RE: Windows XP RC2

["Thomas Reagan" <treagan () interactiveedge com>]

Well, since Windows >2000 uses Kerberos, maintaining a time synchronization
is essential.  If clients/servers are more than 5 minutes apart, Kerberos
will not function.  I know that by default Win2k clients grab their time
from DC's, but I don't know what the escalation procedures are for XP.  This
is a good thing in a business, and the security risk is minor for home
users.

True, MS could be profiliing people based on NTP connections, but this is
probable better than releasing millions of copies of software that all point
at US Gov. servers.  The load on that machine must be fairly serious
already; all those XP clients might break it.

--Tom

-----Original Message-----
From: Dino [mailto:slayer67 () apk net]
Sent: Monday, August 20, 2001 6:37 AM
To: vuln-dev () securityfocus com
Subject: Windows XP RC2


Well I am not sure if you would consider this a bug, incident, monitoring or
a feature, but in Windows XP RC2 that we loaded this weekend
I noticed that M$ has Network Time Client built to keep correct time.

This is good so that we do not have to grab a 3rd party app and install it,
but what is disturbing is take a guess as to what the "default" Time Server
that gets used???

time.windows.com  !!!


Well for every install M$ can monitor/track who is running XP that has a Net
connection.
Yes you can simply pick another like my favorite
"time-a.timefreq.bldrdoc.gov" and all is well, but that average user wont
know this and may not even care, but they should ;)

If your real paranoid one can think well if the NTP is using
time.windows.com what is stopping M$ from having some hidden app that can be
communicated to once they grab the IP that queries their time server?!

Thanks for listening

Dino