Firewire Port Security Vulnerability
A number of sites have been reporting on security vulnerabilities that are based around interface bypass methodologies. The latest reported vulnerability is one where hackers can connect a Linux-based computer to a Firewire port on a target machine. The machine is then tricked into allowing the attacking computer to have read and write access of its memory. This is done via a software tool developed by a New Zealand based security consultant called Adam Boileau. The tool allows the hacker to modify Windows' password protection code, which is stored in memory, and subsequently rendering it ineffective.
The tool was developed in 2006 but Adam only recently released the software because Microsoft haven't done anything to rectify the situation on their end. Oh and just one more thing ... you Mac OS fans out there wipe that smug look off your faces ... this isn't a Windows only problem. The same security hole exists in the Mac OS as well. A simple solution appears to be, to disable the Firewire (1394) port when you're not using it.
The tool was developed in 2006 but Adam only recently released the software because Microsoft haven't done anything to rectify the situation on their end. Oh and just one more thing ... you Mac OS fans out there wipe that smug look off your faces ... this isn't a Windows only problem. The same security hole exists in the Mac OS as well. A simple solution appears to be, to disable the Firewire (1394) port when you're not using it.
Labels: Firewire Vulnerability, Security Exploit
posted by Mario Georgiou @ 3:23 PM
<< Home