Full Disclosure mailing list archives
Re: Microsot DID DISCLOSE potential Backdoor
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 07 May 2008 21:26:05 -0500
--On May 7, 2008 6:45:12 PM -0500 "J. Oquendo" <sil () infiltrated net> wrote:
On Wed, 07 May 2008, Paul Schmehl wrote:Please point to the part where they are "relying on IP" when they explicitly state "No identifiable personal information that is related to you ***or to the computer*** is sent...."What's going on Paul. You're right. "No identifiable personal information that is related to you ***(adding more stars for empashis)****** or to the computer ******* is sent..." Mea culpa. For a moment here I thought LEA's used IP as an identifier in courts of law. Silly me.
And that relates to the MSRT how?
So before you argue back with "but your IP information is not sent!" really? And how did the information from your machine get there? Smoke signals?
Now you're being silly. You're claiming that *realtime connection information* is included in the data that is sent but without any grounds to do so and despite Microsoft's claims to the contrary. And without any proof.
As for "sniffing the wire" to see what MS is sending. Sort of difficult to do. 1) I'm not on Windows that much. 2) When I am on Windows, the machines I use are sanitized.
You might try it some time. Getting the facts beats wild speculation and hyperbole every time. I just installed MSRT on my laptop and ran it while Wireshark was monitoring all external communications. It sent exactly *zero* information to MS. I'm no Microsoft fan by any stretch of the imagination (my preferred platforms are FreeBSD and Mac OS X), but I'm also not a paranoid fool.
Furthermore, if you go back to the original article in PC World, I don't know about you but to me its in black and white the correlation. I don't know anyone who begins to talk about one thing, then goes off into a complete different tangent in the next paragraph: "Information obtained from WMSRT etc, etc, etc,..." ... "Officials were able to identify..." If at any point anyone here including LEA's believe wholeheartedly there is nothing wrong with this in the sense it doesn't have a huge potential for abuse (not the information sent by WMSRT but the concept of using data WITHOUT NOTIFYING THE USER), if none have qualms with this, you're in the wrong business (security).
Not all of us are consumed by paranoia and unfounded fears. Some of us actually approach security from a rational, intelligent perspective and attempt to mitigate risks to the best of our abilities while accepting the fact that we can't stop every attack.
I should make it a point to point out the flaws in the system but alas that would lead to a complete misunderstanding of it. With this said, here is a scenario for you Paul... Let's say I despised you. Let's say I AM A BOTNET operator. Let's say I take my EXISTING botnet and tweak the logged information being sent to Microsoft. I don't know... I guess I'll make it look as YOUR NETWORK is a CNC for a large botnet. I can only imagine 1) You will be going through an insane ghost analysis for something that doesn't exist after being raided... 2) Frustrated as an engineer since you know for a fact there is no damn reason a LEA should be even talking to you.
Again, this has *what* to do with the MSRT?
Look I can think of the horrors behind this. If you can't see it again, perhaps you and I aren't on the same level of thinking outside of the box. The abusive side of "hacking" and I won't go into the political bs of what a hacker is or does or is supposed to be.
I don't consider fantasizing about bogeymen "thinking outside the box". Paul Schmehl (pauls () utdallas edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsot DID DISCLOSE potential Backdoor J. Oquendo (May 03)
- Re: Microsot DID DISCLOSE potential Backdoor Aaron Kempf (May 06)
- Message not available
- Re: Microsot DID DISCLOSE potential Backdoor J. Oquendo (May 06)
- Re: Microsot DID DISCLOSE potential Backdoor Paul Schmehl (May 07)
- Re: Microsot DID DISCLOSE potential Backdoor J. Oquendo (May 07)
- Re: Microsot DID DISCLOSE potential Backdoor Ureleet (May 07)
- Re: Microsot DID DISCLOSE potential Backdoor Paul Schmehl (May 07)
- Re: Microsot DID DISCLOSE potential Backdoor J. Oquendo (May 07)
- Re: Microsot DID DISCLOSE potential Backdoor Paul Schmehl (May 08)
- Re: Microsot DID DISCLOSE potential Backdoor J. Oquendo (May 08)
- Snort Signature to detect credit cards wilder_jeff Wilder (May 08)
- Re: Snort Signature to detect credit cards Ivan . (May 08)
- Re: Snort Signature to detect credit cards Christopher Jacob (May 08)
- Re: Snort Signature to detect credit cards Ray P (May 08)
- Re: Snort Signature to detect credit cards Simon Smith (May 08)
- Re: Snort Signature to detect credit cards Randal T. Rioux (May 09)
- Re: Snort Signature to detect credit cards T Biehn (May 09)
- Re: Microsot DID DISCLOSE potential Backdoor J. Oquendo (May 06)