M$ Windows XP Professional Bugging Device? - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: M$ Windows XP Professional Bugging Device?

  1. #11
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I know that everyone is putting little faith in these notes... and that Tiger Shark has sniffed and found nothing... but I'm going to have to disagree.... -- Check out

    http://sa.windows.com/privacy/
    Using Microsoft Windows XP Search Companion, you can search for all types of objects, from pictures, music, and documents, to printers, computers, and people. You can search your own computer, other computers (if you are connected to a network or workgroup), and the Internet. You can also choose to search with the help of an animated screen character.

    No information is ever collected by Search Companion when you search your local system, LAN, or intranet for any reason. Enough Packets Were sent... even if no information was collected...I'm still not sure when the privacy policy was sent out. Check out the screenshot

    When you search the Internet using the Search Companion, the following information is collected regarding your use of the service: the text of your Internet search query, grammatical information about the query, the list of tasks which the Search Companion Web service recommends, and any tasks you select from the recommendation list. Search Companion does not record your choice of Internet search engine, and does not collect or request any personal or demographic information. Information collected by the Search Companion can not be used to identify you individually, and is never used in conjunction with other data sources that may contain personal data. All information is retained for twelve months, and discarded in the thirteenth month following collection.

    Where did I find that you might ask?? When I ran a sniff and searched... I'm wondering if when TS did it, he forgot to reenable the default Windows Services... I turned Alerter, ALGS, BITS, Error Reporting and a few others back on before running my sniffs.

    Anyways Check out the screen shot.. If anyone wants the capture to see the details they can PM me.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #12
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    FYI- I'm not sure if any of you read the comments at the bottom of the page... but there is a discussion going on at hackinthebox.org too. The author has joined in on that discussion and further explains his concerns.

    http://forum.hackinthebox.org/viewtopic.php?t=7778
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #13
    Junior Member
    Join Date
    May 2004
    Posts
    5
    I Agree with i2C, the impression I was getting was the writer was pushing another product.
    This is very interesting

  4. #14
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    Great article, but am I the only one that found this part ironic?

    They never could grasp that context is irrelevant to the scientific process or methodology, science examines facts, not interpretation
    But then he went on to demonstrate quite well that in order to be properly interpreted, facts have to be taken in context?


    ie..
    1+1=2, that's a fact.

    1+1=3, also a fact (dig out your trigonometry text )

    My 2 cents.

    Great article on many levels. Thanks phish.

  5. #15
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    HT:

    Ok..... Guess who's the dimwit?

    I run XP on the laptop and 2K on the desktop..... I ran the test on the desktop without thinking..... Duh.....

    Still, it's nice to know 2K doesn't leak any info.....

    [Edit]

    Ok, we're at the satellite office on the XP laptop and it does make requests.

    If you look carefully at the trace when you opened the search feature it connected to a microsoft site. You will also notice that a response was returned to a GET that said 304 Not Modified. (304 Not modified is commonly used where updates are checked for). It seems to me that the search function is updatable, maybe a change in an algorithm to speed up the searches, and prior to it beginning searching it checks to see if anything has been updated. I looked all through the packet transfer paying special attention to my transmissions and there is no evidence that the word(s) I put in, (I did a couple of tries), are transmitted outbound. ie: M$ doesn't know what I am searching for though if I use it enough they could determine that a person on a fixed IP is bloody disorganized by the number of searches they carry out....

    It sure as hell isn't the "tin foil hat" issue the author seemed to be trying to imply it might be.....

    [/Edit]
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #16
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    I'm going to chime in behind i2c and Tiger Shark on this one. I've seen this article, or articles like it, since the advent of Win3.11 (the networkable version). All too common for someone with a smattering of technical knowledge to make those broad, sweeping statements and not back up any of the claims with anything of substance.

    I sniff traffic going in and out of more than 500 Windows systems on a regular basis. Contrary to the paranoid line of thinking, Windows doesn't really give up much, anymore. At least, when it is not infected with spyware, trojans or P2P systems. It ain't like it was with earlier versions of Win98 and it just gave out everything, including the baby's bathwater.

    Keep in mind that Microsoft has to do business in almost every country in the world, and the various privacy and trade laws make it imperrative that sensitive data and private information be protected, first and foremost.

    As for 1+1=3, I remember having to write a proof for that statement. 9th Grade Algebra, if I remember correctly.

  7. #17
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Firstly, wrong forum, I wouldn't be surprised if a mod moved this to a different forum.
    Secondly, there is so much misinformation and lack of understanding on the author's part in that document so as to make it useless. Cacosapo pretty well covered a lot of it, but an addendum to #15:
    The author states:
    The truth is, raw sockets is not required, however, it just makes life simpler. For real time software, the overhead presented by TCP, is too great and the effects can be seen on excessive lag during online gaming, or media playback. A streamlined custom stack, allows for faster processing of the IP packet and over a 1000% improvement to connectivity management than TCP encapsulation.
    Many developers do not realize that TCP is not required and that custom packets can be encapsulated within IP alone. IP routes the packet, from A to B, and TCP provides a data path encapsulated with the IP packet. This allows Internet routing to change, without effecting application support. Custom stack creation is a 'walk in the park', all it involves is parsing a binary stream and executing functions based on flags or value, it also, automatically, supports the OSI/DoD model.
    By breaking support for raw sockets on Windows 2000, Microsoft manipulated the entire global market, as no developer could be assured their applications would function after 12-24 months. It also provided a way for Microsoft to eliminate tools such as 'Ethereal' that could inspect the communications of a Windows system.
    This is untrue on several points:
    - There are other commonly supported protocols than TCP that have lower overheads -- Unreal engine games have historically used UDP for data transfer for this reason.
    - Since the author suggests he or she can trivially write a hugely superior protocol, how come I don't see any links to the specs for such a protocol?
    - Raw socket support in all versions of Windows can be had using 3rd party libraries, which applications like Ethereal are capable of using. In fact, certain versions of Ethereal support raw sockets just fine, even when Windows does not.

    All in all the site is largely inaccurate, the author evidently didn't do a lot of research, and the result is a collection of mostly false information, negatively skewed opinion, and uninformed derision being used wholly to put forth one person's paranoid delusional view.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •