| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: mattj at tartarus.uwa.edu.au (Matt Johnston) Subject: Owned by an iPod On Fri, Oct 22, 2004 at 10:53:55AM -0700, Dragos Ruiu wrote: > On October 21, 2004 10:22 pm, Rosalina Hamar wrote: > > i heart about that demonstration a couple of weeks ago. now > > it's an official announcement at parsec.jp [0]. since there is not > > much technical info on that issue in the announcement, i googled > > around and found a link to an interesting post about the IEEE1394 > > OHCI interface on kerneltrap [1] back in 2002. > > > > shish ... > > rosa > > > > [0] http://pacsec.jp/advisories.html > > [1] http://kerneltrap.org/node/view/145 > > More technical information on this vulnerability, > and some of the other vulnerabilities, fixes and > techniques from the conference will be published > after the conference. At least on Mac OS X, a workaround appears to be enabling an openfirmware password[1]. I assume that most firewire chipsets would have the capability to disable raw memory access if the OS asks nicely? Of course whether it's disabled before the OS loads is another matter... Matt [1] http:/matt.ucc.asn.au/apple/
Powered by blists - more mailing lists