|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Windows file problem
From: Kevin van Haaren (kevinv
HOCKEY.NET)Date: Mon Oct 16 2000 - 22:22:34 CDT
- Next message: David Knaack: "Re: hacksdmi?"
- Previous message: Joe: "Re: Unauthorized outgoing connect caught by ZA"
- In reply to: Flaherty, Jack: "Re: Windows file problem"
- Next in thread: Brian Battle: "Re: Windows file problem"
- Reply: Kevin van Haaren: "Re: Windows file problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 8:33 PM -0400 10/9/00, Flaherty, Jack wrote:
>Yep. This has been a potential security risk for quite some time now because
>these extra file streams can be dropped anywhere (possibly behind important
>DLLs, etc.) They're perfect places to hide rootkits, stolen nuclear hard
>drive images, etc.
>
>Uhhh...Some white-hat group released a program to find file streams and
>delete them if necessary. I thought it was the L0pht, but I can't seem to
>remember now and I sure can't find it on their site. URL someone?
>
>amp
Streams are used by Macintosh Services on NT to add support for
resource forks on mac files. I think they may also be created by mac
files written through Thursby's DAVE client software
(http://www.thursby.com/). So there can be a legit reason for having
streams on a file.
Kevin
- Next message: David Knaack: "Re: hacksdmi?"
- Previous message: Joe: "Re: Unauthorized outgoing connect caught by ZA"
- In reply to: Flaherty, Jack: "Re: Windows file problem"
- Next in thread: Brian Battle: "Re: Windows file problem"
- Reply: Kevin van Haaren: "Re: Windows file problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]