Full Disclosure mailing list archives
RE: [inbox] Re: Windows covert channel
From: "Curt Purdy" <purdy () tecman com>
Date: Mon, 20 Oct 2003 09:48:52 -0500
You are probably thinking of ADS(Alternate Data Streams). jazperI seem to remember in the dim reaches of my memory a covertchannel inthe Windows file system where you could paste one file atthe end ofanother without it being detectible when you edited theorginal file.
It may be that he is referring to an exe packer as used to attach a trojan to a legitimate exe aka whackamole. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Windows covert channel James Kelly (Oct 19)
- Re: Windows covert channel 8tImER (Oct 19)
- Re: Windows covert channel jazper (Oct 19)
- Re: Windows covert channel Jeremiah Cornelius (Oct 19)
- Re: Windows covert channel jazper (Oct 19)
- RE: [inbox] Re: Windows covert channel Curt Purdy (Oct 20)
- RE: Windows covert channel Joe (Oct 19)
- Re: Windows covert channel madsaxon (Oct 19)
- RE: Windows covert channel Bojan Zdrnja (Oct 19)
- Re: Windows covert channel KF (Oct 19)
- Re: Windows covert channel Karl DeBisschop (Oct 19)
- Re: Windows covert channel Kain (Oct 19)
- <Possible follow-ups>
- Windows covert channel Wally Eaton (Oct 21)
- Re: Windows covert channel Rainer Gerhards (Oct 21)
- Re: Windows covert channel 8tImER (Oct 19)