[<prev] [next>] [day] [month] [year] [list]
Date: Fri May 5 15:32:41 2006
From: bkfsec at sdf.lonestar.org (bkfsec)
Subject: [Fwd: Re: Microsoft DNS resolver: deliberately
sabotagedhosts-file lookup]
Sharing with this list in the interest of Full Disclosure. My response
to Thor was rejected from bugtraq, supposedly because the thread was
killed... but we all know the real reason. Since Thor was (is?) a
"temporary security focus moderator" it's OK for him to flame and berate
other posters (he began his post with "I won't respond anymore until
there is an intelligent response" or something along those lines.) but
when someone corrects him for his rant it gets bounced because they have
to protect their own.
With all the noise on this list, there's one thing that we should be
happy about -- there is no "protect your own" mentality here like there
is on other mailing lists.
As far as the content, I think that regarding the thread (which also
happened here) it's germane to point out that one benefit that Microsoft
derives from having the functionality of those hostnames hardcoded to
avoid the hosts file is clearly in tracking and verification of
licenses, regardless of whether it was their primary intent or not. So
Thor's statements here are entirely inappropriate.
-bkfsec
-------- Original Message --------
Subject: Re: [Full-disclosure] Microsoft DNS resolver: deliberately
sabotagedhosts-file lookup
Date: Wed, 03 May 2006 14:15:06 -0400
From: bkfsec <bkfsec@....lonestar.org>
To: Thor (Hammer of God) <thor@...merofgod.com>
CC: Bugtraq <bugtraq@...urityfocus.com>
References: <C07247C6.31D5%thor@...merofgod.com>
Thor (Hammer of God) wrote:
>>>It's not Microsoft's job to protect Symantec customers.
>>>
>>>
>>No it's not, it's Microsoft's job to protect windows users, millions of who
>>use NortonAV. But it would seem that MS is more interested in protecting
>>their user tracking information than the users.
>>
>>
>
>Oh, I see now. It's about tracking users now, is it? So you're saying that
>the exception list in dnsapi.dll is not only there for some super-secret
>Passport "functionality" but now Microsoft is using it to protect "their
>user tracking information?" Brilliant. I suppose that the next argument
>will be that dnsapi.dll contains the secret as to where that one sock goes
>after it's lost in the dryer, right? Hey! Maybe that's what winsock really
>is!!
>
>
>
Umm... Thor...
It's not quite as nuts of a proposition as you're making it out to be.
They are starting to roll out their "genuine advantage" program and that
does coordinate and do some installation via WindowsUpdate. Right now,
it's a "volunteer" program, but the logical next step is required and
automatic monitoring of system licensing, and the infrastructure is
clearly being created for that.
So before you go calling people conspiracy theorists, you might want to
check out the reality of what the company's doing first.
My opinion on the DNS change: I think it's obviously a "security" fix,
though probably a poor one. It has the added benefit of making it
harder for people to block automatic license checking tools, and I don't
think that's a coincidence either. In fact, I think they would call
that a security benefit as well... at least from their perspective.
-bkfsec
Powered by blists - more mailing lists