more on Data sent to Microsoft by "Windows Update"

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: Nomen Nescio <nobody () dizum com>
Date: Fri, 18 Apr 2003 05:10:07 +0200 (CEST)
To: cryptography () metzdowd com, dave () farber net
Subject: Re: [IP] Data sent to Microsoft by "Windows Update" (fwd)

>
http://216.239.33.100/search?q=cache:YOIoKNeVn6UC:mega.ist.utl.pt/~vfp/windowsup
date.pdf&hl=en&ie=UTF-8
> To summarize, Windows Update sends Microsoft a complete list of all
> the hardware devices installed in your computer - make, model and
> driver version.  It also sends a registry subkey listing the vendor
> of every software package installed on your computer.  And finally, it
> sends a digitally signed product code that seems to enable Microsoft to
> deny updates to people using pirated copies of Windows.  The datastream
> appears to support additional capabilities that are not yet activated.

That's not quite right.  It does not send "a registry subkey listing
the vendor of every software package installed on your computer."
Nothing like that is sent, according to the article.

The product code is not digitally signed, it is encrypted with XTEA.
The article didn't say how they found the XTEA decryption key, probably
more hooking.  It includes a hash of the full product key, the long
string printed on a sticker on the CD box.  The product key (which is
not sent, just its hash) supposedly does include a digital signature,
but the article didn't say anything about the algorithm or the keys used.


------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/