Information Security News
mailing list archives
Re: Microsoft's Really Hidden Files: A New Look At Forensics. (v2.5b)
From: InfoSec News <isn () c4i org>
Date: Tue, 30 Oct 2001 03:33:33 -0600 (CST)
Forwarded from: Bart Simpson <bart () thesimpsons com>
1. These "hidden" files are very well visible/viewable/searchable/etc
using for example Far manager from www.rarsoft.com under _normal_
circumstances. I've seen this directory thousand times and it never
came across my mind that there may be any sort of conspiracy going on.
2. Directory mentioned contains IE document cache.
Yes, I'm paranoid myself, but please - do not make such a fuss out of
stupid IE cache! The fact that IE set +s attribute on it's cache
directory is not the ground for believing that it will send all this
useless crap back to M$. Think of your provider's giant web caches,
that, too, keep all the documents you've downloaded.
If you still feel paranoid, set the size of IE cache to 0, then use
winblows TwekUE or whatever you want to set "paranoid" settings, like
erasing recent document history and other various crap. But please,
don't make extra fuss out of it.
On Fri, Oct 26, 2001 at 04:54:38AM -0500, InfoSec News wrote:
By The Riddler
October 14, 2001 (v2.0 finished May 16, 2001; v1.0 finished
June 11, 2000)
Written with Windows 9x in mind, but not limited to.
I will not be liable for any damage or lost information, whether due
to reader's error, or any other reason.
There are folders on your computer that Microsoft has tried hard to
keep secret. Within these folders you will find two major things:
Microsoft Internet Explorer has been logging all of the sites you have
ever visited -- even after you've cleared your history, and
Microsoft's Outlook Express has been logging all of your e-mail
correspondence -- even after you've erased them from your Deleted
Items bin. (This also includes all incoming and outgoing file
attachments.) And believe me, that's not even the half of it.
When I say these files are hidden well, I really mean it. If you
don't have any knowledge of DOS then don't plan on finding these files
on your own. I say this because these files/folders won't be
displayed in Windows Explorer at all -- only DOS. (Even after you
have enabled Windows Explorer to "view all files.") And to top it
off, the only way to find them in DOS is if you knew the exact
location of them. Basically, what I'm saying is if you didn't know
the files existed then the chances of you running across them is slim
It's interesting to note that Microsoft does not explain this behavior
adequately at all. Just try searching on microsoft.com.
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
- Re: Microsoft's Really Hidden Files: A New Look At Forensics. (v2.5b) InfoSec News (Oct 30)