Wikileaks CIA document dump and SMB.

Jeremy Allison jra at samba.org
Tue Mar 7 20:08:01 UTC 2017


On Tue, Mar 07, 2017 at 10:29:49AM -0800, Jeremy Allison wrote:
> Nice to see the CIA loves Alternate Data Streams:
> 
> https://wikileaks.org/ciav7p1/cms/page_13763461.html
> 
> In fact they love them so much they even have a
> library call that will add them to allow them
> to hide data within them.
> 
> https://wikileaks.org/ciav7p1/cms/page_13763236.html
> 
> Tell me again why ADS were such an urgent feature
> to add to the new Microsoft ReFS filesystem ?
> 
> (Note, this isn't being presented by me as a conspiracy
> theory, I'm just gnashing my teeth as a lost chance to
> get rid of the world's *WORST* filesystem design
> decision).

Actually, thinking about this some more it shows
the CIA are amateurs :-).

If you *really* want to hide undetectable data in
NTFS you hide it in the undocumented 'extra data'
part of the ACL store (which doesn't work against
Samba servers thank god :-).

I bet that's where the NSA hides their stuff :-).



More information about the samba-technical mailing list