lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: seclistaddress at yahoo.com (manohar singh)
Subject: Microsoft win2003server phone home

jeeesus,

where's the manager? someone throw these kiddies out
puhleese.

will you read the license agreement to the part where
it talks about the update ?

!

Gaurav Kumar <gaurav@...labs.com> wrote: 1. Is  this
behavior normal for a windows server installation ?   
i think that this behavour is normal bcoz as u analyse
that session u will get to know that server is trying
to update something
 
 2.  Could this behavior be considered as a violation
of privacy ?
this surely a case of violation of privacy as it is
not mentioned in agreement. go ahead, sue micro$oft.
 
 3.  Could it be considered as a security risk to let
a newly installed server, 
request information from an arbitrary server that I
have no control over ?
yes its a security risk bcoz it is not even using pki
to establish identity of the server.
 
 
Gaurav Kumar
 
Chief Information Security Analyst
E2 Labs Information Security Pvt. Ltd.
Hyderbad-34
AP
India
 
Phone(s)-
Mobile      +91 40 31068650
Tele/Fax   +91 40 23555942 (ext-24)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
----- Original Message ----- From: "gyrniff"
<b240503@...niff.dk>
To: <full-disclosure@...ts.netsys.com>
Sent: Monday, August 04, 2003 3:27 PM
Subject: [Full-Disclosure] Microsoft win2003server
phone home



> After acquiring and installing a copy of 'Windows
Server 2003 Standard Edition 
> 180-Day Evaluation' I walked through the 'role
wizard',  used the 'custom 
> role config' and selected everything ;-) 
> After reboot the server made two POST request to
microsoft controlled 
> webserveres without any notification. One request to
activex.micrisoft.com 
> and one to codecs.microsoft.com, the data posted to
the two severs was the 
> same. (See the request and responds below.)
> 
> I can find no information in the license agreement
about giving away 
> 'information' behind my back.
> 
> My question: 
> 1. Is  this behavior normal for a windows server
installation ?   
> 2.  Could this behavior be considered as a violation
of privacy ?
> 3.  Could it be considered as a security risk to let
a newly installed server, 
> request information from an arbitrary server that I
have no control over ?
> 
> ****
> 
> Posted data to activex.microsoft.com:
> POST /objects/ocget.dll HTTP/1.1
> Accept: application/x-cabinet-win32-x86,
application/x-pe-win32-x86, 
> application/octet-stream, application/x-setupscript,
*/*
> Content-Type: application/x-www-form-urlencoded
> Accept-Language: da
> Accept-Encoding: gzip, deflate
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.2; .NET CLR 
> 1.1.4322)
> Host: activex.microsoft.com
> Content-Length: 44
> Connection: Keep-Alive
> Cache-Control: no-cache
> 
> CLSID={FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7}
> 
> The reply:
> HTTP/1.1 404 Object Not Found
> Server: Microsoft-IIS/5.0
> Date: Sun, 03 Aug 2003 09:48:38 GMT
> Connection: close
> Content-Type: text/html
> Content-Length: 102
> 
> <html><head><title>Error</title></head><body>The
system cannot find the file 
> specified. </body></html>
> 
> ***
> 
> Postede data to codecs.microsoft.com
> POST /isapi/ocget.dll HTTP/1.1
> Accept: application/x-cabinet-win32-x86,
application/x-pe-win32-x86, 
> application/octet-stream, application/x-setupscript,
*/*
> Content-Type: application/x-www-form-urlencoded
> Accept-Language: da
> Accept-Encoding: gzip, deflate
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.2; .NET CLR 
> 1.1.4322)
> Host: codecs.microsoft.com
> Content-Length: 44
> Connection: Keep-Alive
> Cache-Control: no-cache
> 
> CLSID={FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7}
> 
> And the reply:
> HTTP/1.1 404 Not Found
> Connection: close
> Date: Sun, 03 Aug 2003 09:47:54 GMT
> Server: Microsoft-IIS/6.0
> P3P:
policyref="http://www.microsoft.com/w3c/p3p.xml"
CP="ALL IND DSP COR ADM 
> CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo
CNT COM INT NAV ONL PHY PRE 
> PUR UNI"
> X-Powered-By: ASP.NET
> 
> 
> /Gyrniff
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
http://lists.netsys.com/full-disclosure-charter.html
> 


__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ