Firewire burns a hole through locked workstations

The Register, among others, reported the release of a tool that allows easy access to a locked workstation. The caveat is that it requires physical access to the Windows computer and is executed by connecting a Linux device to a Windows computer via firewire. The vulnerability has been documented since 2006, but only recently was a tool released to simplify the exploit. As El Reg notes, one wouldn’t think this would be that difficult to repair, but Microsoft has yet to address it. We can argue semantics over whether firewire or the Microsoft implementation of firewire is at fault, but that doesn’t do much for resolving the issue. Due to the need for physical access, I can’t deem this a critical vulnerability, but physical computer security is often as neglected as electronic computer security so it’s still worthy of note.

Leave a Reply