| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Mar 2008 16:30:35 -0500 From: "Roger A. Grimes" <roger@...neretcs.com> To: "Bernhard Mueller" <research@...-consult.com>, "Full Disclosure" <full-disclosure@...ts.grok.org.uk>, "Bugtraq" <bugtraq@...urityfocus.com> Subject: RE: Firewire Attack on Windows Vista As somewhat indicated in the paper itself, these types of physical DMA attacks are possible against any PC-based OS, not just Windows. If that's true, why is the paper titled around Windows Vista? I guess it makes headlines faster. But isn't as important, if not more important, to say all PC-based systems have the same underlying problem? That it's a broader problem needing a broader solution, instead of picking on one OS vendor to get headlines? [Disclaimer: I'm a full-time Microsoft employee.] Roger ***************************************************************** *Roger A. Grimes, InfoWorld, Security Columnist *CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada... *email: roger_grimes@...oworld.com or roger@...neretcs.com *Author of Windows Vista Security: Securing Vista Against Malicious Attacks (Wiley) *http://www.amazon.com/Windows-Vista-Security-Securing-Malicious/dp/0470101555 ***************************************************************** -----Original Message----- From: Bernhard Mueller [mailto:research@...-consult.com] Sent: Wednesday, March 05, 2008 10:54 AM To: Full Disclosure; Bugtraq Subject: Firewire Attack on Windows Vista Hello, In the light of recent discussions about firewire / DMA hacks, we would like to throw in some of the results of our past research on this topic (done mainly by Peter Panholzer) in the form of a short whitepaper. In this paper, we demonstrate that the firewire unlock attack (as implemented in Adam Boileau´s winlockpwn) can be used against Windows Vista. The paper is available at: http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf Best regards, Bernhard -- _________________________________________ Bernhard Mueller Security Consultant SEC Consult Unternehmensberatung GmbH www.sec-consult.com A-1190 Vienna, Mooslackengasse 17 phone +43 1 8903043 34 fax +43 1 8903043 15 mobile +43 676 840301 718 email b.mueller@...-consult.com Firmenbuch Wiener Neustadt: 227896t, UID: ATU56165223 Firmensitz: Prof. Dr. Stephan Korenstraße 10, A-2700 Wiener Neustadt Advisor for your information security.
Powered by blists - more mailing lists