Schneier on Security

Clive Robinson • August 19, 2025 10:52 AM

This is a “new instance” in a “known Class” of vulnerability.

In a way you can blame Apple and it’s filch from Unix file systems…

Because “alternate data streams” came about as Microsoft wanted to do the same thing but had to do it differently (probably patent reasons).

In essence the idea was a way to group different data type files together as a single entity under an onscreen “Windows icon”.

The thing is on the file system they are “different distinct files” that can be anywhere in the file system. And the “file-name” you see on screen is in turn not a content/data file but a link to a file containing links that get passed not to the OS but to Windows that then pushed them at helper aps.

Thus those links and the actual file types could be anything. Even to the same data content but in different places and later with the expansion from early FAT 8.3 DOS file name format to “whatever” under later FAT format.

It was a useful feature you could use to “hide files” and I used it with a text editor to basically have both a hidden “undo list” and hidden “diff” file and a way to link them back to the text file and a series of entire “back-up” files.

So “Belts n Braces” because NTFS had a flaky reputation when used under the DOS command shell.

WinRAR is also an abomination because it tried to be helpful to “hide stuff from humans” according to some developers notion of what helpful was… (Not mine or most other people I knew at the time).

So the issue was a cludg at the Windows level caused stuff to be added in the wrong way to file systems and in effect developers tried to bypass the OS in between and they “Cods’d it up”.

But the notion of “legacy support” means it all got brought down the time line, even though the early reasons for such things to exist nolonger existed…

Hopefully Microsoft will fix the issues properly, but I very much doubt they will, so expect similar attacks down the line.

Clive Robinson • August 21, 2025 5:22 AM

@ ResearcherZero,

With regards to the macleans link article…

Since from before this blog, I started warning people about surveillance issues and over that time I’ve warned about those the article identifies and one or two more besides.

But people did not want to know some called me “paranoid” or worse, others openly attacked me and accused me of in effect hurting them. However my points have been proved over and over.

To see this in action search back on this site to when I first telling people disabling javascript was a wise idea… Today most accept the logic or wisdom behind it, some still do it begrudgingly. Any way we got the early advert blockers that disabled javascript or stopped questionable javascript running. A clear indication that peoples thinking was changing. Whilst I as an individual have not recently been told I’m destroying their jobs, profit, etc, there are still companies that insist you have javascript enabled. And as I noted yesterday in Germany on company is taking it through the German Federal court system (search for “Axel Springer” which is a publishing mega corp (SE) and “adBlock” company “Eyeo” (GmbH).

You will find articles like,

https://www.heise.de/en/news/Copyright-Springer-vs-Adblock-Plus-enters-another-round-10505898.html

Which give some of the long running series of defeats for Axel Springer in their attempts to legalise “theft” and considerably worse.

As the article linked above notes,

“Springer had argued, among other things, that the DOM node tree generated by the browser from the HTML code when rendering a website and the CSS structures are forms of expression of the user’s own programming and are therefore protected by copyright.”

Think about the implication of that…

Axel Springer are in effect claiming that they “own your computer” and can tell it to do anything that they, –not you as the owner or user,– want, and you have no right to stop them…

In effect they want a licence to do as they please but without any responsibility for the theft and harms that you as the owner or user of the computer may suffer by their actions…

And I’m not just talking about the right to install persistent “client side scanning”, “keyboard logging” or “credential stealing” or similar malware they are technically “passive” attacks. There are worse “active” attacks where they make your computer do things to others. Lets just say they get it to “post online” using your credentials such that you get accused of all sorts of crimes for which you can not make a legal defence.

It’s why years ago I ensured that all my computers were not just “air gapped” but “energy gapped”. And why I’ve repeatedly advised people to have two computers.. One for just communication that has no semi-mutable memory like magnetic or Flash or similar memory that will alow malware to survive a reboot. The other never gets connected to any external or externally accessable communications –think WiFi Bluetooth and much more– for “Confidential, Personal, and Private” work and you encrypt anything you need to take off of it, such that you can have real “End to End Encryption”(E2EE) that can not have “end run attacks” or “Client Side Scanning” or worse used to get around it.

Whilst some people might consider this “over the top” today, as some considered it paranoid when I first talked about it. But importantly increasing numbers are now accepting that nothing you do whilst “connected” is ephemeral any longer and it’s clear that attackers are going to attack anything they can reach especially if they are “State Level”.

Thus “Mitigation by segregation” such as “energy gapping” is one of the few protections left to the ordinary person.

It’s also why I’ve described how to make both an “RF Cage” suitable for development work and further how to use household items to quickly build and take apart a personal SCIF equivalent that can be “covert”. And along with others how to make “dead man’s switches to kill data in the computer memory if it’s grabbed from you etc.

Whilst this sort of thing might be “over kill” today for Jo Average and their spicy cat videos and coupon sharing club secrets, tommorow it might well not be. Others need it now such as journalist of various types. But the trends “in the West” towards authoritarianism, is clearly to “invent crimes” to detain and oppress individuals that are either scapegoats or inconvenient for politicians and others in authority is very much on the rise as even US MSM is now reporting.

As the article you link to discusses it’s a trend that is not likely to reverse, in fact it’s most likely to get not just worse but at a faster rate…

Do you think people really want to bet their liberty or even life on the fact they might think I appear a little paranoid to them today? Especially when history shows I’m not paranoid just earlier than most in my predictions thus the precautions I advise.