http://www.hackersforcharity.org/
Join the fun!
Jared
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Sorry, my response became detached from the original thread somehow.
On Wed, Mar 5, 2008 at 4:29 PM, David Judais [EMAIL PROTECTED]
wrote:
Why isn't there a patch?
From: [EMAIL PROTECTED]
Site: http://www.vashnukad.com
Application: Linux Kiss Server v1.2
Type: Format strings
I made a short reply to this yesterday, but it probably came off as
flippant and thus didn't get posted. However, if one insists on leaving
their machine unattended in a public place, but have at least locked it,
but are still worried that someone will use a hardware-based firewire
attack, then
Who can be the one to find and publish the first exploit?
http://www.microsoft.com/windows/products/winfamily/ie/ie8/readiness/Install.htm
Jay
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Who can be the one to find and publish the first exploit?
I hear you can completely compromise an IE8 system through the Firewire
port.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
[EMAIL
Breaking pre-release software doesn't sound all that impressive but I'm sure
Microsoft would appreciate more people helping them to find bugs;)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jay
Sent: Friday, March 07, 2008 3:39 PM
To:
LOL :)
On Fri, 7 Mar 2008 13:00:55 -0500
Larry Seltzer [EMAIL PROTECTED] wrote:
Who can be the one to find and publish the first exploit?
I hear you can completely compromise an IE8 system through the
Firewire port.
Larry Seltzer
eWEEK.com Security Center Editor
###
Luigi Auriemma
Application: MailEnable Professional and Enterprise
http://www.mailenable.com
Versions: = 3.13
Platforms:Windows
Bugs: A] multiple post-auth
key, then don't have autorun (which is default) automatically enabled
for the device.
Thanks to Blue Boar for pointing out that autorun doesn't have anything
to do with it if the attack device can have the drivers automatically
installed (and, of course, that the host controller is enabled).
Let's say the computer is off. You can turn it on, but that gets you to
a login screen. What can the Firewire device do?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
Let's say the computer is off. You can turn it on, but that gets you
to a login screen. What can the Firewire device do?
OK, I guess I misunderstood the original paper
(http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks
.pdf). It now looks to me like they are claiming they
The main point is to grab encryption keys from memory where the drive is
encrypted - but that has to be while the device is on. I mean, it
doesn't really matter if you disable password auth when you have
physical access as you can just take the drive out, boot from CD, etc...
t
-Original
I have not yet notified the vendors.
--
Name: Vashnukad
e-mail: [EMAIL PROTECTED]
Site: http://www.vashnukad.com
On 3/5/08, David Judais [EMAIL PROTECTED] wrote:
Why isn't there a patch?
From: [EMAIL PROTECTED]
Site: http://www.vashnukad.com
Application: Linux Kiss Server v1.2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:064
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200803-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
On Fri, 07 Mar 2008 14:51:07 -0500, Larry Seltzer wrote:
Let's say the computer is off. You can turn it on, but that gets you
to a login screen. What can the Firewire device do?
OK, I guess I misunderstood the original paper
16 matches
Mail list logo