lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 01 Sep 2007 07:45:13 +1000
From: Jason Brooke <jason@....org>
To: Paul Sebastian Ziegler <psz@...erved.de>
Cc: bugtraq@...urityfocus.com
Subject: Re: Sony: The Return Of The Rootkit

Paul Sebastian Ziegler wrote:
> Have another one:
> http://observed.de/?entnum=101
> 
> Now I was outraged by Sony's Copyprotection Rootkit - but this is simply
> something different.
> 
> Many Greetings
> Paul

I can't see anything in your article that adds anything to your email, 
why did you want him to read it?


Also, the article by f-secure that you're having a go at, says "This USB 
stick with rootkit-like behavior" and openly acknowledges that the 
purpose of hiding files by the device is probably to try and prevent 
tampering with the fingerprint authentication. Their main point is that:


"The Sony MicroVault USM-F fingerprint reader software that comes with 
the USB stick installs a driver that is hiding a directory under 
"c:\windows\". So, when enumerating files and subdirectories in the 
Windows directory, the directory and files inside it are not visible 
through Windows API. If you know the name of the directory, it is e.g. 
possible to enter the hidden directory using Command Prompt and it is 
possible to create new hidden files. There are also ways to run files 
from this directory. Files in this directory are also hidden from some 
antivirus scanners (as with the Sony BMG DRM case) — depending on the 
techniques employed by the antivirus software. It is therefore 
technically possible for malware to use the hidden directory as a hiding 
place."

Powered by blists - more mailing lists