I believe you are refering to editing a file and saving with a :hidden Say you have a file test 4k you can open the that file with lets say test:hidden and add as much info as you want and the orignial file size never changes and test:hidden it not listed in file system but is treated as a seprate file when edited.
You have to know the hidden info is attached to the test file to detect the info. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Curt Purdy Sent: Monday, October 20, 2003 9:49 AM To: 'jazper'; [EMAIL PROTECTED] Subject: RE: [inbox] Re: [Full-Disclosure] Windows covert channel > You are probably thinking of ADS(Alternate Data Streams). > > jazper > > > > I seem to remember in the dim reaches of my memory a covert > channel in > > the Windows file system where you could paste one file at > the end of > > another without it being detectible when you edited the > orginal file. It may be that he is referring to an exe packer as used to attach a trojan to a legitimate exe aka whackamole. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
