I am sure you must have seen this 'ACCESS DENIED' screen if you try and enter the protected 'System Volume Information' folder on your Hard Drive.
Any idea what is there inside the 'System Volume Information' folder there? Well, windows indeed stores a lot of information that is required to be protected there and all the windows restore points are also present in this folder.
Now, security doesn't seem to have covered at all the places in windows. What happens is the path inside System Volume Information is protected by a folder structure which is not easy to guess.
The flaw lies in Windows Defragmentation.
Windows Defragmentation does not hide the fragmented files present in System Volume Information folder. If the folder structure is revealed here, you get access to lot more sensitive information. This includes windows registry, SAM files, etc.
So, if I save this report and view the actual path inside the System Volume Information,
I use this path to get inside System Volume Information folder using explorer and I now have the access to "protected" files like SAM file and lots of other information.
Tuesday, June 10, 2008
Sunday, June 01, 2008
This comes as 101st Post for this blog and I thought to compile list of most popular posts I have had here on the blog.
Credits to Google Analytics for the stats. :)
Here goes the list:
Virtualization : Is it Secure?
Big B Watching or Is this Intrusion of Privacy?
How to Build Secure Software
Free Web Proxy List
Hacking Web Applications – Truly Simple
Using IT to Combat Money Laundering
Westside in Mumbai stores your credit card numbers..
Get into pay sites for free as a Googlebot
Thick Client Application Security
Guarding Against Credit Card Frauds
Can Security be incorporated in the Computer Science & IT courses?
Security Concerns in Web 2.0
Managing Account Lockout
Clear Text Secrets
Mitigating XSS Attacks in ASP.NET Apps
SQL Injection in Stored Procedure
You can be arrested for using free Wi-Fi
Using Google to View MySpace or Any Restricted Site
Online Banking Security
Web Services Design Security Considerations
Perspective of Performance and Security in IT
Design Considerations for Security
Download everything from Microsoft without WGA Check
What is STRIDE
The weakest link in the security chain? You
Information Systems Security Assessment Framework (ISSAF)
ASP.NET __VIEWSTATE issues