Full Disclosure mailing list archives
Re: Firewire Attack on Windows Vista
From: Kern <timetrap () gmail com>
Date: Mon, 10 Mar 2008 10:26:20 -0400
Hi, I am new to this list. I was reading your messages, and began to wonder; For a temporary fix action why not just disable the ability to install new firewire devices? I know that this does not fix the fundamental problem, but it could work as a decent kludge. I am reminded of the NSA Security Guide on Disabling USB Devices<http://www.nsa.gov/snac/support/I731-002R-2007.pdf>, how do these actions translate to firewire? On Sun, Mar 9, 2008 at 11:35 PM, Jardel Weyrich <w.jardel () gmail com> wrote:
Larry, there is no disk involved on the problem, only memory. So if the disk is encrypted or not, doesn't matter. Regards, Jardel Weyrich On Sun, Mar 9, 2008 at 11:14 PM, Larry Seltzer <Larry () larryseltzer com> wrote:WRT the DMA access over FireWire it's but a bad response since itdoesn't get the point!1. Drive encryption won't help against reading the memory. 2. The typical user authentication won't help, we're at hardware level here, and no OS needs to be involved. 3. The computer is up (and running; see above), no hibernate or sleep is involved here.So on a freshly-booted system with drive encryption you can read whatever you want on the disk?4. Group policies can be circumvented, even by a limited user.<http://blogs.technet.com/markrussinovich/archive/2005/12/12/circumventi ng-group-policy-as-a-limited-user.aspx<http://blogs.technet.com/markrussinovich/archive/2005/12/12/circumventing-group-policy-as-a-limited-user.aspx>What he says is that some group policies, not including system-wide security settings, maybe circumvented, even by a limited user. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Firewire Attack on Windows Vista, (continued)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
- Re: Firewire Attack on Windows Vista Bryon Roche (Mar 07)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 08)
- Re: Firewire Attack on Windows Vista Tim (Mar 08)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 08)
- Re: Firewire Attack on Windows Vista Tim (Mar 08)
- Message not available
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 09)
- Re: Firewire Attack on Windows Vista Stefan Kanthak (Mar 09)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 09)
- Re: Firewire Attack on Windows Vista Jardel Weyrich (Mar 09)
- Re: Firewire Attack on Windows Vista Kern (Mar 10)
- Re: Firewire Attack on Windows Vista Stefan Kanthak (Mar 10)
- Re: Firewire Attack on Windows Vista FD (Mar 12)
- Re: Firewire Attack on Windows Vista Eric Rachner (Mar 12)
- Re: Firewire Attack on Windows Vista Erik Trulsson (Mar 09)
- Re: Firewire Attack on Windows Vista Pavel Kankovsky (Mar 15)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 06)
- Re: Firewire Attack on Windows Vista Daniel O'Connor (Mar 05)
- Re: Firewire Attack on Windows Vista Tonnerre Lombard (Mar 05)
- Re: Firewire Attack on Windows Vista Tim (Mar 06)