Windows Hacked in Seconds via Firewire

March 9, 2008 – 4:28 PM

A New Zealand security researcher has published a software tool allowing attackers to quickly gain access to Windows systems via a Firewire port.

The tool, which can only be used by attackers with physical access to a system, comes shortly after the publication of research on gaining access to encrypted hard drives via physical access to memory.

Researcher Adam Boileau, a consultant with Immunity, originally demonstrated the access tool at a security conference in 2006, but decided not to release the code any further at the time. Two years later, however, nothing has been done toward fixing the problem, so he decided to go public.

“Yes, this means you can completely own any box whose Firewire port you can plug into in seconds,” said Boileau in a recent blog entry.

An attacker must connect to the machine with a Linux system and a Firewire cable to run the tool.

The tool, called Winlockpwn, allows users to bypass Windows authorization, was originally demonstrated at Ruxcon in 2006 at a talk called “Hit By A Bus: Physical Access Attacks With Firewire”.

At the time, Boileau also demonstrated some of the malicious uses of the tool, but said he wouldn’t be releasing the code for those attacks.

The attack takes advantage of the fact that Firewire can directly read and write to a system’s memory, adding extra speed to data transfer. According to Boileau, because this capability is built into Firewire, Microsoft doesn’t consider the problem a standard bug.

On the other hand, Boileau said he feels PC users need to be more aware of the fact that their systems can be unlocked via Firewire.

“Yes, it’s a feature, not a bug,” Boileau stated. “Microsoft knows this. The OHCI-1394 spec knows this. People with Firewire ports generally don’t.”

Microsoft was not immediately available for comment. In the past the company has downplayed security problems that require physical access.

Firewire has become common on Windows systems in the past few years, and is especially prevalent on laptops.

Researcher Maximillian Dornseif demonstrated a similar exploit on Linux and Mac OS X systems at the CanSec conference in 2005, connecting to those systems via a malicious iPod and Firewire.

According to security researchers, the problem can be remedied by disabling Firewire when not in use.

http://www.pcworld.com/article/id,143236/article.html?tk=nl_dnxnws

From PHP-Nuke to WordPress

March 8, 2008 – 8:11 PM

I just converted most of the site over to WordPress. I did not copy over all 1400+ news articles. That would have taken days. But I did copy over the important stuff this afternoon. So that explains why all the previous posts are all dated today even though the news is probably from a few years ago. But…from this point on, all posts will be current and up-to-date.

Troy

A List of the Keyboard Shortcuts That Are Available in Windows XP

March 8, 2008 – 7:15 PM

Microsoft

The information in this article applies to:

  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional

This article was previously published under Q301583

 

SUMMARY

This article describes the keyboard shortcuts that are available in Windows XP.

Read the rest of this story…

Useful Registry Entries for Windows NT/2000 and Windows 9x/ME

March 8, 2008 – 7:13 PM

The following is a list of registry entries culled from many trawlings on web pages and discussion groups. They will be most useful for NT network administrators.

The entries follow the format found when exporting registry files using RegEDIT. This allows for easy cut & paste into a custom .REG file (Remember to include a “REGEDIT4” header), to be incorporated into a registry at one shot. All entries have been commented out (Is this style of commenting valid in .REG files? Please send feedback), so that only necessary entries can be uncommented and activated.

Using the “/S” switch with REGEDIT suppresses the dialog box which indicates a successful import.

Some entries require specific versions of Service Packs. At a minimum, Service Pack 3 should be installed. Requirements for Service Packs 4 or 5 are stated where necessary.

Many of the entries which are defined for the HKEY_CURRENT_USER hive can be specified in the HKEY_LOCAL_MACHINE hive, to act as the default setting for every user, unless an overriding HKEY_CURRENT_USER key is found for a particular user.

Read the rest of this story…

Malware Analysis for Administrators

March 8, 2008 – 7:12 PM

http://www.securityfocus.com/infocus/1780

 

1. Introduction

The threat of malicious software can easily be considered as the greatest threat to Internet security. Earlier, viruses were, more or less, the only form of malware. Nowadays, the threat has grown to include network-aware worms, trojans, DDoS agents, IRC Controlled bots, spyware, and so on. The infection vectors have also changed and grown and malicious agents now use techniques like email harvesting, browser exploits, operating system vulnerabilities, and P2P networks to spread. A relatively large percentage of the software that a normal internet user encounters in his online journeys is or can be malicious in some kind of way. Most of this malware is stopped by antivirus software, spyware removal tools and other similar tools. However, this protection is not always enough and there are times when a small, benign looking binary sneaks through all levels of protection and compromises user data. There may be many reasons for this breach, such as a user irregularly updating his AV signatures, a failure of AV heuristics, the introduction of new or low-profile malware which has not yet been discovered by AV vendors, and custom coded malware which cannot be detected by antivirus software. Though AV software is continually getting better, a small but very significant percentage of malware escapes the automated screening process and manages to enter and wreak havoc on networks. Unfortunately, this percentage is also growing everyday.

It is essential for users and absolutely essential for administrators to be able to determine if a binary is harmful by examining it manually and without relying on the automated scanning engines. The level of information desired differs according to the user’s needs. For instance, a normal user might only want to know if a binary is malicious or not, while an administrator might want to completely reverse engineer the binary for his purposes.

Read the rest of this story…