RE: Firewire Attack on Windows Vista

To: "Bernhard Mueller" <research@xxxxxxxxxxxxxxx>, "Full Disclosure" <full-disclosure@xxxxxxxxxxxxxxxxx>, "Bugtraq" <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: Firewire Attack on Windows Vista
From: "Roger A. Grimes" <roger@xxxxxxxxxxxxxx>
Date: Wed, 5 Mar 2008 16:30:35 -0500
In-reply-to: <1204732416.6997.53.camel@b4byl0n>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <1204732416.6997.53.camel@b4byl0n>
Thread-index: Ach+6MhqI8H9VF/8Qi+rmGrhdw275AAHvIQw
Thread-topic: Firewire Attack on Windows Vista

As somewhat indicated in the paper itself, these types of physical DMA attacks 
are possible against any PC-based OS, not just Windows. If that's true, why is 
the paper titled around Windows Vista?

I guess it makes headlines faster.  But isn't as important, if not more 
important, to say all PC-based systems have the same underlying problem?  That 
it's a broader problem needing a broader solution, instead of picking on one OS 
vendor to get headlines?

[Disclaimer: I'm a full-time Microsoft employee.] 

Roger

*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist 
*CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada...
*email: roger_grimes@xxxxxxxxxxxxx or roger@xxxxxxxxxxxxxx
*Author of Windows Vista Security: Securing Vista Against Malicious Attacks 
(Wiley)
*http://www.amazon.com/Windows-Vista-Security-Securing-Malicious/dp/0470101555
*****************************************************************


-----Original Message-----
From: Bernhard Mueller [mailto:research@xxxxxxxxxxxxxxx] 
Sent: Wednesday, March 05, 2008 10:54 AM
To: Full Disclosure; Bugtraq
Subject: Firewire Attack on Windows Vista

Hello,

In the light of recent discussions about firewire / DMA hacks, we would like to 
throw in some of the results of our past research on this topic (done mainly by 
Peter Panholzer) in the form of a short whitepaper. In this paper, we 
demonstrate that the firewire unlock attack (as implemented in Adam Boileau´s 
winlockpwn) can be used against Windows Vista.

The paper is available at:

http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf


Best regards, 

Bernhard


--
_________________________________________

Bernhard Mueller
Security Consultant

SEC Consult Unternehmensberatung GmbH
www.sec-consult.com

A-1190 Vienna, Mooslackengasse 17
phone     +43 1 8903043 34
fax       +43 1 8903043 15
mobile    +43 676 840301 718
email     b.mueller@xxxxxxxxxxxxxxx

Firmenbuch Wiener Neustadt: 227896t, UID: ATU56165223
Firmensitz: Prof. Dr. Stephan Korenstraße 10, A-2700 Wiener Neustadt

Advisor for your information security.

Follow-Ups:
- RE: Firewire Attack on Windows Vista
  - From: bzhbfzj3001
- Re: Firewire Attack on Windows Vista
  - From: Tonnerre Lombard
- Re: Firewire Attack on Windows Vista
  - From: Daniel O'Connor
- Re: Firewire Attack on Windows Vista
  - From: Peter Watkins

References:
- Firewire Attack on Windows Vista
  - From: Bernhard Mueller

Prev by Date: [ MDVSA-2008:059 ] - Updated tcl packages fix vulnerability
Next by Date: [ MDVSA-2008:058 ] - Updated openldap packages fix multiple vulnerabilities
Previous by thread: Re: Firewire Attack on Windows Vista
Next by thread: Re: Firewire Attack on Windows Vista
Index(es):
- Date
- Thread