Re: Malicious Intent...technically possible?

In article <drd9gf$kad$1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
Ian Wilson <scobloke2@xxxxxxxxxxxxx> wrote:
>Dave Dickerson wrote:
>> On 27 Jan 2006 00:20:01 -0500, Bela Lubkin <filbo@xxxxxxxxxx> wrote:
>>
>>
>>>Jean-Pierre Radley wrote:
>>>
>>>
>>>>Dave Dickerson typed (on Fri, Jan 27, 2006 at 03:22:41AM +0000):
>>>>| Is this technically possible assuming the required skills are in
>>>>| place?
>>>>|
>>>>| Say I'm familiar with the contents of your SCO OSR507 MP3 system and
>>>>| there's data on your system I want to get but I don't want you to know
>>>>| I've got it. So, I hatch a malicious plan.
>>>>|
>>>>| I give you a CD-R that contains software that you agree to install.
>>>>| You are to return the CD back to me when you are finished with it.
>>>>|
>>>>| You mount the CD on your OSR507 MP3 box and run an included install
>>>>| script. However, unknown to you, there was other software installed
>>>>| the system that gathers the data I seek and writes it back to an
>>>>| unused section of the CD-R.
>>>>|
>>>>| I'm hearing that under certain conditions it may be possible to do
>>>>| that write-back to a CD-R.
>>>>
>>>>I can't imagine any conditions on which you can write to a CD-R once
>>>>you've done your first (and only) write followed by the fixating phase.
>>>>I've tried to write to a non-virgin CD-R, never succeeded.
>>>>
>>>>| I'm not so sure and I'd like to hear your technical opinions on that
>>>>| matter regarding OSR507/MP3.
>>>>
>>>>The operating system is irrelevant. So far as I know, CD-R means write
>>>>once, read many.
>>>
>>>Multiple pieces can be written to a CD-R; it's called "multisession".
>>>I've even seen it work on OSR5. Proper multisession writing involves
>>>not doing the final fixation on the original write (i.e. when you do the
>>>original write you have to _tell_ the writing software that you're
>>>preparing for multisession).
>>>
>>>Dave's scheme is possible. I suspect the CD I/O would look a bit weird
>>>if you were actually paying attention while it was going on, but yeah,
>>>if you were handing a CD to a clueless admin you could probably arrange
>>>something like this.
>>>
>>>There are probably a bunch of other easier ways that don't involve CD
>>>writing. Starting with something like "could you run this command and
>>>email me the output?"... The whole scheme hinges on the idea that the
>>>recipient trusts you; if he trusts you then you can probably get him to
>>>do just about anything that isn't blatant.
>>>
>>>
>>>>Bela<
>>
>>
>> The discussions I've been having are centered on the properties of a
>> CD-R. The initial discussion was what I described above. Later,
>> questions came up about the "re-writeability" of a CD that had been
>> created by a burn process vs one that had been pressed. The claim was
>> that a pressed CD is equivalent to filling in all the unused space
>> with zeroes or some such thereby making the CD impervious to rewrite
>> attempts.
>>
>> Any thoughts on that?

>"Pressed" CDs have a different physical structure to CD-Rs and are
>created using a completely different process.

>CD's are read by shining a weak laser along a spiral track and
>looking for changes in reflectivity. There are many different
>ways to create those changes in reflectivity. On way is to press
>microscopic pits into a thin layer of aluminium, another way
>is to use a strong laser to burn dark spots into a layer of
>inorganic dye.

To correct a minor mis-impression here. They do not press
pits into a thin layer of aluminum. The pits are molded into
a plastic disk and then the disk - at this point just plastic - is
taken into an environment where a thin layer of metal - usually
aluminum sometimes gold - is put on the plastic to make it
reflective.

Bill
--
Bill Vermillion - bv @ wjv . com
.