FireWire Hack Also Works With Windows Vista

Recently we reported the release of a tool that can hack into a Windows XP PC without a password using a two-year old authentication bypass technique. Information Week is reporting that it turns out the same method also works on Windows Vista and computers running Linux, Mac OS X and BSD Unix.

Microsoft doesn't consider the bypass technique to be a legitimate security vulnerability. As noted by the company, if a hacker has unrestricted physical access to your computer, it's not your computer anymore.

A couple weeks ago, researchers from Princeton University, the Electronic Frontier Foundation (EFF), and Wind River Systems reaffirmed this when they released details on how encryption keys for disk-based coding systems could be recovered more easily by chilling computer memory chips.  That story was covered here in an article by our own John Lister.

Peter Panholzer of SEC Consult Vulnerability Lab, based in Vienna, Austria, released a paper (PDF) on how his company has demonstrated a proof-of-concept attack on Windows Vista using its own Vista unlock tool. Panholzer doubts Microsoft will address the FireWire authentication bypass since it's the way the protocol is designed. The only way to protect against a FireWire attack is to deactivate all FireWire and PC Card ports in the device manager.

But again, as noted above, if a hacker has physical access to your computer, it's just not your computer anymore.

Visit Bill's Links and More for more great tips, just like this one!