lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: david.c.maynard at (Maynard, David C)
Subject: [inbox] Re: Windows covert channel

I believe you are refering to editing a file and saving with a :hidden

Say you have a file test 4k you can open the that file with lets say
test:hidden and add as much info as you want and the orignial file size
never changes and test:hidden it not listed in file system but is
treated as a seprate file when edited.

You have to know the hidden info is attached to the test file to detect
the info.

-----Original Message-----
[] On Behalf Of Curt Purdy
Sent: Monday, October 20, 2003 9:49 AM
To: 'jazper';
Subject: RE: [inbox] Re: [Full-Disclosure] Windows covert channel

> You are probably thinking of ADS(Alternate Data Streams).
> jazper
> > I seem to remember in the dim reaches of my memory a covert
> channel in
> > the Windows file system where you could paste one file at
> the end of
> > another without it being detectible when you edited the
> orginal file.

It may be that he is referring to an exe packer as used to attach a
trojan to a legitimate exe aka whackamole.

Information Security Engineer
DP Solutions


If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

Full-Disclosure - We believe in it.

Powered by blists - more mailing lists