Full Disclosure mailing list archives

Re: Windows covert channel

From: Jeremiah Cornelius <jeremiah () nur net>
Date: Sun, 19 Oct 2003 18:46:23 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 19 October 2003 16:48, 8tImER wrote:

Hello James,

my guess is you are talking about 'streams' in NTFS.
Example:
Create a text file, save it.
Then use 'echo "hidden text" >> file.txt:1' to add the hidden stuff.
I don't remember how to read that stuff out afterwards though.


Interesting point for clarification...

How does ADS in NTFS differ from arbitrary metadata types added to Reiserfs - 
for instance?

It would be interesting to see if this is subject to a similar potential for 
abuse.  I admit that I am only passingly familiar with the topic - but I have 
never seen this discussed before either.

Is anybody cluefull _and_ objective about this?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/kz53Ji2cv3XsiSARAlWoAJ9kmxqh8QuzNo9gpLgBsKxJ6ZTp5QCdEhjW
Y+FsN7FjbytTiBru2YiINhc=
=INEG
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Windows covert channel James Kelly (Oct 19)
- Re: Windows covert channel 8tImER (Oct 19)
  - Re: Windows covert channel jazper (Oct 19)
  - Re: Windows covert channel Jeremiah Cornelius (Oct 19)
- Re: Windows covert channel jazper (Oct 19)
  - RE: [inbox] Re: Windows covert channel Curt Purdy (Oct 20)
- RE: Windows covert channel Joe (Oct 19)
- Re: Windows covert channel madsaxon (Oct 19)
- RE: Windows covert channel Bojan Zdrnja (Oct 19)
- Re: Windows covert channel KF (Oct 19)
- Re: Windows covert channel Karl DeBisschop (Oct 19)
  - Re: Windows covert channel Kain (Oct 19)
- <Possible follow-ups>
- Windows covert channel Wally Eaton (Oct 21)
  - Re: Windows covert channel Rainer Gerhards (Oct 21)