C|Net: New Hacking Tool Sees the Light
Results 1 to 7 of 7

Thread: C|Net: New Hacking Tool Sees the Light

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    C|Net: New Hacking Tool Sees the Light

    This was interesting to read. Needless to say, this just proves that nothing is 100% secure.

    http://news.com.com/2100-1009_3-1001406.html?tag=fd_top

    A Princeton University student has shed light on security flaws in Java and .Net virtual machines using a lamp, some known properties of computer memory and a little luck.

    An attack requires physical access to the computer, so the technique poses little threat to virtual machines running on PCs and servers. But it could be used to steal data from smart cards, said Sudhakar Govindavajhala, a computer-science graduate student at Princeton who demonstrated the procedure Tuesday.

    "There are smart cards that use Java that you could shine a light on, flip a bit and get access to the card's data," he said. Govindavajhala presented the paper at the Institute of Electrical and Electronic Engineers (IEEE) Symposium on Security and Privacy here.


    The technique relies on the ability of energy to "flip bits" in memory. While cosmic rays can very occasionally cause a random bit in memory to change value, from 0 to 1 or from 1 to 0, Govindavajhala decided not to wait. He used a lamp to heat up the chips inside a computer and cause one or more bits of memory to change.

    By doing so, the researcher broke the security model that virtual machine's rely on--that the computer faithfully executes its instruction set.
    You can read the full article at the link I provided above.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    AO Antique pwaring's Avatar
    Join Date
    Aug 2001
    Posts
    1,409
    Saw this linked to on Windows OS as well, although the fact that you need physical access does dampen the security implications a bit.
    Paul Waring - Web site design and development.

  3. #3
    you would think someone would never think of something like that. But thanx for the heads up.

  4. #4
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    Well, the guy had physical acess to begin with, so the game was pretty much over before the coin was flipped. : (


    --PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  5. #5
    Member
    Join Date
    Mar 2003
    Posts
    46
    Many Inf. security consultant's think that the security of theyre information lies on the streng of the firewall or passwords and so, but doesn't care about the phisical access to an autorized work station.

    Thanks for the tread. xDrack.

  6. #6
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    Originally posted here by XDrack
    Many Inf. security consultant's think that the security of theyre information lies on the streng of the firewall or passwords and so, but doesn't care about the phisical access to an autorized work station.

    Thanks for the tread. xDrack.
    The assumption is that once they have physical access its to late to stop them from compromising your system. Many companies (mine included) use thugs with guns as a deterrent to this type of security exploit. If someone where to try and shine a lamp on a smart card/system to pull off this trick (hell if someone outside of help desk where to open up a computer case without prior authorization) the speed at which security swoops down on them and ruffs them up will make your head spin...then we turn them over to the police for corporate espionage.

    This type of exploite is neat in the theroretical.

  7. #7
    AO Part Timer
    Join Date
    Feb 2003
    Posts
    332
    This is just another strong example of, where there is a will there will be a way, discovered or undiscovered. A way will come. You can build your networks as big and as strong, as you think they need to be. You can add as many copy protections to your cds and dvd's as you want. You can imprison me for "out smart you". But there is one thing you will never overcome. Human error. Everything you have is exploitable via human error. It doesn't matter if you misconfigure your wall, or the programmer overlooked a major flaw. Prime example. Anybody out there know what this file is? UPLDDRVINFO.HTML It is perfect example of my point. In my opinion it was one of the largest security flaws ever released by Microsoft. If you think this means you should deface that page you don't like to be 1337, or not to pay 30$ for that DVD, then you missed my point. You will never understand what this place is, you should unhook and never comeback.
    Your heart was talking, not your mind.
    -Tiger Shark

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides