| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.64.0608111457560.13910@star.inp.nsk.su> Date: Fri, 11 Aug 2006 15:07:28 +0700 (NOVST) From: "Dmitry Yu. Bolkhovityanov" <D.Yu.Bolkhovityanov@....nsk.su> To: "Thomas D." <whistl0r@...glemail.com> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: RE: [Full-disclosure] RE: when will AV vendors fix this??? On Mon, 7 Aug 2006, Thomas D. wrote: > And even if you hide the file, if it hide the way you describe, you aren't > able to execute the file, until you give access to yourself. If you do this, > the anti-virus program will also have access.... > > > Keep in mind: If it is an unknown file (zero-day), you don't even think > about hiding, because it isn't necessary. You have other problems... > > => I don't think it is a security related problem nor a problem itself. Remember: some years ago "off by one" was treated as useless for exploits. Any type of data/file hiding (of course, alternate data streams in the first place) can become the last brick required for some new attack vector. So, while currently I can't present any workable scenario, I wouldn't consider such type of data hiding as "not a security-relate problem". _________________________________________ Dmitry Yu. Bolkhovityanov The Budker Institute of Nuclear Physics Novosibirsk, Russia
Powered by blists - more mailing lists