by dddddaviddddd on 8/16/23, 6:11 PM with 162 comments
by londons_explore on 8/16/23, 8:40 PM
Set up a bunch of servers all over the internet with innocuous web pages. Get all of them to include in their SSL headers the exact identical timestamp of July 5th 1998.
Then get the user to connect to all those domains (eg. with a page with a bunch of iframes).
The Secure Time service will see that lots of remote servers all agree with high confidence that the date is July 5th 1998. So the system clock gets set to then.
Then you use a leaked yet expired cert (or maybe one signed with a broken algorithm) to impersonate an update server or steal valuable cookies/tokens.
Expired certs typically fall out the back of revocation systems too - so it really is just the expiry date/time that protects against their use.
by jmuguy on 8/16/23, 7:17 PM
by JohnFen on 8/16/23, 7:49 PM
To address the issue they were trying to address (what happens when a mission critical server's RTC malfunctions or the battery dies?), Windows should treat it no differently than any other hardware malfunction in a mission-critical server: raise an alarm so a system operator can take a look and address the issue.
by yetanotherloss on 8/16/23, 7:07 PM
Or just accept that absent NTP, w32time maybe just shouldn't try to set the clock to whatever a circus clown tells it?
This sort of reminds me how there is a buried registry setting to tell w32time to not place the firmware clock at very high stratum in the time sources list which also is just a giant WTF in how those two behaviors were decided on.
by nneonneo on 8/16/23, 8:14 PM
In any case, it seems like a poor solution especially given that random timestamps can occasionally look valid (they’re random!).
The problem they’re trying to solve seems to be to obtain a trustworthy timestamp in the presence of a potentially hostile network - one that could be presenting expired, cracked certificates for every connection to arbitrarily tamper with all SSL connections. It’s not a trivial problem, for sure, but resetting perfectly valid clocks using this algorithm seems like a strict downgrade….
by przemeq on 8/16/23, 7:09 PM
by gorkish on 8/16/23, 8:27 PM
by spartanatreyu on 8/16/23, 11:47 PM
The story takes place in a future African megacity before, during, and after an alien invasion. Part of the game's story is shown from an AI's perspective who controls the city's operations trying to evacuate the Human survivors.
Whenever the story is shown through the AI's perspective, you can see an overlay of the AI's working memory including which suburb's cameras are being monitored, the emotional state of the AI, and the current running timestamp.
Some of the aliens end up withdrawing from within the city by making an FTL jump which causes extreme localised time dilation.
Immediately afterwards, the timestamp in the AI's working memory is frozen because it's not sure what the exact timestamp is anymore, each system it connects to gives it a slightly different time depending on how close it was to the FTL event.
It guesses a likely time and uses that until sometime later it is able to reconnect with other unaffected human networks and resumes the correct timestamps.
This time heuristic was shown in the game, but also makes an appearance of sorts in the announcement trailer (seen in the bottom right): https://www.youtube.com/watch?v=WroxHMo6B_k
by mlichvar on 8/16/23, 7:27 PM
by nicolaslem on 8/16/23, 6:58 PM
One of the annoying consequences is that some parts of the system decide to clean up "old" data. Surely data that has been stale for 50 years can be deleted, right? I cannot imagine the impact of something similar happening on a production server.
by zokier on 8/16/23, 7:30 PM
by toast0 on 8/16/23, 6:51 PM
I've seen other services that use https to bootstrap time in case other clocks are unavailable or suspect (or use a limited expiration certificate to authenticate!), it's a bit difficult because you have to ignore or postpone checking certificate expiration when validating the x.509 certificates, parse the http date header, and then presumably check that the date provided is within the time the certificates involved are valid.
[1] https://datatracker.ietf.org/doc/html/draft-mathewson-no-gmt...
by HankB99 on 8/16/23, 9:21 PM
(*) I suppose this does not work as well on Mars. I suspect that the time on the various extra-planetary vehicles is tied to earth time but would not work so well if Mars were ever colonized.
by Terr_ on 8/16/23, 9:40 PM
Since it's fun to imagine (and then find flaws in proposals) here's an idea for y'all:
1. If the device reaches out to a dozen servers at different usually-trustable domains (e.g. microsoft.com, nist.gov) and they _all_ have "expired" certificates, that becomes a sign that My Local Time Is Unreliable. (Or that the machine is being booted up by an attacker who has connected it to a fake micro-internet.)
2. The Windows device contains a cert or public key which does not auto-expire based on clock-time, but is only replaced as a side-effect of OS patches. This cert/key exists for one specific purpose, allowing it to securely get a time from an MS time fallback server. Such a server would not normally be queried, and can have very relaxed performance/accuracy/uptime requirements. It could literally just be a GET call returning a epoch integer.
3. This way the client system can bootstrap up to something close-enough-to-current that the regular NTP process can be completed for a more-precise time.
Obviously this can fail if the attacker injects a fake cert/key into the machine... but at that point isn't it Game Over anyway? The same attacker could just put in their own certificate authority for any service.
It may not work for computers that are left unplugged and unpatched for a few years, but it sounds like the real issue are live servers, or ones that just suffered some power-supply hiccup.
by newman314 on 8/16/23, 9:04 PM
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Config" -Name "UtilizeSslTimeData" -Type DWord -Value 0
Reload using:
W32tm.exe /config /update
by smallstepforman on 8/16/23, 8:17 PM
All of these work-arounds for unneeded hacks (like in the article) drives my temper way up. Just do the simple thing in kernel space or the OS level. No suprises.
by bbarnett on 8/16/23, 10:12 PM
Let me guess, time isn't set, so dnssec is broken, so ntp servers won't reolve, so you can't set the time?
So lame, ntp servers shouldn't be using dnssec.
by xg15 on 8/16/23, 7:49 PM
by Spooky23 on 8/16/23, 11:25 PM
Our TAM is like a funeral director. Always expressing his deep sorrow.
by justinsaccount on 8/17/23, 12:31 AM
Why then are the first lines of the STS code not something like
// server receives reliable timekeeping through the Network Time Protocol.
if (ntp_enabled() && ntp_working())
return 0;by dullcrisp on 8/16/23, 11:22 PM
by nightowl_games on 8/17/23, 12:07 AM
by drcongo on 8/16/23, 7:05 PM
by oskarw85 on 8/17/23, 3:27 AM
I think MS should improve implementation in two ways: - ask known trusted sources (like their own servers) for SSL timestamp - use that timestamp only internally (as opposed to system-wide) to acquire valid NTP timestamp
by hospitalJail on 8/16/23, 8:53 PM
Windows 7 is still more reliable, but with the updates being over, people are forced to upgrade.
But Windows 11 is less reliable than popular Linux Desktops. There might be an exception if you have NVIDIA, but I'd say less than a few percent of people have a video card.
by fnordpiglet on 8/17/23, 1:56 AM
* broken on arrival and never really fixed
* negligently implemented that causes serious harm
* a dark pattern that no one actually wants but improves the windows margins through covert means (data harvesting, embedded adware, etc)
I’m sure they exist, but the prevalence of the badness is so striking.
by stefan_ on 8/16/23, 7:15 PM
by cryptonector on 8/16/23, 11:07 PM
Look, you can use (with some care) time from a Kerberos KDC for the domain/realm to which the host is joined if you like, but you can't use the time from random application servers!
What were they thinking?!
by binkHN on 8/16/23, 6:48 PM