Pages

4/18/2002

What is wrong with alternate data streams?
I could say: Nothing, they work as expected and as documented (yes, Microsoft did it).
But stop - there is something wrong: They are totally hidden. You can have a file with 1 byte in the official main data stream and some hundred MB in one or more alternate data streams. What do you expect the dir command, file manager or explorer to show as filesize? It is 1 byte!
That means a user can hide quite a lot of data in alternate data streams and nobody will know?
So it is.
But a user does need certain special priviledges to use alternate data streams?
No. Even guest can create such streams in every file where he has write access for.
How does somebody create an ADS?
You can do it on the command prompt, like notepad visible.txt:hidden.txt. This will create an hidden stream hidden.txt in the file visible.txt. It doesn't matter if the file exists or not.
How does somebody copy data into an ADS?
type atextfile > visible.txt:hidden2.txt. This will create another hidden stream hidden2.txt in the file visible.txt.
How does somebody copy text data from an ADS into a "normal" file?
more < visible.txt:hidden2.txt > newfile.txt. This will create a file newfile.txt from the hidden stream hidden2.txt in the file visible.txt.
How does somebody copy binary data from an ADS into a "normal" file?
cat visible.txt:hidden.exe > hack.exe. This will create a2
FAQ: NTFS and ADS FAQ: Windows NT's File System and alternate data streams
Copyright © 1998-2000 Frank Heyne - All rights reserved - Last updated on 21. March 2000
If you want to put this page on your own web server, please renounce and use a link instead. The reason is simple: I don't want old copies with old versions of the FAQ laying around on the web.



What is NTFS?
It is the abbreviation of New Technology File System - Windows NT's preferred file system.
What is an alternate data stream (ADS)?
In NTFS, a file consits of different data streams. One stream holds the security information (access rights and such things), another one holds the "real data" you expect to be in a file. There may be another stream with link information instead of the real data stream, if the file actually is a link. And there may be alternate data streams, holding data the same way the standard data stream does.

4/17/2002

OL2002: How to Reset the Nickname and Automatic Completion
Use the steps in the following section to reset the Outlook 2002 nickname cache for both Microsoft Windows 2000 and Microsoft Windows Millennium Edition (Me).
-Quit Outlook.
-Start Windows Explorer.
-On the Tools menu, click Folder Options , and then click the View tab.
-Under Advanced Settings , click to select the Show hidden files and folders check box.
-Click OK .
-Click Start , point to Search , and then click For Files or Folders .
-In the Search for Files or Folders box, type *.NK2 in the File Name box.
-In the Look In box, click to select your local hard disk.
-Click Search Now .
-Right-click the .NK2 file with the name of the profile that you want to reset, and then click Rename .
-Rename the file to profilename .bak, and then press ENTER.
-Quit Windows Explorer.
-Restart Outlook.
Outlook will generate a new nickname cache.

OL2002: How to Reset the Nickname and Automatic Completion

4/09/2002

FormMail Anonymous Email/Spamming Vulnerability FormMail Anonymous Email/Spamming Vulnerability

RELEASED: March 14, 2001
AFFECTS: FormMail 1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6
REFERENCE: http://www.securityfocus.com/bid/2469

- A vulnerability exists in FormMail which permits a remote user to send anonymous email to arbitrary recipients. The script is designed to accept variables from any form and mail them to a specified email address. The script relies on an http variable for this email address, and provides no indication of the original sender (via the CGI interface) in the email.
- This can be employed to send anonymous spam or forged e-mails, potentially in large volumes.
SAFER
- Workaround: hard-code the desired recipient address into the script, preventing a hostile user from specifying another value.

4/08/2002

-------------------------------------------------------------------
PERFORMANCE PROBLEMS ON AUTO-NEGOTIATED 10/100 LINKS | by Randall
Wiebe-Dembowski

The IEEE 802.3u 100BaseTX standard for Fast Ethernet defines a
mechanism for auto-negotiation of the speed and duplex of an Ethernet
link. If the link partners fail to negotiate the same link speed and
duplex settings, a link may still be established, but performance
problems will arise. The most commonly seen symptom in a
speed/duplex mismatch is severely reduced network throughput from a
server. Although some auto-negotiation failures can be caused by
non-conforming implementation, hardware incapability, or software
defects, most can be solved by understanding the configuration issues
involved.

Read more about the optimal performance configuration at
http://searchnetworking.techtarget.com/tip/1,289483,sid7_gci802539,00.html

-------------------------------------------------------------------
IETF RFC Page
Characters in the local part of a mail address