I am told that the latest Windows/XP has a Trojan built into it.
This was done as part of a deal with the United States Department
of Justice in settling the long term problem with Microsoft's
monopoly conviction.
This Trojan, upon specifc network inquiry, has the capability
of sending any intelligence that exists within the computer,
(Motherboard type, Peripherals, hard disk contents, the contents
of video buffers, etc.) to a remote network agent, any time the
machine is connected to a network.
Since the secret inquiry commands and port(s) must be known by
the developers, I hope that somebody is working on a Linux clone
that will pretend that it's a M$ machine owned by the Pope.
Anyway, I have a XP machine here. I have monitored its startup
with a phony static IP address and NO default route that should
not be able to be routed out of the LAN. It does a lot of
network chatter and actually communicates with a name server
outside of our firewall!
I tried to find out how, so I first wanted to find some
M$ servers. This is what whois reports!!
[whois.internic.net]
Whois Server Version 1.3
Domain names in the .com, .net, and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
MICROSOFT.COM.ZZZ.SUCKS.AZZ.PHAEN.AS
MICROSOFT.COM.Z---HELLO-FROM-SIBERIA---I.Z3S.COM
MICROSOFT.COM.WILL.NEVER.SATISFY.A.TRUE.TELNETJUNKIE.COM
MICROSOFT.COM.WILL.NEVER.RUN.PUREDATA.NET
MICROSOFT.COM.WILL.LIVE.FOREVER.BUT.LUNIX.SUCKS-BYBIRTH.ARTISTICCHEESE.COM
MICROSOFT.COM.WILL.ALWAYS.FEARPENGUINS.COM
MICROSOFT.COM.WHOIS.RESULTS.MAKE.A.GREAT.HUMOUR-LIST.COM
MICROSOFT.COM.WAS.HACKED.TODAY.BY.JAMESSMALL.COM
MICROSOFT.COM.TONY.HAS.SEXUAL.IN.ADEQUACY.ORG
MICROSOFT.COM.TOLD.ME.TO.KILL.UR.PC.LIVE-EVIL.COM
MICROSOFT.COM.TOHA.KANKEI.ARIMASEN.300BPS.NET
MICROSOFT.COM.TAKES.IT.IN.THE.BUTT.FROM.WHILE1.ORG
MICROSOFT.COM.SUKZ.ORG
MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.COM
MICROSOFT.COM.SE.FAIT.HAX0RIZER.PAR.TOUT.LE.ZOY.ORG
MICROSOFT.COM.RUNSLINUX.NET
MICROSOFT.COM.PRODUCTS.WILL.NEVER.BE.SEEN.AT.MCNEIGHT.ORG
MICROSOFT.COM.OWNED.BY.MAT.HACKSWARE.COM
MICROSOFT.COM.NOTHING.HAPPENS.XYZZY.COM
MICROSOFT.COM.NAO.VALE.UM.CARALHO.NET
MICROSOFT.COM.N-AIME.BILL.QUE.QUAND.IL.N-EST.PAS.NU
MICROSOFT.COM.MUST.STOP.TAKEDRUGS.ORG
MICROSOFT.COM.MAKES.SHIT.ASS.SOFTWARE.T10.NET
MICROSOFT.COM.IS.THE.COMMERCIAL.ARM.OF.THE.WORLDGOV.ORG
MICROSOFT.COM.IS.SOON.GOING.TO.THE.DEATHCORPORATION.COM
MICROSOFT.COM.IS.SO.VERY.SKANKY.NET
MICROSOFT.COM.IS.SECRETLY.RUN.BY.ILLUMINATI.TERRORISTS.NET
MICROSOFT.COM.IS.NOTHING.COMPARED.TO.EVILGOAT.NET
MICROSOFT.COM.IS.NOTHING.BUT.A.MONSTER.ORG
MICROSOFT.COM.IS.NO.MATCH.FOR.THE.WANNABE.TERRORISTS.AT.JIMPHILLIPS.ORG
MICROSOFT.COM.IS.NO.MATCH.FOR.A.UNIXNINJA.COM
MICROSOFT.COM.IS.HOPELESSLY.INSECURE.ORG
MICROSOFT.COM.IS.GOD.BUT.LINUX.SUCKS-FOREVER.ARTISTICCHEESE.COM
MICROSOFT.COM.IS.AT.THE.MERCY.OF.DETRIMENT.ORG
MICROSOFT.COM.IS.A.STEAMING.HEAP.OF.FUCKING-BULLSHIT.NET
MICROSOFT.COM.HQ.SHOULD.HAVE.BEEN.MOVED.TO.BAGDAD.JUST.BEFORE.THE.GULFWAR.ORG
MICROSOFT.COM.HEBERGEUR.DE.SCHIZOPHRENE.ORG
MICROSOFT.COM.HAS.NO.LINUXCLUE.COM
MICROSOFT.COM.HACKED.BY.HACKSWARE.COM
MICROSOFT.COM.GUTS.NL
MICROSOFT.COM.FILLS.ME.WITH.BELLIGERENCE.NET
MICROSOFT.COM.FAIT.VRAIMENT.DES.LOGICIELS.A.TROIS.FRANCS.DOUZE.ORG
MICROSOFT.COM.DAN.HILLIER.OF.EXETER.UK.IS.A.DUMB.ASS.EVILJAM.COM
MICROSOFT.COM.CODERS.SHOULD.DUMP.WINDOWS.AND.CODE.FOR.THE.MORE.PRACTICALMAC.COM
MICROSOFT.COM.CANNOT.HACKUNIX.ORG
MICROSOFT.COM.AINT.WORTH.SHIT.KLUGE.ORG
MICROSOFT.COM.A.ETE.CREE.PAR.BILLOU.A.L.EPOQUE.OU.IL.FUMAIT.DU.COLA-COCA.ORG
MICROSOFT.COM.A.BIEN.BU.DU.COLA-COCA.SUR.L.ILE.DE.NUMEA.COM
MICROSOFT.COM
[Snipped]
Neat!
Anyway, XP will certainly find its way around a network. It discovers
any Microsoft servers on the LAN and uses their default route. That's
how it finds the firewall. It then queries a bunch of servers using
port 53 (DNS) and does a zone-dump. Then it uses the mail port 25 to
exchange information. This information is not text. I don't know
what it is.
It does this all upon startup! Our firewall doesn't 'know' about
this machine. It shouldn't even be able to talk outside because
our firewall interface does NAT and nobody has configured it for
the new machine.
If somebody has the time, it would be a good idea to look into
how they do this stuff and make some Linux software to emulate,
attack, expose, and thereby destroy the new Microsoft capability.
Cheers,
Dick Johnson
Penguin : Linux version 2.4.1 on an i686 machine (799.53 BogoMips).
I was going to compile a list of innovations that could be
attributed to Microsoft. Once I realized that Ctrl-Alt-Del
was handled in the BIOS, I found that there aren't any.
On Fri, 26 Oct 2001, Richard B. Johnson wrote:
> I am told that the latest Windows/XP has a Trojan built into it.
This is about as far off-topic as you can get,
the linux-kernel mailing list is about the linux
kernel.
Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)
http://www.surriel.com/ http://distro.conectiva.com/
This is the Universal PnP support...
Dave Hawkes
----- Original Message -----
From: "Richard B. Johnson" <[email protected]>
Newsgroups: fa.linux.kernel
To: "Linux kernel" <[email protected]>
Sent: Friday, October 26, 2001 9:39 AM
Subject: M$ Does it again
>
> I am told that the latest Windows/XP has a Trojan built into it.
> This was done as part of a deal with the United States Department
> of Justice in settling the long term problem with Microsoft's
> monopoly conviction.
>
> This Trojan, upon specifc network inquiry, has the capability
> of sending any intelligence that exists within the computer,
> (Motherboard type, Peripherals, hard disk contents, the contents
> of video buffers, etc.) to a remote network agent, any time the
> machine is connected to a network.
>
> Since the secret inquiry commands and port(s) must be known by
> the developers, I hope that somebody is working on a Linux clone
> that will pretend that it's a M$ machine owned by the Pope.
>
> Anyway, I have a XP machine here. I have monitored its startup
> with a phony static IP address and NO default route that should
> not be able to be routed out of the LAN. It does a lot of
> network chatter and actually communicates with a name server
> outside of our firewall!
>
> I tried to find out how, so I first wanted to find some
> M$ servers. This is what whois reports!!
>
> [whois.internic.net]
>
> Whois Server Version 1.3
>
> Domain names in the .com, .net, and .org domains can now be registered
> with many different competing registrars. Go to http://www.internic.net
> for detailed information.
>
> MICROSOFT.COM.ZZZ.SUCKS.AZZ.PHAEN.AS
> MICROSOFT.COM.Z---HELLO-FROM-SIBERIA---I.Z3S.COM
> MICROSOFT.COM.WILL.NEVER.SATISFY.A.TRUE.TELNETJUNKIE.COM
> MICROSOFT.COM.WILL.NEVER.RUN.PUREDATA.NET
> MICROSOFT.COM.WILL.LIVE.FOREVER.BUT.LUNIX.SUCKS-BYBIRTH.ARTISTICCHEESE.COM
> MICROSOFT.COM.WILL.ALWAYS.FEARPENGUINS.COM
> MICROSOFT.COM.WHOIS.RESULTS.MAKE.A.GREAT.HUMOUR-LIST.COM
> MICROSOFT.COM.WAS.HACKED.TODAY.BY.JAMESSMALL.COM
> MICROSOFT.COM.TONY.HAS.SEXUAL.IN.ADEQUACY.ORG
> MICROSOFT.COM.TOLD.ME.TO.KILL.UR.PC.LIVE-EVIL.COM
> MICROSOFT.COM.TOHA.KANKEI.ARIMASEN.300BPS.NET
> MICROSOFT.COM.TAKES.IT.IN.THE.BUTT.FROM.WHILE1.ORG
> MICROSOFT.COM.SUKZ.ORG
> MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.COM
> MICROSOFT.COM.SE.FAIT.HAX0RIZER.PAR.TOUT.LE.ZOY.ORG
> MICROSOFT.COM.RUNSLINUX.NET
> MICROSOFT.COM.PRODUCTS.WILL.NEVER.BE.SEEN.AT.MCNEIGHT.ORG
> MICROSOFT.COM.OWNED.BY.MAT.HACKSWARE.COM
> MICROSOFT.COM.NOTHING.HAPPENS.XYZZY.COM
> MICROSOFT.COM.NAO.VALE.UM.CARALHO.NET
> MICROSOFT.COM.N-AIME.BILL.QUE.QUAND.IL.N-EST.PAS.NU
> MICROSOFT.COM.MUST.STOP.TAKEDRUGS.ORG
> MICROSOFT.COM.MAKES.SHIT.ASS.SOFTWARE.T10.NET
> MICROSOFT.COM.IS.THE.COMMERCIAL.ARM.OF.THE.WORLDGOV.ORG
> MICROSOFT.COM.IS.SOON.GOING.TO.THE.DEATHCORPORATION.COM
> MICROSOFT.COM.IS.SO.VERY.SKANKY.NET
> MICROSOFT.COM.IS.SECRETLY.RUN.BY.ILLUMINATI.TERRORISTS.NET
> MICROSOFT.COM.IS.NOTHING.COMPARED.TO.EVILGOAT.NET
> MICROSOFT.COM.IS.NOTHING.BUT.A.MONSTER.ORG
> MICROSOFT.COM.IS.NO.MATCH.FOR.THE.WANNABE.TERRORISTS.AT.JIMPHILLIPS.ORG
> MICROSOFT.COM.IS.NO.MATCH.FOR.A.UNIXNINJA.COM
> MICROSOFT.COM.IS.HOPELESSLY.INSECURE.ORG
> MICROSOFT.COM.IS.GOD.BUT.LINUX.SUCKS-FOREVER.ARTISTICCHEESE.COM
> MICROSOFT.COM.IS.AT.THE.MERCY.OF.DETRIMENT.ORG
> MICROSOFT.COM.IS.A.STEAMING.HEAP.OF.FUCKING-BULLSHIT.NET
>
MICROSOFT.COM.HQ.SHOULD.HAVE.BEEN.MOVED.TO.BAGDAD.JUST.BEFORE.THE.GULFWAR.OR
G
> MICROSOFT.COM.HEBERGEUR.DE.SCHIZOPHRENE.ORG
> MICROSOFT.COM.HAS.NO.LINUXCLUE.COM
> MICROSOFT.COM.HACKED.BY.HACKSWARE.COM
> MICROSOFT.COM.GUTS.NL
> MICROSOFT.COM.FILLS.ME.WITH.BELLIGERENCE.NET
> MICROSOFT.COM.FAIT.VRAIMENT.DES.LOGICIELS.A.TROIS.FRANCS.DOUZE.ORG
> MICROSOFT.COM.DAN.HILLIER.OF.EXETER.UK.IS.A.DUMB.ASS.EVILJAM.COM
>
MICROSOFT.COM.CODERS.SHOULD.DUMP.WINDOWS.AND.CODE.FOR.THE.MORE.PRACTICALMAC.
COM
> MICROSOFT.COM.CANNOT.HACKUNIX.ORG
> MICROSOFT.COM.AINT.WORTH.SHIT.KLUGE.ORG
>
MICROSOFT.COM.A.ETE.CREE.PAR.BILLOU.A.L.EPOQUE.OU.IL.FUMAIT.DU.COLA-COCA.ORG
> MICROSOFT.COM.A.BIEN.BU.DU.COLA-COCA.SUR.L.ILE.DE.NUMEA.COM
> MICROSOFT.COM
>
> [Snipped]
>
> Neat!
>
> Anyway, XP will certainly find its way around a network. It discovers
> any Microsoft servers on the LAN and uses their default route. That's
> how it finds the firewall. It then queries a bunch of servers using
> port 53 (DNS) and does a zone-dump. Then it uses the mail port 25 to
> exchange information. This information is not text. I don't know
> what it is.
>
> It does this all upon startup! Our firewall doesn't 'know' about
> this machine. It shouldn't even be able to talk outside because
> our firewall interface does NAT and nobody has configured it for
> the new machine.
>
> If somebody has the time, it would be a good idea to look into
> how they do this stuff and make some Linux software to emulate,
> attack, expose, and thereby destroy the new Microsoft capability.
>
> Cheers,
> Dick Johnson
>
> Penguin : Linux version 2.4.1 on an i686 machine (799.53 BogoMips).
>
> I was going to compile a list of innovations that could be
> attributed to Microsoft. Once I realized that Ctrl-Alt-Del
> was handled in the BIOS, I found that there aren't any.
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/