The key here is to step the time a few milliseconds at a time as ntpd has
various sanity checks.
Sent from my iPhone
On Dec 4, 2012, at 3:22 PM, Hal Murray hmur...@megapathdsl.net wrote:
server
___
time-nuts mailing list -- time-nuts@febo.com
To
On 12/3/12 9:59 PM, gary wrote:
I was a bit concerned about clicking the fob for no good reason. I
assume each click is a different number. I only use it for ebay and
paypal. [Incidentally, they jacked the price from $5 to $30.]
The RSA fob doesn't have a button. It just displays a 6 digit
On Dec 3, 2012, at 11:27 PM, Hal Murray wrote:
li...@lazygranch.com said:
Now a phone has accurate network time, so they could get really tricky with
the time as part of the code.
Are you sure?
I don't have a smart phone, but I've heard various war stories of crappy time
keeping.
Some RSA fobs do have a keypad. System prompts you to enter a number on keypad
and you enter the tokencode which is generated. More secure less predictable.
Or you enter a pin and token generates tokencode
Sent from my iPhone
On Dec 4, 2012, at 5:57 AM, Jim Lux jim...@earthlink.net wrote:
NTP servers. A way to hack them is to connect to one with a hostile server with
higher stratum as NTP servers are configured as 'peers'Without the md5 you
can steer a server with md5 the servers just ignore the attacking server
Sent from my iPhone
On Dec 3, 2012, at 7:00 PM, Harlan Stenn
scmcgr...@gmail.com said:
NTP servers. A way to hack them is to connect to one with a hostile server
with higher stratum as NTP servers are configured as 'peers'Without the
md5 you can steer a server with md5 the servers just ignore the attacking
server
It's more complicated than that.
Hi
It's not really clear that people noticed this ….Give it a bump.
Bob
On Dec 4, 2012, at 2:33 AM, Tom Van Baak t...@leapsecond.com wrote:
Please. May we call this thread finished. It's way off topic.
Thanks,
/tvb
___
time-nuts mailing
Hi, I agree,
It's high time to come back to the roots!
73
Arnold, DK2WT
Am 05.12.2012 00:40, schrieb Bob Camp:
Hi
It's not really clear that people noticed this ….Give it a bump.
Bob
On Dec 4, 2012, at 2:33 AM, Tom Van Baak t...@leapsecond.com wrote:
Please. May we call this thread
CDMA requires accurate time information in the air interface as part of
the low level protocol.
From the standards documents I have read, and the BTS devices I
personally have had exposure to, this always comes from GPS.
The air interface for CDMA also includes a local time offset that is
Sorry about this, Tom, but there's some misinformation here.
I wasn't reading this until I saw your posting.
-Original Message-
From: Jim Lux
Sent: Tuesday, December 04, 2012 7:58 AM
On 12/3/12 9:59 PM, gary wrote:
I was meditating a bit on the power grid synchronization. If all the
Is it really off topic? Actually I think it is very boring to talk about
people comparing one 10MHz reference to some other 10MHz refeerence without
ever putting either of them to practical use.
But the question of if it is even possable to spoof time is certainly
related to time keeping, has
On 12/4/12 4:28 PM, Bill Hawkins wrote:
Sorry about this, Tom, but there's some misinformation here.
I wasn't reading this until I saw your posting.
-Original Message-
From: Jim Lux
Sent: Tuesday, December 04, 2012 7:58 AM
On 12/3/12 9:59 PM, gary wrote:
I was meditating a bit on the
One of my favorite things about being in security, (and a researcher in
general), is that we regularly get to say that sounds too hard, what if we
look $HERE instead. So while I catch up on security in the time
synchronization space, I've also been musing on this notion of attacking
the clock. By
security musing - attacking the clock itself
One of my favorite things about being in security, (and a researcher in
general), is that we regularly get to say that sounds too hard, what if we
look $HERE instead. So while I catch up on security in the time
synchronization space, I've also been musing
To: 'Discussion of precise time and frequency measurement'
time-nuts@febo.com
Subject: Re: [time-nuts] Time security musing - attacking the clock itself
Hi
One very basic question might be - is a public list read by millions of
people the right place to dig into this?
The most basic thing you can
...@rtty.us
Sent: Monday, December 03, 2012 11:18 AM
To: 'Discussion of precise time and frequency measurement'
time-nuts@febo.com
Subject: Re: [time-nuts] Time security musing - attacking the clock itself
Hi
One very basic question might be - is a public list read by millions of
people
03, 2012 11:18 AM
To: 'Discussion of precise time and frequency measurement'
time-nuts@febo.com
Subject: Re: [time-nuts] Time security musing - attacking the clock itself
Hi
One very basic question might be - is a public list read by millions of
people the right place to dig
03, 2012 11:18 AM
To: 'Discussion of precise time and frequency measurement'
time-nuts@febo.com
Subject: Re: [time-nuts] Time security musing - attacking the clock itself
Hi
One very basic question might be - is a public list read by millions of
people the right place to dig
] On
Behalf Of Edgardo Molina
Sent: Monday, December 03, 2012 1:11 PM
To: Discussion of precise time and frequency measurement
Subject: Re: [time-nuts] Time security musing - attacking the clock
itself
Dear Erich,
I will allow myself to comment briefly on the RF part of your concerns.
* Random
, December 03, 2012 1:11 PM
To: Discussion of precise time and frequency measurement
Subject: Re: [time-nuts] Time security musing - attacking the clock
itself
Dear Erich,
I will allow myself to comment briefly on the RF part of your concerns.
* Random thought - Can I point a highly
Sent: Monday, December 03, 2012 1:11 PM
To: Discussion of precise time and frequency measurement
Subject: Re: [time-nuts] Time security musing - attacking the clock
itself
Dear Erich,
I will allow myself to comment briefly on the RF part of your concerns.
* Random thought - Can I point
[mailto:time-nuts-boun...@febo.com] On
Behalf Of Erich Heine
Sent: Monday, December 03, 2012 11:30 AM
To: Discussion of precise time and frequency measurement
Subject: [time-nuts] Time security musing - attacking the clock itself
One of my favorite things about being in security, (and a researcher
Or you just hack the SCADA. Far nastier.
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
sophac...@gmail.com said:
So what I am trying to understand today is ways we can affect the
reliability of the clock, having affects on everything mentioned above.
There is a big overlap between maliciously attacking the clock and the clock
doing something crazy due to bugs in hardware,
On 12/3/12 9:32 AM, dlewis6767 wrote:
I agree, Bob.
Like the billboard on the side of the highway says: - Does Advertising
Work? JUST DID -
The bad guys can read this list same as the good guys.
Security through obscurity never works in the long run. Much better to
discuss
: Mon, 03 Dec 2012 15:45:24
To: time-nuts@febo.com
Reply-To: Discussion of precise time and frequency measurement
time-nuts@febo.com
Subject: Re: [time-nuts] Time security musing - attacking the clock itself
On 12/3/12 9:32 AM, dlewis6767 wrote:
I agree, Bob.
Like the billboard on the side
I think this class of attack would be directed along the order of financial
crimes or industrial espionage where you want to hide the audit trail or
convince a database that the update is legitimate
We really need to think more about the secure distribution of time products
In the past in
On Mon, Dec 3, 2012 at 4:51 PM, Scott McGrath scmcgr...@gmail.com wrote:
We really need to think more about the secure distribution of time products
Is NTP not secure. I know it can be secured but I think in practice people
disable passwords.
--
Chris Albertson
Redondo Beach,
NTP is not secure in nature. MD5 key exchange between client and server is the
only secure feature up to now, for the client to be sure that he/she is getting
a correct time sync to the desired server. On the other side if the server does
not receive a matching MD5 key, it will simply ignore
li...@lazygranch.com said:
I have one of those key fobs. Does the code somehow inform the power the be
about the drift in the built in clock? Or is the time element of the code so
sloppy that the drift is acceptable?
The magic number changes every second or so. You only have to scan a few
albertson.ch...@gmail.com said:
Is NTP not secure. I know it can be secured but I think in practice people
disable passwords.
The default in most distributions and most servers is no crypto. So it's not
that anybody disables authentication but doesn't go through all the work to
enable it.
What is the 'thing' being secured?
H
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
xe1...@amsat.org said:
On the other hand PTP is evolving to be a future protocol for time transfer.
Nowadays it is superior than NTP in the LAN environment.
Superior is an interesting word.
I'm not familiar with the details of current PTP implementations. I am
reasonably familiar with the
On 12/3/12 6:34 PM, Hal Murray wrote:
li...@lazygranch.com said:
I have one of those key fobs. Does the code somehow inform the power the be
about the drift in the built in clock? Or is the time element of the code so
sloppy that the drift is acceptable?
The magic number changes every second
jim...@earthlink.net said:
The question is: Can I distribute timing information through a network
reliably
I think so. The better question is how accurately?
Assume client and server share a secret key and the server is trustworthy.
Assume the protocol allows the client to put a magic
I was a bit concerned about clicking the fob for no good reason. I
assume each click is a different number. I only use it for ebay and
paypal. [Incidentally, they jacked the price from $5 to $30.]
Now a phone has accurate network time, so they could get really tricky
with the time as part of
On Tue, Dec 4, 2012 at 1:59 PM, gary li...@lazygranch.com wrote:
Things were going OK but then I heard a nasty sound and the lights
flickered a bit. It turns out some curious students wanted to see what
happened if the generator and mains were out of phase. Well, the mains wins.
Been there,
li...@lazygranch.com said:
Now a phone has accurate network time, so they could get really tricky with
the time as part of the code.
Are you sure?
I don't have a smart phone, but I've heard various war stories of crappy time
keeping.
I assume the time was coming from an ap rather than the
All my blackberries synced to the network. I presume all phones do this.
I still have an Android HTC G2 that has a NTP app, not that it ever worked!
On 12/3/2012 10:27 PM, Hal Murray wrote:
li...@lazygranch.com said:
Now a phone has accurate network time, so they could get really tricky
Please. May we call this thread finished. It's way off topic.
Thanks,
/tvb
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/04/2012 04:44 AM, Hal Murray wrote:
PTP is basically making the network transit times more accurate
than symmetrical by measuring them. Each box that processes a
packet updates the packet with the processing/queuing delays.
I think
41 matches
Mail list logo