lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <fqsdh4$5mp$1@ger.gmane.org>
Date: Fri, 7 Mar 2008 21:53:40 +0000 (UTC)
From: Bryon Roche <kain@...n.org>
To: full-disclosure@...ts.grok.org.uk
Cc: bugtraq@...urityfocus.com
Subject: Re: Firewire Attack on Windows Vista

On Fri, 07 Mar 2008 14:51:07 -0500, Larry Seltzer wrote:

>>>Let's say the computer is off. You can turn it on, but that gets you
> to a login screen. What can the Firewire device do?
> 
> OK, I guess I misunderstood the original paper
> (http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks
> .pdf). It now looks to me like they are claiming they can disable
> password authentication *even while the system is not logged on* - do I
> have that right?

Larry,

Are you familiar with ICE or JTAG debugging hardware?
ieee1394 is implemented by default in such a fashion that a ieee1394 port 
can basically be used as a hardware debugger to memory. i.e. any ieee1394 
device can poke/peek the entire _physical memory space_ of any other 
device on the bus.  With that capability you can do anything that could 
be accomplished from the internals of the operating system.

The essential flaw here is that current SBP-2 drivers do not set up a 
proper virtual memory map between the firewire chipset and the host, and 
just expose the entire host's physical address space.  Fixing this 
requires reimplementing a good deal of design and buffering for the SBP-2 
(that's the firewire SCSI block protocol) drivers.

I however, don't know enough about windows drivers and disk access to 
elaborate from there about how hard that will be to fix in the windows 
world.

What people seem to be missing is that this condition is *fixable*, but 
the real impetus may not be there outside of folks from the Trusted 
Computing crowd etc etc.

What points are you trying to stab at for an article?


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ