Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aging Security Vulnerability Still Allows PC Takeover

Posted by Zonk on from the there-are-issues-here-and-perhaps-they-should-be-investigated dept.

Jackson writes "Adam Boileau, a security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password. By connecting a Linux machine to a Firewire port on the target machine, the tool can then modify Windows' password protection code and render it ineffective. Boileau said he did not release the tool publicly in 2006 because 'Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn't want to cause any real trouble'. But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website."

3 of 282 comments (clear)

  1. Again by monkeydluffy09 · · Score: 5, Informative

    There is also another Security researcher who find an efficient way to gain privilege though the hibernation file. Slashdot news: http://slashdot.org/firehose.pl?op=view&id=551924

  2. Done previously by TripMaster+Monkey · · Score: 5, Informative

    Maximillian Dornseif demonstrated this same Firewire vulnerability against Linux and OS X machines in 2005. Adam Boileau just gets more press because he performed the hack against Windows PCs.

    --
    ____

    ~ |rip/\/\aster /\/\onkey

  3. Also affects OS X and linux by mooglez · · Score: 5, Informative

    This same vulnerability also affects OS X as reported here: http://blog.juhonkoti.net/2008/02/29/automated-os-x-macintosh-password-retrieval-via-firewire

    As well, as Linux, as reported in an earlier 2005 report about this firewire feature: http://www.matasano.com/log/695/windows-remote-memory-access-though-firewire/