| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1486825617.20040824134513@SECURITY.NNOV.RU>
Date: Tue, 24 Aug 2004 13:45:13 +0400
From: 3APA3A <3APA3A@...URITY.NNOV.RU>
To: bugtraq@...urityfocus.com, NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM,
full-disclosure@...ts.netsys.com
Subject: Microsoft updates documentation on Windows time synchronization
Dear lists,
Sorry for additional noise.
Microsoft published Q884776 "Configuring the Windows Time service
against a large time offset"
http://support.microsoft.com/default.aspx?scid=kb;en-us;884776
In addition to clear description on new registry keys in Windows 2000
SP4 and Windows 2003 Microsoft added recommendation to use hardware
time source. Design flaw is currently fixed by documentation. I hope
finally MS will implement signing at least for it's own
time.windows.com.
P.S. just to make things clear: Microsoft is one of very few vendors
who really cares about time synchronisation infrastructure security
during operation system design. Even flawed this infrastructure is
much better than any unimplemented or undocumented infrastructure.
--
http://www.security.nnov.ru
/\_/\
{ , . } |\
+--oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
|/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists