funsec mailing list archives
Infecting OEM Images
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Thu, 19 Jan 2006 17:09:06 -0500
A reader who just bought a new Dell system noted to me that they don't send Windows disks anymore; instead they store images of the OOBE disk on a hidden partition. There's a procedure for reloading this image onto the active partition in cases where the system is hopeless or the tech doesn't feel like really trying to solve the problem. The reader suggested that if an attacker could modify the image files they could make the system unrecoverable through normal support channels. I suspect there are things like CRCs and such in place in the files to make it difficult to accomplish such an attack. In a sense, it would be easier just to trash the hidden partition; you'd accomplish the same thing. Does anyone think this is an area worth pursuing? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer Contributing Editor, PC Magazine larryseltzer () ziffdavis com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Third-party application developers and the WMF flaw Richard M. Smith (Jan 16)
- Message not available
- Fwd: Third-party application developers and the WMF flaw Col (Jan 16)
- Re: Third-party application developers and the WMF flaw TheGesus (Jan 16)
- Re: Fwd: Third-party application developers and the WMF flaw Florian Weimer (Jan 17)
- Re: Fwd: Third-party application developers and the WMF flaw Col (Jan 18)
- Fwd: Third-party application developers and the WMF flaw Col (Jan 16)
- Message not available
- Re: Third-party application developers and the WMF flaw Gadi Evron (Jan 17)
- Infecting OEM Images Larry Seltzer (Jan 19)
- RE: Infecting OEM Images Richard M. Smith (Jan 19)
- Re: Infecting OEM Images Pierre Vandevenne (Jan 19)