lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 5 Mar 2008 22:06:28 -0500
From: "TheM ." <them.root@...il.com>
To: "Roger A. Grimes" <roger@...neretcs.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>,
	Bugtraq <bugtraq@...urityfocus.com>
Subject: Re: Firewire Attack on Windows Vista

I believe their work is an expansion of this:
http://www.theage.com.au/news/security/hack-into-a-windows-pc-no-password-needed/2008/03/04/1204402423638.html,
which demonstrated the vuln. in XP (and, according to the paper, it's been
demonstrated with other OS's as well), and their work was specifically done
on showing the problem in Vista, which hadn't (as far as the paper writer
seems to know) been done before.

Maus

On Wed, Mar 5, 2008 at 4:30 PM, Roger A. Grimes <roger@...neretcs.com>
wrote:

> As somewhat indicated in the paper itself, these types of physical DMA
> attacks are possible against any PC-based OS, not just Windows. If that's
> true, why is the paper titled around Windows Vista?
>
> I guess it makes headlines faster.  But isn't as important, if not more
> important, to say all PC-based systems have the same underlying problem?
>  That it's a broader problem needing a broader solution, instead of picking
> on one OS vendor to get headlines?
>
> [Disclaimer: I'm a full-time Microsoft employee.]
>
> Roger
>
> *****************************************************************
> *Roger A. Grimes, InfoWorld, Security Columnist
> *CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada...
> *email: roger_grimes@...oworld.com or roger@...neretcs.com
> *Author of Windows Vista Security: Securing Vista Against Malicious
> Attacks (Wiley)
> *
> http://www.amazon.com/Windows-Vista-Security-Securing-Malicious/dp/0470101555
> *****************************************************************
>
>
> -----Original Message-----
> From: Bernhard Mueller [mailto:research@...-consult.com]
> Sent: Wednesday, March 05, 2008 10:54 AM
> To: Full Disclosure; Bugtraq
> Subject: Firewire Attack on Windows Vista
>
> Hello,
>
> In the light of recent discussions about firewire / DMA hacks, we would
> like to throw in some of the results of our past research on this topic
> (done mainly by Peter Panholzer) in the form of a short whitepaper. In this
> paper, we demonstrate that the firewire unlock attack (as implemented in
> Adam Boileau´s winlockpwn) can be used against Windows Vista.
>
> The paper is available at:
>
>
> http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf
>
>
> Best regards,
>
> Bernhard
>
>
> --
> _________________________________________
>
> Bernhard Mueller
> Security Consultant
>
> SEC Consult Unternehmensberatung GmbH
> www.sec-consult.com
>
> A-1190 Vienna, Mooslackengasse 17
> phone     +43 1 8903043 34
> fax       +43 1 8903043 15
> mobile    +43 676 840301 718
> email     b.mueller@...-consult.com
>
> Firmenbuch Wiener Neustadt: 227896t, UID: ATU56165223
> Firmensitz: Prof. Dr. Stephan Korenstraße 10, A-2700 Wiener Neustadt
>
> Advisor for your information security.
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ