funsec mailing list archives
Re: Infecting OEM Images
From: Xyberpix <xyberpix () xyberpix com>
Date: Fri, 20 Jan 2006 12:57:30 +0000
I think that if there was a way to get an unknown rootkit onto the master image that they make the OOBE disk from, that would be great fun. Even better would be if it somehow morphed each time ti got re-installed from the image ;-) never did like wearing hats. xyberpix On Thu Jan 19 22:09 , 'Larry Seltzer' <larry () larryseltzer com> sent:
A reader who just bought a new Dell system noted to me that they don't send Windows disks anymore; instead they store images of the OOBE disk on a hidden partition. There's a procedure for reloading this image onto the active partition in cases where the system is hopeless or the tech doesn't feel like really trying to solve the problem. The reader suggested that if an attacker could modify the image files they could make the system unrecoverable through normal support channels. I suspect there are things like CRCs and such in place in the files to make it difficult to accomplish such an attack. In a sense, it would be easier just to trash the hidden partition; you'd accomplish the same thing. Does anyone think this is an area worth pursuing? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer Contributing Editor, PC Magazine larryseltzer () ziffdavis com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Infecting OEM Images Todd Towles (Jan 19)
- <Possible follow-ups>
- RE: Infecting OEM Images Willy, Andrew (Jan 19)
- Re: Infecting OEM Images Dude VanWinkle (Jan 19)
- Re: Infecting OEM Images Xyberpix (Jan 20)