Re: [Full-disclosure] Firewire Attack on Windows Vista

You're mistaken in thinking that we're conflating sleep and hibernate
modes.
Microsoft's response of using two factor authentication is silly. It
doesn't actually stop our attacks. In certain circumstances, it may
shorten the window of attack for a specific type of user but it's mostly
irrelevant. Consider a mail server with an encrypted drive, no proximity
sensor or two factor authentication is going to help you. A seizure will
still result in someone getting the keys that are in memory
- unless you're using some sort of secure crypto co-processor (which no
one is).

From your own paper:

Microsoft ... recommends configuring BitLocker in "advanced
mode," where it protects the disk key using the TPM along with a
password or a key on a removable
USB device. However, even with these measures, BitLocker is vulnerable
if an attacker gets to the system
while the screen is locked or the computer is asleep (though not if it
is hibernating or powered off).

So in other words, hibernate does make a difference, especially if you
follow their guidelines.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer@xxxxxxxxxxxxxxxxxxxxxxx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • RE: [Full-disclosure] Firewire Attack on Windows Vista
    ... shorten the window of attack for a specific type of user but it's mostly ... sensor or two factor authentication is going to help you. ... is hibernating or powered off). ... Contributing Editor, PC Magazine ...
    (Bugtraq)
  • RE: Active response... some thoughts.
    ... Keep in mind its not just the sensor, its also the network. ... TCP RST is more than just a marketing ... it can often stop a single packet attack. ...
    (Focus-IDS)
  • Re: Active response... some thoughts.
    ... ways to keep a sensor busy enough so that "if the sensor is ... TCP RST is more than just a marketing ... > TCP RST can and often will prevent even single packet ... it can often stop a single packet attack. ...
    (Focus-IDS)
  • Re: =?ISO-8859-1?Q?I=B4m_lost!_Depth_of_field_problem_?= =?ISO-8859-1?Q?with_all_DSL
    ... The number of photons per sensor will effect the CoC? ... the same camera position and the same image framing on the sensor ... You attack him at your peril. ...
    (rec.photo.digital)
  • Re: Free News Server
    ... Its total crap. ... its hibernating! ... Its also got an attack of amnesia as every 10 seconds or so, ...
    (comp.sys.sinclair)
Loading