Windows Hacking Tool Released
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Windows Hacking Tool Released

  1. #1
    Senior Member PacketThirst's Avatar
    Join Date
    Aug 2004
    Posts
    258

    Cool Windows Hacking Tool Released


    Adam Boileau, a security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password. By connecting a Linux machine to a Firewire port on the target machine, the tool can then modify Windows' password protection code and render it ineffective. Boileau said he did not release the tool publicly in 2006 because 'Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn't want to cause any real trouble'. But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website
    http://www.theage.com.au/news/securi...402423638.html

    Sounds wicked ... Hope M$ does something about it atleast now

  2. #2
    Senior Member
    Join Date
    Oct 2007
    Location
    do a whois search on my ip...
    Posts
    268
    re-inventing the wheel...

    there are so many tools to getting around login passwords for windows, it is not even funny! This requires a firewire port too, which makes it a very limited "hack"...

    DreamPackPL, requires a CD drive... and is so easy to use!

  3. #3
    Senior Member PacketThirst's Avatar
    Join Date
    Aug 2004
    Posts
    258
    ArpaNet: If breaking into a windows box is what you have in mind, i agree that there are much better alternatives. But, this is the first (and only?) hack
    affecting the Firewire implementation on windows. Re-inventing the wheel? ... I don't think so.

  4. #4
    @ΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,696
    Yes, it is a huge security vulnerability that requires nothing more than physical access, and a firewire port.

    Useless. Physical access has always defeated security.
    Real security doesn't come with an installer.

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Interesting,

    As I don't use Firewire I wouldn't even have thought about it.

    "If you have a Firewire port, disable it when you aren't using it," Ducklin said.
    "That way, if someone does plug into your port unexpectedly, your side of the Firewire link is dead, so they can't interact with your PC, legitimately or otherwise."
    Makes sense.............. another one to add to the list

    Useless. Physical access has always defeated security.
    True, but there are different levels of physical access. Someone stealing a laptop and having unrestricted access and time is different from a machine on a desk in an open-plan office.

    In the latter case there is a much shorter window of opportunity, and someone might notice if you took out a screwdriver?

  6. #6
    Senior Member
    Join Date
    Oct 2007
    Location
    do a whois search on my ip...
    Posts
    268
    Quote Originally Posted by PacketThirst
    ArpaNet: If breaking into a windows box is what you have in mind, i agree that there are much better alternatives. But, this is the first (and only?) hack
    affecting the Firewire implementation on windows. Re-inventing the wheel? ... I don't think so.

    I don't disagree that this is a one of a kind hack, but the outcome is still the same...

    maybe not re-inventing, just making the wheel bigger and chrome lol.
    If breaking into a windows box is what you have in mind
    Im sorry is there something else that this hack does?

  7. #7
    Senior Member PacketThirst's Avatar
    Join Date
    Aug 2004
    Posts
    258
    Im sorry is there something else that this hack does?
    Its not what the hack does, But what it means to the security community. If you have attacking boxes in mind, this is yet another complicated way to gain unauthorized access. But if defending boxes is your job ( like nihil), this is another aspect that you need to pay close attention to.

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Yes, I was envisaging locking down boxes. You can block the CD/DVD and USB sticks, but would quite possibly forget Firewire.

    It didn't use to be a problem but these days many desktops ship with Firewire ports.

    I was thinking mostly in terms of the enemy within

  9. #9
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Boileau, a consultant with Immunity Inc., said he did not release the tool publicly in 2006 because "Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn't want to cause any real trouble".
    http://kuza55.blogspot.com/2006/10/ruxcon-2006.html

    What I don't understand... Why hasn't this been fixed yet?!?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi SD~

    What I don't understand... Why hasn't this been fixed yet?!?
    I would suggest the following or a combination:

    1. MS don't see it as a problem, and they are not making any serious money out of Firewire as such............... it is not "core" to their products or business.

    2. It is still only a "proof of concept" in that there have been no known and serious incidents involving it.

    3. It is a "physical security" issue rather than a software one. I guess MS take the view that if you supply Firewire, then it is like providing a CD/DVD drive and allowing your users to do what they like with that.

    4. It might be rather difficult to actually fix if it is fundamental to the architecture.

    5. You would need to be reasonably technically aware to be able to pull it off, and have a suitable device? That would imply that you have a rogue employee, which is as much an HR problem as anything else?

    6. It is very specific because it is a physical attack. That means that the bad guy has to know how to do it, know exactly which machine(s) to target, and be able to do it without detection. I suggest that makes the probability extremely low.

    At the moment I am looking at this as just another potential attack vector, although I must say that I am impressed by its ingeniousness

Similar Threads

  1. Using Vim basics
    By gore in forum Other Tutorials Forum
    Replies: 10
    Last Post: March 28th, 2005, 08:38 AM
  2. The history of the Mac line of Operating systems
    By gore in forum Operating Systems
    Replies: 3
    Last Post: March 7th, 2004, 08:02 AM
  3. Windows 2003 Server Vulnerability
    By warl0ck7 in forum Microsoft Security Discussions
    Replies: 7
    Last Post: August 14th, 2003, 01:23 PM
  4. MBSA 1.1 released
    By phishphreek in forum Microsoft Security Discussions
    Replies: 0
    Last Post: December 10th, 2002, 07:25 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •