Domain: hudora.de
Stories and comments across the archive that link to hudora.de.
Comments · 5
-
Re:Security risk
You could always modify a USB cable such that it only carries the ground and +5V lines.
If you think USB is scary for the host, check out Firewire's ability to automatically DMA into the host's address space: http://md.hudora.de/presentations/#firewire-pacsec
-
Re:Thats because M$ just has more 'features'Take a look at the "shatter attack" privilege elevation exploit that just got fixed in Vista, it started with Win NT 4.0, and when was that out? The shatter attack was not a generally useful technique, it required a very specific set of things to be setup for it to work. You basically had to have a privileged window running on the same desktop session as the unpriv'd attack. Then that priv'd window had to be programmed to do some fairly silly things in response to window messages.
The common attack vector in the early days was to attack the anti-virus status window. Most av vendors have long since moved away from this. Their status icons in the system tray run as the unpriv'd user and communicate via rpc or other with the actual av services.
This is an attack that was actually useful back in the NT4 days. However, it hasnt been practically useful in a long time, as it relied on 3rd party software makers to make a series of bad choices AND having their software running as a priv'd user on the same session as the attacked user.
All that being said, this WAS a serious design flaw for a long time. But it was fairly well mitigated in the past 5 years or so.
This entire category of attacks is now non-viable with vista and windows 2008 server, due to the way the windowing system works. Lower priv'd processes cannot message higher priv'd processes. And now with have the wonderful Fire-Wire exploit, which they were aware of in 2004, reminded again in 2006, and the exploit finally published in 2007 because they refused to do anything! Do you mean the firewire attack as described here?
You do realize that this is generally applicable to linux & macosx as well, right? It's one of the side-effects of the firewire spec including DMA for performance reasons.
Here is a reasonable write-up on it.
Here is a 2005 cansecwest preso on this topic. At the time, they actually did the demo attack against osx during the preso. -
Re:Yes, yes, another anti-windows story
Yes, this Vulnerability affects every operating system supporting the FireWire specification equally, you can take over Macs and Linux computers as well as Windows computers.
In addition, the same problem exists with USB devices.
-
How to filter Mac and Linux.
This PDF shows how you can filter Linux and Mac firewire.. No idea if this has been integrated into the distros..
Page 37 for Linux, 38 for Mac -
"Digital Demonstrations" Slides
The slides for the "Digital Demonstrations" presentation by Maximillian Dornseif can be found at http://md.hudora.de/presentations/