Date   : Sun, 01 Aug 2010 16:25:32 +0100
From   : pete@... (Peter Rendle)
Subject: bbcdocs website problem

Rick Murray wrote:
> On 28/07/2010 05:18, Rick Murray wrote:
>
>   
>> The mom filter is like chinese whispers, so if that doesn't make a lot
>> of sense, you're not alone. I guess I'll keep an eye on El Reg to see if
>> I can find some actual info on this. ;-)
>> I'm highly suspicious of the bit about affecting both Win AND the
>> penguin. Though if this were true...
>>     
>
> It would appear to be a vuln in PCMCIA...? The article is about three 
> quarters (21m 06s) into the DigitalP podcast, available at:
> http://downloads.bbc.co.uk/podcasts/worldservice/digitalp/digitalp_20100727-1032a.mp3
>
> Does anybody have further information on this? I'm wondering how a vuln 
> on a PCMCIA card can affect Windows, Apple, and Linux. Can't be a BIOS 
> issue as most decent systems replace the BIOS with their own (better) 
> code [remember the days when a 66MHz 486/DX couldn't keep up with a 
> modem running at 9600bps when using BIOS calls? ;-) ). It could be a 
> hardware issue, but surely each system has its own drivers? Compromising 
> one shouldn't affect others.
> To quote: "the attack is entirely automated, so... you just have to put 
> inside the miniature card and wait like two second, figure it out, and 
> the laptop is completely compromised" (21m 31s).
>
> This, skipping over little details such as Windows being capable of 
> natively running a Linux executable as well as it would be capable of 
> running a BBC executable...
>
>
> Mmmm... Can't find specifics on Google. Any ideas?
>
>
> Best wishes,
>
> Rick.
>
>   
Sounds very much like this:
http://en.wikipedia.org/wiki/Firewire#Security_issues

Peter