L’home dibuixat

Publicada una eina que permet accedir a una màquina Windows, sense saber-ne la contrasenya, a través del port IEEE-1394 (Firewire). Disponible a la web de l'autor. També hi ha un document explicant el funcionament i un podcast amb el descobridor de la vulnerabilitat.

Jo no l'he provada, però si és certa i funciona es podria tractar d'un dels problemes de seguretat més seriosos de Windows. Això sí, per a ser explotada cal tenir accés directe a la màquina.

Un article que l'explica bastant bé: Hack into a Windows PC — no password needed

Adam Boileau first demonstrated the hack, which affects Windows XP computers but has not yet been tested with Windows Vista, at a security conference in Sydney in 2006, but Microsoft has yet to develop a fix.

Boileau, a consultant with Immunity Inc., said he did not release the tool publicly in 2006 because "Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn't want to cause any real trouble".

But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website.

To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory.

With full access to the memory, the tool can then modify Windows' password protection code, which is stored there, and render it ineffective.

Com l'accés a la web de l'autor és molt lent, deixo una còpia local del document.