Firewire Password Bypassing

Windows Password Firewire-Bypassing

Hi

Maybe already mentioned somewhere on the forums, but could not find any mention of it.

Very scary thing:

http://www.heise-online.co.uk/security/Windows-login-bypass-tool-released--/news/110249

http://www.darkreading.com/document.asp?doc_id=147718&print=true

http://www.darkreading.com/document.asp?doc_id=147563&print=true

What do you guys think about it? How to secure laptops or even desktops?

Cheers

 

Not really news IMO. Did not read the entire articles. Seems they all had one thing in common, requiring physical access to the machine. Always figured that once the "would be cracker" had physical access all bets were off as far as the safety of your data. This is regardless of what security you had in place. Unless at home my lap top never leaves my sight. In my case it is not so much the info, contained on it, I sure do not want to nor can afford the $$$ to replace it.

 

The novelty may reside in the fact that such hacks could be easily performed over wireless connections, according to the articles...

 

Maybe I missed a sentence somewhere. Everything I read still requires physical access to initiate the hack. Taken from the "Dark Reading" article 5:05 PM;
"Obviously, an attacker needs physical access to the target, but that isn’t necessarily difficult since most people think their Windows machines are secure once the screen is locked, and will leave them unattended. Also, a Firewire port is required, which you would think makes this attack less likely since many laptops do not have Firewire. But this morning I tested something that gets around that restriction -- PCMCIA Firewire cards.

Only the Dark Reading article 2:40 PM mentions the exploit is capable via the network. Depending on the network set up, almost as good as physical access. It does mention the exploit via USB as well, again requiring physical access.

 

Excerpt from page 33 of Adam Boileau's ab_firewire_rux2k6-final.pdf which link is mentioned on http://www.heise-online.co.uk/security/Windows-login-bypass-tool-released--/news/110249 or can be downloaded directly from here: http://storm.net.nz/static/files/ab_firewire_rux2k6-final.pdf

Start of quote
• From the 1394 Trade Association Website:
"Dallas, December 8, 2003 - The 1394 Trade Association’s Wireless Working Group today announced that the specification for Wireless 1394 applications is functionally complete and ready for a ballot as early as January 2004."
• Yep, Firewire over wireless.
• Targeting layer 3, over 802.11n, 802.15.3 or some other UWB PHY.
End of quote

 

I did not read all but has seen one of such articles. I can,t understand all this fuss. If somebody has physical access to ur machine, he can do anything.

Excuse me but it sounds not so scary. Sorry

 

?!?

I'll try.

 

Hi, sorry i was not directing it to u.

I mean to say that if someone can access ur machine physically, he can do anything. Doing it via wireless is really scary. I need to read all articles again. Sorry for that. Seems i made a stupid post myself.

I edited my post.