Full Disclosure mailing list archives
Re: Firewire Attack on Windows Vista
From: "Larry Seltzer" <Larry () larryseltzer com>
Date: Sun, 9 Mar 2008 23:36:33 -0400
You're mistaken in thinking that we're conflating sleep and hibernate
modes.
Microsoft's response of using two factor authentication is silly. It
doesn't actually stop our attacks. In certain circumstances, it may shorten the window of attack for a specific type of user but it's mostly irrelevant. Consider a mail server with an encrypted drive, no proximity sensor or two factor authentication is going to help you. A seizure will still result in someone getting the keys that are in memory - unless you're using some sort of secure crypto co-processor (which no one is).
From your own paper:
Microsoft ... recommends configuring BitLocker in "advanced mode," where it protects the disk key using the TPM along with a
password or a key on a removable
USB device. However, even with these measures, BitLocker is vulnerable
if an attacker gets to the system
while the screen is locked or the computer is asleep (though not if it
is hibernating or powered off). So in other words, hibernate does make a difference, especially if you follow their guidelines. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Firewire Attack on Windows Vista, (continued)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
- Re: Firewire Attack on Windows Vista Bryon Roche (Mar 07)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 08)
- Re: Firewire Attack on Windows Vista Tim (Mar 08)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 08)
- Re: Firewire Attack on Windows Vista Tim (Mar 08)
- Message not available
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 09)
- Re: Firewire Attack on Windows Vista Stefan Kanthak (Mar 09)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 09)
- Re: Firewire Attack on Windows Vista Jardel Weyrich (Mar 09)
- Re: Firewire Attack on Windows Vista Kern (Mar 10)
- Re: Firewire Attack on Windows Vista Stefan Kanthak (Mar 10)
- Re: Firewire Attack on Windows Vista FD (Mar 12)
- Re: Firewire Attack on Windows Vista Eric Rachner (Mar 12)
- Re: Firewire Attack on Windows Vista Erik Trulsson (Mar 09)
- Re: Firewire Attack on Windows Vista Pavel Kankovsky (Mar 15)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 06)