From our front-page news:
Finally, the first real use for FireWire!
Hacking a Windows password can be difficult if not equipped with proper SAM cracker or brute force application, but how about a hardware-based solution? According to a new article published by The Age, there has been an exploit lingering in Windows XP for a few years that is susceptible to having the password cracked - by, get this - via a FireWire connection.
Now, without getting into the irony that an Apple-invented product can be used to crack a Windows password, this is an interesting exploit. Because of the way FireWire handles read/writes to the computer RAM, connecting another PC to it (non-Windows) via FireWire opens up the ability to access that RAM, and in turn becoming able to circumvent the password protection code, deeming it useless.
The foolish thing is that this exploit has been known for a few years, it's just that Microsoft has decided it was not important enough to fix. So after years of it sitting on his lap, Adam Boileau, the hacker rocker in the picture below, created a tool to help people exploit it. All that's needed is a Unix-derived OS and it should work no problem. You can learn a lot more about the exploit and the tool at Adam's web site.
<table align="center"><tbody><tr><td>
</td></tr></tbody></table>
Paul Ducklin, head of technology for security firm Sophos, said the security hole found by Boileau was not a vulnerability or bug in the traditional sense, because the ability to use the Firewire port to access a computer's memory was actually a feature of Firewire. "If you have a Firewire port, disable it when you aren't using it," Ducklin said.
Source: The Age
Now, without getting into the irony that an Apple-invented product can be used to crack a Windows password, this is an interesting exploit. Because of the way FireWire handles read/writes to the computer RAM, connecting another PC to it (non-Windows) via FireWire opens up the ability to access that RAM, and in turn becoming able to circumvent the password protection code, deeming it useless.
The foolish thing is that this exploit has been known for a few years, it's just that Microsoft has decided it was not important enough to fix. So after years of it sitting on his lap, Adam Boileau, the hacker rocker in the picture below, created a tool to help people exploit it. All that's needed is a Unix-derived OS and it should work no problem. You can learn a lot more about the exploit and the tool at Adam's web site.
<table align="center"><tbody><tr><td>
</td></tr></tbody></table>
Paul Ducklin, head of technology for security firm Sophos, said the security hole found by Boileau was not a vulnerability or bug in the traditional sense, because the ability to use the Firewire port to access a computer's memory was actually a feature of Firewire. "If you have a Firewire port, disable it when you aren't using it," Ducklin said.
Source: The Age
Finally, the first real use for FireWire!
