Bugtraq mailing list archives
Re: Security Hole in Axent ESM
From: bert_driehuis () NL COMPUWARE COM (Bert Driehuis)
Date: Sat, 29 Aug 1998 22:44:12 +0200
On Fri, 28 Aug 1998, Mark (Mookie) wrote:
ESM does not only look at CRC's to verify if a file is genuine. It also looks at the timestamps; both the m-time and the c-time. m-times are easy to change, c-times are a lot harder and leave a trace.
[snip]
This doesn't leave a trace. There are numerous other programs to completely replace all timestamps as normal, undetected. Technology has come a long way since the above was written.
This is why BSD/OS since version 3.0 disallows setting the clock backwards when running at normal securelevel. I think more operating systems need that feature. Subverting timestamps in this environments becomes much harder. Cheers, -- Bert Bert Driehuis, MIS -- bert_driehuis () nl compuware com -- +31-20-3116119 The grand leap of the whale up the Fall of Niagara is esteemed, by all who have seen it, as one of the finest spectacles in nature. -- Benjamin Franklin.
Current thread:
- Re: Security Hole in Axent ESM Larry Bassett (Aug 27)
- <Possible follow-ups>
- Re: Security Hole in Axent ESM Dr. Mudge (Aug 27)
- Re: Security Hole in Axent ESM Steve McBride (Aug 27)
- Re: Security Hole in Axent ESM Douglas G Conorich (Aug 27)
- Re: Security Hole in Axent ESM Mark (Aug 28)
- Re: Security Hole in Axent ESM Bert Driehuis (Aug 29)
- Re: Security Hole in Axent ESM Mark (Aug 28)
- Re: Security Hole in Axent ESM Douglas G Conorich (Aug 27)
- Re: Security Hole in Axent ESM Steve Jackson (Aug 28)
- Re: Security Hole in Axent ESM Paul Ashton (Aug 28)
- Re: Security Hole in Axent ESM Andy Church (Aug 29)
- Re: Security Hole in Axent ESM reddog (Aug 30)
- Re: Security Hole in Axent ESM Andy Church (Aug 31)
- Re: Security Hole in Axent ESM Caskey L. Dickson (Aug 31)
- ToolTalk Advisory Security Research Labs (Aug 31)