Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - Can you still trust your network card?-> 1

Submitted by chrisG23
chrisG23 (812077) writes "Today during the CanSecWest international conference in Vancouver, members Yves-Alexis Perez and Loic Duflot of ANSSI (French Network and Information Security Agency) described how an attacker could remotely take full control of a particular network card model. Once taken over, (and no interaction with the host operating system was required whatsover) the presenters demonstrated it was possible to enable the remote computer startup, shutdown, and restart commands disabled by default in the NIC firmware. Then the presenters demonstrated remote execution of code on the host computer, obtaining a root level account with a single additional packet.

This particular exploit only works on one particular model of network card, but the implications are staggering as it is almost inevitable that more network cards and other computer devices that have their own registers, memory, processor and firmware, and a means to communicate independently of the host computer, can and will be exploited, again totally independent of the operating system of the host computer. The researchers have contacted the NIC vendor and a patch has been released. The actual exploit code and tools will not be released. Details and an FAQ can be found on the ANSSI website at"

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Can you still trust your network card?

Comments Filter:

According to the latest official figures, 43% of all statistics are totally worthless.