Bugtraq mailing list archives
RE: [Full-disclosure] RE: when will AV vendors fix this???
From: "Dmitry Yu. Bolkhovityanov" <D.Yu.Bolkhovityanov () inp nsk su>
Date: Fri, 11 Aug 2006 15:07:28 +0700 (NOVST)
On Mon, 7 Aug 2006, Thomas D. wrote:
And even if you hide the file, if it hide the way you describe, you aren't able to execute the file, until you give access to yourself. If you do this, the anti-virus program will also have access.... Keep in mind: If it is an unknown file (zero-day), you don't even think about hiding, because it isn't necessary. You have other problems... => I don't think it is a security related problem nor a problem itself.
Remember: some years ago "off by one" was treated as useless for
exploits.
Any type of data/file hiding (of course, alternate data streams in
the first place) can become the last brick required for some new attack
vector.
So, while currently I can't present any workable scenario, I
wouldn't consider such type of data hiding as "not a security-relate
problem".
_________________________________________
Dmitry Yu. Bolkhovityanov
The Budker Institute of Nuclear Physics
Novosibirsk, Russia
Current thread:
- RE: [Full-disclosure] RE: when will AV vendors fix this??? Thomas D. (Aug 11)
- RE: [Full-disclosure] RE: when will AV vendors fix this??? Dmitry Yu. Bolkhovityanov (Aug 14)
- Re: [Full-disclosure] RE: when will AV vendors fix this??? Paul Schmehl (Aug 18)
- Re: [Full-disclosure] RE: when will AV vendors fix this??? Bipin Gautam (Aug 18)
- Re: [Full-disclosure] RE: when will AV vendors fix this??? Paul Schmehl (Aug 18)
- RE: [Full-disclosure] RE: when will AV vendors fix this??? Dmitry Yu. Bolkhovityanov (Aug 14)