Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.

New Attacks on Network Time Protocol can Defeat HTTPS and Create Chaos

posted by martyb on Thursday October 22 2015, @10:44PM   Printer-friendly
from the does-anyone-really-know-what-time-it-is? dept.

darkfeline writes:

http://arstechnica.com/security/2015/10/new-attacks-on-network-time-protocol-can-defeat-https-and-create-chaos/

Ars Technica reports on a vulnerability where unencrypted Network Time Protocol (NTP) traffic can be exploited by man-in-the-middle attacks to arbitrarily set the times of computers to cause general chaos and/or carry out other attacks, such as exploiting expired HTTPS certificates.

While NTP clients have features to prevent drastic time changes, such as setting the date to ten years in the past, the paper on the attacks presents various methods for bypassing these protections.

There is a pdf of the report available.

Original Submission

 
This discussion has been archived. No new comments can be posted.
New Attacks on Network Time Protocol can Defeat HTTPS and Create Chaos | Log In/Create an Account | Top | 19 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Informative) by Snospar on Friday October 23 2015, @07:25AM

    by Snospar (5366) Subscriber Badge on Friday October 23 2015, @07:25AM (#253523)

    Interesting post, but this made me chuckle:

    Ever wonder how a school keeps all the clocks on the wall synced?

    All the schools I've been in had clocks that were synched manually, by a janitor on a ladder, twice a year when entering and leaving "daylight saving time". The rest of the year drift could be measured in minutes (if you were lucky) and some clocks were so inaccessible they were an hour out for half the year!

    --
    Huge thanks to all the Soylent volunteers without whom this community (and this post) would not be possible.
    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Total Score:   2  

  • (Score: 2, Informative) by mystik on Friday October 23 2015, @11:50AM

    by mystik (3627) on Friday October 23 2015, @11:50AM (#253568)

    There's also a time sync service from the utility, at least in the USA.

    https://en.wikipedia.org/wiki/Utility_frequency#Long-term_stability_and_clock_synchronization [wikipedia.org]

    In my elementary school, when I was a young'un a few times a year, the wall clocks in every classroom would start audibly buzzing. the hands would advance until it reached 12:00, and then all at once, stop buzzing, and resume telling time normally. I'm pretty sure that was a mechanism of this function, the clocks were all resetting due to maintain consistency with the classroom bells.

    --
    Why aren't you encrypting your mail?