RE: Windows XP RC2

From: Petruzel, Oliver (OliverPat_private)
Date: Mon Aug 20 2001 - 08:37:16 PDT

Next message: .MetsyS.: "(lame) spoofing DNS with hosts files..."

Previous message: Derek Kwan: "Re: Windows XP RC2"
Maybe in reply to: Dino: "Windows XP RC2"
Next in thread: bugtraq: "Re: Windows XP RC2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

belive it or not, I see this as a feature (owww, hurt to say it..)
but you are correct.  EVERY user should be asked during firstboot or during
install "do you wish to use default microsoft server (time.windows.com) for
your time syncronization?" 

most folks would hit "ok" anyways, but it would give YOU and I the chance to
decide for oursleves, since we may know the implications or be able to
theorize them in our usual paranoid way.

but as a feature, time-sync is great.  it's just too bad they didnt point it
toward some other public source.  damn M$ wants every hit on the web to go
through their network... not surprised.

the key would be to make a reghack and send it out via an outlook worm which
changes this. thus protecting the world! ha!

a good use for the "flash worm" theory to test it.  just put a counter on
the time site you point to and see how many hits it gets when you send out
the worm.  thus testing the infection rate...please do me a favor tho, dont
release the source...

-oliver


> -----Original Message-----
> From: Dino [mailto:slayer67at_private]
> Sent: Monday, August 20, 2001 6:37 AM
> To: vuln-devat_private
> Subject: Windows XP RC2
> 
> 
> Well I am not sure if you would consider this a bug, 
> incident, monitoring or
> a feature, but in Windows XP RC2 that we loaded this weekend
> I noticed that M$ has Network Time Client built to keep correct time.
> 
> This is good so that we do not have to grab a 3rd party app 
> and install it,
> but what is disturbing is take a guess as to what the 
> "default" Time Server
> that gets used???
> 
> time.windows.com  !!!
> 
> 
> Well for every install M$ can monitor/track who is running XP 
> that has a Net
> connection.
> Yes you can simply pick another like my favorite
> "time-a.timefreq.bldrdoc.gov" and all is well, but that 
> average user wont
> know this and may not even care, but they should ;)
> 
> If your real paranoid one can think well if the NTP is using
> time.windows.com what is stopping M$ from having some hidden 
> app that can be
> communicated to once they grab the IP that queries their time server?!
> 
> Thanks for listening
> 
> Dino
> 
> 
> 
> 
> 
> 
>

Next message: .MetsyS.: "(lame) spoofing DNS with hosts files..."
Previous message: Derek Kwan: "Re: Windows XP RC2"
Maybe in reply to: Dino: "Windows XP RC2"
Next in thread: bugtraq: "Re: Windows XP RC2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 08:58:23 PDT