MS spying through Office v.X?

The ports could also be for internal your-computer-to-your-computer communication only just like the half-dozen ports that are open by default for RPC and what-not. Nothing nefarious there.

-Rob
 
Soellman is right, we've tried to run multiple copies of Office v.X on our lan using the same serial number and it lets you know pdq that more than one instance of that serial number is not allowed.
 
I hope soellman is right. However (I'm not a Unix guru) I had a problem once on a Linux box after Netscape6 beta trashed my Xserver and I was trying to fix it. I came across the commuication used by Xfs and X86free. It used the Unix port for communictaion and I was wondering if one specifically needs to use another port for process-to-process communication? One could surely just use sockets over the Unix port.

And although I am definitely paranoid, I STILL wouldn't put it past MS to try and glean user information illegally. That said, it makes sense that MS uses those ports to check licenses.
 
petewaugh - what do you mean by "it lets you know pdq"? Can you post a screenshot of what it says? One would think if it does that for a lan, they would also do it (or at least try to do it) across the internet. I mean, there must be hundreds of people w/ the same serial number right now who got it one way or another.
As for internal communication - aren't there better/easier ways of doing that? Also, besides whatever MS is doing with this, could it in any way open up security holes? I mean, if I telnet into my computer on that port from anywhere on the net I get:

Trying...
Connected to [address]
Escape character is '^]'.

Looking forward to your scripts cvisors! :)
 
yea, the way it works (I'm guessing) is that when any office program opens up, it listens on a socket with a predefined port number. Probably the only thing that you can do with that connection is request the serial number of the running app (unless you conspiracy theorists are right :).

When the app launches, it makes a broadcast on the local network to that port (or slowly scans the network for that port) and asks what serials are being run. If it finds a match, it shuts down the local app. So the way to get around this using ipfw would be to block any outgoing requests to check the network for like serials. I still haven't done any explicit homework on the subject so I don't know what ports they are..
 
sudo ipfw add 0 deny udp from any to any 2222
sudo ipfw add 0 deny tcp from any to any 3464

that should do it..
 
microsoft checks the serials that you use on office v.X

i ran into that problem when i was on my computer opening entourage, and my dad already had it open on his machine. it said the serial is in use by his name.. I got kinda pissed that Office v.X tracks serials.. i think its just over the network. but i dont know
 
Originally posted by WoLF
microsoft checks the serials that you use on office v.X

i ran into that problem when i was on my computer opening entourage, and my dad already had it open on his machine. it said the serial is in use by his name.. I got kinda pissed that Office v.X tracks serials.. i think its just over the network. but i dont know
yes, that's what this thread is about. and don't get pissed because you're playing around with unreleased software. besides, if you wrote a software package that you sold for hundreds of dollars, wouldn't you do something similar?
 
http://www.zdnet.com/zdnn/stories/news/0,4586,5098483,00.html?chkpt=zdhpnews01

Ms is doing exactly with OfficeXP and IE5 on Windows what I warned of. These progs send a memory image (I -hopefully- assume of only OfficeXP and IE5's data plus serial nimber and product key) when they crash. PC users are as mad as hell about it, and I would be too if I used their junk(notwithstanding that quite a few here are using OfficeX illlegally). So, it would actually be a good idea to check the MS products and what it is they exactly check. Checking SN's over the network is old hat and can be quite easily blocked, but it would be interresting to try and get these things to crash and see if they send some stuff over the net when they do.
 
well this is just sort of standard crash reporting stuff (mozilla and omniweb both do this), but of course this MS we're talking about so people expect the worst..

if they don't allow you to turn it off it will be pretty upsetting, as when you purchase software you don't really purchase the guarantee of bug fixes, so why should you be required to help the company to fix the bugs?
 
On the version I have, at least, the tcp ports are different every time you launch an Office v.X component. Can you use ipfw to block a range of ports? They're always in the 3000 range.
 
I could be wrong, but this is unix, folks. So I would think that you could just use ipfw (or the GUI interface BrickHouse) to block 3*** and it would substitute any number for the ***'s.
 
Ok, everyone chill for a second. This is not M$ trying to get into your computer. Taken from MacNN:

Following our note this morning on Microsoft's new anti-piracy measures in Office v. X, Matthew Whitaker offered some details:

"The Office v.X for Mac os X security is based on TCP/IP. The ports being used are in the 3000 range. If you run a port scan on the machine that is running Office you will see a port in the 3xxx range is open. This port is only open if the program is running. After packet sniffing I was able to determine that there is no communication to a central database. It is in fact then only a broadcast on the local area network."
There ya go. This has actually been documented for quite some time now, and has appeared in the past three beta's at least (the one's I've used, it could have been there before that as well). I would expect this in the GM release as well. Basically just make sure you have a different SN from everyone on your network and you will be fine (how you acquire that SN will be up to you).
 
And if you can't get a whole bunch of CD keys, the earlier instructions on configuring your firewall can be very helpful.
Here's poor ol' Word v.X beta trying to find out if I have another copy of Office v.X on my system:
 

Attachments

  • fwlog.jpg
    fwlog.jpg
    27.2 KB · Views: 137
Back
Top