Interesting People mailing list archives
last -- more on Data sent to Microsoft by "Windows Update"
From: Dave Farber <dave () farber net>
Date: Fri, 18 Apr 2003 08:05:32 -0400
------ Forwarded Message From: George Sadowsky <george.sadowsky () attglobal net> Date: Fri, 18 Apr 2003 07:18:42 -0400 To: dave () farber net Dave, I think that Bob Horvitz's reading of the article is correct. Here is his response. In response to Nomen Nescio <nobody () dizum com>'s criticism, here is the relevant passage from Mike Hartmann's analysis: "If an update is required, the utility will display an error message. In this case run Windows Update once to perform the update and run the tecControl utility again [tecControl is one of Hartmann's tools for capturing the data sent by Windows Update]. As can easily be seen the> <regKeys /> <tag causes a list of registry subkeys ofHKEY_LOCAL_MACHINE\ SOFTWARE, i.e. a list of the vendors of all software packages installed on the user's computer, to be included in the result." The original post is repeated at the bottom of this message as a reference for readers. George Sadowsky ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------ Forwarded Message From: Nomen Nescio <nobody () dizum com> Date: Fri, 18 Apr 2003 05:10:07 +0200 (CEST) To: cryptography () metzdowd com, dave () farber net Subject: Re: [IP] Data sent to Microsoft by "Windows Update" (fwd)http://216.239.33.100/search?q=cache:YOIoKNeVn6UC:mega.ist.utl.pt/~vfp/windowsu
p
date.pdf&hl=en&ie=UTF-8To summarize, Windows Update sends Microsoft a complete list of all the hardware devices installed in your computer - make, model and driver version. It also sends a registry subkey listing the vendor of every software package installed on your computer. And finally, it sends a digitally signed product code that seems to enable Microsoft to deny updates to people using pirated copies of Windows. The datastream appears to support additional capabilities that are not yet activated.That's not quite right. It does not send "a registry subkey listing the vendor of every software package installed on your computer." Nothing like that is sent, according to the article. The product code is not digitally signed, it is encrypted with XTEA. The article didn't say how they found the XTEA decryption key, probably more hooking. It includes a hash of the full product key, the long string printed on a sticker on the CD box. The product key (which is not sent, just its hash) supposedly does include a digital signature, but the article didn't say anything about the algorithm or the keys used.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.tecchannel.de/betriebssysteme/1126/ Folks, this is a bit off-topic, but it relates to an important privacy issue. Mike Hartmann in Germany has written a very interesting report about the data that Microsoft extracts from your computer after you activate the "Automatic Windows Update" option. The data is sent to Microsoft through an encrypted channel, but Hartmann figured out how to find and read the data before it is encrypted. The first six pages of his report are free in either English or German at the URL above. To get the full article, you are supposed to pay 0.60 euros...but thanks to the fact that someone in Portugal bought it and put it on a server which Google indexed, you can read the full article in English in Google's cache of HTML conversions from PDF originals: http://216.239.33.100/search?q=cache:YOIoKNeVn6UC:mega.ist.utl.pt/~vfp /windowsupdate.pdf&hl=en&ie=UTF-8 To summarize, Windows Update sends Microsoft a complete list of all the hardware devices installed in your computer - make, model and driver version. It also sends a registry subkey listing the vendor of every software package installed on your computer. And finally, it sends a digitally signed product code that seems to enable Microsoft to deny updates to people using pirated copies of Windows. The datastream appears to support additional capabilities that are not yet activated. The tools that Hartmann used to analyse Windows Update can be downloaded from his website for only 4.90 euros. But he warns that since these techniques are now known to Microsoft, "It is likely that an update, e.g. a new service pack or a hotfix, will change this behavior and therefore render the tools unusable." ------ End of Forwarded Message
------ End of Forwarded Message ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- last -- more on Data sent to Microsoft by "Windows Update" Dave Farber (Apr 18)