I was just working on a development server on an XML program for and I had my HTTP packet sniffer open. Well I take a look at the program and I see two entries that look like this. This machine does not have automatic update checking installed, and it's a Win2k Server machine.
GET /wutrack.bin?V=1&U=8dd8ed08b2f5d149b8fb406b7a79cdd6&C=iu&A=n&I=&D=&P=5.0.893.2.110.3.0&L=en-US&S=s&E=00000000&M=&X=021126201356491 HTTP/1.1 Accept: */* User-Agent: Industry Update Control Host: wustat.windows.com Connection: Keep-Alive I got curious, and click on the check updates button, and while the program was checking for updates on the MS site, I see this among all the other requests. GET /wutrack.bin?V=1&U=8dd8ed08b2f5d149b8fb406b7a79cdd6&C=IU_SITE&A=n&I=&D=&P=5.0.893.2.110.3.0&L=en-US&S=s&E=00000000&M=&X=021126203254167 HTTP/1.1 Accept: */* User-Agent: Industry Update Control Host: wustat.windows.com Connection: Keep-Alive Everything is the same except for the X parameter...so it looks like that where ever this information comes from, it looks like this info could be used to uniquely identify a computer. Anyway it looks mighty suspicious to me. -- jon mailto:[EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=5 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=5 Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
