If someone has physical access to a computer they have a pretty good chance of bypassing its security. This new attack uses the FireWire port found on some computers and notebooks to access its memory and change the system’s password.
It’s been demonstrated to work on Windows XP and on Macs, and could possibly affect other systems.
It’s up to companies like Microsoft and other vendors to fix their software to disable this vulnerability. Some lessons to be learnt are:
- Restrict physical access to your computer
- Don’t let other people plug devices into your computer
- Apply software patches from vendors when they become available. Hopefully they’ll patch this problem
- And if you’re paranoid about this one you can disable FireWire on some computers (by disconnecting the cable inside the computer)
Here’s the article explaining how it works on Windows XP, and here is an article on how it affects Macs.