FireWire Hack Also Works With Windows Vista
Recently we reported the release of a tool that can hack into a Windows XP PC without a password using a two-year old authentication bypass technique. Information Week is reporting that it turns out the same method also works on Windows Vista and computers running Linux, Mac OS X and BSD Unix.
Microsoft doesn't consider the bypass technique to be a legitimate security vulnerability. As noted by the company, if a hacker has unrestricted physical access to your computer, it's not your computer anymore.
A couple weeks ago, researchers from Princeton University, the Electronic Frontier Foundation (EFF), and Wind River Systems reaffirmed this when they released details on how encryption keys for disk-based coding systems could be recovered more easily by chilling computer memory chips. That story was covered here in an article by our own John Lister.
Peter Panholzer of SEC Consult Vulnerability Lab, based in Vienna, Austria, released a paper (PDF) on how his company has demonstrated a proof-of-concept attack on Windows Vista using its own Vista unlock tool. Panholzer doubts Microsoft will address the FireWire authentication bypass since it's the way the protocol is designed. The only way to protect against a FireWire attack is to deactivate all FireWire and PC Card ports in the device manager.
But again, as noted above, if a hacker has physical access to your computer, it's just not your computer anymore.
Visit Bill's Links and More for more great tips, just like this one!
Free eBook: PC Maintenance Handbook - 2nd Edition. With the PC Maintenance Handbook, you'll learn how to improve your PC's performance, speed, and reliability. This guide is designed to help you find ways to maintain your Windows PC and ensure it remains clean and speedy throughout its life. PC maintenance doesn't have to be difficult, and this guide makes it easy to understand. Click here to download this eBook now! Note: this eBook is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.