Folks:
1). Please see the posting below my sig line from comp.risks
2). I can imagine the following scenario:
- "*user*" thrilled with his new upgrade to Win95 runs out
to Fry's, Egghead...and buys a modem unbeknownst to the
security types.
- computer is also running a TCP/IP stack and PCNFS to
access all of the corporate resources behind the firewall.
- "*user*" fires up MS-Network which then transmits the
entire corporate filesystem topology to MicroSoft.
- security types never know that internal information has
been severely compromised.
3). Am I wrong here??? I find the potential for this scenario
both realistic and horrifying!!!!
4). In addition to the security implications, this might actually
be a way to tame the MS beast...if enough corporations get
probbed in this manner, the lawyers will have lots of fun
putting together a class-action lawsuit to make MS (the
original home of proprietary information and disclosures)
much, much poorer for stealing tradesecrets, copyrights,
etc....ALAS...I love it....
5). I think this also has implications for the MS TCP/IP port
discussion that has been going on on this list recently.
I.e., as the article points out, if they have your filesystem
structure and you are not blocking that port, they could
grab any file that they want and you would never know it...
Regards,
b c++'ing u,
%-) sjs
-------------------------------------------------------------------------------
Stefan Jon Silverman - President SJS Associates, N.A., Inc.
572 Chestnut Street
Distributed Systems Architecture & Implementation San Francisco, Ca. 94133
Phone: 415 989 2741
E-mail: sjs @
sjsinc .
com Cell: 415 519 3494
-------------------------------------------------------------------------------
Weebles wobble, but they don't fall down!!!
-------------------------------------------------------------------------------
Date: 30 Jun 1995 07:47:48 U
From: "Paul Saffo" <psaffo @
iftf .
org>
Subject: Warning on Using Win95
>From PLS_MCI_MAIL FWD>>Warning on Using Win95
Date: 6/26/95 8:44 PM
From: jbreyer @
accel .
com
Subject: Warning on Using Win95 [Update on RISKS-17.13 item]
Believe it or not, this is not Net humor but serious. It would otherwise
be outstanding satire!
Subject: Windows 95 Warning on comp.risks [RISKS-17.13], in Information Week
Microsoft officials confirm that beta versions of Windows 95 include a small
viral routine called Registration Wizard. It interrogates every system on a
network gathering intelligence on what software is being run on which
machine. It then creates a complete listing of both Microsoft's and
competitors' products by machine, which it reports to Microsoft when
customers sign up for Microsoft's Network Services, due for launch later
this year.
"In Short" column, page 88, _Information Week_ magazine, May 22,1995 The
implications of this action, and the attitude of Microsoft to plan such
action, beggars the imagination.
An update on this. A friend of mine got hold of the beta test CD of Win95,
and set up a packet sniffer between his serial port and the modem. When you
try out the free demo time on The Microsoft Network, it transmits your
entire directory structure in background.
This means that they have a list of every directory (and, potentially every
file) on your machine. It would not be difficult to have something like a
FileRequest from your system to theirs, without you knowing about it. This
way they could get ahold of any juicy routines you've written yourself and
claim them as their own if you don't have them copyrighted.
Needless to say, I'm rather annoyed about this.
So spread the word as far and wide as possible: Steer clear of Windows 95. =
There's nothing to say that this "feature" will be removed in the final
release.
[GML addition: Prodigy was accused of doing something similar several
years ago. In that case it was not nearly as threatening due to: 1) it
was = limited to a single PC, 2) Prodigy couldn't do much with the info
(i.e. they could not pursue you for copyright infringement, nor were they
trying to expand into so many businesses the way Microsoft is).]
|
|
