Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
I was talking with a colleague yesterday who was building a config script in Notepad and Notepad crashed after a couple hours of invested work. My first questions was "you've been saving, right?" and of course he was like "um, no". Basically he had his config file complete, and when he went to save at the end, Notepad crashed.
Short of flipping out over hours of lost work, he went and opened the crash dump report to see if he could salvage anything, and behold, there was his entire config file, complete with all the sensitive passwords and IP info.
So if your computer does crash, I assume MS just sweeps up everything in its crash report and sends it off into the cloud where anybody can see it? Is there any encryption on crash reports? They seem so banal but could be a treasure trove of sensitive data.
Also, can you limit what info is gathered and sent out?
You can turn off error reporting services but I don't think you can limit what's sent. And as far as I know, they don't send out passwords, that's actually the first I've heard of that. How reliable is the information you have on that?
I'd say it is pretty reliable. My friend was able to pull his whole config file out of the dump and save it. The only thing I can think is it may just be a dump file and not what is sent out to MS.
A quick google search turned this up though - kind of scary -
Because crash dump files may contain passwords and other sensitive information that had been stored in memory just prior to a crash, this file can be exploited.
One of the tasks I perform on a new install is to disable error reporting, set Write debugging information to <none>, disable remote assistance, stop automatic updates from being installed without my review, and a number of other settings.
What I've read may be sent to Microsoft includes things like IP address and Product Keys. I hope they are better at reading dump files than I am. They frequently leave me baffled at the things I find when I search for answers based on a dump file.
In this case, the work was a simple text file that was being created in Notepad. It just happened to contain IP addresses and passwords. I don't think stored passwords are included in dump files. Correct me if I'm wrong.
Last edited by mensaguy; 07-29-2009 at 02:42 PM..
Reason: because I can
While on the topic sensitive data can get written to virtual memory too and often overlooked by those trying to secure a drive or wipe it's contents. If you're going to wipe a drive be sure to disable it then wipe.
What I've read may be sent to Microsoft includes things like IP address and Product Keys.
IP address ain't no biggie, in fact the IP address for the computer I am sitting at is 192.168.1.101. That information is of absolutely no use to anyone. Product Keys, and other stuff, now that is different.
Your Internet Protocol (IP) address is also collected because you are connecting to an online service (web service) to send error reports. However, your IP address is used only to generate aggregate statistics. It is not used to identify you or contact you.
Reports might unintentionally contain personal information, but this information is not used to identify you or contact you. For example, a report that contains a snapshot of memory might include your name, part of a document you were working on, or data that you recently submitted to a website. If you are concerned that a report might contain personal or confidential information, you should not send the report.
IP address ain't no biggie, in fact the IP address for the computer I am sitting at is 192.168.1.101. That information is of absolutely no use to anyone. Product Keys, and other stuff, now that is different.
I hope you do know that's your internal ip and not your external.
This is why I create nlite'd discs with my XP, Vista, etc discs that I buy just to disable the items or remove them all together when I do fresh installs. Everything I need and don't need is already removed and tweaked. Saves loads of time for me.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
