RE: Windows XP RC2

From: Petruzel, Oliver (OliverPat_private)
Date: Mon Aug 20 2001 - 08:37:16 PDT

  • Next message: .MetsyS.: "(lame) spoofing DNS with hosts files..."

    belive it or not, I see this as a feature (owww, hurt to say it..)
    but you are correct.  EVERY user should be asked during firstboot or during
    install "do you wish to use default microsoft server (time.windows.com) for
    your time syncronization?" 
    
    most folks would hit "ok" anyways, but it would give YOU and I the chance to
    decide for oursleves, since we may know the implications or be able to
    theorize them in our usual paranoid way.
    
    but as a feature, time-sync is great.  it's just too bad they didnt point it
    toward some other public source.  damn M$ wants every hit on the web to go
    through their network... not surprised.
    
    the key would be to make a reghack and send it out via an outlook worm which
    changes this. thus protecting the world! ha!
    
    a good use for the "flash worm" theory to test it.  just put a counter on
    the time site you point to and see how many hits it gets when you send out
    the worm.  thus testing the infection rate...please do me a favor tho, dont
    release the source...
    
    -oliver
    
    
    > -----Original Message-----
    > From: Dino [mailto:slayer67at_private]
    > Sent: Monday, August 20, 2001 6:37 AM
    > To: vuln-devat_private
    > Subject: Windows XP RC2
    > 
    > 
    > Well I am not sure if you would consider this a bug, 
    > incident, monitoring or
    > a feature, but in Windows XP RC2 that we loaded this weekend
    > I noticed that M$ has Network Time Client built to keep correct time.
    > 
    > This is good so that we do not have to grab a 3rd party app 
    > and install it,
    > but what is disturbing is take a guess as to what the 
    > "default" Time Server
    > that gets used???
    > 
    > time.windows.com  !!!
    > 
    > 
    > Well for every install M$ can monitor/track who is running XP 
    > that has a Net
    > connection.
    > Yes you can simply pick another like my favorite
    > "time-a.timefreq.bldrdoc.gov" and all is well, but that 
    > average user wont
    > know this and may not even care, but they should ;)
    > 
    > If your real paranoid one can think well if the NTP is using
    > time.windows.com what is stopping M$ from having some hidden 
    > app that can be
    > communicated to once they grab the IP that queries their time server?!
    > 
    > Thanks for listening
    > 
    > Dino
    > 
    > 
    > 
    > 
    > 
    > 
    > 
    



    This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 08:58:23 PDT