Well, since Windows >2000 uses Kerberos, maintaining a time synchronization is essential. If clients/servers are more than 5 minutes apart, Kerberos will not function. I know that by default Win2k clients grab their time from DC's, but I don't know what the escalation procedures are for XP. This is a good thing in a business, and the security risk is minor for home users. True, MS could be profiliing people based on NTP connections, but this is probable better than releasing millions of copies of software that all point at US Gov. servers. The load on that machine must be fairly serious already; all those XP clients might break it. --Tom -----Original Message----- From: Dino [mailto:slayer67at_private] Sent: Monday, August 20, 2001 6:37 AM To: vuln-devat_private Subject: Windows XP RC2 Well I am not sure if you would consider this a bug, incident, monitoring or a feature, but in Windows XP RC2 that we loaded this weekend I noticed that M$ has Network Time Client built to keep correct time. This is good so that we do not have to grab a 3rd party app and install it, but what is disturbing is take a guess as to what the "default" Time Server that gets used??? time.windows.com !!! Well for every install M$ can monitor/track who is running XP that has a Net connection. Yes you can simply pick another like my favorite "time-a.timefreq.bldrdoc.gov" and all is well, but that average user wont know this and may not even care, but they should ;) If your real paranoid one can think well if the NTP is using time.windows.com what is stopping M$ from having some hidden app that can be communicated to once they grab the IP that queries their time server?! Thanks for listening Dino
This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 08:55:03 PDT