[IP] Data sent to Microsoft by "Windows Update" (fwd)

[Nomen Nescio]

> http://216.239.33.100/search?q=cache:YOIoKNeVn6UC:mega.ist.utl.pt/~vfp/windowsupdate.pdf&hl=en&ie=UTF-8
>
> To summarize, Windows Update sends Microsoft a complete list of all
> the hardware devices installed in your computer - make, model and
> driver version.  It also sends a registry subkey listing the vendor
> of every software package installed on your computer.  And finally, it
> sends a digitally signed product code that seems to enable Microsoft to
> deny updates to people using pirated copies of Windows.  The datastream
> appears to support additional capabilities that are not yet activated.

That's not quite right.  It does not send "a registry subkey listing
the vendor of every software package installed on your computer."
Nothing like that is sent, according to the article.

The product code is not digitally signed, it is encrypted with XTEA.
The article didn't say how they found the XTEA decryption key, probably
more hooking.  It includes a hash of the full product key, the long
string printed on a sticker on the CD box.  The product key (which is
not sent, just its hash) supposedly does include a digital signature,
but the article didn't say anything about the algorithm or the keys used.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com