Bugtraq mailing list archives

Re: Firewire Attack on Windows Vista

From: "Stefan Kanthak" <stefan.kanthak () nexgo de>
Date: Sun, 9 Mar 2008 17:27:26 +0100

Larry Seltzer wrote:

I actually do have a response fom Microsoft on the broader issue, but it
doesn't address these issues or even concded that there's necessarily
anything they can do about it. They instead speak of the same
precautions for physical access that they spoke of a couple weeks ago
with respect to the "frozen notebook memory" attack - use drive
encryption, use 2-factor authentication, use hibernate instead of sleep,
use group policy to enforce them. I don't think it's a bad response
under the circumstances.


WRT the DMA access over FireWire it's but a bad response since it doesn't
get the point!

1. Drive encryption won't help against reading the memory.

2. The typical user authentication won't help, we're at hardware level
   here, and no OS needs to be involved.

3. The computer is up (and running; see above), no hibernate or sleep
   is involved here.

4. Group policies can be circumvented, even by a limited user.
   <http://blogs.technet.com/markrussinovich/archive/2005/12/12/circumventing-group-policy-as-a-limited-user.aspx>

Stefan

Current thread:

RE: [Full-disclosure] Firewire Attack on Windows Vista, (continued)
- - - RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
    - RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
    - RE: [Full-disclosure] Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
    - Message not available
    - RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 08)
    - Re: [Full-disclosure] Firewire Attack on Windows Vista Tim (Mar 08)
    - RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 08)
    - Re: [Full-disclosure] Firewire Attack on Windows Vista Tim (Mar 10)
    - Re: [Full-disclosure] Firewire Attack on Windows Vista Jacob Appelbaum (Mar 10)
    - RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 10)
    - Re: [Full-disclosure] Firewire Attack on Windows Vista Jacob Appelbaum (Mar 11)
    - Re: Firewire Attack on Windows Vista Stefan Kanthak (Mar 10)
    - RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 10)
    - Re: [Full-disclosure] Firewire Attack on Windows Vista Stefan Kanthak (Mar 10)
    - Re: [Full-disclosure] Firewire Attack on Windows Vista Ansgar -59cobalt- Wiechers (Mar 10)
    - Re: Firewire Attack on Windows Vista Steve Shockley (Mar 11)
    - Re: Firewire Attack on Windows Vista Stefan Kanthak (Mar 13)
    - Re: [Full-disclosure] Firewire Attack on Windows Vista FD (Mar 11)
    - RE: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
  - Re: Firewire Attack on Windows Vista Daniel O'Connor (Mar 06)
  - Re: Firewire Attack on Windows Vista Tonnerre Lombard (Mar 06)
  - RE: Firewire Attack on Windows Vista bzhbfzj3001 (Mar 06)

(Thread continues...)