This is the Judo blog of Lance Wicks. In this blog I cover mainly Judo and related topics. My Personal blog is over at LanceWicks.com where I cover more geeky topics. Please do leave comments on what you read or use the Contact Me form to send me an email with your thoughts and ideas.

Paying the bills

Exclamation mark

JudoCoach.com Blog by Lance Wicks

 

 


Windows 2003 - Phone Home! 


Okay,
as many of you know I am not a fan of those folk in Redmond. To be frank the label "Evil Empire" is one I use more often than not.

I do appreciate the fact the Windoze has made computing really easy for all, I appreciate all the clever people in the company and lots of things that Micro$oft do.

What I do not appreciate is the way some tings happen with M$.

Take this example.

Windows 2003 server, an enterprise level operating system. Something you are more than likely to have in a secure environment right? Say one that is not connected to the Internet.

Which is a good idea and last week when I was setting up a server that is eaxactly what I had. And why am I bringing it up? Because I started getting stange errors in the event log.

http://support.microsoft.com/kb/317541 will show you the message and tells you why you get it.

The short of it is, W2K3 "phones home".
Now I am sure that there is a good and ethical reason for it. By the looks of it, all that is happening is WinDoze is downloading a text file that will be used for setting up crytographic services.

BUT....

What if the site gets hacked? What if the way that text file is processed sucks and a clever cracker works out what code to put in that text file to publish all the data on that server to youtube?

Unlikely I know, but there was no dialog box asking if I wanted to go online and get this file. It just happened! My security is potentially compromised and my privacy too.

M$ presumably know how to track hits to a web page so would know the IP address of your server, they'd know when you accessed that file. And what if Johnny script-kiddy works out how to get that info? What if he then writes a script that portscans all those addresses looking for W2K3 vulnerabilities?

Why M$ didn't you give me some indication that you were going outside onto the web and doing this?
When else is this happening M$?
How would we know?

---

So... grumpy grumpy.

Thoughts folks?
[ view entry ] ( 996 views ) permalink

<<First <Back | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | Next> Last>>



Powered by Simple PHP Blog Get RSS 2.0 Feed
Powered by PHP 4.4.9-8+hw0 Get Atom 0.3 Feed
Powered by Plain text files Get RDF 1.0 Feed

brachial-corded
brachial-corded
brachial-corded
brachial-corded