This Firewire hack seems to be creating a big buzz, from what I’ve read it also works on Vista as for some odd reason the Firewire port gets access to the whole memory space in DMA mode – not just what it needs to function – so you can read from anything stored in memory with the right tools.
Pretty worrying eh? There is a few ways to secure yourself if you feel this is a threat (Disable the 1394 bus or disable DMA).
A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password.
Adam Boileau first demonstrated the hack, which affects Windows XP computers but has not yet been tested with Windows Vista, at a security conference in Sydney in 2006, but Microsoft has yet to develop a fix.
Interviewed in ITRadio’s Risky Business podcast, Boileau said the tool, released to the public today, could “unlock locked Windows machines or login without a password … merely by plugging in your Firewire cable and running a command”.
If you are interested in the details and want to read about the Windows Vista Firewire hack you can do so here [PDF].
As I’ve always said though, if you have physical access you basically own the machine. Physical security of servers is a lot more important than many people think.
To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory.
With full access to the memory, the tool can then modify Windows’ password protection code, which is stored there, and render it ineffective.
Older desktop computers do not come equipped with Firewire ports, which are needed for the hack to work, but many recent models do. Most laptops made in the last few years include Firewire ports.
Microsoft has been unavailable for comment about this issue of course. The FD thread is extremely long, if you are interested in reading it you can do so here.
Source: Sydney Morning Herald
- Fitbit Vulnerability Means Your Tracker Could Spread Malware
- OWASP WebGoat – Deliberately Insecure Web Application
- WinRAR Vulnerability Is Complete Bullshit
- Visa Security Flaws Prior to Consumer Release
- Vista Security Claims Debunked – Figures Skewed
- Windows Vista Preview Release Download & Torrent
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 232,343 views
- AJAX: Is your application secure enough? - 119,744 views
- eEye Launches 0-Day Exploit Tracker - 85,317 views