[mdlug] [mdlug-admin] IEEE 1394a
Jeff Hanson
jhansonxi at gmail.com
Tue Jul 29 14:14:51 EDT 2008
On Tue, Jul 29, 2008 at 2:00 PM, Aaron Kulkis <akulkis03 at gmail.com> wrote:
> If you can debug a crashed system through an IEEE1394 port, then it
> is a tremendously huge, unobstructed back door -- virtual memory
> or not. The memory mapping makes things only slightly more
> difficult -- problem is, kernel space doesn't get swapped out,
> and therefore, stays in predictable regions of memory -- and that
> is the most useful point of attack against any system.
In order for the firewire connection to be exploited an attacker needs
access to the system to connect the device. If they have that level
of access then they can just take the system with them for extensive
off-site analysis, backdoor or no backdoor.
Disabling firewire doesn't prevent the dozens of other attack vectors
from being used like patching a keylogger into the BIOS or a hardware
monitor attached to the keyboard controller, monitoring the running
system via the CPU debug port (which is present on most motherboards
and just needs a connector added), or Van Eck phreaking.
The Amish have the best technological security practices - avoiding technology.
More information about the mdlug
mailing list