lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6158bb410805071741r6e8cc35bk3ae8f6efd55696f3@mail.gmail.com>
Date: Wed, 7 May 2008 20:41:31 -0400
From: Ureleet <ureleet@...il.com>
To: "J. Oquendo" <sil@...iltrated.net>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Microsot DID DISCLOSE potential Backdoor

msft sucks.  get over it.

oh, and they are shady evil people

On Wed, May 7, 2008 at 7:45 PM, J. Oquendo <sil@...iltrated.net> wrote:
> On Wed, 07 May 2008, Paul Schmehl wrote:
>
>  > Please point to the part where they are "relying on IP" when they
>  > explicitly state "No identifiable personal information that is related to
>  > you ***or to the computer*** is sent...."
>
>  What's going on Paul. You're right. "No identifiable personal information
>  that is related to you ***(adding more stars for empashis)****** or to the
>  computer ******* is sent..."
>
>  Mea culpa. For a moment here I thought LEA's used IP as an identifier in
>  courts of law. Silly me.
>
>  / SNIP http://tinyurl.com/54h9fu
>
>  They contacted Special Agent Adam D. Aichele of the Allentown FBI, Wolfe said.
>
>  Wolfe said Aichele took her to a Lehigh library computer to look at the e-mail and retrieve the IP address from which it was sent.
>
>  / SNIP
>
>  / SNIP http://www.fbi.gov/congress/congress04/lourdeau050604peer.htm
>
>  Therefore, despite the fact that a Peer-to-Peer connection is not facilitated by a central server, users can still be identified in real time by the IP addresses associated with
>  +their computers.
>
>  / SNIP
>
>  So before you argue back with "but your IP information is not sent!"
>  really? And how did the information from your machine get there? Smoke
>  signals?
>
>  As for "sniffing the wire" to see what MS is sending. Sort of difficult
>  to do. 1) I'm not on Windows that much. 2) When I am on Windows, the
>  machines I use are sanitized.
>
>  Furthermore, if you go back to the original article in PC World, I
>  don't know about you but to me its in black and white the correlation.
>  I don't know anyone who begins to talk about one thing, then goes off
>  into a complete different tangent in the next paragraph: "Information
>  obtained from WMSRT etc, etc, etc,..." ... "Officials were able to
>  identify..."
>
>  If at any point anyone here including LEA's believe wholeheartedly
>  there is nothing wrong with this in the sense it doesn't have a huge
>  potential for abuse (not the information sent by WMSRT but the
>  concept of using data WITHOUT NOTIFYING THE USER), if none have
>  qualms with this, you're in the wrong business (security).
>
>  I should make it a point to point out the flaws in the system but
>  alas that would lead to a complete misunderstanding of it. With this
>  said, here is a scenario for you Paul... Let's say I despised you.
>  Let's say I AM A BOTNET operator. Let's say I take my EXISTING botnet
>  and tweak the logged information being sent to Microsoft. I don't
>  know... I guess I'll make it look as YOUR NETWORK is a CNC for a
>  large botnet. I can only imagine 1) You will be going through an
>  insane ghost analysis for something that doesn't exist after being
>  raided... 2) Frustrated as an engineer since you know for a fact
>  there is no damn reason a LEA should be even talking to you.
>
>  Look I can think of the horrors behind this. If you can't see it
>  again, perhaps you and I aren't on the same level of thinking
>  outside of the box. The abusive side of "hacking" and I won't go
>  into the political bs of what a hacker is or does or is supposed
>  to be.
>
>
>  --
>  =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
>  J. Oquendo
>  SGFA #579 (FW+VPN v4.1)
>  SGFE #574 (FW+VPN v4.1)
>
>  wget -qO - www.infiltrated.net/sig|perl
>
>  http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB
>
>  _______________________________________________
>
>
> Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ