lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <fcdfb4eb0803100726q2bfeeab4r4bab62fe823880aa@mail.gmail.com>
Date: Mon, 10 Mar 2008 10:26:20 -0400
From: Kern <timetrap@...il.com>
To: "Jardel Weyrich" <w.jardel@...il.com>
Cc: bugtraq@...urityfocus.com, Stefan Kanthak <stefan.kanthak@...go.de>,
	Larry Seltzer <Larry@...ryseltzer.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: Firewire Attack on Windows Vista

Hi, I am new to this list.

I was reading your messages, and began to wonder; For a temporary fix action
why not just disable the ability to install new firewire devices?  I know
that this does not fix the fundamental problem, but it could work as a
decent kludge.

I am reminded of the NSA Security Guide on Disabling USB
Devices<http://www.nsa.gov/snac/support/I731-002R-2007.pdf>,
how do these actions translate to firewire?


On Sun, Mar 9, 2008 at 11:35 PM, Jardel Weyrich <w.jardel@...il.com> wrote:

> Larry, there is no disk involved on the problem, only memory.
> So if the disk is encrypted or not, doesn't matter.
>
> Regards,
> Jardel Weyrich
>
>
> On Sun, Mar 9, 2008 at 11:14 PM, Larry Seltzer <Larry@...ryseltzer.com>
> wrote:
>
> > >>WRT the DMA access over FireWire it's but a bad response since it
> > doesn't get the point!
> > >>1. Drive encryption won't help against reading the memory.
> > >>2. The typical user authentication won't help, we're at hardware level
> > >>   here, and no OS needs to be involved.
> > >>3. The computer is up (and running; see above), no hibernate or sleep
> > >>   is involved here.
> >
> > So on a freshly-booted system with drive encryption you can read
> > whatever you want on the disk?
> >
> > >>4. Group policies can be circumvented, even by a limited user.
> > >>
> > <http://blogs.technet.com/markrussinovich/archive/2005/12/12/circumventi
> > ng-group-policy-as-a-limited-user.aspx<http://blogs.technet.com/markrussinovich/archive/2005/12/12/circumventing-group-policy-as-a-limited-user.aspx>
> > >
> >
> > What he says is that some group policies, not including system-wide
> > security settings, maybe circumvented, even by a limited user.
> >
> > Larry Seltzer
> > eWEEK.com Security Center Editor
> > http://security.eweek.com/
> > http://blogs.pcmag.com/securitywatch/
> > Contributing Editor, PC Magazine
> > larry.seltzer@...fdavisenterprise.com
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ