Full Disclosure mailing list archives
Re: Owned by an iPod
From: Matt Johnston <mattj () tartarus uwa edu au>
Date: Sat, 23 Oct 2004 18:09:32 +0800
On Fri, Oct 22, 2004 at 10:53:55AM -0700, Dragos Ruiu wrote:
On October 21, 2004 10:22 pm, Rosalina Hamar wrote:i heart about that demonstration a couple of weeks ago. now it's an official announcement at parsec.jp [0]. since there is not much technical info on that issue in the announcement, i googled around and found a link to an interesting post about the IEEE1394 OHCI interface on kerneltrap [1] back in 2002. shish ... rosa [0] http://pacsec.jp/advisories.html [1] http://kerneltrap.org/node/view/145More technical information on this vulnerability, and some of the other vulnerabilities, fixes and techniques from the conference will be published after the conference.
At least on Mac OS X, a workaround appears to be enabling an openfirmware password[1]. I assume that most firewire chipsets would have the capability to disable raw memory access if the OS asks nicely? Of course whether it's disabled before the OS loads is another matter... Matt [1] http:/matt.ucc.asn.au/apple/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Owned by an iPod Rosalina Hamar (Oct 22)
- Re: Owned by an iPod Dragos Ruiu (Oct 22)
- Re: Owned by an iPod Matt Johnston (Oct 23)
- Re: Owned by an iPod Dragos Ruiu (Oct 22)