Secret Sector Backdoor / Security Breach
- From: Security.Concerned.User@xxxxxxxxx
- Date: Mon, 22 Oct 2007 17:02:09 -0000
Recently I've realized that Windows XP Pro (SP1) secretly writes data
to hard-disk sector(s) that were beyond its
installation-partition boundaries; at that time I used a
basic Windows XP installation on a 3-GB partition,
and the rest of the harddisk was unformatted, for all Windows cared.
I should also mention that my WinXP partition is formatted on FAT32,
but I am capable of accessing NTFS partitions, if need be, using
NTFS4DOS, (which I didn't).
Obviously I was only able to have discovered that with
an MSDOS-run Disk Editor capable of accessing all 160 million
sectors of my 80GB hard disk, and making a text-based datafile
containing sector numbers (Cyl., Head, Sector + Index),
that was runnable under pure MSDOS mode avaiable by booting
from a BootCD / BootDVD.
I wasn't quite sure what the nature of that data was,
and whether or not it was a copy of the swapfile
(e.g., PageFile.SYS), or some other data off RAM,
or maybe password(s) or other sensitive data
that I may have been working on prior to re-booting
from my BootDVD.
So my questions are:
1. Would anybody be familiar with that sector-writing stuff?
2. If so, what is the nature of the data written?
3. Would password(s) typed at MSDOS-based program(s), run within
Dos-Box windows, be secretly saved there too?
4. How Am I do prevent that from happening?
5. How Am I to erase such data?
- Prev by Date: Re: what would cause this ??
- Next by Date: Re: Secret Sector Backdoor / Security Breach
- Previous by thread: 10% Discount on SANS Security course
- Next by thread: Re: Secret Sector Backdoor / Security Breach