lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0608111457560.13910@star.inp.nsk.su>
Date: Fri, 11 Aug 2006 15:07:28 +0700 (NOVST)
From: "Dmitry Yu. Bolkhovityanov" <D.Yu.Bolkhovityanov@....nsk.su>
To: "Thomas D." <whistl0r@...glemail.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: RE: RE: when will AV vendors fix this???

On Mon, 7 Aug 2006, Thomas D. wrote:

> And even if you hide the file, if it hide the way you describe, you aren't
> able to execute the file, until you give access to yourself. If you do this,
> the anti-virus program will also have access....
> 
> 
> Keep in mind: If it is an unknown file (zero-day), you don't even think
> about hiding, because it isn't necessary. You have other problems...
> 
> => I don't think it is a security related problem nor a problem itself.

	Remember: some years ago "off by one" was treated as useless for 
exploits.

	Any type of data/file hiding (of course, alternate data streams in 
the first place) can become the last brick required for some new attack 
vector.

	So, while currently I can't present any workable scenario, I 
wouldn't consider such type of data hiding as "not a security-relate 
problem".

	_________________________________________
	  Dmitry Yu. Bolkhovityanov
	  The Budker Institute of Nuclear Physics
	  Novosibirsk, Russia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ