On 04/04/15 10:17, Артур Истомин wrote: > On Sat, Apr 04, 2015 at 03:27:05PM +0200, Martin Schröder wrote: >> 2015-04-04 13:08 GMT+02:00 Ðртур ИÑтомин <art.is...@yandex.ru>: >> > https://github.com/carmaa/inception/blob/master/README.md >> > >> > Is OpenBSD susceptible to this attack? I mean not tool themself, >> > I mean vector of attack. >> >> There is no Firewrire support in OpenBSD, so no. > > "The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card > and *any other PCI/PCIe HW interfaces*" > >> Btw: This is old news. > > Yes, but now practical realisation in a wild. So I'm interesting we're > secure against such attack? I see that latest MS Windows and Mas OS X > already patched. I suspect that it is harder for BSD/Linux because of > absence of such close relationship between graphical system and kernel > in Windows/MacOS (their solution is hack. They secure only when loged > out).
so...you want an OS (which is hopelessly dependent upon hw) to protect against malicious hardware? How is that supposed to work? I find spelling DMA out as "DIRECT MEMORY ACCESS" really kinda puts it all in perspective. Hardware with DIRECT ... MEMORY ... ACCESS. If you don't trust that hardware, it is GAME OVER. Ok, yes, some things, people might be surprised to find out have Direct Memory Access, such as Firewire, or Thunderbolt. Things that mom or grandpa is expected to plug in are often considered "trusted". That's wrong. We've known that for quite some time. But nothing new here -- your computer has to be trusted. This is why we have always said you must trust your physical environment. Hardware that can take over the computer and control its operation dates back...well, pretty much to the dawn of computers (i.e., hardware debuggers. If you can REMOVE bug with hardware, you can certainly insert them). In fact, about five seconds after someone says "Firewire has DIRECT MEMORY ACCESS", I think you should say, "oh. baad idea" (those five seconds were spent wondering if there was a use of "DMA" that applies here that you weren't thinking of). Nick.
