| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Mar 2008 08:51:11 +0100
From: Tonnerre Lombard <tonnerre.lombard@...roup.ch>
To: bugtraq@...urityfocus.com
Subject: Re: Firewire Attack on Windows Vista
Salut,
On Thu, 6 Mar 2008 11:01:45 +0100 (CET), bzhbfzj3001@...akemail.com
wrote:
> Actually they can be prevented by instructing the controller to
> filter the adresses the devices send. Then again, that's work, and
> physical attacks are typically considered low-risk, so I guess it's
> not found worth it.
There is a quite viable technical solution in the form of a patch which
solves most of these problems. Also, I heavily disagree that physical
security is of no importance. Nowadays, there are ways to achieve quite
good physical security using disk encryption and mechanisms which lock
the encrypted parts of the disk on demand (e.g. when closing the lid of
a notebook). Now, all of these mechanisms can be circumvented by
plugging an evil device which looks like an iPod, smells like an iPod
but fetches your keys from memory.
Tonnerre
--
SyGroup GmbH
Tonnerre Lombard
Solutions Systematiques
Tel:+41 61 333 80 33 Güterstrasse 86
Fax:+41 61 383 14 67 4053 Basel
Web:www.sygroup.ch tonnerre.lombard@...roup.ch
Download attachment "signature.asc" of type "application/pgp-signature" (825 bytes)
Powered by blists - more mailing lists