Vulnerability Development mailing list archives
Re: Windows file problem
From: Kevin van Haaren <kevinv () HOCKEY NET>
Date: Mon, 16 Oct 2000 22:22:34 -0500
At 8:33 PM -0400 10/9/00, Flaherty, Jack wrote:
Yep. This has been a potential security risk for quite some time now because these extra file streams can be dropped anywhere (possibly behind important DLLs, etc.) They're perfect places to hide rootkits, stolen nuclear hard drive images, etc. Uhhh...Some white-hat group released a program to find file streams and delete them if necessary. I thought it was the L0pht, but I can't seem to remember now and I sure can't find it on their site. URL someone? amp
Streams are used by Macintosh Services on NT to add support for resource forks on mac files. I think they may also be created by mac files written through Thursby's DAVE client software (http://www.thursby.com/). So there can be a legit reason for having streams on a file. Kevin
Current thread:
- Windows file problem poepping (Oct 07)
- Re: Windows file problem Kris Carlier (Oct 07)
- Re: Windows file problem Blake Frantz (Oct 07)
- Re: Windows file problem Simple Nomad (Oct 09)
- <Possible follow-ups>
- Re: Windows file problem Doe, John (Oct 07)
- Re: Windows file problem Flaherty, Jack (Oct 09)
- Re: Windows file problem Paul Taylor (Oct 09)
- Re: Windows file problem Kevin van Haaren (Oct 16)
- Re: Windows file problem Brian Battle (Oct 10)