Vulnerability Development mailing list archives

Re: Windows XP RC2

From: "Dennis McHenry" <ronmch () comports com>
Date: Mon, 20 Aug 2001 20:12:02 -0700

Geez, I'm not much for conspiracy theories, so here goes my rebuttal:

but what is disturbing is take a guess as to what the "default" Time

Server

that gets used???
time.windows.com  !!!

What would you rather that they do?  Better than MS saying to someone "Get
ready for tens-of-millions of hits on your NTP Server...."

Well for every install M$ can monitor/track who is running XP that has a

Net

connection.

Dial-ups kinda screw this theory up, don't you think?  It seems like you're
argument assumes everyone has a static IP, which is far from reality.  NAT
kinda messes that theory up, too (time.microsoft.com will see thousands of
requests coming from x.x.x.x, because that IP translates for an internal
network of a Fortune 100 company, or whatever).  What useful information can
they get from this?  I don't see any value of tracking unique IPs using
their NTP server.  The reregistration process handles people pirating their
software.

If your real paranoid one can think well if the NTP is using
time.windows.com what is stopping M$ from having some hidden app that can

be

communicated to once they grab the IP that queries their time server?!

The market will stop this.  No company in their right mind would put coding
like this into their product.  It relies on one flawed premise, a flaw which
is easily spotted:  "nobody will ever use a packet sniffer and our product."
Besides, they could just have this "Sup3R S3krIt" application phone home.
But they won't.

Microsoft is a multi-billion dollar corporation.  There's one thing that
would stop them from doing this:  turning their company into a penny-stock
by intentionally putting a backdoor into their software.

It's a *feature* (for real!) intended to make their customers (the one's
that made the company into a multi-billion dollar company in the first
place) happy.

Of course I could be wrong, and they may be a front company for the NSA, and
NTP could be a 5uP3R S3krIt project that actually means NSA Tracking
Protocol.

-Dennis

Current thread:

RE: Windows XP RC2, (continued)
- RE: Windows XP RC2 Thomas Reagan (Aug 20)
- Re: Windows XP RC2 Derek Kwan (Aug 20)
  - Re: Windows XP RC2 John Galt (Aug 20)
- Re: Windows XP RC2 bugtraq (Aug 20)
  - Re: Windows XP RC2 Gregory McCann (Aug 20)
  - Re: Windows XP RC2 Dino (Aug 21)
    - Re: Windows XP RC2 Blue Boar (Aug 21)
    - Re: Windows XP RC2 Gregory McCann (Aug 21)
    - Re: Windows XP RC2 herrold (Aug 21)
    - Re: Windows XP RC2 Michel Arboi (Aug 21)
- Re: Windows XP RC2 Dennis McHenry (Aug 20)
  - RE: Windows XP RC2 Dom De Vitto (Aug 21)
    - Re: Windows XP RC2 Jason Legate (Aug 21)
- Re: Windows XP RC2 Christopher McCrory (Aug 21)
- Re: Windows XP RC2 Dimitry Andric (Aug 22)
- RE: Windows XP RC2 Petruzel, Oliver (Aug 20)
- Re: Windows XP RC2 fintler (Aug 23)