Don’t Trust Your Hardware

flash drive

I wasn’t able to see David Maynor’s “You are the Trojan” (pdf) talk at Toorcon, but it’s a really interesting subject. With such a large emphasis being placed on tightening perimeter security with firewalls and IDS systems how do attacks keep getting through? The user: bringing laptops on site, connecting home systems through a VPN, or just sacrificing security for speed.

Peripherals can also be a major threat. USB and other computer components use Direct Memory Access (DMA) to bypass the processor. This allows for high performance data transfers. The CPU is completely oblivious to the DMA activity. There is a lot of trust involved in this situation. Here’s how this could be exploited: Like a diligent individual you’ve locked you Windows session. Someone walks in with their hacked USB key and plugs it into your computer. The USB key uses its DMA to kill the process locking your session. Voila! your terminal is now wide open and all they had to do was plug in their USB key, PSP, iPod

Hack-A-Day Extra

biquad dish

From the comments it sounds like people actually were reading the links posts. Well, the story is: We’re taking Hack-A-Day back to its original purpose, one hack a day. By popular demand though it looks like I’ll be putting up some random links posts from time to time.

If you are getting bored you can check out the Team Hack-A-Day Folding@HOME team forum which now has a memorable web address: The team should be hitting 3 million points this weekend. You could also hang out on our long standing IRC channel: #hackaday on EFnet.

Continue reading “Hack-A-Day Extra”