RE: Infecting OEM Images

["Todd Towles" <toddtowles () brookshires com>]

Larry wrote:
> A reader who just bought a new Dell system noted to me that 
> they don't send Windows disks anymore; instead they store 
> images of the OOBE disk on a hidden partition. There's a 
> procedure for reloading this image onto the active partition 
> in cases where the system is hopeless or the tech doesn't 
> feel like really trying to solve the problem. The reader 
> suggested that if an attacker could modify the image files 
> they could make the system unrecoverable through normal 
> support channels. 

OS disks are supplied with the buiness line of Dells. Only the home
models come with that weird active partition and no CDs. Latitudes and
Optiplexs come with the CDs...I am pretty sure.

> I suspect there are things like CRCs and such in place in the 
> files to make it difficult to accomplish such an attack. In a 
> sense, it would be easier just to trash the hidden partition; 
> you'd accomplish the same thing posts.

Well trashing wouldn't be any fun. You would want to trojan the image
files. I think it is worth a look, just to see if they do protect those
files from mis-use.

-Todd

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.