[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <002e01c340f0$fb363bb0$231a90d8@NTAUTHORITY>
From: geoincidents at getinfo.org (Geoincidents)
Subject: Microsoft Cries Wolf ( again )
> About a year ago, I tripped over this issue. (I have since found out it
> is a known bug - see http://www.sitepoint.com/print/1029). In an effort
> to help MS, I spent hours of company time registering to various bug
> reporting services on MS sites - and never found one that would accept
> my bug report because IE is not a paid product. Not that I wanted any
> support - I only wanted to help them out.
How many semi serious issues exist where people just never bother to
disclose them to the public and where the vendor decides to ignore the
notification?
Any NTFS volume, doesn't matter if it's NT4, W2K, or XP is susceptable to
being wasted by a virus that does nothing but create files. How you ask?
Simple create a bunch of 500 byte files until you fill the partition, now
delete them, ok now try to use the partition to store normal sized files,
you can't use but 20% of it because 80% of it is now MFT.
NTFS has a problem in that it never shrinks the MFT, when you create small
files NTFS stores the whole file in the MFT instead of storing a data
segment, by filling the disk with tiny files you expand the MFT and the only
way to reduce it once it's expanded is to reformat the partition.
Do you think a virus that had this simple capability could do some damage?
Imagine a desktop getting the virus and having it create the files on a
server share.
I told MS about this back on 0ct 10 2002 and even sent them exploit code,
never even got a response, not even a "sorry we don't consider it a threat"
note. I've talked to others and their only possible point was if you can
create and delete files then you could just delete the disk, my counter
point was any user who has access to store files on a server could exploit
this but those same users could not delete the server partition or damage
the server disk in any other way except for their files.
There is a way to protect servers from this, use quotas. But what I wonder
is how many other issues like this never see the light of day because the
vendor ignores it and nobody takes it public?
Geo.
Powered by blists - more mailing lists