<<< Date Index >>>     <<< Thread Index >>>

Re: [Full-disclosure] Firewire Attack on Windows Vista



On 2008-03-09 Larry Seltzer wrote:
>>> WRT the DMA access over FireWire it's but a bad response since it
>>> doesn't get the point!
>>> 1. Drive encryption won't help against reading the memory.
>>> 2. The typical user authentication won't help, we're at hardware level
>>>    here, and no OS needs to be involved.
>>> 3. The computer is up (and running; see above), no hibernate or sleep
>>>    is involved here.
> 
> So on a freshly-booted system with drive encryption you can read
> whatever you want on the disk? 

Yes. Simply because the drive needs to be decrypted for the system to
boot. Without decrypting the disk there's not difference to a switched-
off box, because it's utterly unusable to anyone.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq