News for Admins

Tech News

Time Protocol Threat Could Allow Login with Expired Passwords

Cisco's Talos threat intelligence service has uncovered a flaw in the Network Time Protocol (NTP) authentication process that lets an attacker force the NTP daemon into pairing with a malicious time source. According to Talos, this attack "… leverages a logic error in ntpd's handling of certain crypto-NAK packets. When a vulnerable ntpd receives an NTP symmetric active crypto-NAK packet, it will peer with the sender, bypassing authentication typically required to establish a peer association."

Although a time protocol does not provide direct access to financial or medical information, an attacker can do considerable damage if allowed to manipulate network time. Some network services will fail if the system time is out of sync, and control over time parameters could allow access through expired passwords or certificates. Attackers could also cover their tracks or manipulate banking transactions by surreptitiously altering timestamps.

Users are advised to upgrade to ntp-4.2.8p4, which fixes this vulnerability. If an upgrade isn't possible at this time, the Talos report describes some tips for firewall rules that could help mitigate the problem.

Dell Pays $67 Billion for EMC

Dell has announced that it is buying the storage and enterprise technology giant EMC. The $67 billion deal is considered the largest tech purchase in history. According to the announcement, "The combination of Dell and EMC will create the world's largest privately controlled, integrated technology company…. The transaction combines two of the world's greatest technology franchises with leadership positions in servers, storage, virtualization and PCs, and it brings together strong capabilities in the fastest growing areas of the industry, including digital transformation, software-defined data center, hybrid cloud, converged infrastructure, mobile, and security."

Dell got its start selling home and small office PCs, but hardware vendors have known for years that real money is in corporate contracts with enterprise clients. The company has succeeded in bringing itself into the enterprise space but trails some of its competitors in recent technologies such as virtualization, private cloud, and Big Data-style storage solutions. This deal should keep them in the conversation with competitors such as Microsoft, Oracle, IBM, and HP.

Some experts, however, are baffled by the announcement and warn of risks associated with combining two such large and disconnected companies. The biggest prize in the EMC portfolio is the popular VMware virtualization solution and its surrounding technologies. VMware will fit well into the pitch Dell needs to make with large enterprise clients.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus