Warning: this post discusses child abuse and may make you uncomfortable…
Our society teaches us that scientists deal with the truth and facts. Scientists’ results are supported by controlled experiments, the scientific method, peer-reviewed journal articles, etc. However, there are charlatans in the world that masquerade as scientists. They do science-ey sounding things without actually doing science.
In the medical field, psychiatry is the worst offender. Conventional psychiatric views are driven by money as the deranged profession ignores very obvious evidence that contradicts their world view. For example, the National Institute of Mental Health website (archive.org, live version) claims that schizophrenia is a “chronic” disease, which means that it is ‘impossible’ for schizophrenia to go away. The reality is that people commonly experience full recoveries from schizophrenia (regardless of medication or treatment). You can see this for yourself on Youtube. Daniel Mackler’s film Take These Broken Wings has interviews with people who recovered from schizophrenia (trailer, full film). One of recovered schizophrenics, Joanne Greenberg, is the bestselling author of “I Never Promised You a Rose Garden” (it has over 26 thousand ratings on GoodReads and became a 1977 film). Despite obvious evidence, the conventional psychiatric field would still like to believe that schizophrenia is a brain disease, lasts for a lifetime, and is something that should be treated by psychiatric drugs (or whatever snake oil therapy is in vogue at the time like lobotomies/psychosurgery, insulin shock, or seizure-inducing ECT).
It turns out that I missed other parts of CTS’ old website from January 2018. The Management Team section from January has a different story than the one from March.
Secondly, I should own up to some of my mistakes in covering CTS Labs.
- AMD has confirmed the vulnerabilities. I originally thought that perhaps (A) CTS Labs was rehashing known issues or (B) they didn’t have the technical chops to find security vulnerabilities. I was wrong. AMD’s story differs from CTS Labs in other respects though. CTS Labs has suggested that the vulnerabilities may take months to fix. AMD states: “AMD is working on PSP firmware updates that we plan to release in the coming weeks.” *AMD’s blog post is not entirely clear about when fixes for the Promontory chipset will be available.
- Apparently CTS Labs (via its PR consultant) is claiming that Yaron Luk-Zilberman (YLZ) no longer actively manages NineWells Capital. It’s unclear to me as to when that occurred since YLZ’s name appears on a March 8, 2018 SEC filing for NineWells. Regardless, it wouldn’t be accurate for me to equate YLZ with NineWells.
While CTS’ predecessor Flexagrid is registered with the Israeli government, I could not find a business registration for CTS Labs. This is because CTS Labs and Flexagrid are the ‘same’ company. According to the archive.org history of the CTS Labs website, Flexagrid “became” Catenoid Security which implicitly became CTS-Labs. Flexagrid was founded in 2013. The charlatans have been claiming that CTS Labs was founded in January 2017, which is a lie.
The Business Wire press release has a 302 temporary redirect on it that makes the press release impossible to read (live link, archive.org link). Effectively, Business Wire has retracted the press release. (EDIT 2:48PM: Well I was wrong. The redirect is no longer in place.)
- In 2016, Uri Farkas registered a number of domains that seem like SEO spam. The websites are filled with Amazon affiliate links. The domain registrations suggest that Uri and Ilia Luk-Zilberman (of CTS Labs) were involved in a 2016 venture involving low-quality cookie cutter websites. This is the kind of startup business an unemployed person might try if they can’t get a job in the IT security field. The affiliate marketing game requires a completely different skillset compared to IT security and is easier to get into (even teenagers can do it). Uri and/or Ilia are a little sleazy because two or more of the websites are written under fake names.
“It looks like the IT security world has hit a new low.”
-Linus Torvalds, creator of Linux (via Google+)
Linus Torvalds has basically summarized the whole situation: clickbait media sites (e.g.
CNET, Tom’s Hardware, Gizmodo, Vice, The Hacker News) breathlessly report on security vulnerabilities without critical thinking or fact checking. The security industry takes advantage of that by making exaggerated claims and being attention whores. On CTS’ report, Linus states: “I refuse to link to that garbage. But yes, it looks more like stock manipulation than a security advisory to me.”
Thankfully there are some journalists trying to do real journalism. (I know the industry is dying but I’d like to thank the journalists out there who are upholding their journalistic integrity.) In comments to these journalists, charlatans like Fraser John Perring and Yaron Luk-Zilberman have been quite disingenuous. The short and distort campaign has been getting more bizarre.
CTS-Labs has come out with a “research” piece on AMD processors. The reader might be misled into thinking that the “white paper” reveals previously undisclosed security vulnerabilities. However, the CTS-Labs disclaimer (archive.org) states that the CTS report “summarizes security vulnerabilities, but purposefully does not provide a complete description of such vulnerabilities […]”. So from my reading of the so-called “white paper”, CTS isn’t actually revealing previously unknown security flaws.
This isn’t like Muddy Waters’ work on St. Jude, where Muddy Waters alleged security flaws with St. Jude’s pacemakers; St. Jude has since recalled pacemakers to fix security vulnerabilities (Zdnet, FDA). The difference between Muddy Waters and CTS is that Muddy Waters did actual research to find previously unknown problems with the company’s products. Now if CTS actually did find a novel security vulnerability, then I would apologize. However, the CTS report does not clearly articulate what’s a rehash of previously known security issues and what isn’t.
EDIT (3/21/2018): Correction: the bugs are real. Their severity has been overstated as they only work on systems that have already been compromised. AMD says that fixes will be available within weeks while CTS Labs is still claiming that it will take months. Status of fixes for the Promontory chipset are less clear at the moment.
Like Paypal and Visa, Bitcoin is a system that can send money digitally. The innovation that sets Bitcoin apart is that it isn’t controlled or operated by a single company. Instead of having a company like Visa run the system, anybody can join the Bitcoin network and participate in the record keeping that keeps Bitcoin running. Nobody owns the Bitcoin software or the Bitcoin network. If an oppressive government wants to shut down Bitcoin, it can’t simply go after a single company. An oppressive government would (in theory) have to go after everybody running Bitcoin server software on their computer to shut it down.
In practice, the decentralization doesn’t actually work. Most people buy Bitcoins through exchanges run by private companies, which are subject to government-imposed laws and regulations. While Bitcoin’s innovation is interesting, it doesn’t actually do anything useful in the real world. However, very few people actually understand Bitcoin. So, journalists and cryptocurrency fanatics can make up fancy stories about how Bitcoin or other cryptocurrencies will change the world.