[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Risk and Opportunity



> From: [email protected] ( )
> 
> [...] It seems that files are stored on disk media in fixed units
> called clusters.  Your file size is usually not an integral multiple of
> disk clusters in size, so the ends of your file is followed by random
> data to fill up that last cluster.  Random is a bad choice of words
> though.  I suppose each system is different, but under DOS, the extra
> fill data is a copy of a piece of whatever you had in memory at the time
> your system wrote the file.  You could have information written to disk
> that you do not wish to have there, and seejunk.exe will show it to you
> ... and anyone else.  prune.exe is the solution offered.  Using this
> program, I wrote "This space intentionally left blank " repeating in
> the 5K of space sitting at the end of the doc file for these two programs.

Yes, this is a major security hole, but the Norton Utilities has included a
program to wipe these areas clean for a while now.  Of course, the Norton
Utils aren't freeware...

I've long thought that this was one of the greatest security risks in the PC
world.  People tend to be sloppy about keeping this "slack area" clean.  You
can easily give someone a copy of an innocent file that contains your secring
file for all to see at the end of it.

   --Dave.