Re: Microsoft's Really Hidden Files: A New Look At Forensics. (v2.5b)

[InfoSec News <isn () c4i org>]

Forwarded from: Bart Simpson <bart () thesimpsons com>

1. These "hidden" files are very well visible/viewable/searchable/etc
using for example Far manager from www.rarsoft.com under _normal_
circumstances. I've seen this directory thousand times and it never
came across my mind that there may be any sort of conspiracy going on.

2. Directory mentioned contains IE document cache.

Yes, I'm paranoid myself, but please - do not make such a fuss out of
stupid IE cache! The fact that IE set +s attribute on it's cache
directory is not the ground for believing that it will send all this
useless crap back to M$. Think of your provider's giant web caches,
that, too, keep all the documents you've downloaded.

If you still feel paranoid, set the size of IE cache to 0, then use
winblows TwekUE or whatever you want to set "paranoid" settings, like
erasing recent document history and other various crap. But please,
don't make extra fuss out of it.


On Fri, Oct 26, 2001 at 04:54:38AM -0500, InfoSec News wrote:
> http://www.astalavista.com/library/os/win95-98/mshidden.txt
>
> By The Riddler
> October 14, 2001  (v2.0 finished May 16, 2001; v1.0 finished 
> June 11, 2000)
>
> Written with Windows 9x in mind, but not limited to.
>
> DISCLAIMER:
>
> I will not be liable for any damage or lost information, whether due
> to reader's error, or any other reason.
>
> SUMMARY:
>
> There are folders on your computer that Microsoft has tried hard to
> keep secret.  Within these folders you will find two major things:  
> Microsoft Internet Explorer has been logging all of the sites you have
> ever visited -- even after you've cleared your history, and
> Microsoft's Outlook Express has been logging all of your e-mail
> correspondence -- even after you've erased them from your Deleted
> Items bin.  (This also includes all incoming and outgoing file
> attachments.)  And believe me, that's not even the half of it.
>
> When I say these files are hidden well, I really mean it.  If you
> don't have any knowledge of DOS then don't plan on finding these files
> on your own.  I say this because these files/folders won't be
> displayed in Windows Explorer at all -- only DOS.  (Even after you
> have enabled Windows Explorer to "view all files.")  And to top it
> off, the only way to find them in DOS is if you knew the exact
> location of them.  Basically, what I'm saying is if you didn't know
> the files existed then the chances of you running across them is slim
> to slimmer.
>
> It's interesting to note that Microsoft does not explain this behavior
> adequately at all.  Just try searching on microsoft.com.
 
[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.