ADS Privacy |
Article is yet to be rated |
|
| Author:
| 3mu180r
|
|
| Submitted: |
04-Jul-2005 23:49:20 |
| Imported From: |
zZine (original author: 3mu180r)
|
| As regards administration and/or privacy for LAN or personal network users, ADS is the most effective way to secure your most private data.
|
|
INTRODUCTION
As regards administration and/or privacy for LAN or personal network users, ADS is the most effective way to secure your most private data. I will explain quite briefly the theory of ADS, what is happening now with the system, and how to recover hidden data when needed.
ADS
Alternate Data Stream (ADS) is a secondary stream which is present in any file in a Windows NTFS system. It is segregated from the $DATA stream and is completely ignored by Windows, but you can store up to around 2 GB of data in it. When you write data to the ADS you are not altering the files $DATA stream, so the data is only logically present and not physically.
HIDING DATA
In this example we are assuming that we have decided to hide our passwords. Perhaps you would do this at school or work, where there may be multiple users per node. If you are a part of a domain, you might assume that utilizing My Documents would hide your data from other users. However, the truth is that the Administrator can gain access to your My Documents folder if need be, thus putting your privacy at risk.
To hide your passwords or source or whatever, and make it [---] <-- that much harder to find and everything else [--] <-- that much more private, we utilize an empty or a filled (doesn't matter)... text file's ADS.
To send data to the ADS using Windows we do as follows:
1. Create a text file in C:\\ and name it test.txt
2. Start
3. Run
4. Type: notepad c:\\test.txt:passwords.txt
5. OK
Windows will pretend to be confused and complain that the file does not exist. It will ask you if you want to create it, so of course, you say OK. Now simply type your passwords or whatever you want in the file and save it when you're done with it. Now go check out c:\\test.txt. The file has not changed physically. The changes that you made are only represented on the disk, and thus are totally invisible to the average user. Just for a little proof of concept, let's do a search for the file that you think you just created (c:\\test.txt:passwords.txt), and then another search for just passwords.txt. You will not find them. They do not exist physically, only logically on the disk. It is possible to sniff a disk for ADS, but the average user does not have the skill to do this, so it should deter most people from getting a look at your passes and whatnot.
CONCLUSION
As stated above, the ADS, when changed, affects only the disk. This means you must know where the ADS is at or you risk losing that memory from the disk. You would need to either reformat the disk in order to get it back or figure out a way to scan your disk for one. If you aren't familiar with API, I recommended you read every reputable guide on it you can find, such as at MSDN, O'Reilly, codesource, or Google. If you search for API, you will return at least 1000 hits.
Ed - Article on behalf of Black List Software (www.HackinOutTheBox.com)
This article was originally published by CyberArmy.net in the CyberArmy Library.
|
|
You must be logged in to vote on an article
|
About Us | Privacy Policy | Mission Statement | Help
|