Re: [Full-Disclosure] Microsoft win2003server phone home
From: Gaurav Kumar (gaurav_at_e2-labs.com)
Date: 08/05/03
- Previous message: Kaveh Mofidi: "[Full-Disclosure] Recycle Bin Unavailability of Service"
- In reply to: gyrniff: "[Full-Disclosure] Microsoft win2003server phone home"
- Next in thread: manohar singh: "Re: [Full-Disclosure] Microsoft win2003server phone home"
- Reply: manohar singh: "Re: [Full-Disclosure] Microsoft win2003server phone home"
- Reply: Mike Garegnani: "Re: [Full-Disclosure] Microsoft win2003server phone home"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "gyrniff" <b240503@gyrniff.dk> Date: Tue, 5 Aug 2003 05:08:27 +0530
1. Is this behavior normal for a windows server installation ?
i think that this behavour is normal bcoz as u analyse that session u will get to know that server is trying to update something
2. Could this behavior be considered as a violation of privacy ?
this surely a case of violation of privacy as it is not mentioned in agreement. go ahead, sue micro$oft.
3. Could it be considered as a security risk to let a newly installed server,
request information from an arbitrary server that I have no control over ?
yes its a security risk bcoz it is not even using pki to establish identity of the server.
Gaurav Kumar
Chief Information Security Analyst
E2 Labs Information Security Pvt. Ltd.
Hyderbad-34
AP
India
Phone(s)-
Mobile +91 40 31068650
Tele/Fax +91 40 23555942 (ext-24)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
----- Original Message -----
From: "gyrniff" <b240503@gyrniff.dk>
To: <full-disclosure@lists.netsys.com>
Sent: Monday, August 04, 2003 3:27 PM
Subject: [Full-Disclosure] Microsoft win2003server phone home
> After acquiring and installing a copy of 'Windows Server 2003 Standard Edition
> 180-Day Evaluation' I walked through the 'role wizard', used the 'custom
> role config' and selected everything ;-)
> After reboot the server made two POST request to microsoft controlled
> webserveres without any notification. One request to activex.micrisoft.com
> and one to codecs.microsoft.com, the data posted to the two severs was the
> same. (See the request and responds below.)
>
> I can find no information in the license agreement about giving away
> 'information' behind my back.
>
> My question:
> 1. Is this behavior normal for a windows server installation ?
> 2. Could this behavior be considered as a violation of privacy ?
> 3. Could it be considered as a security risk to let a newly installed server,
> request information from an arbitrary server that I have no control over ?
>
> ****
>
> Posted data to activex.microsoft.com:
> POST /objects/ocget.dll HTTP/1.1
> Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86,
> application/octet-stream, application/x-setupscript, */*
> Content-Type: application/x-www-form-urlencoded
> Accept-Language: da
> Accept-Encoding: gzip, deflate
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR
> 1.1.4322)
> Host: activex.microsoft.com
> Content-Length: 44
> Connection: Keep-Alive
> Cache-Control: no-cache
>
> CLSID={FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7}
>
> The reply:
> HTTP/1.1 404 Object Not Found
> Server: Microsoft-IIS/5.0
> Date: Sun, 03 Aug 2003 09:48:38 GMT
> Connection: close
> Content-Type: text/html
> Content-Length: 102
>
> <html><head><title>Error</title></head><body>The system cannot find the file
> specified. </body></html>
>
> ***
>
> Postede data to codecs.microsoft.com
> POST /isapi/ocget.dll HTTP/1.1
> Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86,
> application/octet-stream, application/x-setupscript, */*
> Content-Type: application/x-www-form-urlencoded
> Accept-Language: da
> Accept-Encoding: gzip, deflate
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR
> 1.1.4322)
> Host: codecs.microsoft.com
> Content-Length: 44
> Connection: Keep-Alive
> Cache-Control: no-cache
>
> CLSID={FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7}
>
> And the reply:
> HTTP/1.1 404 Not Found
> Connection: close
> Date: Sun, 03 Aug 2003 09:47:54 GMT
> Server: Microsoft-IIS/6.0
> P3P: policyref="http://www.microsoft.com/w3c/p3p.xml" CP="ALL IND DSP COR ADM
> CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE
> PUR UNI"
> X-Powered-By: ASP.NET
>
>
> /Gyrniff
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Kaveh Mofidi: "[Full-Disclosure] Recycle Bin Unavailability of Service"
- In reply to: gyrniff: "[Full-Disclosure] Microsoft win2003server phone home"
- Next in thread: manohar singh: "Re: [Full-Disclosure] Microsoft win2003server phone home"
- Reply: manohar singh: "Re: [Full-Disclosure] Microsoft win2003server phone home"
- Reply: Mike Garegnani: "Re: [Full-Disclosure] Microsoft win2003server phone home"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
