[Full-Disclosure] Windows covert channel
Bojan Zdrnja
Bojan.Zdrnja at LSS.hr
Mon Oct 20 00:40:46 BST 2003
> -----Original Message-----
> From: full-disclosure-admin at lists.netsys.com
> [mailto:full-disclosure-admin at lists.netsys.com] On Behalf Of
> James Kelly
> Sent: Monday, 20 October 2003 12:04 p.m.
> To: full-disclosure at lists.netsys.com
> Subject: [Full-Disclosure] Windows covert channel
>
> I seem to remember in the dim reaches of my memory a covert
> channel in
> the Windows file system where you could paste one file at the end of
> another without it being detectible when you edited the orginal file.
>
>
> can someone aim me at the right "buzz phrase" that describes this so I
> can Google it further?
You are probably referring to ADS (Alternate Data Stream).
Find more info in this nice paper:
http://patriot.net/~carvdawg/docs/dark_side.html
Regards,
Bojan Zdrnja
Full-Disclosure is hosted and sponsored by Secunia.