The main point is to grab encryption keys from memory where the drive is encrypted - but that has to be while the device is on. I mean, it doesn't really matter if you disable password auth when you have physical access as you can just take the drive out, boot from CD, etc... t > -----Original Message----- > From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx [mailto:full- > disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Larry Seltzer > Sent: Friday, March 07, 2008 11:51 AM > To: Bugtraq; Full Disclosure > Subject: Re: [Full-disclosure] Firewire Attack on Windows Vista > > >>Let's say the computer is off. You can turn it on, but that gets you > to a login screen. What can the Firewire device do? > > OK, I guess I misunderstood the original paper > (http://www.sec- > consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks > .pdf). It now looks to me like they are claiming they can disable > password authentication *even while the system is not logged on* - do I > have that right? > > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blogs.pcmag.com/securitywatch/ > Contributing Editor, PC Magazine > larry.seltzer@xxxxxxxxxxxxxxxxxxxxxxx > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
