The Network Time Protocol (IETF RFC1305)
Certichron announced today the availability of a new Layer-2 VLAN based UTC(NIST) timescale distribution service, one which runs across the entire New York New Jersey Trading Center framework. The timing service called a timing Loop, is Certichron’s second one in NY/NJ and is tuned for Securities specific needs. The Loop-2 service is a next generation
Newly attested design flaw with NTP: Autrokey Vulnerability The NTP Protocol Development Team is in the middle of something you may find interesting from a regulatory compliance and operations standpoint. It is based on a formal notice of a design vulnerability of the NTP AutoKEY Authentication schema which very probably opens that system to question
Overview ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. Impact CVSS Severity (version 2.0): CVSS
CERT Alert for NTP Versions before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled. This directly impacts PCI DSS compliance practices using NTP with OpenSSL and autokey to identify end-nodes in NTP service topologies. CERT 2009-1252
Certichron and MeinbergUSA announce partnership to market Certichron’s CertifiedTime services atop Meinberg’s precision timekeeping systems!
PCI DSS – 10.4 Compliance Alert – NTP Flaws require immediate attention.