what makes this file such an interesting find, though, is that the shell has bee... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mmsc on May 27, 2024 \| parent \| context \| favorite \| on: PcTattletale leaks victims' screen recordings to e... `what makes this file such an interesting find, though, is that the shell has been present since at least december 2011` It's really easy to change the creation date of a file by changing the system clock for a millisecond, and create a file, before changing the clock back to normal. Some people like to do this to avoid their back doors being found by IR doing a "find" for any newly created files.

zaxomi on May 27, 2024 [–]

No need to change the system clock for a millisecond. The operating system has an API for changing allt the timestamps of a file.

vitus on May 27, 2024 | [–]

Indeed, that's what `touch -t 201101020304 /tmp/old-file` is for. (Although on ext4 it seems that you can't control the birth time; for that you would need to set your system clock.)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact