Secret Sector Backdoor / Security Breach

[Guest Security.Concerned.User@gmail.com]

Hello everyone,

 

Recently I've realized that Windows XP Pro (SP1) secretly writes data

to hard-disk sector(s) that were beyond its

installation-partition boundaries; at that time I used a

basic Windows XP installation on a 3-GB partition,

and the rest of the harddisk was unformatted, for all Windows cared.

 

I should also mention that my WinXP partition is formatted on FAT32,

but I am capable of accessing NTFS partitions, if need be, using

NTFS4DOS, (which I didn't).

 

Obviously I was only able to have discovered that with

an MSDOS-run Disk Editor capable of accessing all 160 million

sectors of my 80GB hard disk, and making a text-based datafile

containing sector numbers (Cyl., Head, Sector + Index),

that was runnable under pure MSDOS mode avaiable by booting

from a BootCD / BootDVD.

 

I wasn't quite sure what the nature of that data was,

and whether or not it was a copy of the swapfile

(e.g., PageFile.SYS), or some other data off RAM,

or maybe password(s) or other sensitive data

that I may have been working on prior to re-booting

from my BootDVD.

 

So my questions are:

 

1. Would anybody be familiar with that sector-writing stuff?

2. If so, what is the nature of the data written?

3. Would password(s) typed at MSDOS-based program(s), run within

Dos-Box windows, be secretly saved there too?

4. How Am I do prevent that from happening?

5. How Am I to erase such data?

 

Thanks much,

SCU

[Guest Mathieu CHATEAU]

Re: Secret Sector Backdoor / Security Breach

 

Hello,

 

if this was true, people with linux partition (dual boot) would had their

linux corrupted...

 

I hesitate between hoax and paranoia

 

--

Cordialement,

Mathieu CHATEAU

English blog: http://lordoftheping.blogspot.com

French blog: http://www.lotp.fr

 

 

<Security.Concerned.User@gmail.com> wrote in message

news:1193072609.164116.76490@v23g2000prn.googlegroups.com...

> Hello everyone,

>

> Recently I've realized that Windows XP Pro (SP1) secretly writes data

> to hard-disk sector(s) that were beyond its

> installation-partition boundaries; at that time I used a

> basic Windows XP installation on a 3-GB partition,

> and the rest of the harddisk was unformatted, for all Windows cared.

>

> I should also mention that my WinXP partition is formatted on FAT32,

> but I am capable of accessing NTFS partitions, if need be, using

> NTFS4DOS, (which I didn't).

>

> Obviously I was only able to have discovered that with

> an MSDOS-run Disk Editor capable of accessing all 160 million

> sectors of my 80GB hard disk, and making a text-based datafile

> containing sector numbers (Cyl., Head, Sector + Index),

> that was runnable under pure MSDOS mode avaiable by booting

> from a BootCD / BootDVD.

>

> I wasn't quite sure what the nature of that data was,

> and whether or not it was a copy of the swapfile

> (e.g., PageFile.SYS), or some other data off RAM,

> or maybe password(s) or other sensitive data

> that I may have been working on prior to re-booting

> from my BootDVD.

>

> So my questions are:

>

> 1. Would anybody be familiar with that sector-writing stuff?

> 2. If so, what is the nature of the data written?

> 3. Would password(s) typed at MSDOS-based program(s), run within

> Dos-Box windows, be secretly saved there too?

> 4. How Am I do prevent that from happening?

> 5. How Am I to erase such data?

>

> Thanks much,

> SCU

>

[Guest Mathieu CHATEAU]

Re: Secret Sector Backdoor / Security Breach

 

Maybe just bad sectors ?

lol

 

--

Cordialement,

Mathieu CHATEAU

English blog: http://lordoftheping.blogspot.com

French blog: http://www.lotp.fr

 

 

<Security.Concerned.User@gmail.com> wrote in message

news:1193072609.164116.76490@v23g2000prn.googlegroups.com...

> Hello everyone,

>

> Recently I've realized that Windows XP Pro (SP1) secretly writes data

> to hard-disk sector(s) that were beyond its

> installation-partition boundaries; at that time I used a

> basic Windows XP installation on a 3-GB partition,

> and the rest of the harddisk was unformatted, for all Windows cared.

>

> I should also mention that my WinXP partition is formatted on FAT32,

> but I am capable of accessing NTFS partitions, if need be, using

> NTFS4DOS, (which I didn't).

>

> Obviously I was only able to have discovered that with

> an MSDOS-run Disk Editor capable of accessing all 160 million

> sectors of my 80GB hard disk, and making a text-based datafile

> containing sector numbers (Cyl., Head, Sector + Index),

> that was runnable under pure MSDOS mode avaiable by booting

> from a BootCD / BootDVD.

>

> I wasn't quite sure what the nature of that data was,

> and whether or not it was a copy of the swapfile

> (e.g., PageFile.SYS), or some other data off RAM,

> or maybe password(s) or other sensitive data

> that I may have been working on prior to re-booting

> from my BootDVD.

>

> So my questions are:

>

> 1. Would anybody be familiar with that sector-writing stuff?

> 2. If so, what is the nature of the data written?

> 3. Would password(s) typed at MSDOS-based program(s), run within

> Dos-Box windows, be secretly saved there too?

> 4. How Am I do prevent that from happening?

> 5. How Am I to erase such data?

>

> Thanks much,

> SCU

>

[Guest Brains,None]

Re: Secret Sector Backdoor / Security Breach

 

Mathieu CHATEAU wrote:

> Maybe just bad sectors ?

> lol

>

That's a distinct possibility! however, wouldn't the IDE drive "hide"

the bad sector on it's own? Or, maybe the OP's program can bypass that?

 

Hey, SCU, can your program tell if the sector is marked unavailable?

 

j.