Full Disclosure mailing list archives
Re: Firewire Attack on Windows Vista
From: "TheM ." <them.root () gmail com>
Date: Wed, 5 Mar 2008 22:06:28 -0500
I believe their work is an expansion of this: http://www.theage.com.au/news/security/hack-into-a-windows-pc-no-password-needed/2008/03/04/1204402423638.html, which demonstrated the vuln. in XP (and, according to the paper, it's been demonstrated with other OS's as well), and their work was specifically done on showing the problem in Vista, which hadn't (as far as the paper writer seems to know) been done before. Maus On Wed, Mar 5, 2008 at 4:30 PM, Roger A. Grimes <roger () banneretcs com> wrote:
As somewhat indicated in the paper itself, these types of physical DMA attacks are possible against any PC-based OS, not just Windows. If that's true, why is the paper titled around Windows Vista? I guess it makes headlines faster. But isn't as important, if not more important, to say all PC-based systems have the same underlying problem? That it's a broader problem needing a broader solution, instead of picking on one OS vendor to get headlines? [Disclaimer: I'm a full-time Microsoft employee.] Roger ***************************************************************** *Roger A. Grimes, InfoWorld, Security Columnist *CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada... *email: roger_grimes () infoworld com or roger () banneretcs com *Author of Windows Vista Security: Securing Vista Against Malicious Attacks (Wiley) * http://www.amazon.com/Windows-Vista-Security-Securing-Malicious/dp/0470101555 ***************************************************************** -----Original Message----- From: Bernhard Mueller [mailto:research () sec-consult com] Sent: Wednesday, March 05, 2008 10:54 AM To: Full Disclosure; Bugtraq Subject: Firewire Attack on Windows Vista Hello, In the light of recent discussions about firewire / DMA hacks, we would like to throw in some of the results of our past research on this topic (done mainly by Peter Panholzer) in the form of a short whitepaper. In this paper, we demonstrate that the firewire unlock attack (as implemented in Adam Boileau´s winlockpwn) can be used against Windows Vista. The paper is available at: http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf Best regards, Bernhard -- _________________________________________ Bernhard Mueller Security Consultant SEC Consult Unternehmensberatung GmbH www.sec-consult.com A-1190 Vienna, Mooslackengasse 17 phone +43 1 8903043 34 fax +43 1 8903043 15 mobile +43 676 840301 718 email b.mueller () sec-consult com Firmenbuch Wiener Neustadt: 227896t, UID: ATU56165223 Firmensitz: Prof. Dr. Stephan Korenstraße 10, A-2700 Wiener Neustadt Advisor for your information security.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Firewire Attack on Windows Vista Bernhard Mueller (Mar 05)
- Re: Firewire Attack on Windows Vista Thierry Zoller (Mar 05)
- Message not available
- Re: Firewire Attack on Windows Vista TheM . (Mar 05)
- Message not available
- Re: Firewire Attack on Windows Vista Peter Watkins (Mar 05)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 06)
- Re: Firewire Attack on Windows Vista Tim (Mar 06)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 06)
- Re: Firewire Attack on Windows Vista Tim (Mar 06)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 06)
- Re: Firewire Attack on Windows Vista Tim (Mar 06)
- Re: Firewire Attack on Windows Vista Peter Watkins (Mar 05)
- Message not available
- Re: Firewire Attack on Windows Vista Tim (Mar 06)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)