Ars Technica reports on a vulnerability where unencrypted Network Time Protocol (NTP) traffic can be exploited by man-in-the-middle attacks to arbitrarily set the times of computers to cause general chaos and/or carry out other attacks, such as exploiting expired HTTPS certificates.
While NTP clients have features to prevent drastic time changes, such as setting the date to ten years in the past, the paper on the attacks presents various methods for bypassing these protections.
There is a pdf of the report available.
(Score: 2) by Lagg on Friday October 23 2015, @01:33PM
I'd totally ask you for prices if I hadn't gotten rid of my last serial port boards. Have been interested in self-sufficient time sources for a while now
http://lagg.me [lagg.me] 🗿