[IP] last -- more on Data sent to Microsoft by "Windows Update" (fwd)

Sean McGrath sean at manybits.net
Fri Apr 18 12:04:20 EDT 2003 

From: Dave Farber <dave at farber.net>
Subject: [IP] last --  more on Data sent to Microsoft by "Windows Update"
To: ip <ip at v2.listbox.com>
Date: Fri, 18 Apr 2003 08:05:32 -0400

------ Forwarded Message
From: George Sadowsky <george.sadowsky at attglobal.net>
Date: Fri, 18 Apr 2003 07:18:42 -0400
To: dave at farber.net

Dave,

I think that Bob Horvitz's reading of the article is correct.  Here
is his response.

In response to Nomen Nescio <nobody at dizum.com>'s criticism, here is
the relevant passage from Mike Hartmann's analysis:

"If an update is required, the utility will display an error message.
In this case run Windows Update once to perform the update and run the
tecControl utility again [tecControl is one of Hartmann's tools for
capturing the data sent by Windows Update].  As can easily be seen
the> <regKeys /> <tag causes a list of registry subkeys
ofHKEY_LOCAL_MACHINE\ SOFTWARE, i.e. a list of the vendors of all
software packages installed on the user's computer, to be included in
the result."

The original post is repeated at the bottom of this message as a
reference for readers.

George Sadowsky

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>------ Forwarded Message
>From: Nomen Nescio <nobody at dizum.com>
>Date: Fri, 18 Apr 2003 05:10:07 +0200 (CEST)
>To: cryptography at metzdowd.com, dave at farber.net
>Subject: Re: [IP] Data sent to Microsoft by "Windows Update" (fwd)
>
>>
>http://216.239.33.100/search?q=cache:YOIoKNeVn6UC:mega.ist.utl.pt/~vfp/windowsu
p
>date.pdf&hl=en&ie=UTF-8
>>
>>  To summarize, Windows Update sends Microsoft a complete list of all
>>  the hardware devices installed in your computer - make, model and
>>  driver version.  It also sends a registry subkey listing the vendor
>>  of every software package installed on your computer.  And finally, it
>>  sends a digitally signed product code that seems to enable Microsoft to
>>  deny updates to people using pirated copies of Windows.  The datastream
>>  appears to support additional capabilities that are not yet activated.
>
>That's not quite right.  It does not send "a registry subkey listing
>the vendor of every software package installed on your computer."
>Nothing like that is sent, according to the article.
>
>The product code is not digitally signed, it is encrypted with XTEA.
>The article didn't say how they found the XTEA decryption key, probably
>more hooking.  It includes a hash of the full product key, the long
>string printed on a sticker on the CD box.  The product key (which is
>not sent, just its hash) supposedly does include a digital signature,
>but the article didn't say anything about the algorithm or the keys used.
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>>http://www.tecchannel.de/betriebssysteme/1126/
>>
>>Folks, this is a bit off-topic, but it relates
>>to an important privacy issue.
>>
>>Mike Hartmann in Germany has written a very
>>interesting report about the data that Microsoft
>>extracts from your computer after you activate
>>the "Automatic Windows Update" option.
>>
>>The data is sent to Microsoft through an
>>encrypted channel, but Hartmann figured out how
>>to find and read the data before it is encrypted.
>>
>>The first six pages of his report are free in
>>either English or German at the URL above.  To
>>get the full article, you are supposed to pay
>>0.60 euros...but thanks to the fact that someone
>>in Portugal bought it and put it on a server
>>which Google indexed, you can read the full
>>article in English in Google's cache of HTML
>>conversions from PDF originals:
>>
>>http://216.239.33.100/search?q=cache:YOIoKNeVn6UC:mega.ist.utl.pt/~vfp
>>/windowsupdate.pdf&hl=en&ie=UTF-8
>>
>>To summarize, Windows Update sends Microsoft
>>a complete list of all the hardware devices
>>installed in your computer - make, model and
>>driver version.  It also sends a registry
>>subkey listing the vendor of every software
>>package installed on your computer.  And
>>finally, it sends a digitally signed product
>>code that seems to enable Microsoft to deny
>>updates to people using pirated copies of
>>Windows.  The datastream appears to support
>>additional capabilities that are not yet
>>activated.
>>
>>The tools that Hartmann used to analyse Windows
>>Update can be downloaded from his website for
>>only 4.90 euros.  But he warns that since these
>>techniques are now known to Microsoft, "It is
>>likely that an update, e.g. a new service pack
>>or a hotfix, will change this behavior and
>>therefore render the tools unusable."
>>
>>
>>------ End of Forwarded Message


----------


-------------------------------------
You are subscribed as sean at manybits.net
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list