Slashdot Mirror


Remote Malware Injection Via Flaw In Network Card

kfz-versicherung writes "During the CanSecWest international conference in Vancouver, members of ANSSI described how an attacker could be able to exploit a flaw to run arbitrary code inside some network controllers (full presentation; PDF). The attack uses routable packets delivered to the victim's NIC. Consequently, multiple attacks can be conducted including man-in-the-middle attacks on network connections, access to cryptographic keys on the host platform, or malware injection on the victim's computer host platform."

1 of 49 comments (clear)

  1. Re:For a little piece of mind by WrongSizeGlass · · Score: 3, Funny

    3. Is there a proof of concept?

    Yes. A proof of concept attack has been demoed during the CanSecWest conference. It showed how an attacker can remotely shutdown or wake up his victim’s machine, and fully compromise a COTS operating system machine (Linux for the demo, but all operating systems are vulnerable).

    Hey, at least it's Linux compatible!