lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 9 Mar 2008 17:27:26 +0100 From: "Stefan Kanthak" <stefan.kanthak@...go.de> To: <full-disclosure@...ts.grok.org.uk> Cc: <bugtraq@...urityfocus.com> Subject: Re: Firewire Attack on Windows Vista Larry Seltzer wrote: > I actually do have a response fom Microsoft on the broader issue, but it > doesn't address these issues or even concded that there's necessarily > anything they can do about it. They instead speak of the same > precautions for physical access that they spoke of a couple weeks ago > with respect to the "frozen notebook memory" attack - use drive > encryption, use 2-factor authentication, use hibernate instead of sleep, > use group policy to enforce them. I don't think it's a bad response > under the circumstances. WRT the DMA access over FireWire it's but a bad response since it doesn't get the point! 1. Drive encryption won't help against reading the memory. 2. The typical user authentication won't help, we're at hardware level here, and no OS needs to be involved. 3. The computer is up (and running; see above), no hibernate or sleep is involved here. 4. Group policies can be circumvented, even by a limited user. <http://blogs.technet.com/markrussinovich/archive/2005/12/12/circumventing-group-policy-as-a-limited-user.aspx> Stefan
Powered by blists - more mailing lists