Re: Firewire vulnerability applicable on FreeBSD?
- From: Christian Brueffer <brueffer@xxxxxxxxxxx>
- Date: Sun, 23 Mar 2008 15:47:38 +0100
On Sat, Mar 22, 2008 at 07:12:09PM +0100, Jeremie Le Hen wrote:
Hi there,
I've stumbled on this article. I wonder if this is applicable to
FreeBSD. Would it still be possible to exploit it without a firewire
driver?
http://www.dailytech.com/Lock+Your+Workstations+Or+Not+New+Tool+Bypasses+Windows+Logon/article10972.htm
« The tool is a simple, 200-line script written in the Python
programming language exploits features built into Firewire that allow
direct access to a computer's memory. By targeting specific places that
Windows consistently stores its vital authentication functions,
Boileau's tool is able to overwrite Windows' secured code with patches
that skip Windows' password check entirely. »
It is, and FreeBSD was used in a proof of concept for reading passwords
via FireWire some years ago (see http://md.hudora.de/presentations/ for
sample Python code). In CURRENT and RELENG_7, there's a tunable to
disable physical access, see fwohci(4), it should probably be ported back
to RELENG_6.
- Christian
--
Christian Brueffer chris@xxxxxxxxxxxxx brueffer@xxxxxxxxxxx
GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc
GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D
Attachment:
pgp6dKUDEPK4y.pgp
Description: PGP signature
- References:
- Firewire vulnerability applicable on FreeBSD?
- From: Jeremie Le Hen
- Firewire vulnerability applicable on FreeBSD?
- Prev by Date: Re: Firewire vulnerability applicable on FreeBSD?
- Next by Date: Re: Firewire vulnerability applicable on FreeBSD?
- Previous by thread: Re: Firewire vulnerability applicable on FreeBSD?
- Index(es):
Relevant Pages
|
|
