M$ Windows XP Professional Bugging Device?
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: M$ Windows XP Professional Bugging Device?

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324

    M$ Windows XP Professional Bugging Device?

    I'm only here to spread the FUD...

    This is a very interesting read taken in their context....

    M$ Windows XP Professional Bugging Device?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    Old Fart
    Join Date
    Jun 2002
    Posts
    1,658
    Yup...very interesting indeed. Nice find!
    Al
    It isn't paranoia when you KNOW they're out to get you...

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Hmmm.... A packet sniffer picked up nothing on the first two items..... Whod'a thought
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Originally posted here by Tiger Shark
    Hmmm.... A packet sniffer picked up nothing on the first two items..... Whod'a thought
    <puts on aluminum foil hat>
    Might that be because they are using a secret protocol and your protocol analyzer can't see it?
    </puts on aluminum foil hat>

    Actually, I regulary sniff traffic wheather I'm using the PC or not using the PC... just to see what "normal" activity. I've never noticed any suspicious transmissions... well, except from the occasional peice of spyware I've been "infected" with.

    However, I do beleive in some of the "features" that are not needed that "ghost" more images on your hard drive... anyone who has used any forensics tools can confirm that... Sometimes I've several copys of the same file(s)... Those files have been very easy to recover so far... unless you regularly wipe your slack space... and even still... there is the protected storgae.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    Its interesting, but theres certain things about it that I dont like such as this one -

    How long as Microsoft been programming Windows for?

    Ten, maybe fifteen years, and we are seriously asked to believe that a company with the financial resources of Microsoft cannot a create a bug-free Operating System?

    OpenBSD is a free Operating System and with very little funding (nowhere near what Microsoft has, in a million years) the only remote exploits you will find, anywhere in the world, will be at least 12 months old.
    thats the typical newbie comment that xxx is better than xxx, to a certain extent i agree with this, like yea some things clearly excel over the same thing on another operating system, if you see what i mean...

    But the coders at MS are only human and there bound to make mistakes, maybe they should invest more in finding errors, but then if they did that to much things would never get released and something such as an operating system is a massive amount of work and youd be a god if you did it entirely error free when work is past between hundreads of people.

    its an interesting overview, and yes the bits that Ive heard of before the stuff seems factually correct, but things like the search fuction spying doesnt seem rite to me ive never captured anything in a packet capture, and the person doesnt support it with any evidence,

    however im interested if any one knows about this thing -


    27. Web-Cams and Microphones

    These devices can be remotely activated providing visual and audio feedback from the target subject. There is also no way of telling if your devices have been remotely activated. These features are demonstrated in 'proof of concept' applications such as NetBus, etc.

    With raw sockets (or driver) this information can bypass your firewall without any problems.
    anyone have any info on that?

    i2c

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    i2c: There have been several trojans and viruses that have activated both webcams and viruses.

    http://www.shortnews.com/shownews.cfm?id=42350

    Thats not the only instance either... its nothing new.

    http://www.microsoft.com/technet/sec.../virusrat.mspx

    I beleive that sub7 will even allow you to activate the webcam and microphone?

    I agree with you on the bugs in the operating system. Humans will make mistakes... but they need a lot more people to review it. Thats one advantage of OSS. People can review and correct mistakes whenever they want... I'm not saying there are less bugs in OSS. There are probably just as many. But because people want to find and fix the bugs... they do so. They are not being paid (in most cases) to code as fast as possible. OSS is coded for quality? Where non OSS is coded for quantity? More features in less time? I'm no professional programmer... I'm only speculating....
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    although the articles has some good points, it is also load of BS.

    1) Start--> Search sending to Internet. Ive got some strange internal Windows programs caught by

    my firewall (an old fashion NIS). I neve caught that, but from time to time, some processes try

    to connect to internet, blocked by my fw

    2) Help System --> BS. It was designed to help the users with fresh info, so connecting to

    internet cant be taken as a bugging device.

    3) Microsoft Backup --> as most of backup software. Even on mainframe, IBM backup software can

    bypass security and backup every file on disk. However, you cant change the security attributes

    on restore and "good pratices" show us to protect very well backup tapes. BS

    4) Task manager --> BS. It wasnt designed as an anti-spyware tool. MS designed it thinking that

    we are good admins and wont allow malware enter at our machines. You cant blame a tool that wasnt

    design to do that.

    6) Regitry --> a lot of ppl complained about old .ini structure. I hate those .conf files, hard

    to find. Registry is a good idea. But it has some performance problem, i admit

    7) Temp files --> most of o.s. has the same problem. O.S. cant deal with automatic deletion of

    temp files. sometimes files are left of temp folder. Its a crap, i admit, but not ONLY MS fault

    11) Swap page file --> BS. guy that wrote that knows nothing about virtual memory and paging

    technics. Every modern (since 1970) has it. If the guy read FIPS recomendation (that is generic,

    not for MS) he/she will see there "pages that contains key is clear form should be fixed in

    storage and process must be nonswapable".

    12) firewall --> yeah, MS give a "free firewall" and everybody complains. Its better to give a

    complete one and kill all software companies, isnt it? BS

    13) memory usage --> BS. Windows needs a lot of ram (but not 1GB) because ITS A GRAPHICAL OS!.
    dont come with *nix on console mode and compare.

    14) Automatic updates --> so, its the same on linux implementation of it. you hit "update" and

    what is executed? who knows? bs

    15) raw packets --> bs. No user process need it. period. User process writing raw packets is

    stupid. Its like an user process writing direct to disk or controlling direct the keyboard.

    16) remote acess bugs --> that is true. MS has a problem on code quality,in special on "buffer

    overflow" basics.

    20) stability --> man, so no windows on weapon designing? no University using large cluster of windows for research? bah

    21) msn search --> yeah, thats annoying. i agree with that

    24) cookies --> oh, only windows has that problem? if someone tell me that is an IE problem i admit.

    bah, its easy to blame MS and forget that others, including O.S. that has more than 40 years in market (like IBM O.S.) suffer of the same problems.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  8. #8
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Comparing MS to Linux is like comparing an F15 with a Cesna. All right the Cesna would have to have a jet engine but they are not the same.... T00 be more accurate you would have to state that Linux with MYSQL, PHP, Snort, X-Windows, an FTP Server, File Sharing Components, the printing systems, Apache, Kiwi, FireFox, Star Office, VirtuaDub, etc all operate forever and ever with no glitches, then give it to the lady at the front desk who wants to load GAIM on it and play Bejewled all day.

    Not all OSS projects are as good as those above, in some cases it takes months to fix a bug or you have to find it yourself. I have been active in some help desk applications recently at sourceforge, spending days and sleepless nights tooling the source. I gave up and bought Track-it. Maybe next year some OSS projects will be further along or I will build one myself.

    Time is a factor, A BIG one. In fact there are 3; Time Money Resources and they are all dependent on one another. If you shorten time it will cost more money and resources. If you want to take away money, it will cost more time etc. I use this alot to "motivate" changes in projects.

    \\Edit as for stability, wtf are these guys running windows 3.1??? The only servers I ever reboot are the one's using shitty data mamangement tools. They are 3rd pary data engines by some schmuck who built them.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  9. #9
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    RoadClosed: I agree with you. I choose a poor example...
    Anyone can start an OSS project... I've seen plenty that never make it past its first release...

    <offtopic>
    BTW: TrackIT is good software. I use it all the time... however... we've had a couple of problems getting the audit sotware to work silently with startup scripts... not to mention it uses massive amounts of resouces... and sometimes hangs causing the system to become unstable. We've worked out those problems... just caused a huge headache for a couple of days.

    Other than that... we've been really happy with it.
    </offtopic>
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    my god thats scarry! even taken with a grain of salt.

    this brings up something ive been trying to answer since last week when i ran lads.exe on the whole drive...so many ads files attached to everything. i thought ads was implemented to be more compatable with mac's files and of course as a way to hide trojans. i checked a few other computers on the network to verify...they all have them. even graphics ive created. i didn't watermark anything! whats up with that?

    this weeked my work computer download the lastest freeBSD (burning as we speak). windows may butter my bread but at home its going to be bsd. even though the guys speaking hypothetically the implications are more than i can handle. i mean ez pass is against my better judgement.... this is just plain obscene
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •