Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: [Full-disclosure] Firewire Attack on Windows Vista
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Mon, 10 Mar 2008 17:58:17 +0100
On 2008-03-09 Larry Seltzer wrote:

WRT the DMA access over FireWire it's but a bad response since it
doesn't get the point!
1. Drive encryption won't help against reading the memory.
2. The typical user authentication won't help, we're at hardware level
   here, and no OS needs to be involved.
3. The computer is up (and running; see above), no hibernate or sleep
   is involved here.


So on a freshly-booted system with drive encryption you can read
whatever you want on the disk? 


Yes. Simply because the drive needs to be decrypted for the system to
boot. Without decrypting the disk there's not difference to a switched-
off box, because it's utterly unusable to anyone.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]