Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Firewire Attack on Windows Vista

From: "Larry Seltzer" <Larry () larryseltzer com>
Date: Sun, 9 Mar 2008 23:36:33 -0400
You're mistaken in thinking that we're conflating sleep and hibernate

modes.

Microsoft's response of using two factor authentication is silly. It

doesn't actually stop our attacks. In certain circumstances, it may
shorten the window of attack for a specific type of user but it's mostly
irrelevant. Consider a mail server with an encrypted drive, no proximity
sensor or two factor authentication is going to help you. A seizure will
still result in someone getting the keys that are in memory
- unless you're using some sort of secure crypto co-processor (which no
one is).


From your own paper:



Microsoft ... recommends configuring BitLocker in "advanced
mode," where it protects the disk key using the TPM along with a

password or a key on a removable

USB device. However, even with these measures, BitLocker is vulnerable

if an attacker gets to the system

while the screen is locked or the computer is asleep (though not if it

is hibernating or powered off). 

So in other words, hibernate does make a difference, especially if you
follow their guidelines.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: