Bugtraq: Re: [Full-disclosure] Firewire Attack on Windows Vista

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [Full-disclosure] Firewire Attack on Windows Vista

From: Tim <tim-security () sentinelchicken org>
Date: Thu, 6 Mar 2008 12:20:28 -0800

...Windows would not do this. It would only open up access to devices

that it thought needed DMA. This is why Metlstorm had to make his Linux
machine behave like an iPod to fool Windows into spreading it's legs.

So the iPod software opens up the whole address space? I don't get it.


No, the iPod device signature makes Windows drivers think it should
allow DMA access for that device because it detect it as a disk device.
Other disk device signatures would likely work the same way, that's just
the one he happened to emulate.

tim

By Date By Thread

Current thread:

RE: Firewire Attack on Windows Vista, (continued)
- RE: Firewire Attack on Windows Vista Roger A. Grimes (Mar 05)
  - Re: Firewire Attack on Windows Vista Peter Watkins (Mar 06)
    - RE: Firewire Attack on Windows Vista Larry Seltzer (Mar 06)
    - Re: [Full-disclosure] Firewire Attack on Windows Vista Tim (Mar 07)
    - RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
    - Re: [Full-disclosure] Firewire Attack on Windows Vista Tim (Mar 07)
    - RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
    - Re: [Full-disclosure] Firewire Attack on Windows Vista Tim (Mar 07)
    - RE: [Full-disclosure] Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
    - RE: [Full-disclosure] Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
    - RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 07)