduciary to AMD or come under some similar duty unless they've gone and done something like signed a non-disclosure agreement. Giving outsider information to AMD does not magically transform that outsider information into "insider information" for the outsider.

    16. Re:Securities fraud by Agripa · · Score: 1

      Tell that to Martha Stewart. She went to prison for selling her position in ImClone based on a tip from a broker who noticed ImClone's CEO was dumping his stock.

      "Stewart was found guilty in March 2004 of felony charges of conspiracy, obstruction of an agency proceeding, and making false statements to federal investigators."

      Which is another way of saying she talked her way into jail and should have taken legal advice to shut up.

  5. Its criminally minded people trying this out by gweihir · · Score: 1

    So far, it does not seem to work against AMD, good. And the attempt was on low amateur level in addition, like a lot of crime. Of course, a lot of the press response was also on low amateur level (whatever happened to verifying stories before publishing?), so some small-time investors may have gotten spooked. I hope the SEC and others looks into this ruthlessly.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  6. AMD is down! by Anonymous Coward · · Score: 1

    As of this posting, AMD is down by a whopping -0.06. I do not think this does what you wanted it to do.

  7. Obvious stock market manipulation by Khyber · · Score: 1

    And Dan Guido is prime helper number one in this crime.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    1. Re:Obvious stock market manipulation by Khyber · · Score: 2

      Slashdot is helper number two given they're spreading this bullshit without any good reason. I wonder if slashdot has some skin in this game?

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  8. Nothing suspicious here by TimothyHollins · · Score: 2

    Hey guys, I'm one of you, a neutral third party financially uninvolved in any of this.
    Let's all go and buy Intel processors because they don't have any of these critical security flaws that are just so much more noteworthy than boring and harmless Spectre and Meltdown. And who even remembers those? They are so 2017, am I right?

    Also did you know that when you support Intel you support small independent security researchers of the highest ethical and moral standards? Wow, if that isn't standing up for the little guy (just like you and me!) I don't know what is.

    1. Re: Nothing suspicious here by drinkypoo · · Score: 1

      AMD isn't the little guy.
      This is Ford vs. Chevy stuff.

      No, not even close. Ford and GM are on roughly equal footing. Sometimes one leads the other. But the courts have decided more than once now that Intel not only has a dominant position in the market, but that they have abused it — specifically against AMD.

      You, cowardly sir, are an Intel shill.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re: Nothing suspicious here by nedlohs · · Score: 2

      Ford's market cap is $43.61B, General Motor's market cap is $52.80B. One is 83% of the size of the other.

      AMD's market cap is $10.94B. Intel's' market cap is $239.19B. On is 5% of the size of the other.

      Those are nothing like similar.

    3. Re:Nothing suspicious here by TooManyNames · · Score: 1

      Can't recall off the top of my head, but I think Spectre is an Intel-specific variant of the generic Meltdown vulnerability, which basically impacts all speculative processors (so everything currently in use). In other words, the vulnerability isn't just Intel's problem.

      Also, I very much doubt that Intel had anything to do with this security firm's announcement, or the investment journal's "obituary." I'd suspect that that's more just run-of-the-mill profiteering from basically worthless outlets looking to make a quick buck at someone else's (AMD's) expense. This isn't to suggest that Intel doesn't engage in shady practices, but I highly doubt that they're behind this particular issue.

      --
      "Is not a sentence" is not a sentence. Well damn.
    4. Re:Nothing suspicious here by Xtifr · · Score: 1

      The other way around, actually. Meldown is the Intel-specific* (and far more severe) of the three related vulnerabilities. (The other two are collectively called Spectre.) Meltdown requires drastic changes to the OS kernels, which have a big impact on performance. Linux, at least, put an "if (cpu_vendor != AMD)" around their performance-inhibiting Meltdown fixes. The Spectre vulnerabilities, on the other hand, don't require the same sort of low-level OS patches. They need changes to apps, and we'll be dealing with them for years. They're a nightmare no matter which vendors we use. But on the bright side, the fixes don't have the same negative impact on performance.

      The key takeaway here is that while these vulnerabilities weren't just Intel's problem, the bulk of the performance impact was!

      All of which makes Intel a reasonable target for suspicion here. They may or may not be involved, but it's pretty easy to see their motives if they are. "You don't have to give up performance if you use our chips" is a great selling point for AMD, and Intel is almost certainly going to want to counter that somehow.

      * Meltdown actually affects a few recent ARM64 chips as well, but that's a side issue. In the x86 world, it's Intel-specific.

    5. Re:Nothing suspicious here by HiThere · · Score: 1

      IIUC Spectre requires hardware level changes to all processors that engage in speculative execution. Also it requires a level of access not required by the Meltdown flaw (i.e. Intel) and is also not as privilege breaking.

      That said, Spectre still needs to be addressed, it's just that no remote exploits are yet known. But Meltdown (Intel) is remotely exploitable by, e.g., web browser javascript.

      The current articles attaching AMD are almost certainly either psychowar or attempted market manipulation (or some of each, possibly by independent parties). That said, the announced flaws could actually be real, and they could actually be serious. The info I've run across doesn't allow me to decide whether or not it's propaganda fraud as well as psychowar and possibly stock market fraud.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  9. Re: Seriously? Peddling the fake propaganda a sec by theshowmecanuck · · Score: 2

    Manipulating markets with lies. Actually I thought that *was* grounds for prison.

    --
    -- I ignore anonymous replies to my comments and postings.
  10. Not without your help, duche! by xxxLCxxx · · Score: 2

    Not without your help, duche!
    I can't believe this is still being spread...

  11. Re: Seriously? Peddling the fake propaganda a sec by theshowmecanuck · · Score: 2

    So someone is going to hire a crew of thousands in some mythical shipping department to individually inject malware into chips individually so that it actually becomes much of a threat. You don't happen to with for the mythological Intel associated CTS labs so you? What a fucking moron.

    --
    -- I ignore anonymous replies to my comments and postings.
  12. maybe CTS Labs can find out what happen drop soap by Joe_Dragon · · Score: 1

    maybe CTS Labs can find out what happens when you drop the soap!

  13. Cuban won by raymorris · · Score: 4, Informative

    The SEC went after Mark Cuban and Cuban won. The Cuban case is an example of what is NOT insider trading.

    Also if you look at the SEC web site it says illegal insider trading is:
    --
      buying or selling a security, in breach of a fiduciary duty or other relationship of trust and confidence,
    --

    The fiduciary duty is the duty that corporate officers, the company's lawyer, etc, have to look out for the interests of the company (stockholders) rather than their own personal gain. I have no "relationship of trust and confidence", no fiduciary duty, with Intel or AMD. Therefore, according to the SEC I can buy and sell AMD or Intel stock based on WHATEVER information I have, as long as I didn't get that information secretly from someone who has a "relationship of trust and confidence" with the company, such as a corporate officer.

  14. Re: Seriously? Peddling the fake propaganda a seco by Alain+Williams · · Score: 1

    I for one stopped buying AMD processors since they introduced PSP

    So: who did you warn about the PSP (introduced about 2013) ? If you did not use AMD or Intel processors, what were you using ?

  15. The Securities Exchange Commission disagrees with by raymorris · · Score: 1

    The statute, and the SEC, disagree with you.

    If you look at the SEC web site it says illegal insider trading is:
    --
        buying or selling a security, in breach of a fiduciary duty or other relationship of trust and confidence,
    --

    The fiduciary duty is the duty that corporate officers, the company's lawyer, etc, have to look out for the interests of the company (stockholders) rather than their own personal gain. I have no "relationship of trust and confidence", no fiduciary duty, with Intel or AMD. Therefore, according to the SEC I can buy and sell AMD or Intel stock based on WHATEVER information I have, as long as I didn't get that information secretly from someone who has a "relationship of trust and confidence" with the company, such as a corporate officer.

    I can decide to sell my Intel stock today because I haven't pooped yet, or because a groundhog saw his shadow. What's prohibited is people employed to take care of the company (corporate officers, etc) must not abrogate that responsibility for their own personal gain.

  16. Re: Seriously? Peddling the fake propaganda a seco by Anonymous Coward · · Score: 1

    PrePSP processors..

  17. Re: Seriously? Peddling the fake propaganda a seco by RhettLivingston · · Score: 1

    AMD investors are down a few 100 million dollars right now. The lab is an "insider" in this case. If any portion of that ended up in pockets of people who were given information ahead of time that enabled them to make money on shorts, they committed insider trading. There is no reason why this form of stealing should get different time than any other. It would certainly have involved enough money to qualify as grand larceny.

  18. Re:Securities fraud- Market manipulation? by ripvlan · · Score: 1

    That's what I came here to ask. It seems like market manipulation - similar to the penny stock pump and dump schemes.

    So is it? It's hard to believe that the folks at CTS et al aren't aware of SEC rules, esp brazenly including a comment in the disclosure. It's kind of like those YouTube disclaimers "I don't own this content - any Copyrighted material is owned by other entities" -- yeah that makes it all better.

    And as somebody else above noted - the security holes aren't really all that concerning requiring too many pre-reqs to the point that "you've been pwned" already.

    This is kind of interesting story within a story. Nothing to see here - except fake news and propaganda carried by news orgs that aren't capable to providing analysis, and wrapped in a possible fraud made possible by the Blogger fake news pipeline.

  19. Re:The Securities Exchange Commission disagrees wi by ripvlan · · Score: 1

    hmm... you might want to ask Martha Stewart about that definition. She received a tip that the CEO of the company had sold all his shares - and she acted accordingly. But I don't believe she was an officer of the company.

    Pump and Dump schemes are illegal too. https://en.wikipedia.org/wiki/...

    Actually this CTS instance might be considered "Short and Distort"

  20. Questions. by NormanHaga2580 · · Score: 1

    1. What is Intel's stake in putting AMD out of business.
    2. How much is Intel paying for this hit piece?

    1. Re:Questions. by Anonymous Coward · · Score: 1

      I don't think Intel had anything to do with this. This was a group of people trying to profit on a short term drop in AMD stock at a time of their choosing. Very sleezy and illegal manipulation. Long term it would help AMD and make Intel look bad if it were to come out Intel had anything to do with it.

      If AMD ever does go under, Intel will be facing ant-trust issues... it needs to keep a competitor for that alone.

    2. Re:Questions. by HiThere · · Score: 1

      Valid questions, but you put too much certainty behind them. Certainly I suspect that Intel somehow sponsored this, but I don't see any reason to feel certain. MS also has derived some benefit from this, as it's distracted people from complaining about MSWindows10 misdeeds. And it could be a pure attempt at financial gain by manipulating the stock market. There are probably a few other possibilities.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  21. Re: Seriously? Peddling the fake propaganda a sec by HiThere · · Score: 1

    IIRC someone did something similar for some Cisco routers. It was a targeted attack, not a global attack, but it wasn't narrowly targeted.

    So the scenario isn't unreasonable. A state actor would be the most likely perpetrator, and the attacks would be mildly targeted (systems shipped from location X to foreign location Y between dates D1 and D2). Saying this can't be done is denying that things that have been detected once can happen again.

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.
  22. She wasn't convicted of Securities Fraud by rsilvergun · · Score: 1

    Martha Stewart was convicted of lying to an officer. She tried to cover up what she did. Also, she was on the board of directors of the Stock Exchange, which probably gave her a fiduciary duty (tangentially). But even that wouldn't have stuck if she'd just come clean.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  23. Re: Seriously? Peddling the fake propaganda a sec by theshowmecanuck · · Score: 1

    Not denying it, but this is a (pretty much extreme) edge case. The only place where it would cause widespread issues is, per your example, at router manufacturers. Those are the only items where few instances can affect many. I don't see people doing this on every chip going into workstations or servers. It just isn't practical.

    --
    -- I ignore anonymous replies to my comments and postings.
  24. Re: Seriously? Peddling the fake propaganda a sec by ShanghaiBill · · Score: 4, Insightful

    Manipulating markets with lies. Actually I thought that *was* grounds for prison.

    They are not lying. They are stating facts and opinions, and mixing them to confuse naive investors. They preface many sentences with "We believe" and "We may". This "obituary" was almost certainly reviewed by lawyers, to ensure that it got as close to "the line" as possible, without crossing it.

    You can fool some of the people some of the time, and for securities manipulation, that is enough.

  25. Re:Seriously? Peddling the fake propaganda a secon by thegarbz · · Score: 1

    The last time this shit was posted, we established that the prerequisites for those "vulnerabilities" were ridiculous, requiring *at least* admin access

    All of which has nothing to do with TFA or TFS which is all about how perception can affect stock market changes. Take a breath, read the summary, participate in intellectual conversations and wipe the froth from your mouth.

  26. Re: Seriously? Peddling the fake propaganda a sec by theshowmecanuck · · Score: 2

    I don't think regulators will let people hide behind 'opinions' anymore. Especially when they say it is such an extremely dire vulnerability, when in fact it is not so dire. Moderate at best. It seems pretty evident when (their lawyers obviously did tell them to include that) they have financial interest in AMD and are partnering with a financial brokerage. If they bought stocks hoping them to rise they wouldn't make such extreme (likely bullshit) proclamations and then give AMD only a day to look at them. They wouldn't do something that would make them lose money. So the only way they could make money doing something like this is to short the stock. So this is plainly manipulation and should be investigated by the regulators. Even more so if some comments are to be believed that the security researchers website is quite new.

    --
    -- I ignore anonymous replies to my comments and postings.
  27. Rule 10b-5 by raymorris · · Score: 2

    Stewart wasn't held liable for most of the things in the SEC complaint because she was neither an officer of the company nor did she get the information from one. She basically went to prison for lying about the whole thing (obstruction of justice, etc.)

    Pump and dump is covered under rule 10b-5: Employment of Manipulative and Deceptive Practices. What's illegal is to LIE about a company in order to fraudulently manipulate the stock price. Telling the truth about a company is not only okay, but encouraged. Several offenses related to investing are only offenses if you fail to reveal the truth about the issues. If a company has security risks, or any other risks, certain people are REQUIRED to publish that information. Publishing true statements not only isn't a crime, it's how you avoid being charged with other crimes. Here's the full text if Rule 10b-5, the pump and dump rule.

    It shall be unlawful for any person, directly or indirectly, by the use of any means or instrumentality of interstate commerce, or of the mails or of any facility of any national securities exchange,
    (a) To employ any device, scheme, or artifice to defraud,
    (b) To make any untrue statement of a material fact or to omit to state a material fact necessary in order to make the statements made, in the light of the circumstances under which they were made, not misleading, or
    (c) To engage in any act, practice, or course of business which operates or would operate as a fraud or deceit upon any person,
    in connection with the purchase or sale of any security."

    Another thing that's been done regarding pump and dump is restrictions on who can trade penny stocks and how, since fraudsters often use penny stocks.

  28. Re: Seriously? Peddling the fake propaganda a se by Anonymous Coward · · Score: 1

    AMD could open source the code for review to prove there are no backdoors.

  29. Re: Seriously? Peddling the fake propaganda a sec by lsatenstein · · Score: 1

    Manipulating markets with lies. Actually I thought that *was* grounds for prison.

    They are not lying. They are stating facts and opinions, and mixing them to confuse naive investors. They preface many sentences with "We believe" and "We may". This "obituary" was almost certainly reviewed by lawyers, to ensure that it got as close to "the line" as possible, without crossing it.

    You can fool some of the people some of the time, and for securities manipulation, that is enough.

    I have a Intel q9650 system. It has no EFI bios, it relies on Linux and Selinux security features. The TPM for my Asus P5Q is a plug in chip.
    So, the TPM is replaceable by someone when a technician comes over and pretends he is installing new hardware, as opposed to replacing a Security chip with one allowing dual access.
    Yes, anyone who has physical access to the computer can install new bios's, replace TPMs and even replace CPU Microcode fixes.
    This problem is no different from my taking my car to a local garage which has a workaround diagnostic and programming machine usually provided to dealers. If I brought my system to Geek Squad, want to bet that they have put in software that indicates who in their organization handled the system last, and what is the bypass (insecure) password.

    CTS had a financial interest in dropping the AMD stock prices. And when they hit bottom, to buy them back. AMD is ok, the problem or issue, if any, may rest with the mother board manufacturer.

    --
    Leslie Satenstein Montreal Quebec Canada