Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
Bugtraq in Japanese
Back to list
|
Post reply
Firewire/IEEE1394ã«ç?©ç?ç??ã?»ã?ã?¥ã?ªã??ã?£ä¾µå®³ã«ã¤ãªã?ã??è??å¼±æ?§
Oct 21 2004 02:16AM
Dragos Ruiu (dr kyx net)
Firewire/IEEE1394ã«ç?©ç?ç??ã?»ã?ã?¥ã?ªã??ã?£ä¾µå®³ã«ã¤ãªã?ã??è??å
¼±æ?§
Firewire/IEEE 1394 Considered Harmful to Physical Security
Advisory URL: http://pacsec.jp/advisories.html
æ¦?è¦ï¼?
ã??IEEE1394è¦æ ¼(é??称Firewire)ã??使ã?ã¨ã?ã?¯ã?©ã?¤ã?¢ã?³ã??æ©?å?¨
ã?OSã«ã??ã??å?¶é?ã??æ?¦ã??æ??ã?ã¦ã?ã??ã?¹ã??ã®ã?¡ã?¢ã?ªã«ç?´æ?¥ã
?¢ã?¯ã?»ã?¹ã§ãã??ã??ã?ã«ãªã??ã??ã?ã??ã??æ?ª
ç?¨ã?ã??ã¨ã?ã?¯ã?©ã?¤ã?¢ã?³ã??æ©?å?¨ã??ç?¨ã?ã¦ã?ã??ã?¹ã??ã«ä¿å?
ã?ã??ã?æ©?å¯?æ??å ±ã??èªã¿å?ºã?ã¦å¤?æ?´ã?ã?権é?æ??æ ¼ã?æ??å ±
æ¼ã?ã?ã?ã?·ã?¹ã??ã? ã®ä¸æ£ä½¿ç?¨ãªã©ã??å®?è¡?ã§ãã??ã??å®?å?¨
ã§ãªã?å ´æ??
ã«ã?ã??ã?æ©?å¯?æ??å ±ã?ä¿å?ã?ã??ã?ã?·ã?¹ã??ã? ã?ç?¹ã«ä¸?è?¬ã?
ã??ã®ã?¢ã?¯ã?»ã?¹ã?å¯è?½ãªã?·ã?¹ã??ã? ã«ã?Firewireã?ã?¼ã??ã?è¨ç
½®ã?ã??ã¦ã?ã??å ´å?ã¯ã?ã?·ã?¹ã??ã? ã®ã?»ã?ã?¥ã?ªã??ã?£ã??ä»?ä¸?
度è©?価ã?ã¦ã?ç?©ç?ç??ãªã?»ã?ã?¥ã?ªã??ã?£æ?ªç½®ã®è¿½å? ã??æ¤?è¨?
ã?ã??å¿?è¦ã?ã?ã??ã??Firewireã?ã?¼ã??ã¯ã?Sony製å?ã®ä¸?é?¨ã§ã¯
ã??iLinkã?ã¨å?¼ã°ã??ã??ã?ã¨ã??ã?ã??ã??
詳細�
ã??RWTH Aachenå·¥ç§?大å¦ã®é«?ä¿¡é ¼æ?§å??æ?£å??ã?·ã?¹ã??ã? ç ?究室ã«æ??å±?
ã?ã??Maximilian Dornseifæ°ã¯ã?11æ??12æ?¥ã«æ±äº¬ã§é??å?¬ã?ã??ã??ã??
PacSec.jpã?ã?«ã?³ã??ã?¡ã?¬ã?³ã?¹ã§è¡?ã?äº?å®?ã®ã??Owned by an iPodã?ã¨é¡?ã?ã?ç ?究ç?ºè¡¨ã®ä¸ã§ã?ã??ã?¼ã??ã??ã??ã?¹ã?¯ã??ã??ã?
?ã?ã?ã??ã³ä¸?é?¨ã®ã?µã?¼ã?ã??ã?·ã?³ã«
åº?ãæè¼?ã?ã??ã¦ã?ã??IEEE1394ã?¤ã?³ã?¿ã?¼ã??ã?§ã?¼ã?¹ã«é?¢é?£ã?ã
?æ?°ã?ã?ã??ã?¯ã??ã??ã?¯ã??ã?ãã¤ã?æ?«é?²ã?ã??äº?å®?ã§ã?ã??ã??
ã??ã?ã??ã??ã®ã??ã?¯ã??ã??ã?¯ã¯ã?æ?ªè³ªãªç?¨é??ã?ã??ã³æ??ç??ãªç?¨
é??ã®ä¸¡é¢ã«å¿?ç?¨ã?å¯è?½ã§ã?ã??ã??æ??ç??ãªç?¨é??ã«ã¯ã?ã?·ã?¹
ã??ã? ã??ã?©ã?¬ã?³ã?¸ã??ã?¯ã??å¤?é?¨ã??ã?ã??ã?°ãªã©ã®å??é??ã¸ã®å¿?
ç?¨ã?ã?ã??ã??ã
ã?ã?æ?ªè³ªãªç?¨é??ã«æ?ªç?¨ã?ã??ã¨ã?ã?·ã?¹ã??ã? ã®firewireã?ã?¼ã
??ã«ç?©ç?ç??ã«ã?¢ã?¯ã?»ã?¹å¯è?½ã§ã?ã??ã°ã?é?»æºã®å?¥ã??ç?´ã?ã
??å?èµ·å??ãªã©ã??è¡?ã?ãªãã¦ã??ã?ã?·ã?¹ã??ã? é?ç?¨ã??ä¸æ£ã«
å¤?æ?´ã?ã?ã?»ã?ã?¥ã?ªã??ã?£ã??侵害ã§ãã??å¯è?½æ?§ã?ã?ã??ã??
ã??ã?ªã?»ã??ã??ã??é?»æºã®ã?¹ã?¤ã??ã?ã??æ?ä½?ã§ããªã?ã??ã?ã«ã?
ã??ç?©ç?ç??ãªå?¶é?æ?ªç½®ã??ã?å?èµ·å??ãªã©ã®æ??é ?ã??ç?¨ã?ã?ã?·
ã?¹ã??ã? ã®ä¸æ£ä½¿ç?¨ã??å?¶é?ã?ã??ã?ã?ã®ãã®ä»?ã®å¯¾ç?ã«ä¾
å?ã?ã¦ãã?ã?·
ã?¹ã??ã? ã¯ã?ã?»ã?ã?¥ã?ªã??ã?£ã??å?æ¤?è¨?ã?ã??å¿?è¦ã?ã?ã??ã??
ã??å¾?æ¥ã??ã??ã?ã?³ã?³ã??ã?¥ã?¼ã?¿ã«ç?©ç?ç??ã«ã?¢ã?¯ã?»ã?¹å¯è?½ã§
ã?ã??ã?ã¨ã¯ã?ã?ã¦ã?ã®å ´å?ã?ä¸æ£ä½¿ç?¨ã?å¯è?½ãªã?ã¨ã??
æ?å?³ã?ã??ã??ã ã?ã?ã®æ?°ã?ã?ã??ã?¯ã??ã??ã?¯ã??使ã?ã¨ã?ç?¹æ®?
ãªã?½ã??ã??ã?¦ã?§
ã?¢ã??ç?¨ã?ã¦æ?ªæ?ã®ã?ã??Firewire/1394ã?¯ã?©ã?¤ã?¢ã?³ã??æ©?å?¨ã«æ?
¥ç¶?ã?ã??ã ã?ã§ã?ã?¿ã?¼ã?²ã??ã??ã??ä¸æ£ã«æ?¹ã?ã??ã§ãã??ã??ç?
©ç?ç??ã?¢ã?¯ã?»ã?¹ã¨
Firewire/1394ã?¤ã?³ã?¿ã?¼ã??ã?§ã?¼ã?¹ã¨ã??çµ?ã¿å?ã?ã?ã¦ä½¿ã?ã??å
´å?ã¯ã?ã?ã??ã«å®¹æ??ã«ã?»ã?ã?¥ã?ªã??ã?£ã??侵害ã§ãã??ã??ã?ã
«ãªã??ã??
ã??å¿?è¦ã«å¿?ã?ã¦ã?ã?»ã?ã?¥ã?ªã??ã?£ã?ã?ªã?·ã?¼ã??æ??é ?ã??å?è©?
価ã?ã?ã?ã®æ?°ã?ã?æ??å ±ã«ã¤ã?ã¦æ¤?è¨?ã?ã¹ãã§ã?ã??ã??
å½±é?¿ã??å?ã?ã??ã?·ã?¹ã??ã? ï¼?
ã??IEEE1394ã?¤ã?³ã?¿ã?¼ã??ã?§ã?¼ã?¹ã??æè¼?ã?ã?ã?ã¹ã¦ã®OSã?ã??ã
³ã??ã?ã?»ã??ã?µã??ã?©ã??ã??ã??ã?©ã?¼ã? ã??ã¾ã?å ´å?ã«ã??ã£ã¦ã¯ã?
å?é¡?ã®OSã?1394ã?¤ã?³ã?¿ã?¼ã??ã?§ã?¼ã?¹ã??ã?µã?ã?¼ã??
ã?ã¦ã?ãªã?å ´å?ã§ã??ã?ã?ã?¼ã??ã?¦ã?§ã?¢ã«é?»æºã?å?¥ã£ã¦ã?
ã??ã°ã?ä¸æ£ä½¿ç?¨ã?å¯è?½ãªå ´å?ã??ã?ã??ã??
対ç?ï¼?
ã??ä¿¡é ¼ã§ããªã?/èªè¨¼ã?ã??ã¦ã?ãªã?ç?©ç?ç??ã?¢ã?¯ã?»ã?¹ã??å¿
?è¦ã¨ã?ã?ãªã?ã?ã¤å?¶é?ã??è¨ã?ã?é?ç?¨ã??è¡?ã?å¿?è¦ã?ã?ã?
?ã?·ã?¹ã??ã? ã§ã¯ã?å¤?ã?±ã?¼ã?¹ã®firewireã?¸ã?£ã??ã?¯ã«æ?¥ç¶?ã?ã¦
ã?ã??ã?¯ã?¤ã?¤ã??ã??ã??ã??å?ã??å¤?ã?ã?ã¨ã?é?¨å??ç??ãªå??é¿ç?ã«
ãªã??å ´å?ã??ã?ã??ã??
ã??ã?©ã??ã??ã??ã??ã??ã§ã¯ã?æ©?è?½ã?失ã?ã??ã¦ã??æ§?ã?ãªã?ã®ãª
ã??ã?ã?¨ã?ã?ã?·æ¨¹è??ã??使ã£ã¦å¤?é?¨ã?¸ã?£ã??ã?¯ã??æ°¸ä¹?ã«ä½¿ç?¨
ä¸å¯è?½ã«ã§ãã??ã??
ã??第ä¸?ã®äº?é?²ç?ã¨ã?ã¦ã?æ©?å¯?æ??å ±ã??ä¿å?ã?ã?ã?³ã?³ã??ã?¥
ã?¼ã?¿ã«æ?ªç?¥ã®/ä¿¡é ¼ã§ããªã?firewireã??ã?ã?¤ã?¹ã??æ?¥ç¶?ã?ãª
ã?ã??ã?ã?å¾?æ¥å?¡ã«è¦å??ã??ç?ºã?ã¦ã?ãå¿?è¦ã?ã?ã??ã??
ã??ã?ã®æ©?è?½ã¯ã?ã?ã?¼ã??ã?¦ã?§ã?¢ã?¬ã??ã?«ã®ä»?æ§?ã??ã?ã??ã??ã?»
ã??ã??ã«çµ?ã¿è¾¼ã¾ã??ã¦ã?ã??ã®ã§ã?ã?½ã??ã??ã?¦ã?§ã?¢ã«ã??ã??ä¿®
æ£ã«é?¢ã?ã¦ã¯ã?ã?ã¾ã æ¤?è¨?ä¸ã®æ®µé??ã«ã?ã??ã??ä»?å??ã®ç?º
表ã§ã¯ã?ã?ã®
å?é¡?ã??è°è«?ã?ã??ã??äº?å®?ã§ã?ã??ã??ã??
--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, Japan Nov 11-12 2004 http://pacsec.jp
pgpkey http://dragos.com/ kyxpgp
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
¼±æ?§
Firewire/IEEE 1394 Considered Harmful to Physical Security
Advisory URL: http://pacsec.jp/advisories.html
æ¦?è¦ï¼?
ã??IEEE1394è¦æ ¼(é??称Firewire)ã??使ã?ã¨ã?ã?¯ã?©ã?¤ã?¢ã?³ã??æ©?å?¨
ã?OSã«ã??ã??å?¶é?ã??æ?¦ã??æ??ã?ã¦ã?ã??ã?¹ã??ã®ã?¡ã?¢ã?ªã«ç?´æ?¥ã
?¢ã?¯ã?»ã?¹ã§ãã??ã??ã?ã«ãªã??ã??ã?ã??ã??æ?ª
ç?¨ã?ã??ã¨ã?ã?¯ã?©ã?¤ã?¢ã?³ã??æ©?å?¨ã??ç?¨ã?ã¦ã?ã??ã?¹ã??ã«ä¿å?
ã?ã??ã?æ©?å¯?æ??å ±ã??èªã¿å?ºã?ã¦å¤?æ?´ã?ã?権é?æ??æ ¼ã?æ??å ±
æ¼ã?ã?ã?ã?·ã?¹ã??ã? ã®ä¸æ£ä½¿ç?¨ãªã©ã??å®?è¡?ã§ãã??ã??å®?å?¨
ã§ãªã?å ´æ??
ã«ã?ã??ã?æ©?å¯?æ??å ±ã?ä¿å?ã?ã??ã?ã?·ã?¹ã??ã? ã?ç?¹ã«ä¸?è?¬ã?
ã??ã®ã?¢ã?¯ã?»ã?¹ã?å¯è?½ãªã?·ã?¹ã??ã? ã«ã?Firewireã?ã?¼ã??ã?è¨ç
½®ã?ã??ã¦ã?ã??å ´å?ã¯ã?ã?·ã?¹ã??ã? ã®ã?»ã?ã?¥ã?ªã??ã?£ã??ä»?ä¸?
度è©?価ã?ã¦ã?ç?©ç?ç??ãªã?»ã?ã?¥ã?ªã??ã?£æ?ªç½®ã®è¿½å? ã??æ¤?è¨?
ã?ã??å¿?è¦ã?ã?ã??ã??Firewireã?ã?¼ã??ã¯ã?Sony製å?ã®ä¸?é?¨ã§ã¯
ã??iLinkã?ã¨å?¼ã°ã??ã??ã?ã¨ã??ã?ã??ã??
詳細�
ã??RWTH Aachenå·¥ç§?大å¦ã®é«?ä¿¡é ¼æ?§å??æ?£å??ã?·ã?¹ã??ã? ç ?究室ã«æ??å±?
ã?ã??Maximilian Dornseifæ°ã¯ã?11æ??12æ?¥ã«æ±äº¬ã§é??å?¬ã?ã??ã??ã??
PacSec.jpã?ã?«ã?³ã??ã?¡ã?¬ã?³ã?¹ã§è¡?ã?äº?å®?ã®ã??Owned by an iPodã?ã¨é¡?ã?ã?ç ?究ç?ºè¡¨ã®ä¸ã§ã?ã??ã?¼ã??ã??ã??ã?¹ã?¯ã??ã??ã?
?ã?ã?ã??ã³ä¸?é?¨ã®ã?µã?¼ã?ã??ã?·ã?³ã«
åº?ãæè¼?ã?ã??ã¦ã?ã??IEEE1394ã?¤ã?³ã?¿ã?¼ã??ã?§ã?¼ã?¹ã«é?¢é?£ã?ã
?æ?°ã?ã?ã??ã?¯ã??ã??ã?¯ã??ã?ãã¤ã?æ?«é?²ã?ã??äº?å®?ã§ã?ã??ã??
ã??ã?ã??ã??ã®ã??ã?¯ã??ã??ã?¯ã¯ã?æ?ªè³ªãªç?¨é??ã?ã??ã³æ??ç??ãªç?¨
é??ã®ä¸¡é¢ã«å¿?ç?¨ã?å¯è?½ã§ã?ã??ã??æ??ç??ãªç?¨é??ã«ã¯ã?ã?·ã?¹
ã??ã? ã??ã?©ã?¬ã?³ã?¸ã??ã?¯ã??å¤?é?¨ã??ã?ã??ã?°ãªã©ã®å??é??ã¸ã®å¿?
ç?¨ã?ã?ã??ã??ã
ã?ã?æ?ªè³ªãªç?¨é??ã«æ?ªç?¨ã?ã??ã¨ã?ã?·ã?¹ã??ã? ã®firewireã?ã?¼ã
??ã«ç?©ç?ç??ã«ã?¢ã?¯ã?»ã?¹å¯è?½ã§ã?ã??ã°ã?é?»æºã®å?¥ã??ç?´ã?ã
??å?èµ·å??ãªã©ã??è¡?ã?ãªãã¦ã??ã?ã?·ã?¹ã??ã? é?ç?¨ã??ä¸æ£ã«
å¤?æ?´ã?ã?ã?»ã?ã?¥ã?ªã??ã?£ã??侵害ã§ãã??å¯è?½æ?§ã?ã?ã??ã??
ã??ã?ªã?»ã??ã??ã??é?»æºã®ã?¹ã?¤ã??ã?ã??æ?ä½?ã§ããªã?ã??ã?ã«ã?
ã??ç?©ç?ç??ãªå?¶é?æ?ªç½®ã??ã?å?èµ·å??ãªã©ã®æ??é ?ã??ç?¨ã?ã?ã?·
ã?¹ã??ã? ã®ä¸æ£ä½¿ç?¨ã??å?¶é?ã?ã??ã?ã?ã®ãã®ä»?ã®å¯¾ç?ã«ä¾
å?ã?ã¦ãã?ã?·
ã?¹ã??ã? ã¯ã?ã?»ã?ã?¥ã?ªã??ã?£ã??å?æ¤?è¨?ã?ã??å¿?è¦ã?ã?ã??ã??
ã??å¾?æ¥ã??ã??ã?ã?³ã?³ã??ã?¥ã?¼ã?¿ã«ç?©ç?ç??ã«ã?¢ã?¯ã?»ã?¹å¯è?½ã§
ã?ã??ã?ã¨ã¯ã?ã?ã¦ã?ã®å ´å?ã?ä¸æ£ä½¿ç?¨ã?å¯è?½ãªã?ã¨ã??
æ?å?³ã?ã??ã??ã ã?ã?ã®æ?°ã?ã?ã??ã?¯ã??ã??ã?¯ã??使ã?ã¨ã?ç?¹æ®?
ãªã?½ã??ã??ã?¦ã?§
ã?¢ã??ç?¨ã?ã¦æ?ªæ?ã®ã?ã??Firewire/1394ã?¯ã?©ã?¤ã?¢ã?³ã??æ©?å?¨ã«æ?
¥ç¶?ã?ã??ã ã?ã§ã?ã?¿ã?¼ã?²ã??ã??ã??ä¸æ£ã«æ?¹ã?ã??ã§ãã??ã??ç?
©ç?ç??ã?¢ã?¯ã?»ã?¹ã¨
Firewire/1394ã?¤ã?³ã?¿ã?¼ã??ã?§ã?¼ã?¹ã¨ã??çµ?ã¿å?ã?ã?ã¦ä½¿ã?ã??å
´å?ã¯ã?ã?ã??ã«å®¹æ??ã«ã?»ã?ã?¥ã?ªã??ã?£ã??侵害ã§ãã??ã??ã?ã
«ãªã??ã??
ã??å¿?è¦ã«å¿?ã?ã¦ã?ã?»ã?ã?¥ã?ªã??ã?£ã?ã?ªã?·ã?¼ã??æ??é ?ã??å?è©?
価ã?ã?ã?ã®æ?°ã?ã?æ??å ±ã«ã¤ã?ã¦æ¤?è¨?ã?ã¹ãã§ã?ã??ã??
å½±é?¿ã??å?ã?ã??ã?·ã?¹ã??ã? ï¼?
ã??IEEE1394ã?¤ã?³ã?¿ã?¼ã??ã?§ã?¼ã?¹ã??æè¼?ã?ã?ã?ã¹ã¦ã®OSã?ã??ã
³ã??ã?ã?»ã??ã?µã??ã?©ã??ã??ã??ã?©ã?¼ã? ã??ã¾ã?å ´å?ã«ã??ã£ã¦ã¯ã?
å?é¡?ã®OSã?1394ã?¤ã?³ã?¿ã?¼ã??ã?§ã?¼ã?¹ã??ã?µã?ã?¼ã??
ã?ã¦ã?ãªã?å ´å?ã§ã??ã?ã?ã?¼ã??ã?¦ã?§ã?¢ã«é?»æºã?å?¥ã£ã¦ã?
ã??ã°ã?ä¸æ£ä½¿ç?¨ã?å¯è?½ãªå ´å?ã??ã?ã??ã??
対ç?ï¼?
ã??ä¿¡é ¼ã§ããªã?/èªè¨¼ã?ã??ã¦ã?ãªã?ç?©ç?ç??ã?¢ã?¯ã?»ã?¹ã??å¿
?è¦ã¨ã?ã?ãªã?ã?ã¤å?¶é?ã??è¨ã?ã?é?ç?¨ã??è¡?ã?å¿?è¦ã?ã?ã?
?ã?·ã?¹ã??ã? ã§ã¯ã?å¤?ã?±ã?¼ã?¹ã®firewireã?¸ã?£ã??ã?¯ã«æ?¥ç¶?ã?ã¦
ã?ã??ã?¯ã?¤ã?¤ã??ã??ã??ã??å?ã??å¤?ã?ã?ã¨ã?é?¨å??ç??ãªå??é¿ç?ã«
ãªã??å ´å?ã??ã?ã??ã??
ã??ã?©ã??ã??ã??ã??ã??ã§ã¯ã?æ©?è?½ã?失ã?ã??ã¦ã??æ§?ã?ãªã?ã®ãª
ã??ã?ã?¨ã?ã?ã?·æ¨¹è??ã??使ã£ã¦å¤?é?¨ã?¸ã?£ã??ã?¯ã??æ°¸ä¹?ã«ä½¿ç?¨
ä¸å¯è?½ã«ã§ãã??ã??
ã??第ä¸?ã®äº?é?²ç?ã¨ã?ã¦ã?æ©?å¯?æ??å ±ã??ä¿å?ã?ã?ã?³ã?³ã??ã?¥
ã?¼ã?¿ã«æ?ªç?¥ã®/ä¿¡é ¼ã§ããªã?firewireã??ã?ã?¤ã?¹ã??æ?¥ç¶?ã?ãª
ã?ã??ã?ã?å¾?æ¥å?¡ã«è¦å??ã??ç?ºã?ã¦ã?ãå¿?è¦ã?ã?ã??ã??
ã??ã?ã®æ©?è?½ã¯ã?ã?ã?¼ã??ã?¦ã?§ã?¢ã?¬ã??ã?«ã®ä»?æ§?ã??ã?ã??ã??ã?»
ã??ã??ã«çµ?ã¿è¾¼ã¾ã??ã¦ã?ã??ã®ã§ã?ã?½ã??ã??ã?¦ã?§ã?¢ã«ã??ã??ä¿®
æ£ã«é?¢ã?ã¦ã¯ã?ã?ã¾ã æ¤?è¨?ä¸ã®æ®µé??ã«ã?ã??ã??ä»?å??ã®ç?º
表ã§ã¯ã?ã?ã®
å?é¡?ã??è°è«?ã?ã??ã??äº?å®?ã§ã?ã??ã??ã??
--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, Japan Nov 11-12 2004 http://pacsec.jp
pgpkey http://dragos.com/ kyxpgp
[ reply ]