office XP sends your info to M$

Discussion in 'other security issues & news' started by snowy, Aug 1, 2002.

Thread Status:
Not open for further replies.
  1. snowy

    snowy Guest

    PROBLEM: Microsoft Office XP and Internet Explorer version 5 and later are configured to request to send debugging information to Microsoft in the event of a program crash. The debugging information includes a memory dump which may contain all or part of the document being viewed or edited. This debug message potentially could contain sensitive, private information.
    PLATFORM: Microsoft Office XP
    Microsoft Internet Explorer 5.0 and later
    Windows XP
    Microsoft has indicated that this will be a feature of all new Microsoft products

    DAMAGE: Sensitive or private information could inadvertently be sent to Microsoft. Some simple testing of the feature found document information in one message out of three.
    SOLUTION: Apply the registry changes listed in this bulletin to disable the automatic sending of debugging information. If you are working with sensitive information and a program asks to send debugging information to Microsoft, you should click Don't Send.

    http://www.ciac.org/ciac/bulletins/m-005.shtml

    *U.S DEPT of ENERGY WEBSITE**


    this information is nearly a year old...its the first I have heard of it.......

    snowy
     
  2. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Under XP, go to Control Panel -> Adminstrator -> scroll down the list of services and disable MOST of them, including Error Reporting.

    See www.blkviper.com for useful advice.

    As Snowman says, NEVER let anyone else read a memory dump from your machine.
     
  3. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Checkout,
    Is it safe to disable "dumprep 0 -k" in XP Pro startup ? Check out this link under "d"...dumprep !!
    http://www.kellys-korner-xp.com/xp_abc.htm
    thanks,
    bill ;)
     
  4. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Bill, I never see this on my copy of XP Home. I assume that's because I disabled the Remote Assistance Service. You'd surely be better off disabling the service than the startup of dumprep - and I'm fairly certain, since it's a service, you can't disable it any other way than through Administrator functions.

    Do check out www.blkviper.com but don't follow his instructions blindly - your configuration and his may vary. Mine did.
     
Loading...
Thread Status:
Not open for further replies.