Re: KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS

From: Frank Heyne (fh@RCS.URZ.TU-DRESDEN.DE)
Date: 01/22/02


Date:         Tue, 22 Jan 2002 20:51:14 +0100
From: Frank Heyne <fh@RCS.URZ.TU-DRESDEN.DE>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

On 21 Jan 2002, at 17:46, Stewart Berman wrote:

> Again, the user I was logged in with did not have access to the
> Administrator directory or subdirectories. So how did LADS enumerate the
> directories and files and open the file.txt file to check for an alternate
> data stream?

May I guess you tried it with an account which was a member of the
admin group, or at least with an account with backup privs?
Someone with these privs is allowed to backup the entire partition, even
without explicit access rights.

The trick is old and simple:
LADS just uses backup functions to access the files ;-)

Frank Heyne

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by VeriSign - The Internet Trust Company
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
FREE E-COMMERCE SECURITY INFRASTRUCTURE GUIDE
When building an e-commerce site, you want to start with a strong, secure
foundation. Learn how with VeriSign's FREE White Paper, "Building an
E-Commerce Trust Infrastructure." See how you can authenticate your site to
customers, use 128-Bit SSL encryption to secure your web servers, and accept
secure payments online. Click here:
http://www.verisign.com/cgi-bin/go.cgi?a=n116965650045000
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo