Things are hotting up in the security field. HP is suing SnoSoft (or rather, they were, seem to have withdrawn now) for releasing an exploit for a problem which they (HP) should have fixed 4 months ago, OpenSSH has been trojaned, OpenSSL is found to be buggy, there's a new XDR vulnerability which I can't find the original announcement for and MS has released its long-awaited service pack 3 for Winduhs 2000.
Leaving aside the first 4, the last one is rather interesting. The SP3 EULA, which you have to agree to in order to use the latest and greatest bugfixes from MS, forces you to consent to the update automatically sending information about your computer to MS. This looks like a real problem to me: how many defence, government or even private parties would want their computer's details to be stored in some MS database? Of course, the argument is going to be, `If you have nothing to hide, you shouldn't have problems with information about your computer being available to MS' or even, `MS shall use this information responsibly and only for improving the level of service to it's customers.' However, I'm not buying either one. Information about my computer is my business and my business only. If you suspect that I am running an illegal copy of your software, send your goons aka NASSCOM after me. If I wanted better service, I'd tell you how I wanted it rather than having you mandate the definition of `better service' and force me to give up my privacy. MS can also possibly use this to gather marketing information, since they are gathering information about other (presumably III-party) software installed on your computer. I expect that this will be strongly condemned and eventually MS will tell you how to disable the automatic information sending feature without a single blush, while reintroducing it under another name in the next service pack. Life sure looks interesting. Here's the message which triggered it off: From: Colin Stefani <[EMAIL PROTECTED]> To: "'Leif Sawyer'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: Windows 2000 Service Pack 3 now available. Date: Thu, 1 Aug 2002 14:43:42 -0700 Be sure to read the new EULA/privacy statement for Windows update, it has an interesting portion about how Windows Update and Automatic Update (which gets installed with SP3) can, by agreeing to this license, send the following pieces of info to Microsoft, this was posted on the MS focus list by Javier Sanchez: "With the latest version of Windows Update (essentially a mandatory download and now part of SP3) you consent to sending the following information to Microsoft: * Operating-system version number and Product Identification number * Internet Explorer version number * Version numbers of other software * Plug and Play ID numbers of hardware devices This is stated in the "Windows Update Privacy Statement" which you can read at <http://v4.windowsupdate.microsoft.com/en/about.asp?> You can also follow the "About Windows Update" link off the WindowsUpdate page. Don't bother trying to right-click, they've made sure to disable that." Enjoy! Way to go MS! </quote> Regards, -- Raju -- Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/ It is the mind that moves ================================================ To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header. Check archives at http://www.mail-archive.com/ilugd%40wpaa.org
