Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Windows XP RC2

From: "Petruzel, Oliver" <OliverP () aegisresearch com>
Date: Mon, 20 Aug 2001 11:37:16 -0400
belive it or not, I see this as a feature (owww, hurt to say it..)
but you are correct.  EVERY user should be asked during firstboot or during
install "do you wish to use default microsoft server (time.windows.com) for
your time syncronization?" 

most folks would hit "ok" anyways, but it would give YOU and I the chance to
decide for oursleves, since we may know the implications or be able to
theorize them in our usual paranoid way.

but as a feature, time-sync is great.  it's just too bad they didnt point it
toward some other public source.  damn M$ wants every hit on the web to go
through their network... not surprised.

the key would be to make a reghack and send it out via an outlook worm which
changes this. thus protecting the world! ha!

a good use for the "flash worm" theory to test it.  just put a counter on
the time site you point to and see how many hits it gets when you send out
the worm.  thus testing the infection rate...please do me a favor tho, dont
release the source...

-oliver



-----Original Message-----
From: Dino [mailto:slayer67 () apk net]
Sent: Monday, August 20, 2001 6:37 AM
To: vuln-dev () securityfocus com
Subject: Windows XP RC2


Well I am not sure if you would consider this a bug, 
incident, monitoring or
a feature, but in Windows XP RC2 that we loaded this weekend
I noticed that M$ has Network Time Client built to keep correct time.

This is good so that we do not have to grab a 3rd party app 
and install it,
but what is disturbing is take a guess as to what the 
"default" Time Server
that gets used???

time.windows.com  !!!


Well for every install M$ can monitor/track who is running XP 
that has a Net
connection.
Yes you can simply pick another like my favorite
"time-a.timefreq.bldrdoc.gov" and all is well, but that 
average user wont
know this and may not even care, but they should ;)

If your real paranoid one can think well if the NTP is using
time.windows.com what is stopping M$ from having some hidden 
app that can be
communicated to once they grab the IP that queries their time server?!

Thanks for listening

Dino
Previous By Date Next
Previous By Thread Next

Current thread: