Firewire now a liability if present on a PC?

[VirtualLarry]

http://forums.anandtech.com/showpost.php?p=34732402&postcount=4

Reading the page linked, it appears that if there is a firewire port on your PC, and it has the drivers installed and enabled, that it is possible to carry out a memory DMA attack and recover crypto keys for popular FDE tools.

 

[lxskllr]

If you lose physical access to your PC, you're vulnerable. Your machine has to be running for that exploit to work. I guess you can't ensure security of your PC, and you must leave it on, disabling firewire would be good idea, but that's a narrow range of circumstances. Of course, firewire isn't used much anyway.

 

[smitbret]

I know that since I started using USB 3.0 I have dumped everything firewire.

So, yeah. It's definitely a liablilty for me.

 

[MrColin]

I disable it in the BIOS for this reason. I believe that flashing my password protected bios to enable it would also clear my TPM, complicating the efforts of any would be cracker.