Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Microsoft updates documentation on Windows time synchr

from [3APA3A] Network Security [Permanent Link]
Subject: [Full-Disclosure] Microsoft updates documentation on Windows time synchronization
Date: Tue, 24 Aug 2004 13:45:13 +0400 
Dear lists,

  Sorry  for additional noise.

  Microsoft  published  Q884776  "Configuring  the  Windows Time service
  against a large time offset"

  http://support.microsoft.com/default.aspx?scid=kb;en-us;884776

  In  addition to clear description on new registry keys in Windows 2000
  SP4  and  Windows  2003 Microsoft added recommendation to use hardware
  time  source.  Design flaw is currently fixed by documentation. I hope
  finally   MS   will   implement   signing   at   least  for  it's  own
  time.windows.com.

  P.S.  just  to make things clear: Microsoft is one of very few vendors
  who  really  cares  about time synchronisation infrastructure security
  during  operation  system  design.  Even flawed this infrastructure is
  much better than any unimplemented or undocumented infrastructure.

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
                    |/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  A word of caution on the use of suphp, Steven Van Acker
Next by Date:  Re: [Full-Disclosure] [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers, bashis
Previous by Thread:  A word of caution on the use of suphp, Steven Van Acker
Next by Thread:  RE: [Full-Disclosure] Microsoft updates documentation on Windows time synchronization, Nicolas villatte
Indexes:  [Date] [Thread] [Top] [All Lists]