Hello, the subject has been discussed thoroughly for years, inclusing in court rooms and legal disputes. And if you use (and pay) for a product, you should be aware of the darn license agreement. Otherwise, don'tbe surprised if you one day sign away your kidney and first born to B.Gates.
RTFM oliver rochford --------- Original Message -------- From: Gaurav Kumar <[EMAIL PROTECTED]> To: manohar singh <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Microsoft win2003server phone home Date: 04/08/03 09:44 > > jeeesus, > > where's the manager? someone throw these kiddies out > puhleese. > > u call me script kiddie, may i know if u r not? > r u master of internet securitiy technologies? > i hope one learns by studying some material and then try of its own. did all > the knowledge u have was acquired automatically?probably not. > > will you read the license agreement to the part where > it talks about the update ? > > the agreement says the info will be sent to microsoft. r u sure? > how does it establish identity without using any digital certificate. > > we are here to learn and grow. not to fight. > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > Gaurav Kumar > Chief Information Security Analyst > > E2 Labs Information Security Pvt. Ltd. > Road no. 3 , Banjara Hills > Hyderbad-34 > AP > India > > [EMAIL PROTECTED] > www.e2-labs.com > > Phone(s)- > Mobile +91 40 31068650 > Tele/Fax +91 40 23555942 (ext-24) > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > ----- Original Message ----- > From: "manohar singh" <[EMAIL PROTECTED]> > To: "Gaurav Kumar" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Monday, August 04, 2003 5:52 PM > Subject: Re: [Full-Disclosure] Microsoft win2003server phone home > > > jeeesus, > > where's the manager? someone throw these kiddies out > puhleese. > > will you read the license agreement to the part where > it talks about the update ? > > ! > > Gaurav Kumar <[EMAIL PROTECTED]> wrote: 1. Is this > behavior normal for a windows server installation ? > i think that this behavour is normal bcoz as u analyse > that session u will get to know that server is trying > to update something > > 2. Could this behavior be considered as a violation > of privacy ? > this surely a case of violation of privacy as it is > not mentioned in agreement. go ahead, sue micro$oft. > > 3. Could it be considered as a security risk to let > a newly installed server, > request information from an arbitrary server that I > have no control over ? > yes its a security risk bcoz it is not even using pki > to establish identity of the server. > > > Gaurav Kumar > > Chief Information Security Analyst > E2 Labs Information Security Pvt. Ltd. > Hyderbad-34 > AP > India > > Phone(s)- > Mobile +91 40 31068650 > Tele/Fax +91 40 23555942 (ext-24) > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > ----- Original Message ----- From: "gyrniff" > <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, August 04, 2003 3:27 PM > Subject: [Full-Disclosure] Microsoft win2003server > phone home > > > > > After acquiring and installing a copy of 'Windows > Server 2003 Standard Edition > > 180-Day Evaluation' I walked through the 'role > wizard', used the 'custom > > role config' and selected everything ;-) > > After reboot the server made two POST request to > microsoft controlled > > webserveres without any notification. One request to > activex.micrisoft.com > > and one to codecs.microsoft.com, the data posted to > the two severs was the > > same. (See the request and responds below.) > > > > I can find no information in the license agreement > about giving away > > 'information' behind my back. > > > > My question: > > 1. Is this behavior normal for a windows server > installation ? > > 2. Could this behavior be considered as a violation > of privacy ? > > 3. Could it be considered as a security risk to let > a newly installed server, > > request information from an arbitrary server that I > have no control over ? > > > > **** > > > > Posted data to activex.microsoft.com: > > POST /objects/ocget.dll HTTP/1.1 > > Accept: application/x-cabinet-win32-x86, > application/x-pe-win32-x86, > > application/octet-stream, application/x-setupscript, > */* > > Content-Type: application/x-www-form-urlencoded > > Accept-Language: da > > Accept-Encoding: gzip, deflate > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; > Windows NT 5.2; .NET CLR > > 1.1.4322) > > Host: activex.microsoft.com > > Content-Length: 44 > > Connection: Keep-Alive > > Cache-Control: no-cache > > > > CLSID={FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7} > > > > The reply: > > HTTP/1.1 404 Object Not Found > > Server: Microsoft-IIS/5.0 > > Date: Sun, 03 Aug 2003 09:48:38 GMT > > Connection: close > > Content-Type: text/html > > Content-Length: 102 > > > > <html><head><title>Error</title></head><body>The > system cannot find the file > > specified. </body></html> > > > > *** > > > > Postede data to codecs.microsoft.com > > POST /isapi/ocget.dll HTTP/1.1 > > Accept: application/x-cabinet-win32-x86, > application/x-pe-win32-x86, > > application/octet-stream, application/x-setupscript, > */* > > Content-Type: application/x-www-form-urlencoded > > Accept-Language: da > > Accept-Encoding: gzip, deflate > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; > Windows NT 5.2; .NET CLR > > 1.1.4322) > > Host: codecs.microsoft.com > > Content-Length: 44 > > Connection: Keep-Alive > > Cache-Control: no-cache > > > > CLSID={FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7} > > > > And the reply: > > HTTP/1.1 404 Not Found > > Connection: close > > Date: Sun, 03 Aug 2003 09:47:54 GMT > > Server: Microsoft-IIS/6.0 > > P3P: > policyref="http://www.microsoft.com/w3c/p3p.xml" > CP="ALL IND DSP COR ADM > > CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo > CNT COM INT NAV ONL PHY PRE > > PUR UNI" > > X-Powered-By: ASP.NET > > > > > > /Gyrniff > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: > http://lists.netsys.com/full-disclosure-charter.html > > > > > __________________________________ > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! > http://sbc.yahoo.com > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > www.aspire2write.com ...writers Number1 resource ________________________________________________ ....www.goddamn-inter.net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html