lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200308041157.18801@gyrniff>
From: b240503 at gyrniff.dk (gyrniff)
Subject: Microsoft win2003server phone home

After acquiring and installing a copy of 'Windows Server 2003 Standard Edition 
180-Day Evaluation' I walked through the 'role wizard',  used the 'custom 
role config' and selected everything ;-) 
After reboot the server made two POST request to microsoft controlled 
webserveres without any notification. One request to activex.micrisoft.com 
and one to codecs.microsoft.com, the data posted to the two severs was the 
same. (See the request and responds below.)

I can find no information in the license agreement about giving away 
'information' behind my back.

My question: 
1. Is  this behavior normal for a windows server installation ?   
2.  Could this behavior be considered as a violation of privacy ?
3.  Could it be considered as a security risk to let a newly installed server, 
request information from an arbitrary server that I have no control over ?

****

Posted data to activex.microsoft.com:
POST /objects/ocget.dll HTTP/1.1
Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, 
application/octet-stream, application/x-setupscript, */*
Content-Type: application/x-www-form-urlencoded
Accept-Language: da
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 
1.1.4322)
Host: activex.microsoft.com
Content-Length: 44
Connection: Keep-Alive
Cache-Control: no-cache

CLSID={FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7}

The reply:
HTTP/1.1 404 Object Not Found
Server: Microsoft-IIS/5.0
Date: Sun, 03 Aug 2003 09:48:38 GMT
Connection: close
Content-Type: text/html
Content-Length: 102

<html><head><title>Error</title></head><body>The system cannot find the file 
specified. </body></html>

***

Postede data to codecs.microsoft.com
POST /isapi/ocget.dll HTTP/1.1
Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, 
application/octet-stream, application/x-setupscript, */*
Content-Type: application/x-www-form-urlencoded
Accept-Language: da
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 
1.1.4322)
Host: codecs.microsoft.com
Content-Length: 44
Connection: Keep-Alive
Cache-Control: no-cache

CLSID={FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7}

And the reply:
HTTP/1.1 404 Not Found
Connection: close
Date: Sun, 03 Aug 2003 09:47:54 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.microsoft.com/w3c/p3p.xml" CP="ALL IND DSP COR ADM 
CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE 
PUR UNI"
X-Powered-By: ASP.NET


/Gyrniff

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ