Windows passwords easily bypassed over Firewire

Nilay Patel
N. Patel|03.04.08

Sponsored Links

Nilay Patel
March 4th, 2008
Windows passwords easily bypassed over Firewire
All of the sudden we're starting to see more and more attacks take advantage of what's stored on your computer's RAM -- the latest, from New Zealand's Adam Boileau, allows an attacker to unlock Windows passwords in a just a few seconds using a Linux machine connected over Firewire. Unlike those disk encryption attacks we saw that required a reboot, Boileu's attack works while the target computer is running, tricking Windows into allowing full write access to RAM and then corrupting the password protection code. That's a little scary -- but other researchers say that it's not a traditional vulnerability, since direct memory access is a feature of Firewire. Still, we're sealing up all of our ports with Silly Putty starting today, that ought to stop 'em.

Update:
Apparently this has been demonstrated on OS X as well -- it looks like Firewire's direct memory access is the common vector here.

[Thanks, Drew]
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget