Vulnerability Development mailing list archives
RE: How to hide a file ?
From: Ed Moyle <emoyle () scsnet csc com>
Date: Wed, 09 Jan 2002 09:04:23 -0500
On Tuesday, January 08, 2002 15:35 Pedro Quintanilha wrote:
I´m curious... The stream associated to the file will follows the atributes of that file, like encription (EFS) or auto-compression?
I can't speak for compression, but I did some investigation of this with EFS a while back, and it *looks* like the encrypted attribute is preserved on other streams (although more testing would be required for a thorough test.) The test methodology I used, though basic, seems to reflect the honoring of the encrypted attribute. I tested as follows under Win2k: -created a file under non-administrator user account A -added alternate stream to file under account A (ensure ACL = Everyone/Full Control) -applied encrypted attribute -logged in under non-administrator user account B -attempted read of parallel stream created in step 2 I was given the same error message as occurs with the primary stream. Note a more thorough test would attempt to read the disk buffers directly to determine if the data was plaintext or ciphertext. Due to time constraints on the project I was working on, I didn't do this...
If it occurs, the ADS CONTENT cannot be analized too... in other words, a possible virus cannot be detected on that.
There is discussion of this, as well as a utility to determine if a particular AV product picks up a virus in an ADS in http://www.diamondcs.com.au/streams/streams.htm. -E
Current thread:
- Re: How to hide a file ?, (continued)
- Re: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? J. J. Horner (Jan 09)
- Re: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? Jon Zobrist (Jan 09)
- RE: How to hide a file ? Ken Pfeil (Jan 08)
- Re: How to hide a file ? bugtraq (Jan 08)
- Re: How to hide a file ? Blue Boar (Jan 09)
- RE: How to hide a file ? Bojan Zdrnja (Jan 10)
- RE: How to hide a file ? H C (Jan 10)
- How to hide a file ? Kurt Seifried (Jan 10)