[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6158bb410805071741r6e8cc35bk3ae8f6efd55696f3@mail.gmail.com>
Date: Wed, 7 May 2008 20:41:31 -0400
From: Ureleet <ureleet@...il.com>
To: "J. Oquendo" <sil@...iltrated.net>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Microsot DID DISCLOSE potential Backdoor
msft sucks. get over it.
oh, and they are shady evil people
On Wed, May 7, 2008 at 7:45 PM, J. Oquendo <sil@...iltrated.net> wrote:
> On Wed, 07 May 2008, Paul Schmehl wrote:
>
> > Please point to the part where they are "relying on IP" when they
> > explicitly state "No identifiable personal information that is related to
> > you ***or to the computer*** is sent...."
>
> What's going on Paul. You're right. "No identifiable personal information
> that is related to you ***(adding more stars for empashis)****** or to the
> computer ******* is sent..."
>
> Mea culpa. For a moment here I thought LEA's used IP as an identifier in
> courts of law. Silly me.
>
> / SNIP http://tinyurl.com/54h9fu
>
> They contacted Special Agent Adam D. Aichele of the Allentown FBI, Wolfe said.
>
> Wolfe said Aichele took her to a Lehigh library computer to look at the e-mail and retrieve the IP address from which it was sent.
>
> / SNIP
>
> / SNIP http://www.fbi.gov/congress/congress04/lourdeau050604peer.htm
>
> Therefore, despite the fact that a Peer-to-Peer connection is not facilitated by a central server, users can still be identified in real time by the IP addresses associated with
> +their computers.
>
> / SNIP
>
> So before you argue back with "but your IP information is not sent!"
> really? And how did the information from your machine get there? Smoke
> signals?
>
> As for "sniffing the wire" to see what MS is sending. Sort of difficult
> to do. 1) I'm not on Windows that much. 2) When I am on Windows, the
> machines I use are sanitized.
>
> Furthermore, if you go back to the original article in PC World, I
> don't know about you but to me its in black and white the correlation.
> I don't know anyone who begins to talk about one thing, then goes off
> into a complete different tangent in the next paragraph: "Information
> obtained from WMSRT etc, etc, etc,..." ... "Officials were able to
> identify..."
>
> If at any point anyone here including LEA's believe wholeheartedly
> there is nothing wrong with this in the sense it doesn't have a huge
> potential for abuse (not the information sent by WMSRT but the
> concept of using data WITHOUT NOTIFYING THE USER), if none have
> qualms with this, you're in the wrong business (security).
>
> I should make it a point to point out the flaws in the system but
> alas that would lead to a complete misunderstanding of it. With this
> said, here is a scenario for you Paul... Let's say I despised you.
> Let's say I AM A BOTNET operator. Let's say I take my EXISTING botnet
> and tweak the logged information being sent to Microsoft. I don't
> know... I guess I'll make it look as YOUR NETWORK is a CNC for a
> large botnet. I can only imagine 1) You will be going through an
> insane ghost analysis for something that doesn't exist after being
> raided... 2) Frustrated as an engineer since you know for a fact
> there is no damn reason a LEA should be even talking to you.
>
> Look I can think of the horrors behind this. If you can't see it
> again, perhaps you and I aren't on the same level of thinking
> outside of the box. The abusive side of "hacking" and I won't go
> into the political bs of what a hacker is or does or is supposed
> to be.
>
>
> --
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> J. Oquendo
> SGFA #579 (FW+VPN v4.1)
> SGFE #574 (FW+VPN v4.1)
>
> wget -qO - www.infiltrated.net/sig|perl
>
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB
>
> _______________________________________________
>
>
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists