Network Time Foundation publishes NTP 4.2.8p10, with security, bug and information fixes, and enhancements As part of the Mozilla Foundation’s Secure Open Source (SOS) program they conducted a security audit of the NTP codebase. This release addresses the issues found along with a zero origin security bug. NTF’s Network Time Protocol (NTP) Project released ntp-428p10… Read More
Denial-of-service attack
Network Time Foundation Publishes NTP 4.2.8p9
Network Time Foundation publishes NTP 4.2.8p9, with security, bug fixes, and enhancements NTF’s Network Time Protocol (NTP) Project released ntp-4.2.8p9 on 21 November 2016, its first update since ntp-4.2.8p8 was released in June. The latest version addresses the following: 1 HIGH severity vulnerability that only affects Windows 2 MEDIUM severity vulnerabilities 2 MEDIUM/LOW severity vulnerabilities… Read More
NTP Security Issues as Big Move Looms
Harlan Stenn Tackles NTP Security Issues as Big Move Looms 28March2016 – InformationWeek – by Charles Babcock There’s not a business in existence today whose operations don’t rely on the Network Time Protocol (NTP). Harlan Stenn is the chief maintainer of NTP. In the past year, security researchers have raised a number of concerns about… Read More
BBC Technology News: Hack attacks battled by net’s timekeepers
Harlan was quoted in BBC Technology News today, if you haven’t read the entire article, take a moment to do so below: A massive worldwide effort is under way to harden the net’s clocks against hack attacks. The last few months have seen an “explosion” in the number of attacks abusing unprotected time servers, said… Read More
NTP and the Winter of 2013 Network DRDoS Attacks
There’s been a fair amount of attention paid lately to the role of misconfigured NTP servers in the recent “network flooding attacks”. Much of the information in these reports is correct. Some parts are incomplete or inaccurate. Some History Over the centuries different groups of people have had the need for knowing the accurate time… Read More