Internet Storm Center

Fun with streams! I had an interesting idea after seeing the first post of this story. I wondered if one could use an alternate stream on a directory. Sure enough, you can:

md Foo
echo foobar > Foo:altstream
sort < Foo:altstream
rd Foo
sort < Foo:altstream

Thus, one can hide arbitrary data in a directory (not in a file in a directory, but in the directory itself effectively). As in echo foobar > C:\WINDOWS:altstream.

Of course, the SysInternals streams.exe will find it, but it's still kind of cool. Personally, I've actually found streams to be useful before in scenarios where I need to record meta-data about a file in the file itself (for instance, in a generated PDF file to record what config was used to generate the PDF file so I know whether it needs to be regenerated or not).

Argh - when I logged in, it jumped to another story - let me go stick this on the right story!