Menu

#903 privacy info leaking to redmond

open
Ian Silvester
None
5
2013-08-22
2013-08-22
felix
No

Hello
After installing Emet tool I noticed this in log. Something sends out computer name, model, bios version obviously to allow easy attack.

"GET http://watson.microsoft.com/StageOne/Generic/EMET_40_PKI/iexplore_exe/10_00_9200_16521%20\(win8_g/4_0_4913_26121/1/microsoft_com/en-US/8F432885489320234F7CB1428485EA3014C0BCFE.htm?LCID=1020&OS=6.1.7602.3.00010100.1.0.1.17514&SM=Toshiba%20Inc.&SPN=Protege%20S410&BV=1.86&HCU=10430&Queue=1 HTTP/1.1" 200 43

Discussion

  • Ian Silvester

    Ian Silvester - 2013-08-22

    Hi Felix,

    Watson is a generic brand Microsoft have long used for their problem diagnosis tools. I would suggest that it is not malicious but is instead part of what EMET does to learn in what ways your PC might be vulnerable to malicious attack; it is referring to a knowledge base at Microsoft supplying details about your machine.

    Kind regards,

    Ian

     

  • Ian Silvester

    Ian Silvester - 2013-08-22
    • assigned_to: nobody --> diem
    • milestone: 195890 -->
    • labels: 412810 -->
     

  • felix

    felix - 2013-08-22

    my concern is supplied details may be used to send specific working attack against computer. Request itself is not malicious but may serve to create one, for example by some traffic monitoring tool.

     

  • Ian Silvester

    Ian Silvester - 2013-08-23

    Hi Felix,

    I hear your concern, but you face a dilemma. You've installed EMET to help to mitigate against malware attacks, and yet a /feature/ of EMET might assist a would-be attacker.

    Yes you could implement a filter to modify this request to hide the sensitive details, but in doing so you might negatively affect EMET's functionality.

    Either way, this is a judgement call for you and not something that ought to be added to the default Privoxy ruleset.

    Cheers,

    Ian

     

Log in to post a comment.