Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#903 privacy info leaking to redmond

open
Ian Silvester
None
5
2013-08-22
2013-08-22
felix
No

Hello
After installing Emet tool I noticed this in log. Something sends out computer name, model, bios version obviously to allow easy attack.

"GET http://watson.microsoft.com/StageOne/Generic/EMET_40_PKI/iexplore_exe/10_00_9200_16521%20\(win8_g/4_0_4913_26121/1/microsoft_com/en-US/8F432885489320234F7CB1428485EA3014C0BCFE.htm?LCID=1020&OS=6.1.7602.3.00010100.1.0.1.17514&SM=Toshiba%20Inc.&SPN=Protege%20S410&BV=1.86&HCU=10430&Queue=1 HTTP/1.1" 200 43

Discussion

  • Ian Silvester
    Ian Silvester
    2013-08-22

    Hi Felix,

    Watson is a generic brand Microsoft have long used for their problem diagnosis tools. I would suggest that it is not malicious but is instead part of what EMET does to learn in what ways your PC might be vulnerable to malicious attack; it is referring to a knowledge base at Microsoft supplying details about your machine.

    Kind regards,

    Ian

     
  • Ian Silvester
    Ian Silvester
    2013-08-22

    • assigned_to: nobody --> diem
    • milestone: 195890 -->
    • labels: 412810 -->
     
  • felix
    felix
    2013-08-22

    my concern is supplied details may be used to send specific working attack against computer. Request itself is not malicious but may serve to create one, for example by some traffic monitoring tool.

     
  • Ian Silvester
    Ian Silvester
    2013-08-23

    Hi Felix,

    I hear your concern, but you face a dilemma. You've installed EMET to help to mitigate against malware attacks, and yet a /feature/ of EMET might assist a would-be attacker.

    Yes you could implement a filter to modify this request to hide the sensitive details, but in doing so you might negatively affect EMET's functionality.

    Either way, this is a judgement call for you and not something that ought to be added to the default Privoxy ruleset.

    Cheers,

    Ian