Full Disclosure mailing list archives
Re: Windows covert channel
From: Jeremiah Cornelius <jeremiah () nur net>
Date: Sun, 19 Oct 2003 18:46:23 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 19 October 2003 16:48, 8tImER wrote:
Hello James, my guess is you are talking about 'streams' in NTFS. Example: Create a text file, save it. Then use 'echo "hidden text" >> file.txt:1' to add the hidden stuff. I don't remember how to read that stuff out afterwards though.
Interesting point for clarification... How does ADS in NTFS differ from arbitrary metadata types added to Reiserfs - for instance? It would be interesting to see if this is subject to a similar potential for abuse. I admit that I am only passingly familiar with the topic - but I have never seen this discussed before either. Is anybody cluefull _and_ objective about this? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/kz53Ji2cv3XsiSARAlWoAJ9kmxqh8QuzNo9gpLgBsKxJ6ZTp5QCdEhjW Y+FsN7FjbytTiBru2YiINhc= =INEG -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Windows covert channel James Kelly (Oct 19)
- Re: Windows covert channel 8tImER (Oct 19)
- Re: Windows covert channel jazper (Oct 19)
- Re: Windows covert channel Jeremiah Cornelius (Oct 19)
- Re: Windows covert channel jazper (Oct 19)
- RE: [inbox] Re: Windows covert channel Curt Purdy (Oct 20)
- RE: Windows covert channel Joe (Oct 19)
- Re: Windows covert channel madsaxon (Oct 19)
- RE: Windows covert channel Bojan Zdrnja (Oct 19)
- Re: Windows covert channel KF (Oct 19)
- Re: Windows covert channel Karl DeBisschop (Oct 19)
- Re: Windows covert channel Kain (Oct 19)
- <Possible follow-ups>
- Windows covert channel Wally Eaton (Oct 21)
- Re: Windows covert channel Rainer Gerhards (Oct 21)
- Re: Windows covert channel 8tImER (Oct 19)