If your PC has a FireWire port, setting a login password may not be enough to keep others away from your data—at least, not so long as they have access to the physical system. As Australian newspaper The Age reports, New Zealand security consultant Adam Boileau has released a tool on his website that allows one to break into a Windows PC "in seconds" using a Linux system and a simple FireWire connection to the target machine.
Dubbed Winlockpwn, the crack relies on FireWire's direct memory access functionality to read and write the target PC's memory and "modify Windows' password protection code . . . [to] render it ineffective." Boileau demonstrated Winlockpwn for the first time at a security conference two years ago, but he only released it to the public today. He says he got in touch with Microsoft to warn them, but that the software giant still hasn't fixed the hole, since it believes security measures are moot if a malicious user has physical access to a system.
That said, Boileau adds that he's not releasing Winlockpwn in the wild because of Microsoft's unwillingness to release a fix, but because it "just seemed topical with the RAM-freezing thing [cf. Cold Boot Attacks on Encryption Keys (PDF)], and it's a pity to write code and have no one use it." So far, the crack has been demonstrated on Windows XP, but The Age says it doesn't know whether Vista is also affected. There is a simple fix, though. Sophos security researcher Paul Ducklin advises users, "If you have a Firewire port, disable it when you aren't using it."
|1. Ryszard - $603||2. Hdfisise - $600||3. Andrew Lauritzen - $502|
|4. Redocbew - $350||5. the - $306||6. SomeOtherGeek - $300|
|7. chasp_0 - $251||8. Ryu Connor - $250||9. mbutrovich - $250|
|10. aeassa - $175|
|MSI puts mobile Quadros to work in its WS60 and WT72 notebooks||2|
|HP's Envy 32 display blends FreeSync and living-room DNA||10|
|Prepare for the wasteland with Fallout 4's system requirements||48|
|Green means gaming on HP's updated Pavilion notebooks||16|
|Dell brings infinity display to XPS 15 laptop; launches XPS 12 2-in-1||29|
|Amazon redefines the sneakernet with Snowball data courier||34|
|Here be dragons on MSI's GK701 keyboard and DS502 headset||11|
|Soft Machines debuts CPUs and SoCs based on VISC architecture||68|
|Envy 34 curved all-in-one delivers Skylake power in style||31|
|It's almost as if the company held a big event this morning! ;)||+61|