Feature or Flaw?

By davidjsh at 1:51 pm on March 13, 2008Comments Off on Feature or Flaw?

According to an article found at Dark Reading, Adam Boileau from Immunity Inc, has decided after two years to make publicly available his tool Winlockpwn that “lets an attacker take over a ‘locked’ Windows machine without even stealing its password” via the Firewire port. This exploit is not exactly new news since similar tactics have been demonstrated in the past against both Linux and OS X, but it now adds Windows to the list of operating systems vulnerable via a Firewire feature that allows devices connected to the Firewire port to read and write memory. According to SEC Consult, even Vista is not immune to an attack via Firewire. Unfortunately, there is not really an easy fix for this as it is a security flaw in the way Firewire was designed and not a bug in the implementation. However, hopefully this flaw will serve as a constant reminder to developers that security must be an integral part of the design process and not tacked on at the end as an afterthought.

Filed under: Current Events,MiscellaneousComments Off on Feature or Flaw?

Comments are closed.