Full Disclosure mailing list archives
RE: Windows covert channel
From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Mon, 20 Oct 2003 12:40:46 +1300
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of James Kelly Sent: Monday, 20 October 2003 12:04 p.m. To: full-disclosure () lists netsys com Subject: [Full-disclosure] Windows covert channel I seem to remember in the dim reaches of my memory a covert channel in the Windows file system where you could paste one file at the end of another without it being detectible when you edited the orginal file. can someone aim me at the right "buzz phrase" that describes this so I can Google it further?
You are probably referring to ADS (Alternate Data Stream). Find more info in this nice paper: http://patriot.net/~carvdawg/docs/dark_side.html Regards, Bojan Zdrnja _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Windows covert channel James Kelly (Oct 19)
- Re: Windows covert channel 8tImER (Oct 19)
- Re: Windows covert channel jazper (Oct 19)
- Re: Windows covert channel Jeremiah Cornelius (Oct 19)
- Re: Windows covert channel jazper (Oct 19)
- RE: [inbox] Re: Windows covert channel Curt Purdy (Oct 20)
- RE: Windows covert channel Joe (Oct 19)
- Re: Windows covert channel madsaxon (Oct 19)
- RE: Windows covert channel Bojan Zdrnja (Oct 19)
- Re: Windows covert channel KF (Oct 19)
- Re: Windows covert channel Karl DeBisschop (Oct 19)
- Re: Windows covert channel Kain (Oct 19)
- <Possible follow-ups>
- Windows covert channel Wally Eaton (Oct 21)
- Re: Windows covert channel Rainer Gerhards (Oct 21)
- Re: Windows covert channel 8tImER (Oct 19)