Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Full Disclosure: Microsoft win2003server phone home

Microsoft win2003server phone home

From: gyrniff <b240503_at_gyrniff.dk>
Date: Mon, 4 Aug 2003 11:57:18 +0200

After acquiring and installing a copy of 'Windows Server 2003 Standard Edition
180-Day Evaluation' I walked through the 'role wizard', used the 'custom
role config' and selected everything ;-)
After reboot the server made two POST request to microsoft controlled
webserveres without any notification. One request to activex.micrisoft.com
and one to codecs.microsoft.com, the data posted to the two severs was the
same. (See the request and responds below.)

I can find no information in the license agreement about giving away
'information' behind my back.

My question:
1. Is this behavior normal for a windows server installation ?
2. Could this behavior be considered as a violation of privacy ?
3. Could it be considered as a security risk to let a newly installed server,
request information from an arbitrary server that I have no control over ?

****

Posted data to activex.microsoft.com:
POST /objects/ocget.dll HTTP/1.1
Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86,
application/octet-stream, application/x-setupscript, */*
Content-Type: application/x-www-form-urlencoded
Accept-Language: da
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR
1.1.4322)
Host: activex.microsoft.com
Content-Length: 44
Connection: Keep-Alive
Cache-Control: no-cache

CLSID={FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7}

The reply:
HTTP/1.1 404 Object Not Found
Server: Microsoft-IIS/5.0
Date: Sun, 03 Aug 2003 09:48:38 GMT
Connection: close
Content-Type: text/html
Content-Length: 102

<html><head><title>Error</title></head><body>The system cannot find the file
specified. </body></html>

***

Postede data to codecs.microsoft.com
POST /isapi/ocget.dll HTTP/1.1
Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86,
application/octet-stream, application/x-setupscript, */*
Content-Type: application/x-www-form-urlencoded
Accept-Language: da
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR
1.1.4322)
Host: codecs.microsoft.com
Content-Length: 44
Connection: Keep-Alive
Cache-Control: no-cache

CLSID={FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7}

And the reply:
HTTP/1.1 404 Not Found
Connection: close
Date: Sun, 03 Aug 2003 09:47:54 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.microsoft.com/w3c/p3p.xml" CP="ALL IND DSP COR ADM
CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE
PUR UNI"
X-Powered-By: ASP.NET

/Gyrniff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Aug 04 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]