Channel Register

* Tool makes mincemeat of Windows passwords

Page:

Duncan Hothersall

@ Morely 

Posted Wednesday 5th March 2008 21:21 GMT

Heart

Curious indeed is the patentor who claims first publication rights in a comments thread which itself contains several instances of prior art. Are you American by any chance?

Steve

@Morely Dotes 

Posted Wednesday 5th March 2008 21:21 GMT

Happy

> first publication rights.

Sorry, see post #20

brian

Everyone seems to forget.... 

Posted Wednesday 5th March 2008 21:21 GMT

Paris Hilton

... that this requires PHYSICAL access to the machine. As always, the first line of defense is to make sure that no one gets access to a sensitive machine. Locked doors are a good preventative.

Paris, because even she could solve this one....

frymaster

Re: Frank Bitterlich's comment, and benefits of this over boot CD approach 

Posted Wednesday 5th March 2008 21:21 GMT

So Frank's comment implies this situation is securable on all platforms? Surprised at least one of them hasn't done it by now than.

All you need to retrieve passwords etc. from a laptop is firewire connected to a linux (prolly, any) system... at least some iPods can run linux and have firewire ports... this would beat the hell out of that boot disc memory reading attack for getting hdd encryption keys out of a locked laptop. Someone leaves the room, you connect up your iPod to the lapop, unplug it from the mains, and scarper with it while it's busy getting all the passwords. Well before the battery runs dead you'll have all you need.

And note that changing the password with a boot CD a) wouldn't give you hdd encryption password, and b) would invalidate any autocomplete password entries someone's got in IE (not sure about FF, but I bet you could get whatever you needed to bypass its encryption also) which makes it easier and faster to exploit anything this guy has access to.

Peter Gathercole

@Dave re pointers 

Posted Wednesday 5th March 2008 21:21 GMT

Boffin

If you can take a dump of the entire memory, then time is not a problem for mining data. Of course you would not be able to break in to the machine in a hurry, but that is only one possibillity.

And I believe that my point still stands. If the Kernel can find the information, then so can another tool specifically written to follow the same evidence trail. Once you know the rules, you can code a analytical tool to apply them. All you need is a device like an EeePC (but with a firewire port) with tools intelligent enough to recognise the OS in question, and apply the relevent rules. A serious hacker will have a toolkit with the rules built in ready and waiting. In in seconds.

My guess is that those people who think it is too hard have never delved under the covers in a real OS to understand how they work. And I know I am being a pedant, but I do not see the difference in this context between 'abstraction' and 'obsfrucation'.

Anonymous Coward

Or just use the OS X install CD 

Posted Wednesday 5th March 2008 21:21 GMT

IT Angle

If I have physical access to the computer, why would I use this exploit to bypass a password when all I need is a Mac OS X install CD? They've had a password tool on every one since at least 10.3.

Patrick

@alphaxion No BSD Kernel in OS X 

Posted Wednesday 5th March 2008 23:30 GMT

Happy

@alphaxion

OS X is *not* based on the BSD microkernel. Everyone needs to get their facts right on this as they keep positng the same old rubbish again and again. OS X is based on a custom microkernel which is closely based upon the MACH micro kernel. The only thing in OS X related to BSD is a complete BSD subsystem layer (all the little BSD utilities and libraries.)

To quote Apple on this:

"This fully-conformant UNIX operating system—built on Mach 3.0 and FreeBSD 5—bundles over a hundred of the most popular Open Source products. You can shell out with bash, tcsh, ksh, and zsh; edit your code with emacs, vim, and nano; and build your projects using gcc, make, and autoconf.

Need something a little higher-level? Run your X11 apps side-by-side with native apps using X11R7 from X.org. Serve your web site with Apache 2.0 and PHP 5. Start scripting with Ruby and Python, and build web applications with the included Ruby on Rails framework. You can even measure your application's performance using DTrace from OpenSolaris."

Anonymous Coward

Why this is a security issue... 

Posted Thursday 6th March 2008 00:00 GMT

@- Everybody who declares that physical security is the solution.

Imagine a call center envrionment. Hundreds of reps, each with the (theoretical) ability to COMMIT MASSIVE FRAUD.

Late at night, during the slow times, only two people are on-shift on a given team (or more, but all except one are party to the deal) The patsy gets up, locks his/her computer, and goes to the bathroom. Perp reaches over, unlocks patsy's workstation, and makes several thousand dollars in 'innapriate adjustments' before locking the workstation again.

Physical security is nice, but trusting people means having a valid audit trail.

Steve

In the spec? 

Posted Thursday 6th March 2008 03:35 GMT

OK, since everybody and their dog is saying this vulnerability is inherent in the 1394 spec, would someone please point me to the part that requires all of a computer's physical memory to be accessible via firewire?

Yes, 1394 specifies a "memory-like" model for (non-isochronous) transactions between nodes, but I don't recall anything that requires any particular mapping between this abstraction and the machine's RAM. This looks to me more like an implementation defect (though perhaps a widespread one).

I could be wrong though, and if so, I'm perfectly ready to be set straight.

Anonymous Coward

Fanboys! Time to take up the struggle! 

Posted Thursday 6th March 2008 04:09 GMT

Gates Horns

Call to all fanboys!

Our leader needs us in the fight against the FOSS "evil-doers".

Mail this letter to your representative to help our leader win the struggle!

Glorious victory will be ours!

To

Mr. Jainder Singh, IAS

Secretary

Department of IT

Ministry of Communications & IT,

Electronics Niketan

CGO Complex

New Delhi - 110 003

Respected Sir

Please write a paragraph about your organization

Please paraphrase "We support OXML as a standard that encourages multiplicity of choice and interoperability giving us the ultimate consumer the choice. * recognizes that multiple standards are good for the economy and also for technical innovation and progress in the country, especially for smaller organizations like us, who require choice and innovation"

Please write about your work

Please paraphrase "*** also supports OXML as this does not have any financial implications thus releasing our resources for welfare and development of society."

Thanking You

Yours Faithfully

Name Designation

wiki.linux-delhi.org/cgi-bin/twiki/view/OpenStandards/MsNgoLobby

Nick

Re: CD boot et al 

Posted Thursday 6th March 2008 12:05 GMT

Trix wrote:

"All you need is a CD or USB disk and BartPE + Sala Password Renew"

Jason Croghan:

"You insert the CD in the drive at boot time "

Both these methods assume that you can boot of a CD/USB and that it hasn't been disabled in a password-locked BIOS.

Yes, I know that you can reset the BIOS but that requires a screwdriver and a little bit of technical skill. And it might be tricky to get to on a laptop.

andy

Dead? 

Posted Thursday 6th March 2008 14:29 GMT

Stop

"I thought firewire was dead now anyway?"

If you use a Mac, chances are its waaay quicker than the USB ports...

FACT!

Waldo

Memo to Jackie Smith from head of I.T. Security 

Posted Friday 7th March 2008 20:08 GMT

Alert

Well Jackie its a good job our new ID card scheme will not be intra/internet accessible. So I guess it will be stored on emm PC's? So now I can focus on how the F### we stop leaks from millions of government pc's

Suggest we sub contract to Phorm..they know how to collect data

Yours obediently

ps application for salary increase enclosed.

Page:

This forum is now closed for new posts.