lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: poof at fansubber.com (Poof)
Subject: Windows Time Synchronization - Best Practices

Well, while this is a reaching link


Server 1 and Server 2 have different times and some vital program becomes
open to tampering when not synced.

(Computer that controls clock-ins says that Person A clocked in an hour
before they did. Clocks get corrected and the user gets an extra hour of
work they didn't do on their paychecks... A DoS if Person A times this
correctly.)

Sorry, I suck at examples. *gets ready to delete his own email when(if) it
arrives*

~

________________________________________
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Richard Stevens
Sent: Tuesday, October 19, 2004 10:22 AM
To: Bernardo Santos Wernesback; full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] Windows Time Synchronization - Best Practices

Why FD? What is the direct security implications of this?
?
I'm sure someone can construct a rather tenuous link, but really....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ