|
Full Disclosure
mailing list archives
Re: Microsoft win2003server phone home
From: "Gaurav Kumar" <gaurav () e2-labs com>
Date: Tue, 5 Aug 2003 06:48:29 +0530
jeeesus,
where's the manager? someone throw these kiddies out
puhleese.
u call me script kiddie, may i know if u r not?
r u master of internet securitiy technologies?
i hope one learns by studying some material and then try of its own. did all
the knowledge u have was acquired automatically?probably not.
will you read the license agreement to the part where
it talks about the update ?
the agreement says the info will be sent to microsoft. r u sure?
how does it establish identity without using any digital certificate.
we are here to learn and grow. not to fight.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Gaurav Kumar
Chief Information Security Analyst
E2 Labs Information Security Pvt. Ltd.
Road no. 3 , Banjara Hills
Hyderbad-34
AP
India
gaurav () e2-labs com
www.e2-labs.com
Phone(s)-
Mobile +91 40 31068650
Tele/Fax +91 40 23555942 (ext-24)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
----- Original Message -----
From: "manohar singh" <seclistaddress () yahoo com>
To: "Gaurav Kumar" <gaurav () e2-labs com>
Cc: <full-disclosure () lists netsys com>
Sent: Monday, August 04, 2003 5:52 PM
Subject: Re: [Full-disclosure] Microsoft win2003server phone home
jeeesus,
where's the manager? someone throw these kiddies out
puhleese.
will you read the license agreement to the part where
it talks about the update ?
!
Gaurav Kumar <gaurav () e2-labs com> wrote: 1. Is this
behavior normal for a windows server installation ?
i think that this behavour is normal bcoz as u analyse
that session u will get to know that server is trying
to update something
2. Could this behavior be considered as a violation
of privacy ?
this surely a case of violation of privacy as it is
not mentioned in agreement. go ahead, sue micro$oft.
3. Could it be considered as a security risk to let
a newly installed server,
request information from an arbitrary server that I
have no control over ?
yes its a security risk bcoz it is not even using pki
to establish identity of the server.
Gaurav Kumar
Chief Information Security Analyst
E2 Labs Information Security Pvt. Ltd.
Hyderbad-34
AP
India
Phone(s)-
Mobile +91 40 31068650
Tele/Fax +91 40 23555942 (ext-24)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
----- Original Message ----- From: "gyrniff"
<b240503 () gyrniff dk>
To: <full-disclosure () lists netsys com>
Sent: Monday, August 04, 2003 3:27 PM
Subject: [Full-disclosure] Microsoft win2003server
phone home
After acquiring and installing a copy of 'Windows
Server 2003 Standard Edition
180-Day Evaluation' I walked through the 'role
wizard', used the 'custom
role config' and selected everything ;-)
After reboot the server made two POST request to
microsoft controlled
webserveres without any notification. One request to
activex.micrisoft.com
and one to codecs.microsoft.com, the data posted to
the two severs was the
same. (See the request and responds below.)
I can find no information in the license agreement
about giving away
'information' behind my back.
My question:
1. Is this behavior normal for a windows server
installation ?
2. Could this behavior be considered as a violation
of privacy ?
3. Could it be considered as a security risk to let
a newly installed server,
request information from an arbitrary server that I
have no control over ?
****
Posted data to activex.microsoft.com:
POST /objects/ocget.dll HTTP/1.1
Accept: application/x-cabinet-win32-x86,
application/x-pe-win32-x86,
application/octet-stream, application/x-setupscript,
*/*
Content-Type: application/x-www-form-urlencoded
Accept-Language: da
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.2; .NET CLR
1.1.4322)
Host: activex.microsoft.com
Content-Length: 44
Connection: Keep-Alive
Cache-Control: no-cache
CLSID={FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7}
The reply:
HTTP/1.1 404 Object Not Found
Server: Microsoft-IIS/5.0
Date: Sun, 03 Aug 2003 09:48:38 GMT
Connection: close
Content-Type: text/html
Content-Length: 102
<html><head><title>Error</title></head><body>The
system cannot find the file
specified. </body></html>
***
Postede data to codecs.microsoft.com
POST /isapi/ocget.dll HTTP/1.1
Accept: application/x-cabinet-win32-x86,
application/x-pe-win32-x86,
application/octet-stream, application/x-setupscript,
*/*
Content-Type: application/x-www-form-urlencoded
Accept-Language: da
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.2; .NET CLR
1.1.4322)
Host: codecs.microsoft.com
Content-Length: 44
Connection: Keep-Alive
Cache-Control: no-cache
CLSID={FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7}
And the reply:
HTTP/1.1 404 Not Found
Connection: close
Date: Sun, 03 Aug 2003 09:47:54 GMT
Server: Microsoft-IIS/6.0
P3P:
policyref="http://www.microsoft.com/w3c/p3p.xml";
CP="ALL IND DSP COR ADM
CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo
CNT COM INT NAV ONL PHY PRE
PUR UNI"
X-Powered-By: ASP.NET
/Gyrniff
_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.netsys.com/full-disclosure-charter.html
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
| 
Intro
