Fushigi
Storage Is My Life
If you haven't heard about it already, there's a threat vector for PCs that have Firewire ports. Basically a device can be connected to a PC and use Firewire's access mechanism to bypass Windows authentication services. As this access is part of the FW spec, I doubt a true fix will be forthcoming.
I suggest disabling Firewire in Device Manager and if possible in the machine's BIOS if you don't use it. Of course the BIOS disable is semi-useless unless you also password-protect your BIOS (side topic - consider enabling your machine's TPM).
Likewise, for laptops, disable the expansion slots - PCMCIA, PCCard, ExpressCard - if not in use. While not a perfect fix it does reduces the threat surface area by making it harder to use a FW expansion card.
I know this isn't possible or practical in all cases but some of you may be like me. I don't use FW for anything and everything I need on my laptop comes either built-in or is added via USB & not expansion cards.
USB appears to not be part of the surface area for the threat as there aren't any FW - USB bridge devices. I could be wrong on that but it is what I've read so far. Some are speculating that USB allows the same unfettered system access but I'm not convinced that's true.
There has also been recent mention of an attack whereby someone with physical access can use liquid nitrogen or other supercooling treatments to sustain RAM contents & allow RAM - including encryption keys - to be read. This would let an attacker read even encrypted disks once they had the key. To be susceptible a machine must have powered RAM (includes most hibernation modes) or be 'frozen' within a few minutes of powering off.
The main suggestion to circumvent is to not let the machine get away from your physical control (duh!). Also, don't use hibernation. Personally, I've never found the whole hibernation/resume function to be more stable or faster than simply power cycling. And I would only power down to move from home to office & back; the network & hardware environments are different enough that a reboot is a good idea.
Have a nice day. :scratch:
I suggest disabling Firewire in Device Manager and if possible in the machine's BIOS if you don't use it. Of course the BIOS disable is semi-useless unless you also password-protect your BIOS (side topic - consider enabling your machine's TPM).
Likewise, for laptops, disable the expansion slots - PCMCIA, PCCard, ExpressCard - if not in use. While not a perfect fix it does reduces the threat surface area by making it harder to use a FW expansion card.
I know this isn't possible or practical in all cases but some of you may be like me. I don't use FW for anything and everything I need on my laptop comes either built-in or is added via USB & not expansion cards.
USB appears to not be part of the surface area for the threat as there aren't any FW - USB bridge devices. I could be wrong on that but it is what I've read so far. Some are speculating that USB allows the same unfettered system access but I'm not convinced that's true.
There has also been recent mention of an attack whereby someone with physical access can use liquid nitrogen or other supercooling treatments to sustain RAM contents & allow RAM - including encryption keys - to be read. This would let an attacker read even encrypted disks once they had the key. To be susceptible a machine must have powered RAM (includes most hibernation modes) or be 'frozen' within a few minutes of powering off.
The main suggestion to circumvent is to not let the machine get away from your physical control (duh!). Also, don't use hibernation. Personally, I've never found the whole hibernation/resume function to be more stable or faster than simply power cycling. And I would only power down to move from home to office & back; the network & hardware environments are different enough that a reboot is a good idea.
Have a nice day. :scratch:
If someone breaks in and attacks me, they can have my computers, ports and all.