Daily Archives: Sunday, October 25, 2015

  • NTP updated to counter attacks

    NTP graphicIt’s that time of year again when summer daylight saving time has just ended in Europe and the developers of the NTP time synchronisation service are responding to a series of new attacks with an update, German IT news site heise reports. With these attacks communication between servers and clients can be manipulated so that the clients receive the incorrect time or no time at all.

    The reference implementation of the NTP time server service is now version 4.2.8p4, with which the developers have closed 13 security holes, including a series of vulnerabilities which four Boston University researchers describe in detail in a research paper (PDF). The researchers succeeded in finding several ways of attacking the time service, including preventing clients of the service from using it, also known as a Denial of Service (DoS) attack and providing them with the wrong time under certain circumstances.

    NTP is used to synchronise the local clocks of all kinds of computers via the network. Various providers make different servers available which a client can query for the current clock time. Nearly all modern operating systems adjust this unnoticed in the background. Nevertheless, there have been attacks in the past on software implementations of this system and on the NTP protocol itself.

    Kiss of death

    Two of the new attacks are characterised mainly by the fact that the attacker does not need to hook up to the connection between client and server as a “man in the middle“. Both kinds of DoS attack take advantage of the so-called “Kiss o’ Death” (KoD) packet to cripple communication between the client and server. The KoD packet tricks the client into thinking that a NTP server is very busy or overloaded and the client should send fewer queries.

    Attackers can now fake packets for all services which a client normally queries for its time; and do so in such a way that the client doesn’t update its internal clock for months or even years on end. The elegant thing about this hack is that the attacker only needs to send very few packets. In the second attack possibility described by the researchers the attacker must fake many client requests and thus force the server to silence the client with KoD packets. This also results in the client no longer updating its clock.

    Both holes (CVE-2015-7704 and CVE-2015-7705) have been plugged in the new version of NTP.

    Time shift

    With 2 further attack methods the researchers succeeded in foisting incorrect clock times on clients. Clients should normally ignore times which differ by more than 1,000 seconds from their system time – the so-called “Panic Threshold“. However, in many configurations this does not apply to NTP queries sent immediately after a reboot of the client. Their system times can therefore be manipulated almost at will if they can be forced to reboot. Cryptography operations can be gerrymandered or DoS attacks conducted on the software running on the client with such a manipulation.

    The intentional fragmentation of IPv4 packets can also be abused to confound a client’s time queries and foist an incorrect time on it. However, this method is very fiddly and the researchers did not want to test in the the wild since it uses the techniques of the decades-old Teardrop attacks and can crash old operating systems. This problem with overlapping TCP/IP packets is not a specific error of the NTP protocol, but of the underlying operating systems.

    Admins should patch NTP

    The Boston University researchers discovered the security holes on 20th August. Their paper has only been published now to give the NTP developers time to plug the holes. The researchers are recommending that admins running NTP servers update them as quickly as possible to version 4.3.8p4.

    Reposted from Bristol Wireless.

  • Translator tampered with meeting minutes

    image of a footballIt’s been an open secret for many years that FIFA – the international governing body for football – has been as reliable as a nine pound note.

    Following the departure from its HQ building by disgraced president Sepp Blatter, further details of malpractice in FIFA’s governance are now coming to light.

    Yesterday’s Daily Mail reported some of this fall-out under the headline “FIFA translator: I was told several times to doctor records of ExCo meetings“.

    According to the Mail, FIFA are investigating claims that a junior member of staff was told to falsify official records of FIFA’s meetings of its Executive Committee (ExCo) between 2001 and 2010.

    Former FIFA employee Scott Burnett first worked as a translator and then as an assistant to FIFA Secretary General Jerome Valcke, who like Blatter, is currently suspended.

    Mr Burnett dropped his bombshell via 3 tweets, as follows.

    Tweet no. 1:

    I wrote the minutes of FIFA ExCo meetings from 2001 to 2010. During that period, I was instructed several times to misrepresent discussions.

    Tweet no. 2:

    The instructions to misrepresent meetings came from the President’s office among others.

    Tweet no. 3:

    I did not share this information before because I was concerned about the repercussions and I did not know who to trust within FIFA circles.

    We linguists – irrespective of whether we work as translators or interpreters or both – deal regularly with privileged and confidential information. This is why I rarely discuss the content of my work in public. As such, I have great sympathy for Mr Burnett since being told to falsify records must clearly have conflicted with that inbuilt sense of integrity which all linguists need to do their jobs.

    Mr Burnett is no longer employed by FIFA and currently volunteers to support grassroots football.

  • Chronological capers

    At 2.00 a.m. this morning British Summer Time (BST) came to an end, the clocks were turned back one hour and the UK reverted to Greenwich Mean Time (GMT) and evenings that get dark earlier.

    This for me marks the gloomiest time of year – at least until we’re over the winter solstice and the day of least daylight!

    However, the changing of the clocks is a major job for some. For instance, for the curators of the Palace of Westminster’s Great Clock (which bongs Big Ben. Ed.), the process involves careful precision and split-second timing. As well as re-setting the time, it gives them an opportunity to make close inspection of the clock mechanism as part of a rolling maintenance programme. The process is described in detail on the UK Parliament website.

    On a lighter note, the Stonehenge Twitter account decided to have some fun with the change, as shown by the following screenshot.

    Stonehenge UK tweet with image showing scientists repositioning the stones for the end of BST