Friday, December 20, 2013

Why Microsoft should not turn off DMA on firewire in lock screen mode

There is a tool out there called Inception, which via a vulnerability in the way FireWire works, will let anyone log in as any user on your machine without a password on Windows (XP,Vista,7,8). You can read more about the vulnerability on the Inception site.

Pro Tip: If you’re not using firewire on your Windows laptop, remove the drivers! If not most machines can hotplug a firewire device and you have lost.

So why shouldn’t Microsoft do as Apple did with OSX for this issue? Because then I wouldn’t have won fame and liquid rewards.

The story goes; Once upon a time Mikael was hired by a consultancy to help out with a project. Next to his desk stood a laptop called HackMe, which invited employees of the company to hack in, retrieve a snippet of text from a file on the desktop, send this to the security manager, and claim fame.

image

imageMikael was told the machine had been left alone for a long time, all employees given up on this hard challenge a long time ago.

Never one to give up an opportunity to shine, let alone fame, glory, wine and champagne, Mikael decided to give it a go. The next day he brought with him an old laptop, a firewire cable, and Ubuntu on a USB stick with Inception. Mikael hooked up the gear, went to brew a cup of coffee, retrieved the password and won it all Smile

image

(Me on the left, security manager on the right – who was pleased someone hacked it, but not that it required an external SharePoint consultant Winking smile)