Dmitry Yu. Bolkhovityanov wrote:
*Of course* it's a "security-related" problem. The solution to that problem is what is being discussed.Any type of data/file hiding (of course, alternate data streams in the first place) can become the last brick required for some new attack vector.So, while currently I can't present any workable scenario, I wouldn't consider such type of data hiding as "not a security-relate problem".
When data is at rest, it presents no threat to the OS (AFAIK). It's just electrons aligned in a certain, specific way on media. It's only when data enters memory and becomes part of the stream that the processor(s) have to act upon that the threat becomes "real". For data to enter memory it must be accessed in some way. If that access process is being monitored and *if* the exploit is known, it will be detected and whatever action is specified by the protective software will be taken.
To put it another way, what risk do bombs stored in a concrete bunker present? None, unless they are accessed somehow. If proper monitoring is in place, that will never happen without being detected and prevented.
-- Paul Schmehl (pauls@xxxxxxxxxxxx) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature