[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fwd: Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup]
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Fwd: Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup]
- From: bkfsec <bkfsec@xxxxxxxxxxxxxxxx>
- Date: Fri, 05 May 2006 10:32:31 -0400
Sharing with this list in the interest of Full Disclosure. My response
to Thor was rejected from bugtraq, supposedly because the thread was
killed... but we all know the real reason. Since Thor was (is?) a
"temporary security focus moderator" it's OK for him to flame and berate
other posters (he began his post with "I won't respond anymore until
there is an intelligent response" or something along those lines.) but
when someone corrects him for his rant it gets bounced because they have
to protect their own.
With all the noise on this list, there's one thing that we should be
happy about -- there is no "protect your own" mentality here like there
is on other mailing lists.
As far as the content, I think that regarding the thread (which also
happened here) it's germane to point out that one benefit that Microsoft
derives from having the functionality of those hostnames hardcoded to
avoid the hosts file is clearly in tracking and verification of
licenses, regardless of whether it was their primary intent or not. So
Thor's statements here are entirely inappropriate.
-bkfsec
-------- Original Message --------
Subject: Re: [Full-disclosure] Microsoft DNS resolver: deliberately
sabotagedhosts-file lookup
Date: Wed, 03 May 2006 14:15:06 -0400
From: bkfsec <bkfsec@xxxxxxxxxxxxxxxx>
To: Thor (Hammer of God) <thor@xxxxxxxxxxxxxxx>
CC: Bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
References: <C07247C6.31D5%thor@xxxxxxxxxxxxxxx>
Thor (Hammer of God) wrote:
It's not Microsoft's job to protect Symantec customers.
No it's not, it's Microsoft's job to protect windows users, millions of who
use NortonAV. But it would seem that MS is more interested in protecting
their user tracking information than the users.
Oh, I see now. It's about tracking users now, is it? So you're saying that
the exception list in dnsapi.dll is not only there for some super-secret
Passport "functionality" but now Microsoft is using it to protect "their
user tracking information?" Brilliant. I suppose that the next argument
will be that dnsapi.dll contains the secret as to where that one sock goes
after it's lost in the dryer, right? Hey! Maybe that's what winsock really
is!!
Umm... Thor...
It's not quite as nuts of a proposition as you're making it out to be.
They are starting to roll out their "genuine advantage" program and that
does coordinate and do some installation via WindowsUpdate. Right now,
it's a "volunteer" program, but the logical next step is required and
automatic monitoring of system licensing, and the infrastructure is
clearly being created for that.
So before you go calling people conspiracy theorists, you might want to
check out the reality of what the company's doing first.
My opinion on the DNS change: I think it's obviously a "security" fix,
though probably a poor one. It has the added benefit of making it
harder for people to block automatic license checking tools, and I don't
think that's a coincidence either. In fact, I think they would call
that a security benefit as well... at least from their perspective.
-bkfsec
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/