Interesting People mailing list archives
more on Data sent to Microsoft by "Windows Update"
From: Dave Farber <dave () farber net>
Date: Fri, 18 Apr 2003 00:11:21 -0400
------ Forwarded Message From: Nomen Nescio <nobody () dizum com> Date: Fri, 18 Apr 2003 05:10:07 +0200 (CEST) To: cryptography () metzdowd com, dave () farber net Subject: Re: [IP] Data sent to Microsoft by "Windows Update" (fwd)
http://216.239.33.100/search?q=cache:YOIoKNeVn6UC:mega.ist.utl.pt/~vfp/windowsup date.pdf&hl=en&ie=UTF-8
To summarize, Windows Update sends Microsoft a complete list of all the hardware devices installed in your computer - make, model and driver version. It also sends a registry subkey listing the vendor of every software package installed on your computer. And finally, it sends a digitally signed product code that seems to enable Microsoft to deny updates to people using pirated copies of Windows. The datastream appears to support additional capabilities that are not yet activated.
That's not quite right. It does not send "a registry subkey listing the vendor of every software package installed on your computer." Nothing like that is sent, according to the article. The product code is not digitally signed, it is encrypted with XTEA. The article didn't say how they found the XTEA decryption key, probably more hooking. It includes a hash of the full product key, the long string printed on a sticker on the CD box. The product key (which is not sent, just its hash) supposedly does include a digital signature, but the article didn't say anything about the algorithm or the keys used. ------ End of Forwarded Message ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Data sent to Microsoft by "Windows Update" Dave Farber (Apr 17)