| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 01 Sep 2007 07:45:13 +1000 From: Jason Brooke <jason@....org> To: Paul Sebastian Ziegler <psz@...erved.de> Cc: bugtraq@...urityfocus.com Subject: Re: Sony: The Return Of The Rootkit Paul Sebastian Ziegler wrote: > Have another one: > http://observed.de/?entnum=101 > > Now I was outraged by Sony's Copyprotection Rootkit - but this is simply > something different. > > Many Greetings > Paul I can't see anything in your article that adds anything to your email, why did you want him to read it? Also, the article by f-secure that you're having a go at, says "This USB stick with rootkit-like behavior" and openly acknowledges that the purpose of hiding files by the device is probably to try and prevent tampering with the fingerprint authentication. Their main point is that: "The Sony MicroVault USM-F fingerprint reader software that comes with the USB stick installs a driver that is hiding a directory under "c:\windows\". So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g. possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files. There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place."
Powered by blists - more mailing lists