[Cialug] Interesting NTP article in ACM TechNews
Matt
matt at itwannabe.com
Sat Oct 24 13:53:14 CDT 2015
Sorry for letting such a huge text wall through. I read the NTP article in the list's web interface (the list manager had blocked the message for being larger than 80KB, which happens from time to time), and I didn't pay attention to the scrollbar, so I didn't see that this message was so enormous.
I would have edited it if I had been paying attention. :/
-- Matt (N0BOX)
Sent from my <advertisement for worthless mobile product>
> On Oct 23, 2015, at 12:12 PM, Andrew Denner <linux-list at upeke.com> wrote:
>
> Since we were just talking about NTP, I thought this was good timing from
> the ACM...
>
> *Researchers Warn Computer Clocks Can Be Easily Scrambled*
> *IDG News Service (10/21/15) Jeremy Kirk*
>
> The Network Time Protocol (NTP) has exploitable flaws that could undermine
> encrypted messages, according to Boston University researchers. They cite
> NTP's rate-limiting mechanism, which can stop a computer from repeatedly
> checking the time in the event of a technical hitch. The researchers
> discovered the possibility of hackers spoofing such a packet so it appears
> to originate from a system in trouble when it actually is not. "We
> discovered the...vulnerability by just reading the specifications of the
> [NTP] protocol," notes Boston University professor Sharon Goldberg. The
> researchers say all a hacker would need to conduct the spoofing attack is
> one computer that finds NTP clients using network scanners such as nmap and
> zmap. Goldberg says the attack is partly enabled by the fact that most NTP
> servers talk to clients without encrypting their communications, due to the
> lack of a key exchange protocol. Sinister implications of a computer clock
> being rolled back include accepting an expired SSL/TLS certificate for
> which the hacker has the encryption key. Other flaws the researchers
> exposed include one that could allow a denial-of-service attack, and
> another that permits attackers to shift a computer's clock backwards or
> forwards on reboot.
> View Full Article
> <http://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_5-e3b3x3d5ffx025184&>
>
>
More information about the Cialug
mailing list