funsec mailing list archives
RE: Infecting OEM Images
From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 19 Jan 2006 16:23:01 -0600
Larry wrote:
A reader who just bought a new Dell system noted to me that they don't send Windows disks anymore; instead they store images of the OOBE disk on a hidden partition. There's a procedure for reloading this image onto the active partition in cases where the system is hopeless or the tech doesn't feel like really trying to solve the problem. The reader suggested that if an attacker could modify the image files they could make the system unrecoverable through normal support channels.
OS disks are supplied with the buiness line of Dells. Only the home models come with that weird active partition and no CDs. Latitudes and Optiplexs come with the CDs...I am pretty sure.
I suspect there are things like CRCs and such in place in the files to make it difficult to accomplish such an attack. In a sense, it would be easier just to trash the hidden partition; you'd accomplish the same thing posts.
Well trashing wouldn't be any fun. You would want to trojan the image files. I think it is worth a look, just to see if they do protect those files from mis-use. -Todd _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Infecting OEM Images Todd Towles (Jan 19)
- <Possible follow-ups>
- RE: Infecting OEM Images Willy, Andrew (Jan 19)
- Re: Infecting OEM Images Dude VanWinkle (Jan 19)
- Re: Infecting OEM Images Xyberpix (Jan 20)