Full Disclosure: Re: Firewire Attack on Windows Vista

[Tim <tim-security () sentinelchicken org>]

> > > ...Windows would not do this. It would only open up access to devices
> that it thought needed DMA. This is why Metlstorm had to make his Linux
> machine behave like an iPod to fool Windows into spreading it's legs.
>
> So the iPod software opens up the whole address space? I don't get it.
No, the iPod device signature makes Windows drivers think it should
allow DMA access for that device because it detect it as a disk device.
Other disk device signatures would likely work the same way, that's just
the one he happened to emulate.

tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/