Vulnerability Development mailing list archives

Windows XP RC2

From: "Dino" <slayer67 () apk net>
Date: Mon, 20 Aug 2001 06:36:41 -0400

Well I am not sure if you would consider this a bug, incident, monitoring or
a feature, but in Windows XP RC2 that we loaded this weekend
I noticed that M$ has Network Time Client built to keep correct time.

This is good so that we do not have to grab a 3rd party app and install it,
but what is disturbing is take a guess as to what the "default" Time Server
that gets used???

time.windows.com  !!!


Well for every install M$ can monitor/track who is running XP that has a Net
connection.
Yes you can simply pick another like my favorite
"time-a.timefreq.bldrdoc.gov" and all is well, but that average user wont
know this and may not even care, but they should ;)

If your real paranoid one can think well if the NTP is using
time.windows.com what is stopping M$ from having some hidden app that can be
communicated to once they grab the IP that queries their time server?!

Thanks for listening

Dino

Current thread:

Windows XP RC2 Dino (Aug 20)
- RE: Windows XP RC2 Thomas Reagan (Aug 20)
- Re: Windows XP RC2 Derek Kwan (Aug 20)
  - Re: Windows XP RC2 John Galt (Aug 20)
- Re: Windows XP RC2 bugtraq (Aug 20)
  - Re: Windows XP RC2 Gregory McCann (Aug 20)
  - Re: Windows XP RC2 Dino (Aug 21)
    - Re: Windows XP RC2 Blue Boar (Aug 21)
    - Re: Windows XP RC2 Gregory McCann (Aug 21)
    - Re: Windows XP RC2 herrold (Aug 21)
    - Re: Windows XP RC2 Michel Arboi (Aug 21)

(Thread continues...)