The Windows community has begun to wake up to the fact that their XP
boxes are 'phoning home' -- I posted this is the Security Focus
Vulnerability Devel list earlier today.
-- Russ
---------- Forwarded message ----------
Date: Tue, 21 Aug 2001 12:41:17 -0400 (EDT)
From: herrold <herrold@owlriver.com>
To: Dino <slayer67@apk.net>
Cc: vuln-dev@securityfocus.com
Subject: Re: Windows XP RC2
On Tue, 21 Aug 2001, Dino wrote:
> I added time.windows.com to a 3rd party NTP app and it could not get the
> time from time.windows.com.
> I tried it on Unix also and it did not work either ;)
>
> Maybe there timeserver is not RF868 compliant or just typical MS-centric?
There is the old saw about "Never attribute to malice that which
may be explained by ignorance" ...
If one were writing an information gathering tool, why not use a
'two for one' approach -- Serve up known non-forged timestamps for
time limited software such as leased applications; AND gather
information as to the serial numbers, etc. on a remote host, using a
variant of a protocol which supports encrypted exchanges (NTP)
[Think MS Kerberos and its 'extension' use of a open field].
The result might be that one's customers cannot sniff the meaning of
a stream without having the (concealed) private key and full spec
[Think GUID's].
I do not believe that the people paid by Microsoft to sit around and
devise a method to implement .NET are ignorant. The old saw is
inapposite here.
... not being paranoid, but not making assumptions. either ...
-- Russ Herrold
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:54:20 EDT