Re: Infecting OEM Images

[Xyberpix <xyberpix () xyberpix com>]

I think that if there was a way to get an unknown rootkit onto the master image
that they make the   OOBE disk from, that would be great fun. Even better would
be if it somehow morphed each time ti got re-installed from the image ;-)

never did like wearing hats.

xyberpix

On Thu Jan 19 22:09 , 'Larry Seltzer' <larry () larryseltzer com> sent:

> A reader who just bought a new Dell system noted to me that they don't send
> Windows disks anymore; instead they store images of the OOBE disk on a
> hidden partition. There's a procedure for reloading this image onto the
> active partition in cases where the system is hopeless or the tech doesn't
> feel like really trying to solve the problem. The reader suggested that if
> an attacker could modify the image files they could make the system
> unrecoverable through normal support channels. 
>
> I suspect there are things like CRCs and such in place in the files to make
> it difficult to accomplish such an attack. In a sense, it would be easier
> just to trash the hidden partition; you'd accomplish the same thing. 
>
> Does anyone think this is an area worth pursuing?
>
> Larry Seltzer
> eWEEK.com Security Center Editor
> http://security.eweek.com/
> http://blog.ziffdavis.com/seltzer
> Contributing Editor, PC Magazine
> larryseltzer () ziffdavis com 
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.