|
|
|
|
|
|
by marvin
4473 days ago
|
|
|
This is a frighteningly effective hack, which once again underscores that if your attacker has physical access to the machine, you're hosed. I've seen this attack demonstrated live on Windows Server. It just uses DMA to search the memory and skip the subroutine that checks whether the password entered was valid. Just put glue in the firewire connector, you say? Well, for instance most laptops that can be docked are firewire-accessible through the docking port. The firewire interface is also reachable through a USB adapter. So you'd have to glue the USB ports shut as well. (Impractical). Even if you do all this, most motherboards have the FireWire interface enabled on a PCI level, even if there are no physical PCI ports on the computer. So against this attack you'd be pretty much hosed regardless, unless you use a chipset that explicitly doesn't implement FireWire. |
|
|
Also, FireWire over USB is repeatedly mentioned as not working.