13.
 
Re: Morning Tech Bits
Aug 13, 2015, 21:35
13.
Re: Morning Tech Bits Aug 13, 2015, 21:35
Aug 13, 2015, 21:35
 
eRe4s3r wrote on Aug 13, 2015, 20:01:
From what I understand Ars Technica overlooked a huge part of the spying though, which triggers once your PC goes into idle. (no user action for X minutes) and does NOT trigger when you have wireshark capturing data (since that ain't exactly idle anything, Wireshark has a huge footprint). This idle period is when it sends the most "mysterious" data, encrypted, but surely not just cat pictures, to the domain I posted amongst others. Quick whois revealed who owns it. Do you want anything and everything on your PC sent to an Anti-Piracy/DRM outfit?

Proving anything would be nice though, currently and I freely admit, this is speculations, one can see the connection, but one can not prove what exactly is sent, you'd have to crack the encryption first and trick the idle services to trigger even when capturing (so you have to do it outside the box, by running W10 in a VM) and wireshark outside the VM

Actually one can.
Enterprise NG Firewalls with web content filtering that requires a custom certificate installed on the endpoint so the device can do a man in the middle attack to decrypt https traffic. These enterprise web filters and firewalls use this technique all the time for their company owned machines. It's the only way to stop malware that goes over https. It also stops folks from being able to use a proxy to bypass the content filter. Of course, Financial and Health categories are set not to be decrypted.

Anyway... one can set a machine up as a proxy, put wireshark on it, and use the same decryption technique.

I really don't care what the payload is, though. Theoretically... An easier method is to just have a NG firewall / web filter block everything from the Windows 10 IP, and look at all the denied traffic in the logs on where it's trying to go (better yet, import the logs into Splunk and get the pertinent data out in seconds)... then subsequently block all the domains / ips except windows updates.

/shrug
Get your games from GOG DAMMIT!
Avatar 19499
Date
Subject
Author
1.
Aug 13, 2015Aug 13 2015
2.
Aug 13, 2015Aug 13 2015
4.
Aug 13, 2015Aug 13 2015
5.
Aug 13, 2015Aug 13 2015
6.
Aug 13, 2015Aug 13 2015
7.
Aug 13, 2015Aug 13 2015
8.
Aug 13, 2015Aug 13 2015
12.
Aug 13, 2015Aug 13 2015
 13.
Aug 13, 2015Aug 13 2015
      Re: Morning Tech Bits
14.
Aug 13, 2015Aug 13 2015
       Re: Morning Tech Bits
15.
Aug 14, 2015Aug 14 2015
        Re: Morning Tech Bits
16.
Aug 14, 2015Aug 14 2015
         Re: Morning Tech Bits
3.
Aug 13, 2015Aug 13 2015
9.
Aug 13, 2015Aug 13 2015
10.
Aug 13, 2015Aug 13 2015
11.
Aug 13, 2015Aug 13 2015
17.
Aug 14, 2015Aug 14 2015
18.
Aug 14, 2015Aug 14 2015
20.
Aug 14, 2015Aug 14 2015
22.
Aug 14, 2015Aug 14 2015
24.
Aug 17, 2015Aug 17 2015
19.
Aug 14, 2015Aug 14 2015
23.
Aug 14, 2015Aug 14 2015
21.
Aug 14, 2015Aug 14 2015