dgillettat_private wrote: > Their not being text files probably has something to do with the >wide availability of hacker tools called "text editors" that can be >used to arbitrarily change the contents of such files to cover an >intruder's tracks. They're not text files because it's really hard to internationalize a text file. That particular design decision wasn't driven by security, it was driven by operational/developmental convenience. By outputting log messages in a binary code, Microsoft can provide linguistic decodes in the form of a .DLL that translates into the correct language. Binary file editors are not much harder to write than text file editors! :) read(fd,&ut,sizeof(struct utmp)); ... mjr. --- Marcus J. Ranum Chief Technology Officer, NFR Security, Inc. Work: http://www.nfr.com Personal: http://www.ranum.com --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Mar 05 2002 - 09:03:41 PST