SoylentNews

ticho [soylentnews.org] writes:

Securityweek has an article [securityweek.com] about a presentation at the Hack in the Box (HITB) conference this week, where Yuwei Zheng and Haoqi Shan of China-based security firm Qihoo360 showed how a remote attacker can shift time on a stratum 1 NTP server by wirelessly sending it forged radio time signals.

Shifting time on an NTP server can have serious consequences — it allows attackers not only to damage or disrupt systems, but also to authenticate to services using expired credentials, bypass HTTP STS and certificate pinning, and cause TLS clients to accept revoked or expired certificates.

Direct link to the presentation PDF [hitb.org].

Original Submission