[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Firewire Attack on Windows Vista



Tonnerre Lombard wrote:

There is a quite viable technical solution in the form of a patch which
solves most of these problems.

<snip>


				Tonnerre

To what are you referring?

I am aware of only a few defenses against firewire attacks:

1) disable firewire - ideally in the system BIOS, alternately at the OS level; on some sites I've seen firewire header pins snapped off of the motherboard.

2) refuse to enable DMA for a firewire device, also preventing many devices from working properly, e.g. the linux approach

The only approach I am aware of that might be called a 'viable technical solution' was just demonstrated at BlackHat for altering the content of the DMA controller to redirect certain memory accesses. I do not believe this has been turned into anything like a usable tested patch for any major operating system to defend it's privileged kernel memory, and unless API's were created to designate the need for 'secured' memory storage for things like passwords to be stored in these areas that the DMA controller directed away from... I don't think this is yet a viable solution. I think it is the beginning of an idea for one though.

Did you have something else in mind? If so, what is holding back implementation?

-Nathanael