Full Disclosure mailing list archives
Re: Microsot DID DISCLOSE potential Backdoor
From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 08 May 2008 10:01:12 -0500
--On Wednesday, May 07, 2008 22:49:40 -0500 "J. Oquendo" <sil () infiltrated net> wrote:
On Wed, 07 May 2008, Paul Schmehl wrote:And that relates to the MSRT how?Relates to MSRT sending your information. It only sends information when it finds something. I never stated it sends all your information all the time.Now you're being silly. You're claiming that *realtime connection information* is included in the data that is sent but without any grounds to do so and despite Microsoft's claims to the contrary. And without any proof.Pick up a dev machine load it with malware, run MSRT, and sniff it. You'll see what it sends and remember LEA uses IP as an identifier bottom line.
Again, Microsoft states that no information of a personally identifiable nature, either for the individual or for the computer, is sent by the tool. If you can prove that it includes the IP address, then you have proven that Microsoft is committing fraud. Call your local LE and notify them of it, or contact the FBI. Otherwise, this is pure speculation, and you know it.
It sent zero information because it did not detect anything malicious. As for paranoia, has nothing to do with paranoia. Facts. Fact 1) Is MS sending information from your machine to them ... Yes Fact 2) If something malicious is detected on your machine will it go to MS. Yes. Fact 3) Will they share information obtained from YOUR machine via YOUR IP address will they share that information with LEA? According to the MS spokesman they will. Fact 4) Can LEA correlate the information sent from your machine to an IP address... Yes.
Your fact 4 is unproven. It's pure speculation on your part.
Now according to their article and common logic, in their article they stated they obtained samples of the infection to track the CNC of a botnet. How did they get this is up in the air, but with their forced update history, its possible on detection they can actually send avserve.exe right back to themselves.
OK. It's certainly possible.
Anyhow, so I create something crafted to implicate you - using my previous analogy of being a botnet CNC owner, my program implicates your network you take the fall. People pull Joe Jobs all the time.
To implicate me, you have to find a way to include personally identifiable information in the packets sent from MSRT. That would be a neat trick.
A Joe Job is an unfounded fear? How about poisoning the well. What happens if someone reading this decides to put it to the tests nullifying any verifiable, concrete snapshots with garbage. Then what will be of the tool? e-Garbage truck?
You haven't proven this is even possible, much less routinely done. The only Joe job going on here is in your brain.
I don't consider fantasizing about bogeymen "thinking outside the box".Fantasizing has nothing to do with reality. People are paying top dollars in life to screw someone all the time whether its online or not. This is another stupid mechanism someone can use. Its a flawed concept albeit nice idea.
Please describe, in detail, one possible way this can be done using the MSRT only. Vague gesticulations won't get it. Show packet captures that prove your theory. -- Paul Schmehl (pauls () utdallas edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsot DID DISCLOSE potential Backdoor J. Oquendo (May 03)
- Re: Microsot DID DISCLOSE potential Backdoor Aaron Kempf (May 06)
- Message not available
- Re: Microsot DID DISCLOSE potential Backdoor J. Oquendo (May 06)
- Re: Microsot DID DISCLOSE potential Backdoor Paul Schmehl (May 07)
- Re: Microsot DID DISCLOSE potential Backdoor J. Oquendo (May 07)
- Re: Microsot DID DISCLOSE potential Backdoor Ureleet (May 07)
- Re: Microsot DID DISCLOSE potential Backdoor Paul Schmehl (May 07)
- Re: Microsot DID DISCLOSE potential Backdoor J. Oquendo (May 07)
- Re: Microsot DID DISCLOSE potential Backdoor Paul Schmehl (May 08)
- Re: Microsot DID DISCLOSE potential Backdoor J. Oquendo (May 08)
- Snort Signature to detect credit cards wilder_jeff Wilder (May 08)
- Re: Snort Signature to detect credit cards Ivan . (May 08)
- Re: Snort Signature to detect credit cards Christopher Jacob (May 08)
- Re: Snort Signature to detect credit cards Ray P (May 08)
- Re: Snort Signature to detect credit cards Simon Smith (May 08)
- Re: Snort Signature to detect credit cards Randal T. Rioux (May 09)
- Re: Snort Signature to detect credit cards T Biehn (May 09)
- Re: Snort Signature to detect credit cards Siim Põder (May 09)
- Re: Snort Signature to detect credit cards poo (May 09)
- Re: Microsot DID DISCLOSE potential Backdoor J. Oquendo (May 06)