Title | NTP Servers Exposed to Long-Distance Wireless Attacks | |
Date | Saturday May 28 2016, @06:55PM | |
Author | martyb | |
Topic | ||
from the time-out! dept. |
Securityweek has an article about a presentation at the Hack in the Box (HITB) conference this week, where Yuwei Zheng and Haoqi Shan of China-based security firm Qihoo360 showed how a remote attacker can shift time on a stratum 1 NTP server by wirelessly sending it forged radio time signals.
Shifting time on an NTP server can have serious consequences — it allows attackers not only to damage or disrupt systems, but also to authenticate to services using expired credentials, bypass HTTP STS and certificate pinning, and cause TLS clients to accept revoked or expired certificates.
Direct link to the presentation PDF.
Links |
printed from SoylentNews, NTP Servers Exposed to Long-Distance Wireless Attacks on 2024-04-19 21:40:01