Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows XP RC2

From: herrold <herrold () owlriver com>
Date: Tue, 21 Aug 2001 12:41:17 -0400 (EDT)
On Tue, 21 Aug 2001, Dino wrote:


I added time.windows.com to a 3rd party NTP app and it could not get the
time from time.windows.com.
I tried it on Unix also and it did not work either ;)

Maybe there timeserver is not RF868 compliant or just typical MS-centric?


There is the old saw about "Never attribute to malice that which
may be explained by ignorance" ...

If one were writing an information gathering tool, why not use a
'two for one' approach -- Serve up known non-forged timestamps for
time limited software such as leased applications; AND gather
information as to the serial numbers, etc. on a remote host, using a
variant of a protocol which supports encrypted exchanges (NTP)
[Think MS Kerberos and its 'extension' use of a open field].

The result might be that one's customers cannot sniff the meaning of
a stream without having the (concealed) private key and full spec
[Think GUID's].

I do not believe that the people paid by Microsoft to sit around and
devise a method to implement .NET are ignorant.  The old saw is
inapposite here.

... not being paranoid, but not making assumptions. either ...

-- Russ Herrold
Previous By Date Next
Previous By Thread Next

Current thread: