Remote Malware Injection Via Flaw In Network Card

kfz-versicherung writes "During the CanSecWest international conference in Vancouver, members of ANSSI described how an attacker could be able to exploit a flaw to run arbitrary code inside some network controllers (full presentation; PDF). The attack uses routable packets delivered to the victim's NIC. Consequently, multiple attacks can be conducted including man-in-the-middle attacks on network connections, access to cryptographic keys on the host platform, or malware injection on the victim's computer host platform."

Re:ÖÖ×YÉZ-¥z3

[WrongSizeGlass]

Dude, I think you forgot to change your decoder ring from "I'm high" to "Slashdot". Please check the setting s and try posting again.

Re:For a little piece of mind

[WrongSizeGlass]

3. Is there a proof of concept?

Yes. A proof of concept attack has been demoed during the CanSecWest conference. It showed how an attacker can remotely shutdown or wake up his victim’s machine, and fully compromise a COTS operating system machine (Linux for the demo, but all operating systems are vulnerable).

Hey, at least it's Linux compatible!

an hero

[Anonymous Coward]

-1 an hero