This is kind of a follow up to the mystery of the missing HTML (http://blogoscoped.com/forum/11732.html) but it uses a very different method and unlike the last one, this uses Windows.
Basically, I've made the Google logo zero bytes (or appear to be zero bytes).
Steps to reproduce: http://cow.neondragon.net/index.php/292-The-Mystery-Of-The-Zero-Byte-Image
Anyone know how it's done?:) |
It's using NTFS alternate data streams, which are not properly accounted for in the explorer UI. The :rw indicates the use of another stream. IE6SP2 uses this to mark files downloaded from the internet – search on [Zone.Identifier] for more details. |
The reason is called Windows Alternate Data Streams (ADS). In essence it is NTFS feature with the purpose of associating with the file several data streams. Programs can store there icons, descriptions, etc.
Well, hackers also store their rootkits in the ADS, because normal Windows utilities don't take ADS into account. I believe the main reason for it the the fact, that (possibly assigned by the Windows Explorer) app's icons and description should not be a part of the file size.
You can read more about ADS here: http://www.windowsecurity.com/articles/Alternate_Data_Streams.html
P.S. Philipp, when are you going to add Preview to the forum posts? :) |
A realtime javascript preview would be trivial... |