Re: [ISN] Microsoft's Really Hidden Files: A New Look At Forensics. (v2.5b)

From: InfoSec News (isnat_private)
Date: Tue Oct 30 2001 - 01:33:33 PST

  • Next message: InfoSec News: "[ISN] Little Stuph"

    Forwarded from: Bart Simpson <bartat_private>
    
    1. These "hidden" files are very well visible/viewable/searchable/etc
    using for example Far manager from www.rarsoft.com under _normal_
    circumstances. I've seen this directory thousand times and it never
    came across my mind that there may be any sort of conspiracy going on.
    
    2. Directory mentioned contains IE document cache.
    
    Yes, I'm paranoid myself, but please - do not make such a fuss out of
    stupid IE cache! The fact that IE set +s attribute on it's cache
    directory is not the ground for believing that it will send all this
    useless crap back to M$. Think of your provider's giant web caches,
    that, too, keep all the documents you've downloaded.
    
    If you still feel paranoid, set the size of IE cache to 0, then use
    winblows TwekUE or whatever you want to set "paranoid" settings, like
    erasing recent document history and other various crap. But please,
    don't make extra fuss out of it.
    
    
    On Fri, Oct 26, 2001 at 04:54:38AM -0500, InfoSec News wrote:
    > http://www.astalavista.com/library/os/win95-98/mshidden.txt
    > 
    > By The Riddler
    > October 14, 2001  (v2.0 finished May 16, 2001; v1.0 finished 
    > June 11, 2000)
    > 
    > Written with Windows 9x in mind, but not limited to.
    > 
    > DISCLAIMER:
    > 
    > I will not be liable for any damage or lost information, whether due
    > to reader's error, or any other reason.
    > 
    > SUMMARY:
    > 
    > There are folders on your computer that Microsoft has tried hard to
    > keep secret.  Within these folders you will find two major things:  
    > Microsoft Internet Explorer has been logging all of the sites you have
    > ever visited -- even after you've cleared your history, and
    > Microsoft's Outlook Express has been logging all of your e-mail
    > correspondence -- even after you've erased them from your Deleted
    > Items bin.  (This also includes all incoming and outgoing file
    > attachments.)  And believe me, that's not even the half of it.
    > 
    > When I say these files are hidden well, I really mean it.  If you
    > don't have any knowledge of DOS then don't plan on finding these files
    > on your own.  I say this because these files/folders won't be
    > displayed in Windows Explorer at all -- only DOS.  (Even after you
    > have enabled Windows Explorer to "view all files.")  And to top it
    > off, the only way to find them in DOS is if you knew the exact
    > location of them.  Basically, what I'm saying is if you didn't know
    > the files existed then the chances of you running across them is slim
    > to slimmer.
    > 
    > It's interesting to note that Microsoft does not explain this behavior
    > adequately at all.  Just try searching on microsoft.com.
     
    [...]
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Oct 30 2001 - 04:36:23 PST