lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4C8664CB.50301@witherden.org>
Date: Tue, 07 Sep 2010 17:14:03 +0100
From: Freddie Witherden <freddie@...herden.org>
To: bugtraq@...urityfocus.com
Subject: Recent developments in FireWire Attacks

Hello,

The security vulnerabilities associated with open FireWire ports are
nothing new, having been covered extensively by Maximilian Dornseif
(2004 and 2005) and more recently by Adam Boileau (2006 and 2008).
Unfortunately the tools released as part of these disclosures (pyfw,
pythonraw1394 and winlockpwn) have all started to succumb to bit rot. In
addition, there has been comparative lack of research on the
vulnerabilities of Mac OS X against FireWire attacks.

Therefore I would like to share my updated research in the field. This
includes a open source cross platform (GNU/Linux and Mac OS X) library,
libforensic1394, for performing memory forensics/attacks over FireWire
and a paper on the subject. (Although written from a forensics
standpoint the security implications associated with the interface are
discussed at great length.)

The paper can be found here:

  https://freddie.witherden.org/pages/ieee-1394-forensics.pdf

with the associated pages for it and libforensic1394 being

  https://freddie.witherden.org/pages/ieee-1394-forensics/
  https://freddie.witherden.org/tools/libforensic1394/

Included in the paper is:
 - A comprehensive discussion on obtaining memory access over the interface.
 - Coverage of the new "Juju" FireWire stack, introduced in the 2.6.22
Linux kernel. (Its features, susceptibility to memory access attacks, etc.)
 - Limitations of existing libraries and how libforensic1394 represents
an improvement over them.
 - User-space code samples showing how responses to read/write requests
can be spoofed my a malicious application on the target system.
 - Updated attack signatures for 32- and 64-bit versions of Windows to
bypass logon passwords.
 - Similar signatures for Mac OS X 10.6 along with a discussion of how
the user logon password can be extracted from a (locked) system. This,
from a security standpoint, is particularly concerning.
 - Mitigation for Windows, Mac OS X and GNU/Linux.
 - Source code for all sample programs.

Polemically yours, Freddie.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ