Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
A New Zealand security researcher has published a software tool allowing attackers to quickly gain access to Windows systems via a Firewire port.
The tool, which can only be used by attackers with physical access to a system, comes shortly after the publication of research on gaining access to encrypted hard drives via physical access to memory.
Researcher Adam Boileau, a consultant with Immunity, originally demonstrated the access tool at a security conference in 2006, but decided not to release the code any further at the time. Two years later, however, nothing has been done toward fixing the problem, so he decided to go public.
"Yes, this means you can completely own any box whose Firewire port you can plug into in seconds," said Boileau in a recent blog entry.
An attacker must connect to the machine with a Linux system and a Firewire cable to run the tool.
The tool, called Winlockpwn, allows users to bypass Windows authorization, was originally demonstrated at Ruxcon in 2006 at a talk called "Hit By A Bus: Physical Access Attacks With Firewire".
At the time, Boileau also demonstrated some of the malicious uses of the tool, but said he wouldn't be releasing the code for those attacks.
The attack takes advantage of the fact that Firewire can directly read and write to a system's memory, adding extra speed to data transfer. According to Boileau, because this capability is built into Firewire, Microsoft doesn't consider the problem a standard bug.
On the other hand, Boileau said he feels PC users need to be more aware of the fact that their systems can be unlocked via Firewire.
"Yes, it's a feature, not a bug," Boileau stated. "Microsoft knows this. The OHCI-1394 spec knows this. People with Firewire ports generally don't."
Microsoft was not immediately available for comment. In the past the company has downplayed security problems that require physical access.
Firewire has become common on Windows systems in the past few years, and is especially prevalent on laptops.
Researcher Maximillian Dornseif demonstrated a similar exploit on Linux and Mac OS X systems at the CanSec conference in 2005, connecting to those systems via a malicious iPod and Firewire.
According to security researchers, the problem can be remedied by disabling Firewire when not in use.
Computerworld Member Login
Prioritizing Services with IT Service Management (ITSM)
Computerworld Live Webinar
Wednesday 20th, August 2008
11:00am EST (Sydney, Australia)
To be repeated on:
Thursday 4th, September 2008
11:00am EST (Sydney Australia)
Sign up and receive a free copy of The Forrester WaveTM Service Desk Management Tools, Q2 2008 at the conclusion of the Webinar.
Attend and discover:
- How to deliver value to your business through ITSM
- Best practice ITSM implementation
- Why emphasis is changing from optimizing IT management processes to better servicing customers and demonstrating real dollar value
- If service-oriented ITSM is best for your business
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Tumbleweed appoints O2 Networks to its Australian Channel Partner Program 2008-08-29 12:31:00+10
HP ProCurve Brings Big Business Gigabit Switching Features to Small Businesses 2008-08-29 12:00:00+10
Nortel and LG Electronics are First in World to Demonstrate Mobile LTE Handover 2008-08-29 11:30:00+10
GlobalConnect Provides Treatment for Healthcare Provider’s Contact Support Requirements 2008-08-29 09:59:00+10
Sybase and Logica Partner To Mobilise The Supply Chain 2008-08-29 09:47:00+10
Optimized Back-up and Recovery for VMWare for VMWare Infrastructure with EMC Avamar
Virtual machines deployed in the data centre must be protected against failure. Read on to find out how to extend data protection to your virtual machines.
