Vulnerability Development mailing list archives
RE: Windows XP RC2
From: "Thomas Reagan" <treagan () interactiveedge com>
Date: Mon, 20 Aug 2001 11:29:07 -0400
Well, since Windows >2000 uses Kerberos, maintaining a time synchronization is essential. If clients/servers are more than 5 minutes apart, Kerberos will not function. I know that by default Win2k clients grab their time from DC's, but I don't know what the escalation procedures are for XP. This is a good thing in a business, and the security risk is minor for home users. True, MS could be profiliing people based on NTP connections, but this is probable better than releasing millions of copies of software that all point at US Gov. servers. The load on that machine must be fairly serious already; all those XP clients might break it. --Tom -----Original Message----- From: Dino [mailto:slayer67 () apk net] Sent: Monday, August 20, 2001 6:37 AM To: vuln-dev () securityfocus com Subject: Windows XP RC2 Well I am not sure if you would consider this a bug, incident, monitoring or a feature, but in Windows XP RC2 that we loaded this weekend I noticed that M$ has Network Time Client built to keep correct time. This is good so that we do not have to grab a 3rd party app and install it, but what is disturbing is take a guess as to what the "default" Time Server that gets used??? time.windows.com !!! Well for every install M$ can monitor/track who is running XP that has a Net connection. Yes you can simply pick another like my favorite "time-a.timefreq.bldrdoc.gov" and all is well, but that average user wont know this and may not even care, but they should ;) If your real paranoid one can think well if the NTP is using time.windows.com what is stopping M$ from having some hidden app that can be communicated to once they grab the IP that queries their time server?! Thanks for listening Dino
Current thread:
- Windows XP RC2 Dino (Aug 20)
- RE: Windows XP RC2 Thomas Reagan (Aug 20)
- Re: Windows XP RC2 Derek Kwan (Aug 20)
- Re: Windows XP RC2 John Galt (Aug 20)
- Re: Windows XP RC2 bugtraq (Aug 20)
- Re: Windows XP RC2 Gregory McCann (Aug 20)
- Re: Windows XP RC2 Dino (Aug 21)
- Re: Windows XP RC2 Blue Boar (Aug 21)
- Re: Windows XP RC2 Gregory McCann (Aug 21)
- Re: Windows XP RC2 herrold (Aug 21)
- Re: Windows XP RC2 Michel Arboi (Aug 21)
- Re: Windows XP RC2 Dennis McHenry (Aug 20)