Full Disclosure mailing list archives
Re: Firewire Attack on Windows Vista
From: Tim <tim-security () sentinelchicken org>
Date: Thu, 6 Mar 2008 14:30:22 -0800
Hi Glenn,
It should be realized though that fixing this is not necessarily a simple thing, nor are architectural considerations missing.
I most probably understated the difficulty of implementing a safe ieee1394 DMA driver earlier. However, it's one of those things where the drivers ought to at least default to a safe configuration and allow those who like operating in the "wild west" for the purposes of speed to do so.
As for what can be done by Windows (as opposed to "any OS"), that is perhaps limited by the great range of underlying hardware. A compromise which might allow DMA to/from disks, tapes, or CDs but disallow it for most other peripherals might turn out to be the best general solution available, or something comparably ugly.
In the specific case of FireWire, Windows already does this, but that is exactly how the restrictions were bypassed. You can't trust a disk device any more than any other device, since a laptop can simply emulate a storage device. cheers, tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Firewire Attack on Windows Vista, (continued)
- Re: Firewire Attack on Windows Vista Kern (Mar 10)
- Re: Firewire Attack on Windows Vista Stefan Kanthak (Mar 10)
- Re: Firewire Attack on Windows Vista FD (Mar 12)
- Re: Firewire Attack on Windows Vista Eric Rachner (Mar 12)
- Re: Firewire Attack on Windows Vista Erik Trulsson (Mar 09)
- Re: Firewire Attack on Windows Vista Pavel Kankovsky (Mar 15)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 06)
- Message not available
- Re: Firewire Attack on Windows Vista Daniel O'Connor (Mar 05)
- Message not available
- Re: Firewire Attack on Windows Vista Tonnerre Lombard (Mar 05)
- Re: Firewire Attack on Windows Vista Tim (Mar 06)