Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 20 million monthly users. It takes less than a minute. Get new users downloading your project releases today!
As it's stateless UDP, there's not much of a connection to the proper server. All you need to do is send the appropriate source and destination ports and IP address and you're good. It would involve waiting for an outgoing request and then sending spoofed packets that look like they are a reply. The one with the right ports will be allowed through the firewall as it looks like a reply.
I'd always thought they were expensive, specialist devices, but it looks like you can get pci express cards for laptops quite cheaply. I'd imagine you'd want to position the aerial outside of a server room though.
Thanks for your translation, it's most helpful. I don't see why you need to seize control of a server to spoof a response as spoofing implies that you're faking the response so it looks like it's come from the respective server.
Okay, not an open port, but if you request a time update wouldn't an attacker be able to respond with a spoofed malicious packet? By sending out a request, the (stateful) firewall will usually allow a response back. I'm not an expert, so I'd be interested to see if someone more knowledgeable could explain that in more detail.
Yes, but often the easiest way to set up a time server is to sync with a time server on the internet (e.g. ntp.pool org). As far as I can tell, a big reason for people to use NTP is that they don't have a reliable atomic clock of their own, so they sync with other people who do.
I hadn't spotted the "restrict... noquery" mitigation (which luckily I already had in place), but wouldn't servers still be susceptible to spoofed packets from one of the trusted servers?
If you close all your NTP ports you're not going to be able to sync with a time source on the internet. Once you allow responses to your NTP queries, then you can be spoofed and compromised.
This is a major bug in NTPd, so if you're using it on Linux, you'll want to patch it too (or switch to openNTP which isn't affected). The big problem is that it can be exploited with a single (specially crafted) UDP packet, so it's easy for malicious actors to probe lots of machines with very little overhead.
This is a major bug in NTPd, so if you're using it on Linux, you'll want to patch it too (or switch to openNTP which isn't affected). The big problem is that it can be exploited with a single (specially crafted) UDP packet, so it's easy for malicious actors to probe lots of machines with very little overhead.
mpicpp writes: It's the first time OS X's auto-patcher has been used.
Most OS X security updates are issued alongside other fixes via the Software Update mechanism, and these require some kind of user interaction to install—you've either got to approve them manually or tell your Mac to install them automatically. Apple does have the ability to quietly and automatically patch systems if it needs to, however, and it has exercised that ability for the first time to patch a critical flaw in the Network Time Protocol (NTP) used to keep the system clock in sync.
This security hole became public knowledge late last week. When exploited, the NTP flaw can cause buffer overflows that allow remote attackers to execute code on your system. If you allow your system to "install system data files and security updates" automatically (checked by default), you've probably already gotten the update and seen the notification above. If not, Mountain Lion, Mavericks, and Yosemite users should use Software Update to download and install the update as soon as possible. The flaw may exist in Lion, Snow Leopard, and older OS X versions, but they're old enough that Apple isn't providing security updates for them anymore.
While this was the first time this particular auto-update function has been used, Apple also automatically updates a small database of malware definitions on all Macs that keeps users from installing known-bad software. That feature, dubbed "XProtect," was introduced in Snow Leopard in response to the Mac Defender malware and has since expanded to include several dozen items
