lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1486825617.20040824134513@SECURITY.NNOV.RU>
From: 3APA3A at SECURITY.NNOV.RU (3APA3A)
Subject: Microsoft updates documentation on Windows time synchronization

Dear lists,

  Sorry  for additional noise.

  Microsoft  published  Q884776  "Configuring  the  Windows Time service
  against a large time offset"

  http://support.microsoft.com/default.aspx?scid=kb;en-us;884776

  In  addition to clear description on new registry keys in Windows 2000
  SP4  and  Windows  2003 Microsoft added recommendation to use hardware
  time  source.  Design flaw is currently fixed by documentation. I hope
  finally   MS   will   implement   signing   at   least  for  it's  own
  time.windows.com.

  P.S.  just  to make things clear: Microsoft is one of very few vendors
  who  really  cares  about time synchronisation infrastructure security
  during  operation  system  design.  Even flawed this infrastructure is
  much better than any unimplemented or undocumented infrastructure.

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
                    |/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ