| |
Hack into a Windows PC - no password needed - Security - Technology - smh.com.au
by dc0de at 7:25 pm EST, Mar 4, 2008 |
But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website.
because Microsoft didn't consider it a "vulnerability"? a COUPLE of YEARS!!! Come on people, hold your software vendor to a higher standard. |
| |
RE: Hack into a Windows PC - no password needed - Security - Technology - smh.com.au
by Simon C. Ion at 8:56 pm EST, Mar 4, 2008 |
dc0de wrote: But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website.
because Microsoft didn't consider it a "vulnerability"? a COUPLE of YEARS!!! Come on people, hold your software vendor to a higher standard.
*comments from a noob follow* If an attacker can read and write to arbitrary locations in physical memory, what's MS to do? Page critical data to disk? And if -as Acidus mentions here- this attack lets you inject arbitrary code into the system, you're totally screwed... Right? |
|
| | |
RE: Hack into a Windows PC - no password needed - Security - Technology - smh.com.au
by Acidus at 9:18 am EST, Mar 5, 2008 |
Simon C. Ion wrote: dc0de wrote: But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website.
because Microsoft didn't consider it a "vulnerability"? a COUPLE of YEARS!!! Come on people, hold your software vendor to a higher standard.
*comments from a noob follow* If an attacker can read and write to arbitrary locations in physical memory, what's MS to do? Page critical data to disk? And if -as Acidus mentions here- this attack lets you inject arbitrary code into the system, you're totally screwed... Right?
Exactly. There really isn't much MS can do about this because it is how Firewire works. What they can do is an education campaign, advising people to disable their Firewire ports on PCs if they aren't used, etc. |
|
|
|
