RE: [Full-disclosure] RE: when will AV vendors fix this???
On Mon, 7 Aug 2006, Thomas D. wrote:
> And even if you hide the file, if it hide the way you describe, you aren't
> able to execute the file, until you give access to yourself. If you do this,
> the anti-virus program will also have access....
>
>
> Keep in mind: If it is an unknown file (zero-day), you don't even think
> about hiding, because it isn't necessary. You have other problems...
>
> => I don't think it is a security related problem nor a problem itself.
Remember: some years ago "off by one" was treated as useless for
exploits.
Any type of data/file hiding (of course, alternate data streams in
the first place) can become the last brick required for some new attack
vector.
So, while currently I can't present any workable scenario, I
wouldn't consider such type of data hiding as "not a security-relate
problem".
_________________________________________
Dmitry Yu. Bolkhovityanov
The Budker Institute of Nuclear Physics
Novosibirsk, Russia