Re: [Full-disclosure] Firewire Attack on Windows Vista

[Tim <tim-security () sentinelchicken org>]

> > > ...Windows would not do this. It would only open up access to devices
> that it thought needed DMA. This is why Metlstorm had to make his Linux
> machine behave like an iPod to fool Windows into spreading it's legs.
>
> So the iPod software opens up the whole address space? I don't get it.

No, the iPod device signature makes Windows drivers think it should
allow DMA access for that device because it detect it as a disk device.
Other disk device signatures would likely work the same way, that's just
the one he happened to emulate.

tim