Re: Malicious Intent...technically possible?

Dave Dickerson wrote: 
On 27 Jan 2006 00:20:01 -0500, Bela Lubkin <filbo@xxxxxxxxxx> wrote:


Jean-Pierre Radley wrote:


Dave Dickerson typed (on Fri, Jan 27, 2006 at 03:22:41AM +0000):
| Is this technically possible assuming the required skills are in
| place?
| | Say I'm familiar with the contents of your SCO OSR507 MP3 system and
| there's data on your system I want to get but I don't want you to know
| I've got it. So, I hatch a malicious plan. | | I give you a CD-R that contains software that you agree to install.
| You are to return the CD back to me when you are finished with it.
| | You mount the CD on your OSR507 MP3 box and run an included install
| script. However, unknown to you, there was other software installed
| the system that gathers the data I seek and writes it back to an
| unused section of the CD-R. | | I'm hearing that under certain conditions it may be possible to do
| that write-back to a CD-R. 

I can't imagine any conditions on which you can write to a CD-R once
you've done your first (and only) write followed by the fixating phase.
I've tried to write to a non-virgin CD-R, never succeeded.

| I'm not so sure and I'd like to hear your technical opinions on that
| matter regarding OSR507/MP3.

The operating system is irrelevant.  So far as I know, CD-R means write
once, read many.


Multiple pieces can be written to a CD-R; it's called "multisession".
I've even seen it work on OSR5.  Proper multisession writing involves
not doing the final fixation on the original write (i.e. when you do the
original write you have to _tell_ the writing software that you're
preparing for multisession).

Dave's scheme is possible.  I suspect the CD I/O would look a bit weird
if you were actually paying attention while it was going on, but yeah,
if you were handing a CD to a clueless admin you could probably arrange
something like this.

There are probably a bunch of other easier ways that don't involve CD
writing.  Starting with something like "could you run this command and
email me the output?"...  The whole scheme hinges on the idea that the
recipient trusts you; if he trusts you then you can probably get him to
do just about anything that isn't blatant.


Bela<


The discussions I've been having are centered on the properties of a
CD-R. The initial discussion was what I described above. Later,
questions came up about the "re-writeability" of a CD that had been
created by a burn process vs one that had been pressed. The claim was
that a pressed CD is equivalent to filling in all the unused space
with zeroes or some such thereby making the CD impervious to rewrite
attempts.

Any thoughts on that?

"Pressed" CDs have a different physical structure to CD-Rs and are created using a completely different process.

CD's are read by shining a weak laser along a spiral track and looking for changes in reflectivity. There are many different ways to create those changes in reflectivity. On way is to press microscopic pits into a thin layer of aluminium, another way is to use a strong laser to burn dark spots into a layer of inorganic dye.

Unused space on a "pressed" CD doesn't have to contain zeroes to make it impervious to writing because it doesn't contain the pre-groove track and the inorganic dye needed by the CD-R writing process.
.

Quantcast