Windows 7 Firewire Attacks - and Defense Techniques

Hello,

In the course of the Windows 7 RTM release, the Security Research Lab would=
 like to share some results on firewire/DMA based hacks and Windows 7, whic=
h is susceptible to such attacks.

While the attack vector itself is already known from previous Windows versi=
ons, we also describe the impact of Firewire-based Windows authentication b=
ypassing on Microsofts full-disk encryption solution BitLocker, the Encryp=
ted File System (EFS) and Windows domains. A comprehensive section on count=
ermeasures on different layers concludes this whitepaper, which can be down=
loaded from:

http://www.securityresearch.at/publications/windows7_firewire_physical_atta=
cks.pdf

Moreover, we have developed a software solution to protect against Firewire=
-based physical security attacks on Windows systems which is discussed in a=
 separate whitepaper:

http://www.securityresearch.at/publications/windows_firewire_blocker.pdf

The software can be downloaded here - use at your own risk:

http://www.securityresearch.at/publications/firewireblocker.zip=20

Kind regards,
Benjamin

--
Dipl.-Ing. Mag. Mag. Benjamin B=F6ck
IS Services & Audit
Security Research Sicherheitsforschung GmbH
Office: Sommerpalais Harrach / Favoritenstr. 16 / 1040 Wien
M: bboeck@securityresearch.at
T: +43 699 14444929
F: +43 1 505 8888
http://www.securityresearch.at

Identifizierung gem=E4=DF =A7 14 UGB:
Firmenname: Security Research Sicherheitsforschung GmbH
Firmensitz: Favoritenstra=DFe 16 / 1040 Wien
Firmenbuchnummer: FN271386 y
Firmenbuchgericht: Handelsgericht Wien