| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Feb 2013 09:30:34 +0200 From: Ariel Berkman <aberkman@...il.com> To: bugtraq@...urityfocus.com, Full Disclosure <full-disclosure@...ts.grok.org.uk> Subject: Paper - Hiding Data in Hard-drive Service Areas Hi, We've recently released a paper discussing the ability to hide data in hard-drive service areas. The paper is available for download at: http://www.recover.co.il/SA-cover/SA-cover.pdf The introduction section is pasted below: In this paper we will demonstrate how spinning hard-drives’ service areas can be used to hide data from the operating-system (or any software using the standard OS’s API or the standard ATA commands to access the hard-drive). These reserved areas are used by hard-drive vendors to store modules that in turn operate the drive, and in a sense, together with the ROM, serve as the hard-drive’s internal storage and OS. By sending Vendor Specific Commands (VSCs) directly to the hard-drive, one can manipulate these areas to read and write data that are otherwise inaccessible. This should not be confused with DCO or HPA which can be easily detected, removed and accessed via standard ATA commands. Thanks, Ariel. -- Recover Information Technologies LTD. http://www.recover.co.il _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists