LinuxSA Mailing list archives

  From: Adam Smith <adam.smith@sageautomation.com>
  To  : Linux SA <linuxsa@linuxsa.org.au>
  Date: Wed, 21 Nov 2001 18:40:04 +1030

RE: [OT] Suspect XP transmissions. Yep they exist

OK This is a long winded message, but.. leave me alone :-)

> Upon logging into a Hotmail account while using IE 6, I discovered 
> that directly after the page has finished loading, Windows Messenger 
> is automatically restarted and that the process is attributed to the 
> user who is logged in locally. Not only does this happen, but the 
> registry string used to start Windows Messenger on login is 
> also restored.

That is typical.

Many websites use "clever advertising" these days to either sell their
products, or get paid for referring people to somebody elses.  These
include such things as 

- Opening up java Windows behind your current browser window
- Opening a window which opens another when the original is closed,
which opens another and yet another and another and another..
- Launching a URL in a new window that resets your browser to full
screen, and then when you set it back to normal browsing mode, your
toolbars are all screwed up (tell me, how a website is able to get away
with modifying browser settings by design???????).
- Setting a particular URL as the browser's home page (tell me how they
let that one slip by too!).
- Using Macromedia Flash advertisements which allow a huge amount of
visible flexibility (Checked out some news sites lately?  They have gone
SO commercial that their main stories are 3/4 taken up by advertising
space.)

Etc, etc..

Microsoft, on the other hand, manage to somehow know when you go to
hotmail, and somewhere buried deep inside of Windows XP code, is a line
that says in pseudo terms:

where websitevisited$ = hotmail.com
launch(msn messenger);
registryadd(msn messenger run line)

(Forgive my lack of programming structure.)

How does this happen?  Well maybe because of things like Microsoft
Passport for example.  MSN Messenger will not function with a Microsoft
Passport, nor will Hotmail.  Windows XP has built-in Passport support,
in fact it even prompts you to set up a new passport when you install XP
for the first time.  Perhaps the operating system is somehow responsible
for loading these programs based on the fact that you are using a
Passport service.

I would be interested in seeing an analysis of just exactly what it is
that Microsoft is sending out onto the web.  Your computer is not *able*
to send out data to the Internet unless it is called upon to do so by
specific software.  The people who are responsible for those
applications are the people who designed and coded them in the first
place.  They are the ones who implemented this code and they and their
designers are the ones who are responsible for the fact that your
computer is sending out packets every 10 minutes when you've disabled
every Internet application you can think of.

What gives them the right to do that?  The fact that we are forced to
abide by a EULA for everything, a document that is so long winded that
nobody ever reads the thing, and so long winded that it would be easy to
add lines such as "Microsoft takes no responsibility for the actions
performed with or by this product.  Microsoft will not be held
responsible for any privacy breaches while using this product."

> 1. Could this be used to cause the remote execution of any program 
> installed to a known default location?

You mean such as /windows/system32/cmd.exe ?  Oh wait -- that one's been
done already.

> 3. Assuming that the reading of registry values is also permitted, 
> this would allow the retrieval of software product keys and 
> registered user names.

I would imagine you are right.  What pisses me off and I mentioned it
earlier, is the fact that because Microsoft applications are written by
the same company as the people who write the operating system, with all
this closed-source business, they talk to each other and they have the
power to do *anything* they want.. And there's not a damned thing
anybody can do about it, because they are a Monopoly.

The solutions are either go open source, which will never happen (why
would you give up a $33billion bank balance?), or separate in-house the
Operating Systems from the applications.  Keep the people who write
calculator separate from the people who code the kernel.  Keep them all
apart because once you mix them together they realize what kind of
things they can do when they put their heads together.  Things like
allowing a Microsoft product to re-add itself to the registry when you
specifically removed it.  Things LIKE THAT.
 
> 4. How long till the method is cracked and used by other websites. 
> If modification or removal of existing keys is permitted, then by 
> just visiting a website a computer may be rendered unbootable.

Who needs to remove specific keys when you can just erase them all?

How many people don't know what an "applet" is?  How many people have
you seen get prompted with an applet Installation Warning dialogue box
and then click "Yes" without reading it?  How many of your users have
you said "Did you read that dialogue box just then, or did you just
click 'OK'"?

If you've answered 'Yes' to any of these questions you understand why it
is so easy to do anything you want -- any security system can be gotten
around if a single user has enough stupidity not to read what they are
doing, and just keep clicking.  "Go away dialogue box. <CLICK>".

I once had some dodgy website in my IE6 web browser prompt me to install
something rediculous like "C:\Documents and Settings\bugman\Local
Settings\tmp\tmp1234.exe".  The installation was not VeriSigned and
because I know what to look for when it comes to these kinds of
applications, but most users will ignore the warnings and just click
whatever they can to get rid of those pesky dialogue boxes.  THAT IS WHY
there is no security system that can not be bypassed.  It's not just the
computers at fault here, however MS makes it damn easy for that stupid
user to click the wrong thing at the wrong time.


OK I've had enough now, I oughta go.

Laterz!

Oh, and the sig is kind of relevant, today.




Adam Smith
IT Officer
SAGE Automation Ltd

adam.smith@sageautomation.com
http://www.sageautomation.com

Phone:   (08) 8276 0703
Fax:     (08) 8276 0799
Mobile:  0414 895 273

"Computers are like air-conditioners; they don't work when you open
Windows." 





************** Email Confidentiality Clause **************
The information contained within this email and its attachments is intended for the named recipients only. It may contain privileged and confidential information. If you are not the intended recipient, you must not copy, distribute or take any action in reliance on it. If you have received this email in error, please return it to the originator advising of the error and delete all copies of it from your system.


-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject