Date: Mon, 09 Jan 2012 00:11:24 -0500 (EST) From: Kurt Seifried <kseifrie@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: Malicious devices & vulnerabilties Firewire has DMA. http://cansecwest.com/core05/2005-firewire-cansecwest.swf eSATA - also does DMA. Thunderbolt also does DMA. In other words a lot of the newer/higher end interfaces all do DMA which is ... a problem. -Kurt ----- Original Message ----- From: "Xi Wang" <xi.wang@...il.com> To: oss-security@...ts.openwall.com Sent: Sunday, January 8, 2012 1:13:37 PM Subject: Re: [oss-security] Malicious devices & vulnerabilties On Jan 8, 2012, at 6:19 AM, Florian Weimer wrote: > I think they should be considered vulnerable. Some applications need > some robustness to attacks even from the local console (e.g., student > computer rooms). Thanks for bringing that up. Student computer rooms are a nice example, and a good old memory. ;-) > USB is also a popular transport in many air-gapped environments. What else might be on this "untrusted" device list? Firewire? I guess those in the PC box don't count. - xi
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ