Jan 22 2023

Windows 11 is getting ReFS support

Category: File Security,Windows SecurityDISC @ 10:16 am

Recent Windows 11 Insider builds include support for ReFS, the Resilient File System. The file system is currently only available in Windows server operating systems, but not in client systems.

Resilient File System is designed to “maximize data availability, scale efficiently to large data sets across diverse workloads, and provide data integrity with resiliency to corruption” according to Microsoft.


NTFS, the New Technology File System, is the default file system on client versions of Microsoft’s Windows operating system. It is a proprietary file system introduced in Windows NT 3.1 and also supported on Linux and BSD.

ReFS and NTFS support a wide range of features, but there are major differences between the two file systems as well.

The Resilient File System, for example, supports file and volume sizes of up to 35 petabytes. NTFS, on the other hand, supports a maximum of 256 terabytes. A petabyte equals 1024 terabytes. While most home systems are very far away from reaching these file and volume sizes, it is clear that the 256 terabyte limit will be reached eventually.

ReFS supports the following features exclusively (compared to NTFS):

  • Block clone — aims to convert expensive physical file copy operations to quick logical ones. Reduces workloads, reduces I/O and increases the performance of the operations.
  • Sparse VDL — allows ReFS to zero files rapidly, which reduces the creation time of fixed VHDs significantly.
  • Mirror-accelerated parity (on Storage Spaces Direct) — designed to deliver high performance and capacity efficient storage. ReFS divides volumes, which can have their own drives, into performance and capacity tiers.  Writes occur in the performance tier and data is moved to the capacity tier in real-time.
  • File-level snapshots — creates a new file that contains data and attributes of a source file.

ReFS lacks support for several important features that NTFS supports. Major features that are missing include file system compression and encryption support, support for disk quotas and removable media, or booting.

ReFS support in Windows 11

ReFS support adds a new option to the Windows 11 operating system. It is possible that the file system will only be supported in Enterprise, Education and Workstation editions of Windows 11. On the other hand, a Pro version of Windows 11 was used by the Twitter user who revealed the support information.

Another aspect that needs to be considered is that there is no direct NTFS to ReFS conversion; this makes it very likely that ReFS can only be selected during initial setup of the operating system, but not while it is running.

Windows 11 administrators may enable ReFS on Windows 11 Insider builds using ViVeTool and the ID42189933. It is recommended to create a full system backup before attempting to install Windows 11 on ReFS.


Resilient File System (ReFS) (wikipedia.org)

Tags: file security, NTFS, ReFS

Dec 07 2021

Improper Neutralization of CRLF Sequences in Java Applications

Category: App Security,File Security,Information Security,PythonDISC @ 10:28 am

CRLF Injection

Let’s try to understand what CRLF injection is. In response to an HTTP request from a web browser, a web server sends a response, which contains both the HTTP headers and the actual content of the website. There is a special combination of characters that separates the HTTP headers from the HTML response (the website content), namely a carriage return followed by a line feed.

When a header ends with a CRLF, a new header is created on the server. So, a web application or a user will know when a new line begins in a file or text block.

An attacker can inject information into HTTP responses by using the CRLF characters that separate HTTP responses. As long as the header and body end in *CRLF>*CRLF>, the browser will understand that the header ends. Consequently, they have the option to store data in the body of the answer, where HTML is stored.

If an attacker enters the ASCII code for carriage return (%0d) and line feed (%0a) in a HTTPS header, they could identify them easily. The result would look like this:


Table of Contents

Java 9 Dependency Injection

Tags: CRLF Injection

Aug 13 2021

Google open-sourced Allstar tool to secure GitHub repositories

Category: App Security,File Security,Security ToolsDISC @ 10:02 am

Google has open-sourced the Allstar tool that can be used to secure GitHub projects and prevent security misconfigurations.

Google has open-sourced the Allstar tool that can be used to secure GitHub projects by enforcing a set of security policies to prevent misconfiguration.

“Allstar is a GitHub App installed on organizations or repositories to set and enforce security policies. Its goal is to be able to continuously monitor and detect any GitHub setting or repository file contents that may be risky or do not follow security best practices.” reads the project description. “If Allstar finds a repository to be out of compliance, it will take an action such as create an issue or restore security settings.”

Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information

Tags: Open source

Mar 23 2021

Accellion Supply Chain Hack

Category: App Security,File Security,Vendor AssessmentDISC @ 11:37 pm

Tags: Hacking, patching, supply chain, vulnerabilities

Mar 13 2021

Developing a Strong Security Posture in the Era of Remote Work

Tags: Remote work

May 31 2019

Secure, Share & Edit All Your Files From Anywhere | Box

Category: Cloud computing,File Security,Information PrivacyDISC @ 5:07 am

Secure File Sharing – 256-bit AES encryption

Secure File Sharing: Easily and securely share files—even sensitive or confidential ones—without worry.

Source: Secure, Share & Edit All Your Files From Anywhere | Box

 Subscribe in a reader

Apr 05 2019

How to completely and securely delete files in Windows

Category: App Security,File Security,Windows SecurityDISC @ 3:36 pm

To make sure a deleted file can’t be recovered, you’ll need to use a third-party shredding tool. Here’s a look at three such free programs: Eraser, File Shredder, and Freeraser.

Source: How to completely and securely delete files in Windows

Enter your email address:

Delivered by FeedBurner

Tags: Microsoft Windows, Windows, windows security