[clug] A most interesting read, most interesting

Sam Couter sam at couter.id.au
Thu Dec 28 11:37:30 GMT 2006 

Michael Cohen <michael.cohen at netspeed.com.au> wrote:
> even if you can only load signed device
> drivers (which is rediculusly unworkable so I dont think that will even happen)

You're wrong. Linky:

http://www.microsoft.com/whdc/winlogo/drvsign/drvsign.mspx

> you can always read memory directly through the hardware.

64-bit CPUs have IOMMUs.

> What this means in practice is
> that any device attached to the PCI bus can read and write memory directly
> without needing any permission from the CPU - which means that the OS or
> whatever software is actually running on the CPU has no say in at all or can
> actually know that its happening.

64-bit CPUs have IOMMUs, which is why the Protected Media Path (I found
out what it's really called these days) is only offered on 64-bit
versions of Vista. And 32-bit versions won't do "premium content",
whatever that ends up being.

> Adams demonstration was spectacular - he reprogrammed his linux laptop to look
> like a firewire device, and was able to use the firewire bus protocol (which
> seems to allow devices to map DMA regions) to map a windows  host's memory
> space. He then searched through the memory for logon passwords/keys what ever
> and was able to hack the windows logon screen directly (just as a demonstration
> - he could have gotten any keys/passwords or data he wanted).

That's a cool hack. I didn't know Firewire had such capabilities, I
thought physical access to the PCI bus was required. Scary.

> The message was clear - first rule of security, do not allow physical access.
> When you have physcial access you automatically win. This is why DRM can never
> work. It would be funny to see big players spend millions trying and failing
> especially MS. Maybe thats is a good thing....

These people aren't dumb. They know they can't make unbreakable DRM.
They've been told and shown (and burnt) often enough. They just need to
make it difficult and illegal to break, and that is achievable.
-- 
Sam Couter         |  mailto:sam at couter.id.au
                   |  jabber:sam at teknohaus.dyndns.org
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/linux/attachments/20061228/8833b42c/attachment.bin

More information about the linux mailing list