Vulnerability Development mailing list archives
How to hide a file ?
From: "Kurt Seifried" <bugtraq () seifried org>
Date: Thu, 10 Jan 2002 20:14:41 -0700
Just a note: Tripwire will pick it up, i.e. if you add an ADS to a file tripwire will flag it, and if a file has an ADS that is modified or removed tripwire will also flag it (with MD5sum/etc just like a normal file). The other good news is if you add an ADS stream to a directory such as WINNT or system32 it will detect it. Of course any files or dirs not listed in your policy will escape tripwire, but then that's no big surprise. So my advice: use ADS on files specifically excluded by tripwire if you want to hide things. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/
Current thread:
- RE: How to hide a file ?, (continued)
- RE: How to hide a file ? Pete Simpson (Jan 09)
- RE: How to hide a file ? Ed Moyle (Jan 09)
- RE: How to hide a file ? Farahbakhshian, Mike (OD) (Jan 09)
- RE: How to hide a file ? Matthew LaGrange (Jan 09)
- RE: How to hide a file ? Young, Brandon (Jan 09)
- Re: How to hide a file ? Blue Boar (Jan 09)
- RE: How to hide a file ? Bojan Zdrnja (Jan 10)
- RE: How to hide a file ? H C (Jan 10)
- Re: How to hide a file ? Blue Boar (Jan 09)
- RE: How to hide a file ? Vincent Tiu (AV-PH) (Jan 09)
- RE: How to hide a file ? Farahbakhshian, Mike (OD) (Jan 10)
- How to hide a file ? Kurt Seifried (Jan 10)
- How to hide a file ? Kurt Seifried (Jan 10)