Thwart Windows Authentication through Firewire

March 9, 2008 — secauditor

Adam Boileau (Metlstorm) has released a script (winlockpwn) written in Python, which allows a device running Linux to be connected to the FireWire port of a target workstation running Windows XP to get full read/write memory access and bypass Windows authentication. He demonstrated the tool in 2006, but didn’t release it until a few days ago. And this type of attack is also apparently effective against other OSes such Linux and OS X. And if the device doesn’t have a FireWire port, you’re not necessarily out of luck. If it has a slot for a PCMCIA card, a PCMCIA FireWire card will do the trick. And if you don’t have Linux on your laptop, just run your favorite Linux Live CD distro and grab the winlockpwn code and go.

Read the rest of this entry »

Posted in Auditing, General. Tags: , , , . No Comments »

VMWare Security Crumbling: Not Really

February 26, 2008 — secauditor

This week CoreLabs came out with notification of a vulnerability found with in VMWare’s software. This vulnerability allows an attacker to break out of the Guest Operating System. This vulnerability was found in VMware’s shared folders mechanism. It grants users of a Guest system read and write access to any portion of the Host’s file system including the system folder and other security-sensitive files. The exploitation of this vulnerability allows attackers to break out of a Guest system to compromise the underlying Host system that controls it. To understand what is bad about this you have to see that the Guest system has been considered an isolated system.

Many security experts have utilized a virtual environment for testing malware, security exploits and vulnerabilities for years. I to am one of these. The one issue that I see that is creating a problem in these environments that has never really been an issue revolves around shared folders.

Read the rest of this entry »

Posted in Auditing, General. Tags: , , , . 2 Comments »

Open source takes encrypted volumes to new levels.

February 18, 2008 — secauditor

I am a big proponent of the open source community. As such I am always excited when a good product comes out with something better. This month TrueCrypt has released version 5.0.

TrueCrypt is a software application used for on-the-fly encryption (OTFE). It can create a “file-hosted container” or write a partition which consists of an encrypted volume with its own file system, contained within a regular file, which can then be mounted as if it were a real disk. TrueCrypt also supports device-hosted volumes, which can be created on either an individual partition or an entire disk. With version 5.0 it can now encrypt the Windows boot partition. TrueCrypt is available for Microsoft Windows, Mac OS X, and Linux.
Read the rest of this entry »

Posted in General. Tags: , , , , . No Comments »