Bugtraq mailing list archives

RE: Firewire Attack on Windows Vista

From: "Roger A. Grimes" <roger () banneretcs com>
Date: Wed, 5 Mar 2008 16:30:35 -0500

As somewhat indicated in the paper itself, these types of physical DMA attacks are possible against any PC-based OS, 
not just Windows. If that's true, why is the paper titled around Windows Vista?

I guess it makes headlines faster.  But isn't as important, if not more important, to say all PC-based systems have the 
same underlying problem?  That it's a broader problem needing a broader solution, instead of picking on one OS vendor 
to get headlines?

[Disclaimer: I'm a full-time Microsoft employee.] 

Roger

*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist 
*CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada...
*email: roger_grimes () infoworld com or roger () banneretcs com
*Author of Windows Vista Security: Securing Vista Against Malicious Attacks (Wiley)
*http://www.amazon.com/Windows-Vista-Security-Securing-Malicious/dp/0470101555
*****************************************************************


-----Original Message-----
From: Bernhard Mueller [mailto:research () sec-consult com] 
Sent: Wednesday, March 05, 2008 10:54 AM
To: Full Disclosure; Bugtraq
Subject: Firewire Attack on Windows Vista

Hello,

In the light of recent discussions about firewire / DMA hacks, we would like to throw in some of the results of our 
past research on this topic (done mainly by Peter Panholzer) in the form of a short whitepaper. In this paper, we 
demonstrate that the firewire unlock attack (as implemented in Adam Boileau´s winlockpwn) can be used against Windows 
Vista.

The paper is available at:

http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf


Best regards, 

Bernhard


--
_________________________________________

Bernhard Mueller
Security Consultant

SEC Consult Unternehmensberatung GmbH
www.sec-consult.com

A-1190 Vienna, Mooslackengasse 17
phone     +43 1 8903043 34
fax       +43 1 8903043 15
mobile    +43 676 840301 718
email     b.mueller () sec-consult com

Firmenbuch Wiener Neustadt: 227896t, UID: ATU56165223
Firmensitz: Prof. Dr. Stephan Korenstraße 10, A-2700 Wiener Neustadt

Advisor for your information security.

Current thread:

Firewire Attack on Windows Vista Bernhard Mueller (Mar 05)
- Re: Firewire Attack on Windows Vista Thierry Zoller (Mar 05)
- RE: Firewire Attack on Windows Vista Roger A. Grimes (Mar 05)
  - Re: Firewire Attack on Windows Vista Peter Watkins (Mar 06)
    - RE: Firewire Attack on Windows Vista Larry Seltzer (Mar 06)
    - Re: [Full-disclosure] Firewire Attack on Windows Vista Tim (Mar 07)
    - RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
    - Re: [Full-disclosure] Firewire Attack on Windows Vista Tim (Mar 07)
    - RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
    - Re: [Full-disclosure] Firewire Attack on Windows Vista Tim (Mar 07)
    - RE: [Full-disclosure] Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
    - RE: [Full-disclosure] Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
    - RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 07)

(Thread continues...)