belive it or not, I see this as a feature (owww, hurt to say it..) but you are correct. EVERY user should be asked during firstboot or during install "do you wish to use default microsoft server (time.windows.com) for your time syncronization?" most folks would hit "ok" anyways, but it would give YOU and I the chance to decide for oursleves, since we may know the implications or be able to theorize them in our usual paranoid way. but as a feature, time-sync is great. it's just too bad they didnt point it toward some other public source. damn M$ wants every hit on the web to go through their network... not surprised. the key would be to make a reghack and send it out via an outlook worm which changes this. thus protecting the world! ha! a good use for the "flash worm" theory to test it. just put a counter on the time site you point to and see how many hits it gets when you send out the worm. thus testing the infection rate...please do me a favor tho, dont release the source... -oliver > -----Original Message----- > From: Dino [mailto:slayer67at_private] > Sent: Monday, August 20, 2001 6:37 AM > To: vuln-devat_private > Subject: Windows XP RC2 > > > Well I am not sure if you would consider this a bug, > incident, monitoring or > a feature, but in Windows XP RC2 that we loaded this weekend > I noticed that M$ has Network Time Client built to keep correct time. > > This is good so that we do not have to grab a 3rd party app > and install it, > but what is disturbing is take a guess as to what the > "default" Time Server > that gets used??? > > time.windows.com !!! > > > Well for every install M$ can monitor/track who is running XP > that has a Net > connection. > Yes you can simply pick another like my favorite > "time-a.timefreq.bldrdoc.gov" and all is well, but that > average user wont > know this and may not even care, but they should ;) > > If your real paranoid one can think well if the NTP is using > time.windows.com what is stopping M$ from having some hidden > app that can be > communicated to once they grab the IP that queries their time server?! > > Thanks for listening > > Dino > > > > > > >
This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 08:58:23 PDT