lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: gaurav at e2-labs.com (Gaurav Kumar) Subject: Microsoft win2003server phone home 1. Is this behavior normal for a windows server installation ? i think that this behavour is normal bcoz as u analyse that session u will get to know that server is trying to update something 2. Could this behavior be considered as a violation of privacy ? this surely a case of violation of privacy as it is not mentioned in agreement. go ahead, sue micro$oft. 3. Could it be considered as a security risk to let a newly installed server, request information from an arbitrary server that I have no control over ? yes its a security risk bcoz it is not even using pki to establish identity of the server. Gaurav Kumar Chief Information Security Analyst E2 Labs Information Security Pvt. Ltd. Hyderbad-34 AP India Phone(s)- Mobile +91 40 31068650 Tele/Fax +91 40 23555942 (ext-24) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ----- Original Message ----- From: "gyrniff" <b240503@...niff.dk> To: <full-disclosure@...ts.netsys.com> Sent: Monday, August 04, 2003 3:27 PM Subject: [Full-Disclosure] Microsoft win2003server phone home > After acquiring and installing a copy of 'Windows Server 2003 Standard Edition > 180-Day Evaluation' I walked through the 'role wizard', used the 'custom > role config' and selected everything ;-) > After reboot the server made two POST request to microsoft controlled > webserveres without any notification. One request to activex.micrisoft.com > and one to codecs.microsoft.com, the data posted to the two severs was the > same. (See the request and responds below.) > > I can find no information in the license agreement about giving away > 'information' behind my back. > > My question: > 1. Is this behavior normal for a windows server installation ? > 2. Could this behavior be considered as a violation of privacy ? > 3. Could it be considered as a security risk to let a newly installed server, > request information from an arbitrary server that I have no control over ? > > **** > > Posted data to activex.microsoft.com: > POST /objects/ocget.dll HTTP/1.1 > Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, > application/octet-stream, application/x-setupscript, */* > Content-Type: application/x-www-form-urlencoded > Accept-Language: da > Accept-Encoding: gzip, deflate > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR > 1.1.4322) > Host: activex.microsoft.com > Content-Length: 44 > Connection: Keep-Alive > Cache-Control: no-cache > > CLSID={FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7} > > The reply: > HTTP/1.1 404 Object Not Found > Server: Microsoft-IIS/5.0 > Date: Sun, 03 Aug 2003 09:48:38 GMT > Connection: close > Content-Type: text/html > Content-Length: 102 > > <html><head><title>Error</title></head><body>The system cannot find the file > specified. </body></html> > > *** > > Postede data to codecs.microsoft.com > POST /isapi/ocget.dll HTTP/1.1 > Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, > application/octet-stream, application/x-setupscript, */* > Content-Type: application/x-www-form-urlencoded > Accept-Language: da > Accept-Encoding: gzip, deflate > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR > 1.1.4322) > Host: codecs.microsoft.com > Content-Length: 44 > Connection: Keep-Alive > Cache-Control: no-cache > > CLSID={FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7} > > And the reply: > HTTP/1.1 404 Not Found > Connection: close > Date: Sun, 03 Aug 2003 09:47:54 GMT > Server: Microsoft-IIS/6.0 > P3P: policyref="http://www.microsoft.com/w3c/p3p.xml" CP="ALL IND DSP COR ADM > CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE > PUR UNI" > X-Powered-By: ASP.NET > > > /Gyrniff > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030805/59aa4841/attachment.html
Powered by blists - more mailing lists