delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2020/05/11/12:25:59

X-Recipient: archive-cygwin AT delorie DOT com
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 3E1D0385DC1F
Authentication-Results: sourceware.org;
dmarc=none (p=none dis=none) header.from=free.fr
Authentication-Results: sourceware.org; spf=none smtp.mailfrom=akiki AT free DOT fr
Date: Mon, 11 May 2020 18:25:01 +0200 (CEST)
From: akiki AT free DOT fr
To: cygwin <cygwin AT cygwin DOT com>
Message-ID: <331531811.-1550186875.1589214301322.JavaMail.root@zimbra76-e14.priv.proxad.net>
In-Reply-To: <1325932087.-1622514822.1587585031094.JavaMail.root@zimbra76-e14.priv.proxad.net>
Subject: Very dangerous hacking ? Surprising relationship between cygwin and
Microsoft
MIME-Version: 1.0
X-Originating-IP: [185.230.125.94]
X-Mailer: Zimbra 7.2.0-GA2598 (ZimbraWebClient - GC81 (Win)/7.2.0-GA2598)
X-Authenticated-User: akiki AT free DOT fr
X-Spam-Status: No, score=0.5 required=5.0 tests=BAYES_50, FREEMAIL_FROM,
KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE,
TXREP autolearn=no autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
server2.sourceware.org
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <http://cygwin.com/mailman/options/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <http://cygwin.com/mailman/listinfo/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Errors-To: cygwin-bounces AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces AT cygwin DOT com> 

Hi, 

On doing an habitual "cygcheck -rs", I was interrogated and ALARMED to see some register keys speaking cygwin : 

HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\
microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cygwin.com 
(default) = 0x00000000 
NumberOfSubdomains = 0x00000001 

HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\
microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cygwin.com 
(default) = 0x00000000 
NumberOfSubdomains = 0x00000000 

Examining the registry under cygwin:
      cd /proc/registry/HKEY_CURRENT_USER/... ; 
Positioned on Internet Explorer\, 
I found 4 sub-keys : DOMStorage DomStorageState EdpDomStorage Main 

These keys are very populated : 
"ls -lR|wc -l" give me 1285 lines, and I can read many traces of my use of internet about bank vpn ... 

For DOMStorage an EdpDomStorage a list of URL is indicated with dates between July 2019 and Apr 2020 

The values attached to cygwin.com URL as for others are 4 bytes values - no clear meaning. 

To conclude, Microsoft spy and register all sites you access, cygwin.com in particular. 
I hope only with Edge, but I am not sure of that. 

I have never see in cygcheck, such reference to cygwin with chrome, firefox , opera ...
May be something is done to mask them.

Sorry for my bad English. 
--
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019