Comments on: New Windows XP & Vista Full Take-over Hack with Firewire http://www.darknet.org.uk/2008/03/new-windows-xp-vista-full-take-over-hack-with-firewire/ Ethical Hacking, Penetration Testing & Computer Security Sat, 21 Nov 2009 06:04:59 +0000 http://wordpress.org/?v=2.8.6 hourly 1 By: Bogwitch http://www.darknet.org.uk/2008/03/new-windows-xp-vista-full-take-over-hack-with-firewire/#comment-125340 Bogwitch Mon, 05 Jan 2009 22:52:08 +0000 http://www.darknet.org.uk/2008/03/new-windows-xp-vista-full-take-over-hack-with-firewire/#comment-125340 Clarkson, The attack mentioned does have some practical application. Imagine a workstation with full disk encryption. Having physical access to the workstation is not much use. Now, if the workstation is powered, but locked, the attacker can gain access to the OS using this method. Clarkson,

The attack mentioned does have some practical application.
Imagine a workstation with full disk encryption. Having physical access to the workstation is not much use. Now, if the workstation is powered, but locked, the attacker can gain access to the OS using this method.

]]> By: Clarkson http://www.darknet.org.uk/2008/03/new-windows-xp-vista-full-take-over-hack-with-firewire/#comment-125339 Clarkson Mon, 05 Jan 2009 20:32:26 +0000 http://www.darknet.org.uk/2008/03/new-windows-xp-vista-full-take-over-hack-with-firewire/#comment-125339 Just pick up the machine and walk out with it, if you have physical access to the box. Just pick up the machine and walk out with it, if you have physical access to the box.

]]> By: fever http://www.darknet.org.uk/2008/03/new-windows-xp-vista-full-take-over-hack-with-firewire/#comment-122708 fever Thu, 10 Apr 2008 16:43:28 +0000 http://www.darknet.org.uk/2008/03/new-windows-xp-vista-full-take-over-hack-with-firewire/#comment-122708 another example of disable that which you do not use. Or it will come to bite you in the end. another example of disable that which you do not use. Or it will come to bite you in the end.

]]> By: zupakomputer http://www.darknet.org.uk/2008/03/new-windows-xp-vista-full-take-over-hack-with-firewire/#comment-120538 zupakomputer Fri, 21 Mar 2008 15:30:42 +0000 http://www.darknet.org.uk/2008/03/new-windows-xp-vista-full-take-over-hack-with-firewire/#comment-120538 Have to agree too - the ways of taking over a machine are plentiful if you have physical access to it. Have to agree too – the ways of taking over a machine are plentiful if you have physical access to it.

]]> By: James C http://www.darknet.org.uk/2008/03/new-windows-xp-vista-full-take-over-hack-with-firewire/#comment-120524 James C Fri, 21 Mar 2008 14:40:40 +0000 http://www.darknet.org.uk/2008/03/new-windows-xp-vista-full-take-over-hack-with-firewire/#comment-120524 @Darknet "As I’ve always said though, if you have physical access you basically own the machine." This is especially true if you pick up the computer and run out the building with it. @Darknet
“As I’ve always said though, if you have physical access you basically own the machine.”
This is especially true if you pick up the computer and run out the building with it.

]]> By: Pantagruel http://www.darknet.org.uk/2008/03/new-windows-xp-vista-full-take-over-hack-with-firewire/#comment-120504 Pantagruel Fri, 21 Mar 2008 13:24:28 +0000 http://www.darknet.org.uk/2008/03/new-windows-xp-vista-full-take-over-hack-with-firewire/#comment-120504 A fun thing to read. Like Bogwitch says, it's a bus and has direct DMA access, basically needed since most of the firewire attached stuf is a HDD or other drive which want/need DMA access. Did a trial with disabled DMA but trying to capture video from the firewire attached hi-8 cam results in significant more frame loss compared to having DMA turned on. The direct DMA access appears to be needed to ensure a proper dump of the data coming in at the firewire onto the hdd (both p-ATA and s-ATA are fast enough to capture the 4 Mb datastream). @Darknet, indeed a makeshift secured broom cupboard (padlock/etc and steel plate reinforced door) is enough to keep out the average purp. A fun thing to read.

Like Bogwitch says, it’s a bus and has direct DMA access, basically needed since most of the firewire attached stuf is a HDD or other drive which want/need DMA access. Did a trial with disabled DMA but trying to capture video from the firewire attached hi-8 cam results in significant more frame loss compared to having DMA turned on. The direct DMA access appears to be needed to ensure a proper dump of the data coming in at the firewire onto the hdd (both p-ATA and s-ATA are fast enough to capture the 4 Mb datastream).

@Darknet, indeed a makeshift secured broom cupboard (padlock/etc and steel plate reinforced door) is enough to keep out the average purp.

]]> By: Bogwitch http://www.darknet.org.uk/2008/03/new-windows-xp-vista-full-take-over-hack-with-firewire/#comment-120471 Bogwitch Fri, 21 Mar 2008 11:05:36 +0000 http://www.darknet.org.uk/2008/03/new-windows-xp-vista-full-take-over-hack-with-firewire/#comment-120471 It's not just MS OSes that are vulnerable to this - anything with an active firewire. The reason it can access the memory direclty is that Firewire is a BUS whereas USB etc. is a PORT. It’s not just MS OSes that are vulnerable to this – anything with an active firewire.
The reason it can access the memory direclty is that Firewire is a BUS whereas USB etc. is a PORT.

]]>