oss-sec mailing list archives
Re: Malicious devices & vulnerabilties
From: Kurt Seifried <kseifrie () redhat com>
Date: Mon, 09 Jan 2012 00:11:24 -0500 (EST)
Firewire has DMA. http://cansecwest.com/core05/2005-firewire-cansecwest.swf eSATA - also does DMA. Thunderbolt also does DMA. In other words a lot of the newer/higher end interfaces all do DMA which is ... a problem. -Kurt ----- Original Message ----- From: "Xi Wang" <xi.wang () gmail com> To: oss-security () lists openwall com Sent: Sunday, January 8, 2012 1:13:37 PM Subject: Re: [oss-security] Malicious devices & vulnerabilties On Jan 8, 2012, at 6:19 AM, Florian Weimer wrote:
I think they should be considered vulnerable. Some applications need some robustness to attacks even from the local console (e.g., student computer rooms).
Thanks for bringing that up. Student computer rooms are a nice example, and a good old memory. ;-)
USB is also a popular transport in many air-gapped environments.
What else might be on this "untrusted" device list? Firewire? I guess those in the PC box don't count. - xi
Current thread:
- Malicious devices & vulnerabilties Xi Wang (Jan 07)
- Re: Malicious devices & vulnerabilties Florian Weimer (Jan 08)
- Re: Malicious devices & vulnerabilties Eugene Teo (Jan 08)
- Re: Malicious devices & vulnerabilties Alistair Crooks (Jan 08)
- Re: Malicious devices & vulnerabilties Ludwig Nussel (Jan 09)
- Re: Malicious devices & vulnerabilties Alistair Crooks (Jan 09)
- Re: Malicious devices & vulnerabilties Eugene Teo (Jan 08)
- Re: Malicious devices & vulnerabilties Florian Weimer (Jan 08)
- Re: Malicious devices & vulnerabilties Xi Wang (Jan 08)
- Re: Malicious devices & vulnerabilties Eitan Adler (Jan 08)
- Re: Malicious devices & vulnerabilties Xi Wang (Jan 08)
- Re: Malicious devices & vulnerabilties Vasiliy Kulikov (Jan 09)
- Re: Malicious devices & vulnerabilties Kurt Seifried (Jan 08)
- Re: Malicious devices & vulnerabilties Florian Weimer (Jan 09)
- Re: Malicious devices & vulnerabilties Kurt Seifried (Jan 09)
- Re: Malicious devices & vulnerabilties Xi Wang (Jan 08)
- Re: Malicious devices & vulnerabilties Hanno Böck (Jan 08)
- Re: Malicious devices & vulnerabilties Eugene Teo (Jan 08)