On Fri, 28 Aug 1998, Mark (Mookie) wrote: > >ESM does not only look at CRC's to verify if a file is genuine. It also looks > >at the timestamps; both the m-time and the c-time. m-times are easy to change, > >c-times are a lot harder and leave a trace. [snip] > This doesn't leave a trace. There are numerous other programs to completely > replace all timestamps as normal, undetected. Technology has come a long way > since the above was written. This is why BSD/OS since version 3.0 disallows setting the clock backwards when running at normal securelevel. I think more operating systems need that feature. Subverting timestamps in this environments becomes much harder. Cheers, -- Bert Bert Driehuis, MIS -- bert_driehuisat_private -- +31-20-3116119 The grand leap of the whale up the Fall of Niagara is esteemed, by all who have seen it, as one of the finest spectacles in nature. -- Benjamin Franklin.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:14:04 PDT