Full Disclosure mailing list archives
Re: Firewire Attack on Windows Vista
From: Tim <tim-security () sentinelchicken org>
Date: Sat, 8 Mar 2008 14:51:00 -0800
Yeah, I made specific reference to that attack in my message. There's a big difference between sleep mode and hibernate mode. In hibernate the system is powered off. Even if the memory has some residual charge I'm sure it's far less reliable than with sleep.
Yeah, but the whole point is if it's written to disk, the data is much easier to get at. The hard thing to do is steal memory. I've read that some HD encryption systems encrypt the hibernate file too, so perhaps you're better off in that situation. However, if the attacker anticipates this, he could simply power the system on, get the come-out-of-hibernation login prompt, compromise the kernel by injecting a driver or some such thing with a FireWire Memory attack, and then send it back into hibernate or something along those lines and wait for the real user to log in. I can't say that I keep up on the particulars of how Windows does this or that or the other related to hibernation and encryption, so perhaps the specific attack above is flawed, but if you get to physical memory and it's game over. Doesn't matter what you do with obfuscation around encryption. tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Firewire Attack on Windows Vista, (continued)
- Message not available
- Re: Firewire Attack on Windows Vista Tim (Mar 06)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
- Re: Firewire Attack on Windows Vista Bryon Roche (Mar 07)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 08)
- Re: Firewire Attack on Windows Vista Tim (Mar 08)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 08)
- Re: Firewire Attack on Windows Vista Tim (Mar 08)
- Message not available
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 09)
- Re: Firewire Attack on Windows Vista Stefan Kanthak (Mar 09)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 09)
- Re: Firewire Attack on Windows Vista Jardel Weyrich (Mar 09)
- Re: Firewire Attack on Windows Vista Kern (Mar 10)
- Re: Firewire Attack on Windows Vista Stefan Kanthak (Mar 10)
- Re: Firewire Attack on Windows Vista FD (Mar 12)
- Re: Firewire Attack on Windows Vista Eric Rachner (Mar 12)
- Re: Firewire Attack on Windows Vista Erik Trulsson (Mar 09)
- Re: Firewire Attack on Windows Vista Pavel Kankovsky (Mar 15)