Or you just hack the SCADA. Far nastier.

I think this class of attack would be directed along the order of financial crimes or industrial espionage where you want to hide the audit trail or convince a database that the update is legitimate We really need to think more about the secure distribution of time products In the past in prior incarnations I have offered multiple time products some secure others not Sent from my iPhone On Dec 3, 2012, at 5:22 PM, lists@lazygranch.com wrote: > Or you just hack the SCADA. Far nastier. > > > > _______________________________________________ > time-nuts mailing list -- time-nuts@febo.com > To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts > and follow the instructions there.

On Mon, Dec 3, 2012 at 4:51 PM, Scott McGrath <scmcgrath@gmail.com> wrote: > > > We really need to think more about the secure distribution of time products > Is NTP not secure. I know it can be secured but I think in practice people disable passwords. -- Chris Albertson Redondo Beach, California

NTP is not secure in nature. MD5 key exchange between client and server is the only secure feature up to now, for the client to be sure that he/she is getting a correct time sync to the desired server. On the other side if the server does not receive a matching MD5 key, it will simply ignore the petition. Beside that, NTP is a connectionless UDP service, it is based in the open exchange of data, not establishing a session like other protocols that use TCP. This eases the transfer of information but makes it difficult to set controls to the process. On the other hand PTP is evolving to be a future protocol for time transfer. Nowadays it is superior than NTP in the LAN environment. Regards, Edgardo Molina Dirección IPTEL www.iptel.net.mx T : 55 55 55202444 M : 04455 10045822 Piensa en Bits SA de CV Información anexa: CONFIDENCIALIDAD DE INFORMACION Este mensaje tiene carácter confidencial. Si usted no es el destinarario de este mensaje, le suplicamos se lo notifique al remitente mediante un correo electrónico y que borre el presente mensaje y sus anexos de su computadora sin retener una copia de los mismos. Queda estrictamente prohibido copiar este mensaje o hacer usode el para cualquier propósito o divulgar su en forma parcial o total su contenido. Gracias. NON-DISCLOSURE OF INFORMATION This email is strictly confidential and may also be privileged. If you are not the intended recipient please immediately advise the sender by replying to this e-mail and then deleting the message and its attachments from your computer without keeping a copy. It is strictly forbidden to copy it or use it for any purpose or disclose its contents to any third party. Thank you. On Dec 3, 2012, at 7:36 PM, Chris Albertson <albertson.chris@gmail.com> wrote: > On Mon, Dec 3, 2012 at 4:51 PM, Scott McGrath <scmcgrath@gmail.com> wrote: > >> >> >> We really need to think more about the secure distribution of time products >> > > Is NTP not secure. I know it can be secured but I think in practice people > disable passwords. > > > > -- > > Chris Albertson > Redondo Beach, California > _______________________________________________ > time-nuts mailing list -- time-nuts@febo.com > To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts > and follow the instructions there.