Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: Hack into a Windows PC - no password needed - Security - Technology - smh.com.au. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Hack into a Windows PC - no password needed - Security - Technology - smh.com.au
by dc0de at 7:25 pm EST, Mar 4, 2008

But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website.

because Microsoft didn't consider it a "vulnerability"? a COUPLE of YEARS!!!

Come on people, hold your software vendor to a higher standard.


 
RE: Hack into a Windows PC - no password needed - Security - Technology - smh.com.au
by Simon C. Ion at 8:56 pm EST, Mar 4, 2008

dc0de wrote:

But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website.

because Microsoft didn't consider it a "vulnerability"? a COUPLE of YEARS!!!

Come on people, hold your software vendor to a higher standard.

*comments from a noob follow*

If an attacker can read and write to arbitrary locations in physical memory, what's MS to do? Page critical data to disk? And if -as Acidus mentions here- this attack lets you inject arbitrary code into the system, you're totally screwed... Right?


  
RE: Hack into a Windows PC - no password needed - Security - Technology - smh.com.au
by Acidus at 9:18 am EST, Mar 5, 2008

Simon C. Ion wrote:

dc0de wrote:

But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website.

because Microsoft didn't consider it a "vulnerability"? a COUPLE of YEARS!!!

Come on people, hold your software vendor to a higher standard.

*comments from a noob follow*

If an attacker can read and write to arbitrary locations in physical memory, what's MS to do? Page critical data to disk? And if -as Acidus mentions here- this attack lets you inject arbitrary code into the system, you're totally screwed... Right?

Exactly. There really isn't much MS can do about this because it is how Firewire works. What they can do is an education campaign, advising people to disable their Firewire ports on PCs if they aren't used, etc.


 
 
Powered By Industrial Memetics