Melvin Klassen wrote:
I wrote a more detailed reply to Melvin off-list. This response misses the point of the issue... which is not the fact that uninitialized data exists on disk (a known fact exploited by everything from "Delete undo" tools to forensic software), but that the NTFS accounting code treats said data as a valid portion of the file's content, thus making it readable to users without privileged access to the system.mattmurphy@xxxxxxxxx (Matthew Murphy) at Jun 30, 2005 12:01:59 PM wrote:
However, an apparent error in the NTFS driver's code causes the file system to incorrectly assign disk blocks to files before they have been initialized. Following a recovery from a system shutdown, uninitialized data may be visible in files from previously allocated disk blocks.
As far as I know, _every_ major Operating System has the same vulnerability.
I do _NOT_ know of any Operating System that "zero's" each newly-allocated block/sector/track/cylinder of disk-space when allocating a "new" file, whether on disk, or on magnetic tape, or on removable media.
IBM AIX? No.
IBM z/VM? No.
IBM z/OS? No.
IBM OS/2? No.
HP/UX? No.
Linux? No.
MS DOS? No.
MS Windows? No.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/