| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7073-88833@sneakemail.com> Date: Thu, 6 Mar 2008 11:01:45 +0100 (CET) From: bzhbfzj3001@...akemail.com To: bugtraq@...urityfocus.com Subject: RE: Firewire Attack on Windows Vista Actually they can be prevented by instructing the controller to filter the adresses the devices send. Then again, that's work, and physical attacks are typically considered low-risk, so I guess it's not found worth it. The obvious reason to mention Vista is of course that Microsoft likes to talk about how they made it oh-so-secure, which is a nice contrast to leaving a large hole open that they have known about for at least 3 years. Oh well, I guess we'll just have to wait until someone releases a tool that uses this vulnerability to break either Vista's activation or its DRM. Martijn PS. I'm on the list, and the address you see will be closed as I don't feel like dealing with the out-of-offices, so reply on-list and don't bother to CC. Thanks! On Wed, 5 Mar 2008, Roger A. Grimes wrote: > As somewhat indicated in the paper itself, these types of physical DMA > attacks are possible against any PC-based OS, not just Windows. If > that's true, why is the paper titled around Windows Vista? > > I guess it makes headlines faster. But isn't as important, if not more > important, to say all PC-based systems have the same underlying problem? > That it's a broader problem needing a broader solution, instead of > picking on one OS vendor to get headlines? > > [Disclaimer: I'm a full-time Microsoft employee.] > Roger >
Powered by blists - more mailing lists