Re: [Full-disclosure] Firewire Attack on Windows Vista

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Firewire Attack on Windows Vista
From: Ansgar -59cobalt- Wiechers <bugtraq@xxxxxxxxxxxxxxxx>
Date: Mon, 10 Mar 2008 17:58:17 +0100
In-reply-to: <0273B67044957C41BD71D12EBA2E00AE252F5C@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <0273B67044957C41BD71D12EBA2E00AE252F03@xxxxxxxxxxxxxxxxxxxxxxxx> <20080306200009.GB5138@xxxxxxxxxxxxxxxxxxx> <F9C0B32C4FFE7147BD0FF6A40BE806E7038A52@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <F9C0B32C4FFE7147BD0FF6A40BE806E7038A55@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <0273B67044957C41BD71D12EBA2E00AE252F29@xxxxxxxxxxxxxxxxxxxxxxxx> <0273B67044957C41BD71D12EBA2E00AE252F2B@xxxxxxxxxxxxxxxxxxxxxxxx> <fqsdh4$5mp$1@xxxxxxxxxxxxx> <0273B67044957C41BD71D12EBA2E00AE252F35@xxxxxxxxxxxxxxxxxxxxxxxx> <85B0B893C775469987222CBF5A31A860@localhost> <0273B67044957C41BD71D12EBA2E00AE252F5C@xxxxxxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.13 (2006-08-11)

On 2008-03-09 Larry Seltzer wrote:
>>> WRT the DMA access over FireWire it's but a bad response since it
>>> doesn't get the point!
>>> 1. Drive encryption won't help against reading the memory.
>>> 2. The typical user authentication won't help, we're at hardware level
>>>    here, and no OS needs to be involved.
>>> 3. The computer is up (and running; see above), no hibernate or sleep
>>>    is involved here.
> 
> So on a freshly-booted system with drive encryption you can read
> whatever you want on the disk? 

Yes. Simply because the drive needs to be decrypted for the system to
boot. Without decrypting the disk there's not difference to a switched-
off box, because it's utterly unusable to anyone.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

References:
- RE: Firewire Attack on Windows Vista
  - From: Larry Seltzer
- Re: [Full-disclosure] Firewire Attack on Windows Vista
  - From: Tim
- RE: [Full-disclosure] Firewire Attack on Windows Vista
  - From: Thor (Hammer of God)
- RE: [Full-disclosure] Firewire Attack on Windows Vista
  - From: Thor (Hammer of God)
- RE: [Full-disclosure] Firewire Attack on Windows Vista
  - From: Larry Seltzer
- RE: [Full-disclosure] Firewire Attack on Windows Vista
  - From: Larry Seltzer
- RE: [Full-disclosure] Firewire Attack on Windows Vista
  - From: Larry Seltzer
- Re: Firewire Attack on Windows Vista
  - From: Stefan Kanthak
- RE: [Full-disclosure] Firewire Attack on Windows Vista
  - From: Larry Seltzer

Prev by Date: RE: [Full-disclosure] Firewire Attack on Windows Vista
Next by Date: [ GLSA 200803-16 ] MPlayer: Multiple buffer overflows
Previous by thread: Re: [Full-disclosure] Firewire Attack on Windows Vista
Next by thread: Re: Firewire Attack on Windows Vista
Index(es):
- Date
- Thread