Please report all spam threads, posts and suspicious members. We receive spam notifications and will take immediate action!
Results 1 to 6 of 6

Thread: NTFS has security vulnerabilities?




  1. #1
    Join Date
    Dec 2002
    Location
    caves of bedrock
    Posts
    3,129

    Default

    One of the very few secure file systems, the New Technology File System (NTFS) has security vulnerabilities. The following article explains all about it.
    Please read the whole article here
    An extremely dangerous and little-known hazard lurks in the depths of Microsoft's NTFS file system, just waiting to be exploited and used maliciously against your computer, in the form of Alternate Data Streams, or ADS. The New Technology File System (NTFS) is the file system of choice for the Microsoft Windows NT, Windows 2000, and Windows XP Operating Systems, which means that a large percentage of current systems are vulnerable to an ADS attack.
    NTFS files typically contain more than one data stream. In standard use, data streams serve a legitimate purpose. One stream will hold the program or file itself; another may contain security and vendor data about the file, a third may contain user-added information. However, additional hidden data streams can be added to any file (including otherwise protected system files and even directories), and they can include any type of information, from plain text to a potentially ominous executable.
    Just to enhance the point made by the above article, I created a file named ads.txt and attached to it the test virus file obtained from http://www.eicar.org/.
    Here is how to do it. Open a command prompt window and type notepad ads.txt:eicar.com. Notepad will now ask you to create a new file. Chose yes and paste in following code in it.
    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
    Save the file and close the window. Now look in the explorer and you will see that a file named ads.txt has been created which is infact of 0 bytes in size. If you want to be sure that the file does have the data do this in command prompt.
    more < ads.txt:eicar.com
    you will see the code that is written up there.
    Explorer and command prompt will show the file as of zero bytes but infact it has a virus file that can be executed. Your anti-virus will not detect it either (my AVG did not). Now, I am no virus writer but if someone tries to use this vulnerability then we might be in trouble. Just something to wonder about...

    P.S. the process explained above will work only on NTFS partition (quite obvious eh?)
    Latest Microsoft Security Updates.
    Last Updated:
    10th MARCH


    If you are a security freak: Use Microsoft Baseline Security Analyzer (NT/2000/XP/2003)
    ======================
    icq : 203189004
    jabber : asklepios20@jabber.org
    =======================
    Linux user since: April 24, 2003 312478
    yabaa dabaa doo...
    Customized for 1024x768

  2. #2
    Join Date
    Jul 2002
    Location
    Canberra, Australia
    Posts
    1,158

    Default

    This is bad news indeed, but I'm not too worried, and let me tell you why. NTFS is the basis for Microsoft's commercial operating systems. That is, a lot of its bread and butter sales to corporate customers would be affected by this exploit, so either it will be patched very soon with an update, or a detection and elimination method will be found ASAP. It just cannot be allowed to remain unplugged.

  3. #3
    Join Date
    Dec 2002
    Location
    caves of bedrock
    Posts
    3,129

    Default

    well we can see that detection and elimination method is already worked on but the amazing thing is that its been there since times of Windows NT and MS did not give this flaw a serious thought untill a third party pointed this thing.
    i don't understand that what is the point of hiding ADS from users or IT administrators for that matter. they could have atleast given an option in "view" menu to set them as visible.
    Latest Microsoft Security Updates.
    Last Updated:
    10th MARCH


    If you are a security freak: Use Microsoft Baseline Security Analyzer (NT/2000/XP/2003)
    ======================
    icq : 203189004
    jabber : asklepios20@jabber.org
    =======================
    Linux user since: April 24, 2003 312478
    yabaa dabaa doo...
    Customized for 1024x768

  4. #4
    Join Date
    Nov 2001
    Location
    The Land of OZ!
    Posts
    674

    Default

    Alternative data streams in NTFS are old hat..

    http://patriot.net/~carvdawg/docs/dark_side.html


    http://krolik.net/ntfs-ads.shtml


    http://www.heysoft.de/nt/ntfs-ads.htm

    theres lots more out there if you are really interested..

  5. #5
    Join Date
    Dec 2002
    Location
    caves of bedrock
    Posts
    3,129

    Default

    yeah and thats my point too. its not new to MS, is it?
    Latest Microsoft Security Updates.
    Last Updated:
    10th MARCH


    If you are a security freak: Use Microsoft Baseline Security Analyzer (NT/2000/XP/2003)
    ======================
    icq : 203189004
    jabber : asklepios20@jabber.org
    =======================
    Linux user since: April 24, 2003 312478
    yabaa dabaa doo...
    Customized for 1024x768

  6. #6
    Join Date
    Nov 2001
    Location
    The Land of OZ!
    Posts
    674

    Default

    Quote Originally Posted by asklepios
    yeah and thats my point too. its not new to MS, is it?
    They've been around since NT 3.5 I believe, damn that goes back quite a way doesn't it.?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •