funsec mailing list archives
RE: Infecting OEM Images
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Thu, 19 Jan 2006 17:18:05 -0500
Sounds like a security risk to me. I also don't like these hidden partitions because they take away valuable disk space especially on a laptop. These partitions also lead to lawsuits: http://www.whafh.com/modules/practice_area/index.php?action=view&id=23 Wolf Haldenstein represented a class of Compaq Presario computer purchasers in a class action lawsuit against Compaq, filed in the United States District Court for the Eastern District of Texas, alleging that Compaq defrauded its own customers by selling them Presario computers with hard disk drives that Compaq, for its own financial gain, unilaterally partitioned in a manner that reduced the usable capacity of each of those hard disk drives by as much as three gigabytes. After considering plaintiffs´ allegations, Compaq settled that case in a manner that provided complete relief to each class member. Richard -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Larry Seltzer Sent: Thursday, January 19, 2006 5:09 PM To: funsec () linuxbox org Subject: [funsec] Infecting OEM Images A reader who just bought a new Dell system noted to me that they don't send Windows disks anymore; instead they store images of the OOBE disk on a hidden partition. There's a procedure for reloading this image onto the active partition in cases where the system is hopeless or the tech doesn't feel like really trying to solve the problem. The reader suggested that if an attacker could modify the image files they could make the system unrecoverable through normal support channels. I suspect there are things like CRCs and such in place in the files to make it difficult to accomplish such an attack. In a sense, it would be easier just to trash the hidden partition; you'd accomplish the same thing. Does anyone think this is an area worth pursuing? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer Contributing Editor, PC Magazine larryseltzer () ziffdavis com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Third-party application developers and the WMF flaw Richard M. Smith (Jan 16)
- Message not available
- Fwd: Third-party application developers and the WMF flaw Col (Jan 16)
- Re: Third-party application developers and the WMF flaw TheGesus (Jan 16)
- Re: Fwd: Third-party application developers and the WMF flaw Florian Weimer (Jan 17)
- Re: Fwd: Third-party application developers and the WMF flaw Col (Jan 18)
- Fwd: Third-party application developers and the WMF flaw Col (Jan 16)
- Message not available
- Re: Third-party application developers and the WMF flaw Gadi Evron (Jan 17)
- Infecting OEM Images Larry Seltzer (Jan 19)
- RE: Infecting OEM Images Richard M. Smith (Jan 19)
- Re: Infecting OEM Images Pierre Vandevenne (Jan 19)