SoylentNews is people
SoylentNews
posted by
martyb
on Thursday October 22 2015, @10:44PM
from the does-anyone-really-know-what-time-it-is? dept.
from the does-anyone-really-know-what-time-it-is? dept.
Ars Technica reports on a vulnerability where unencrypted Network Time Protocol (NTP) traffic can be exploited by man-in-the-middle attacks to arbitrarily set the times of computers to cause general chaos and/or carry out other attacks, such as exploiting expired HTTPS certificates.
While NTP clients have features to prevent drastic time changes, such as setting the date to ten years in the past, the paper on the attacks presents various methods for bypassing these protections.
There is a pdf of the report available.
This discussion has been archived.
No new comments can be posted.
New Attacks on Network Time Protocol can Defeat HTTPS and Create Chaos
|
Log In/Create an Account
| Top
| 19 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Q: How do you catch a unique rabbit?
A: Unique up on it!
Q: How do you catch a tame rabbit?
A: The tame way!
(Score: 2, Informative) by mystik on Friday October 23 2015, @11:50AM
There's also a time sync service from the utility, at least in the USA.
https://en.wikipedia.org/wiki/Utility_frequency#Long-term_stability_and_clock_synchronization [wikipedia.org]
In my elementary school, when I was a young'un a few times a year, the wall clocks in every classroom would start audibly buzzing. the hands would advance until it reached 12:00, and then all at once, stop buzzing, and resume telling time normally. I'm pretty sure that was a mechanism of this function, the clocks were all resetting due to maintain consistency with the classroom bells.
Why aren't you encrypting your mail?