Vulnerability Development mailing list archives

Re: Windows file problem

From: Kevin van Haaren <kevinv () HOCKEY NET>
Date: Mon, 16 Oct 2000 22:22:34 -0500

At 8:33 PM -0400 10/9/00, Flaherty, Jack wrote:

Yep.  This has been a potential security risk for quite some time now because
these extra file streams can be dropped anywhere (possibly behind important
DLLs, etc.)  They're perfect places to hide rootkits, stolen nuclear hard
drive images, etc.

Uhhh...Some white-hat group released a program to find file streams and
delete them if necessary.  I thought it was the L0pht, but I can't seem to
remember now and I sure can't find it on their site.  URL someone?

amp


Streams are used by Macintosh Services on NT to add support for
resource forks on mac files.  I think they may also be created by mac
files written through Thursby's DAVE client software
(http://www.thursby.com/).  So there can be a legit reason for having
streams on a file.

Kevin

Current thread:

Windows file problem poepping (Oct 07)
- Re: Windows file problem Kris Carlier (Oct 07)
- Re: Windows file problem Blake Frantz (Oct 07)
- Re: Windows file problem Simple Nomad (Oct 09)
- <Possible follow-ups>
- Re: Windows file problem Doe, John (Oct 07)
- Re: Windows file problem Flaherty, Jack (Oct 09)
  - Re: Windows file problem Paul Taylor (Oct 09)
  - Re: Windows file problem Kevin van Haaren (Oct 16)
- Re: Windows file problem Brian Battle (Oct 10)