The Practical Linux Handbook: A Beginner’s Guide to Mastering Everyday Tasks
InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot
Jan 22 2023
Windows 11 is getting ReFS support
Recent Windows 11 Insider builds include support for ReFS, the Resilient File System. The file system is currently only available in Windows server operating systems, but not in client systems.
Resilient File System is designed to “maximize data availability, scale efficiently to large data sets across diverse workloads, and provide data integrity with resiliency to corruption” according to Microsoft.
ReFS vs NTFS
NTFS, the New Technology File System, is the default file system on client versions of Microsoft’s Windows operating system. It is a proprietary file system introduced in Windows NT 3.1 and also supported on Linux and BSD.
ReFS and NTFS support a wide range of features, but there are major differences between the two file systems as well.
The Resilient File System, for example, supports file and volume sizes of up to 35 petabytes. NTFS, on the other hand, supports a maximum of 256 terabytes. A petabyte equals 1024 terabytes. While most home systems are very far away from reaching these file and volume sizes, it is clear that the 256 terabyte limit will be reached eventually.
ReFS supports the following features exclusively (compared to NTFS):
- Block clone — aims to convert expensive physical file copy operations to quick logical ones. Reduces workloads, reduces I/O and increases the performance of the operations.
- Sparse VDL — allows ReFS to zero files rapidly, which reduces the creation time of fixed VHDs significantly.
- Mirror-accelerated parity (on Storage Spaces Direct) — designed to deliver high performance and capacity efficient storage. ReFS divides volumes, which can have their own drives, into performance and capacity tiers. Writes occur in the performance tier and data is moved to the capacity tier in real-time.
- File-level snapshots — creates a new file that contains data and attributes of a source file.
ReFS lacks support for several important features that NTFS supports. Major features that are missing include file system compression and encryption support, support for disk quotas and removable media, or booting.
ReFS support in Windows 11
ReFS support adds a new option to the Windows 11 operating system. It is possible that the file system will only be supported in Enterprise, Education and Workstation editions of Windows 11. On the other hand, a Pro version of Windows 11 was used by the Twitter user who revealed the support information.
Another aspect that needs to be considered is that there is no direct NTFS to ReFS conversion; this makes it very likely that ReFS can only be selected during initial setup of the operating system, but not while it is running.
Windows 11 administrators may enable ReFS on Windows 11 Insider builds using ViVeTool and the ID42189933. It is recommended to create a full system backup before attempting to install Windows 11 on ReFS.
Dec 07 2021
Improper Neutralization of CRLF Sequences in Java Applications
CRLF Injection
Let’s try to understand what CRLF injection is. In response to an HTTP request from a web browser, a web server sends a response, which contains both the HTTP headers and the actual content of the website. There is a special combination of characters that separates the HTTP headers from the HTML response (the website content), namely a carriage return followed by a line feed.
When a header ends with a CRLF, a new header is created on the server. So, a web application or a user will know when a new line begins in a file or text block.
An attacker can inject information into HTTP responses by using the CRLF characters that separate HTTP responses. As long as the header and body end in *CRLF>*CRLF>, the browser will understand that the header ends. Consequently, they have the option to store data in the body of the answer, where HTML is stored.
If an attacker enters the ASCII code for carriage return (%0d) and line feed (%0a) in a HTTPS header, they could identify them easily. The result would look like this:
https://xyz.com/index.php?page=home%0d%0a
Table of Contents
- Effects of CRLF Injection
- Improper Neutralization of CRLF Sequences in Java
- How to Fix CRLF Injection or Improper Neutralization Error
Aug 13 2021
Google open-sourced Allstar tool to secure GitHub repositories
Google has open-sourced the Allstar tool that can be used to secure GitHub projects and prevent security misconfigurations.
Google has open-sourced the Allstar tool that can be used to secure GitHub projects by enforcing a set of security policies to prevent misconfiguration.
“Allstar is a GitHub App installed on organizations or repositories to set and enforce security policies. Its goal is to be able to continuously monitor and detect any GitHub setting or repository file contents that may be risky or do not follow security best practices.” reads the project description. “If Allstar finds a repository to be out of compliance, it will take an action such as create an issue or restore security settings.”
Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information
May 31 2019
Secure, Share & Edit All Your Files From Anywhere | Box
Secure File Sharing – 256-bit AES encryption
Secure File Sharing: Easily and securely share files—even sensitive or confidential ones—without worry.
Source: Secure, Share & Edit All Your Files From Anywhere | Box
Apr 05 2019
How to completely and securely delete files in Windows
To make sure a deleted file can’t be recovered, you’ll need to use a third-party shredding tool. Here’s a look at three such free programs: Eraser, File Shredder, and Freeraser.
Source: How to completely and securely delete files in Windows
