Re: [Full-disclosure] Firewire Attack on Windows Vista
- From: Kern <timetrap@xxxxxxxxx>
- Date: Mon, 10 Mar 2008 10:26:20 -0400
Hi, I am new to this list.
I was reading your messages, and began to wonder; For a temporary fix action
why not just disable the ability to install new firewire devices? I know
that this does not fix the fundamental problem, but it could work as a
decent kludge.
I am reminded of the NSA Security Guide on Disabling USB
Devices<http://www.nsa.gov/snac/support/I731-002R-2007.pdf>,
how do these actions translate to firewire?
On Sun, Mar 9, 2008 at 11:35 PM, Jardel Weyrich <w.jardel@xxxxxxxxx> wrote:
Larry, there is no disk involved on the problem, only memory._______________________________________________
So if the disk is encrypted or not, doesn't matter.
Regards,
Jardel Weyrich
On Sun, Mar 9, 2008 at 11:14 PM, Larry Seltzer <Larry@xxxxxxxxxxxxxxxx>
wrote:
doesn't get the point!WRT the DMA access over FireWire it's but a bad response since it
1. Drive encryption won't help against reading the memory.
2. The typical user authentication won't help, we're at hardware level
here, and no OS needs to be involved.
3. The computer is up (and running; see above), no hibernate or sleep
is involved here.
So on a freshly-booted system with drive encryption you can read
whatever you want on the disk?
<http://blogs.technet.com/markrussinovich/archive/2005/12/12/circumventi4. Group policies can be circumvented, even by a limited user.
ng-group-policy-as-a-limited-user.aspx<http://blogs.technet.com/markrussinovich/archive/2005/12/12/circumventing-group-policy-as-a-limited-user.aspx>
What he says is that some group policies, not including system-wide
security settings, maybe circumvented, even by a limited user.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- [Full-disclosure] Firewire Attack on Windows Vista
- From: Bernhard Mueller
- Re: [Full-disclosure] Firewire Attack on Windows Vista
- From: Thor (Hammer of God)
- Re: [Full-disclosure] Firewire Attack on Windows Vista
- From: Thor (Hammer of God)
- Re: [Full-disclosure] Firewire Attack on Windows Vista
- From: Larry Seltzer
- Re: [Full-disclosure] Firewire Attack on Windows Vista
- From: Larry Seltzer
- Re: [Full-disclosure] Firewire Attack on Windows Vista
- From: Bryon Roche
- Re: [Full-disclosure] Firewire Attack on Windows Vista
- From: Larry Seltzer
- Re: [Full-disclosure] Firewire Attack on Windows Vista
- From: Stefan Kanthak
- Re: [Full-disclosure] Firewire Attack on Windows Vista
- From: Larry Seltzer
- Re: [Full-disclosure] Firewire Attack on Windows Vista
- From: Jardel Weyrich
- [Full-disclosure] Firewire Attack on Windows Vista
- Prev by Date: [Full-disclosure] Real Networks RealPlayer ActiveX Control Heap Corruption
- Next by Date: [Full-disclosure] SecurityFocus Article
- Previous by thread: Re: [Full-disclosure] Firewire Attack on Windows Vista
- Next by thread: Re: [Full-disclosure] Firewire Attack on Windows Vista
- Index(es):
