Ars Technica reports on a vulnerability where unencrypted Network Time Protocol (NTP) traffic can be exploited by man-in-the-middle attacks to arbitrarily set the times of computers to cause general chaos and/or carry out other attacks, such as exploiting expired HTTPS certificates.
While NTP clients have features to prevent drastic time changes, such as setting the date to ten years in the past, the paper on the attacks presents various methods for bypassing these protections.
There is a pdf of the report available.
(Score: 3, Informative) by chrysosphinx on Friday October 23 2015, @12:45AM
Both methods you suggest are still exploitable. The first one is just heuristic expecting mim attacks are nonlocal, the second one is even worse since it can prevent recovery from attacks.
(Score: 2) by frojack on Friday October 23 2015, @02:31AM
The first one is just heuristic expecting mim attacks are nonlocal,
This method is actually built into most ntp clients.
The client will arbitrarily toss out the Outliers and select the most reliable of the rest.
No, you are mistaken. I've always had this sig.
(Score: 2, Interesting) by xav on Friday October 23 2015, @01:06PM
I'm under the impression you didn't understand chrysosphinx's answer, pardon me if I'm wrong.
With a local MitM attack, all responses from all NTP servers can be manipulated, and they will all appear to be in agreement.