[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0608111457560.13910@star.inp.nsk.su>
Date: Fri, 11 Aug 2006 15:07:28 +0700 (NOVST)
From: "Dmitry Yu. Bolkhovityanov" <D.Yu.Bolkhovityanov@....nsk.su>
To: "Thomas D." <whistl0r@...glemail.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: RE: RE: when will AV vendors fix this???
On Mon, 7 Aug 2006, Thomas D. wrote:
> And even if you hide the file, if it hide the way you describe, you aren't
> able to execute the file, until you give access to yourself. If you do this,
> the anti-virus program will also have access....
>
>
> Keep in mind: If it is an unknown file (zero-day), you don't even think
> about hiding, because it isn't necessary. You have other problems...
>
> => I don't think it is a security related problem nor a problem itself.
Remember: some years ago "off by one" was treated as useless for
exploits.
Any type of data/file hiding (of course, alternate data streams in
the first place) can become the last brick required for some new attack
vector.
So, while currently I can't present any workable scenario, I
wouldn't consider such type of data hiding as "not a security-relate
problem".
_________________________________________
Dmitry Yu. Bolkhovityanov
The Budker Institute of Nuclear Physics
Novosibirsk, Russia
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists