Steve Shockley wrote:
Stefan Kanthak wrote:
2. The typical user authentication won't help, we're at hardware
level here, and no OS needs to be involved.
So, if I understand you correctly, if I boot my machine into DOS the
memory can be read over Firewire?
If DMA is enabled on the
Larry Seltzer wrote:
I actually do have a response fom Microsoft on the broader issue, but it
doesn't address these issues or even concded that there's necessarily
anything they can do about it. They instead speak of the same
precautions for physical access that they spoke of a couple weeks
-Original Message-
From: Larry Seltzer [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 06, 2008 9:51 AM
To: Peter Watkins; Roger A. Grimes
Cc: Bernhard Mueller; Full Disclosure; Bugtraq
Subject: RE: Firewire Attack on Windows Vista
Roger, you should note that Adam's Hit by a Bus
Salut,
On Thu, 6 Mar 2008 11:01:45 +0100 (CET), [EMAIL PROTECTED]
wrote:
Actually they can be prevented by instructing the controller to
filter the adresses the devices send. Then again, that's work, and
physical attacks are typically considered low-risk, so I guess it's
not found worth it.
Tonnerre Lombard wrote:
There is a quite viable technical solution in the form of a patch which
solves most of these problems.
snip
Tonnerre
To what are you referring?
I am aware of only a few defenses against firewire attacks:
1) disable firewire -
On Wed, Mar 05, 2008 at 04:30:35PM -0500, Roger A. Grimes wrote:
As somewhat indicated in the paper itself, these types of physical DMA
attacks are possible against any PC-based OS, not just Windows. If that's
true, why is the paper titled around Windows Vista?
I guess it makes headlines
On Thu, 6 Mar 2008, Roger A. Grimes wrote:
As somewhat indicated in the paper itself, these types of physical
DMA attacks are possible against any PC-based OS, not just Windows.
If that's true, why is the paper titled around Windows Vista?
I guess it makes headlines faster. But isn't as
Salut, Roger,
On Wed, 5 Mar 2008 16:30:35 -0500, Roger A. Grimes wrote:
As somewhat indicated in the paper itself, these types of physical
DMA attacks are possible against any PC-based OS, not just Windows.
If that's true, why is the paper titled around Windows Vista?
That's very easy:
Actually they can be prevented by instructing the controller to filter the
adresses the devices send. Then again, that's work, and physical attacks
are typically considered low-risk, so I guess it's not found worth it.
The obvious reason to mention Vista is of course that Microsoft likes
to
Roger, you should note that Adam's Hit by a Bus paper includes
information about how Linux users can load their OS' Firewire driver in
a way that should disallow physical memory DMA access, and close this
attack vector.
What are the implications for firewire device compatibility of doing
this?
Dear All,
That said the original work on this from metlstorm is in the news [1]
and can be found here : http://storm.net.nz/projects/16
[1] http://it.slashdot.org/article.pl?sid=08/03/04/1258210from=rss
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3
As somewhat indicated in the paper itself, these types of physical DMA attacks
are possible against any PC-based OS, not just Windows. If that's true, why is
the paper titled around Windows Vista?
I guess it makes headlines faster. But isn't as important, if not more
important, to say all
12 matches
Mail list logo