[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Windows covert channel

To: James Kelly <macubergeek@comcast.net>
Subject: Re: [Full-Disclosure] Windows covert channel
From: Karl DeBisschop <kdebisschop@alert.infoplease.com>
Date: Sun, 19 Oct 2003 22:23:37 -0400

On Sun, 2003-10-19 at 19:04, James Kelly wrote:
> I seem to remember in the dim reaches of my memory a covert channel in 
> the Windows file system where you could paste one file at the end of 
> another without it being detectible when you edited the orginal file.
> 
> 
> can someone aim me at the right "buzz phrase" that describes this so I 
> can Google it further?

Many people have mentioned data streams. But since you said 'end of
file' I wonder if you are referring to the DOS idea that ^Z is an end of
file marker, and many apps won't look beyond it.

For instance, given a file like:

====start====
1
2
3
4
5

6
7
8
9
====end====

the command 'type test.txt' provides:

====start====
1
2
3
4
5
====end====

If that is indeed what you are thinking of, it only applies to text
files, not to binary files.

-- 
Karl DeBisschop <kdebisschop@alert.infoplease.com>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Windows covert channel
  - From: Kain <kain@kain.org>

References:
- [Full-Disclosure] Windows covert channel
  - From: James Kelly <macubergeek@comcast.net>

Prev by Date: Re: [Full-Disclosure] Linux Ported Version of MS03-043 DOS
Next by Date: Re: [Full-Disclosure] Bugtraq?
Previous by thread: Re: [Full-Disclosure] Windows covert channel
Next by thread: Re: [Full-Disclosure] Windows covert channel
Index(es):
- Date
- Thread