“A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password,” Asher Moses reports for The Sydney Morning Herald.
“Adam Boileau first demonstrated the hack, which affects Windows XP computers but has not yet been tested with Windows Vista, at a security conference in Sydney in 2006, but Microsoft has yet to develop a fix,” Moses reports.
MacDailyNews Take: Give Microsoft a break; they were very busy at the time artificially plumping Intel’s numbers while covering their own inefficient, bloated code deficiencies by slapping misleading Vista-capable stickers on POS PCs that were exceedingly Vista-incapable.
Moses continues, “Interviewed in ITRadio’s Risky Business podcast, Boileau said the tool, released to the public today, could ‘unlock locked Windows machines or login without a password … merely by plugging in your Firewire cable and running a command.'”
“Boileau, a consultant with Immunity Inc., said he did not release the tool publicly in 2006 because ‘Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn’t want to cause any real trouble,'” Moses reports. “But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website.
Full article here.
wow, the MacDailyNews take is really insightful and completely fanboyish in nature. Can anything on this site be just news without injecting opinions or non-relevant statements?
Stick with reporting, this opinion site is getting crazy. I know Apple obviously spends a lot of Ad dollars here, but its excessive already.
OSX is also vulnerable it appears…
http://www.matasano.com/log/695/windows-remote-memory-access-though-firewire/
This isn’t Fox News. Nobody here is claiming to be “fair and balanced.”
It will probably fall on Apple’s shoulders to fix this. Firewire seems to be slipping to the side for USB2. I prefer Firewire – because it’s better and this won’t help it stay around if left to Microsoft to fix.
@bias:
don’t take this in a mean way, but, “Cram it up your cram-hole!” (Sorry, I just think that’s one of the funniest lines ever written)
We’re all here for the bread and circus and, while we may not be “Apple Fanboys”, we understand the sentiment and feel more than a little bit of schadenfreude when things like this happen to microsoft.
I think every one here has a little Nelson in their head saying, “HA Ha!”
You must be new to the MDN, bias?
MDN’s most significant defining element in the sea of Mac sites out there IS their commentary. Most of us coming here are Mac fans and we always have a chuckle reading the MDN take on the news. If you haven’t noticed, MDN’s content is mainly aggregation of others’ content (with proper attribution and links, of course). The take is about the ONLY original MDN content. Without it, I may as well go to MacMinute, Macintouch, MacNewsNetwork, TheMacObserver… not to mention the magazines MacWorld, Maclife, etc… (there are many more, just don’t come to mind at the moment).
Well… OK- Firewire was better…
FireWire speed degraded under Mac OS X 10.5.2?
http://www.macfixit.com/article.php?story=20080304125007341
Firewire in a Dell?
@bias,
Where are you from? – OF COURSE This a fanboy site! If you don’t care for it then may I invite you to any one of a zillion Windows fanboy sites instead…
Really, get a clue.
@bias,
Don’t let the door hit you in the a$$ on your way out.
On second thought…
Ya kno– If Apple wants to keep the Firewire technology alive they need to continue upgrading and supporting it, and its availability.
Firewire IS the superior technology, but it’s getting the second-bastard-stepchild treatment from Apple as of late.
Apple- get on top of this, fix it QUICKLY and LOUDLY. Then make it Micro$quish’s problem to add the fix to Windoze.
The last thing Firewire needs is this unfixed-(possibly fatal) flaw to hurt FW adoption.
Just my 2¢
John
North Pole AK
Damn. The title made me think that this was a story about Ballmer making bail.
Based on the article is seems everything that uses firewire is vulnerable….
MDN isn’t getting the point.
They must’ve been paid by Microsoft to do this so Microsoft can promote Vista’s security.
“unlock locked Windows machines or login without a password … merely by plugging in your Firewire cable and running a command.”
Sounds like they finally got that Target-Disk-Mode feature… ;D
Took ’em quite a while, didn’t it?
I’m not sure this is really a ‘fixable’ problem, as, from what I’ve read on other tech sites, this problem is a result of the direct memory access ability built into the IEEE 1394 standard.
If it requires direct access to your computer in the first place, the computer is no longer ‘yours’ and you’re probably screwed anyway.
Anyone with local physical access to any machine can crack it. Mac, Windows, Linux, whatever. This is not news.
Ampar….ROFL
when is apple going to update the mini?
The biggest problem is that this isn’t a bug. It’s a feature of Firewire that, among other things, allows speedy transfer of video data to the system for iMovie, etc.
The security risk here is that the first rule of computer security is violated:
“If you let the bad guy touch your computer, it’s not your computer anymore.”
“Based on their first 180 days of availability, Windows Vista has been shown to have fewer vulnerabilities than Windows XP or MacOS X 10.4”
http://www.microsoft.com/windows/products/windowsvista/facts.mspx?wt_svl=10355VH_OS_Vista1&mg_id=10355VHb1#ETC
Except when you do this Firewire tool thing…….
<i>when is apple going to update the mini?</b>
Don’t know and don’t care. I was about to buy a mini, then I figured “If I’m gonna buy a box made with laptop components, I might as well spend a little extra and get a laptop.” So I got a MacBook. Most of the time I use it like I would a mini, with an external keyboard and monitor plugged in. It works fine like that, even with the lid down. But I can yank the plugs and take it mobile. Best of both worlds.
——RM
<< “Anyone with local physical access to any machine can crack it. Mac, Windows, Linux, whatever. This is not news.” >>
<< “If you let the bad guy touch your computer, it’s not your computer anymore.” >>
Absolutely…
This “hack” involves physical access to the target.
You can “compromise” a Mac too just by restarting with the install DVD. This is like the sleep mode “bug”.
This guy’s 15 minutes is up.
You guys seem to be missing the point. OSX is just as vulnerable as windows. Check out the link that Carefull put in. How can you only report half the story? Oh, that’s right, you fanboys put on blinders to hide all the negative you don’t want to see about beleaguered Apple.
“So I got a MacBook. Most of the time I use it like I would a mini, with an external keyboard and monitor plugged in. It works fine like that, even with the lid down. But I can yank the plugs and take it mobile. Best of both worlds.”
Just double checking. You can use the MacBook with the cover closed and a keyboard and monitor plugged in? The unit does not sleep when the cover is closed?
I was looking at getting a mini and using a KV switch at work with the Dell that they make me use. This would be a nicer solution, to be sure.
en