Firewire Password Bypassing

Discussion in 'other security issues & news' started by dylanfan, Mar 9, 2008.

Thread Status:
Not open for further replies.
  1. dylanfan

    dylanfan Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    187
    Last edited: Mar 11, 2008
  2. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Not really news IMO. Did not read the entire articles. Seems they all had one thing in common, requiring physical access to the machine. Always figured that once the "would be cracker" had physical access all bets were off as far as the safety of your data. This is regardless of what security you had in place. Unless at home my lap top never leaves my sight. In my case it is not so much the info, contained on it, I sure do not want to nor can afford the $$$ to replace it. :doubt:
     
  3. dylanfan

    dylanfan Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    187
    The novelty may reside in the fact that such hacks could be easily performed over wireless connections, according to the articles...
     
  4. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    Maybe I missed a sentence somewhere. Everything I read still requires physical access to initiate the hack. Taken from the "Dark Reading" article 5:05 PM;
    "Obviously, an attacker needs physical access to the target, but that isn’t necessarily difficult since most people think their Windows machines are secure once the screen is locked, and will leave them unattended. Also, a Firewire port is required, which you would think makes this attack less likely since many laptops do not have Firewire. But this morning I tested something that gets around that restriction -- PCMCIA Firewire cards.

    Only the Dark Reading article 2:40 PM mentions the exploit is capable via the network. Depending on the network set up, almost as good as physical access. It does mention the exploit via USB as well, again requiring physical access.
     
    Last edited: Mar 11, 2008
  5. dylanfan

    dylanfan Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    187
    Excerpt from page 33 of Adam Boileau's ab_firewire_rux2k6-final.pdf which link is mentioned on http://www.heise-online.co.uk/security/Windows-login-bypass-tool-released--/news/110249 or can be downloaded directly from here: http://storm.net.nz/static/files/ab_firewire_rux2k6-final.pdf

    Start of quote
    • From the 1394 Trade Association Website:
    "Dallas, December 8, 2003 - The 1394 Trade Association’s Wireless Working Group today announced that the specification for Wireless 1394 applications is functionally complete and ready for a ballot as early as January 2004."
    • Yep, Firewire over wireless.
    • Targeting layer 3, over 802.11n, 802.15.3 or some other UWB PHY.
    End of quote
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I did not read all but has seen one of such articles. I can,t understand all this fuss. If somebody has physical access to ur machine, he can do anything.

    Excuse me but it sounds not so scary. Sorry
     
    Last edited: Mar 12, 2008
  7. dylanfan

    dylanfan Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    187
    ?!?
    I'll try.
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi, sorry i was not directing it to u.:mad:

    I mean to say that if someone can access ur machine physically, he can do anything. Doing it via wireless is really scary. I need to read all articles again. Sorry for that. Seems i made a stupid post myself.:D

    I edited my post.
     
Loading...
Thread Status:
Not open for further replies.