A few weeks ago I was interested in a YouTube video about a highly accurate time card for PCs that would give better performance for the machines and could be used to enhance security.
Just in time! – Octagon Technology
Very accurate time is important for many security protocols and services and when it comes to setting it, rather than use public NTP servers developers could use the more accurate time generated by a GPS device and then use a daemon such as GPSd to utilise the data.
Today the SANS Diary is talking about a bug in the GPSd software that on 24 October 2021 will extract 1024 weeks from the reported time. The software has been fixed but of course people have to update to the latest version.
Keeping Track of Time: Network Time Protocol and a GPSD Bug (sans.edu)
Not quite a “Millennium Bug” but it could be a serious issue for vendors that do not update their GPSd versions if for example security software fails and then the weakness is exploited.
The takeaway from this for ordinary businesses like us is – install all updates and patches ASAP – it is a vital step in maintaining your cyber security. It is so important that Octagon has software tools that monitor the update state of devices and can alert or even force an update if an issue is detected.
Clive Catton MSc (Cyber Security) – by-line and other articles
References:
NTP – Network Time Protocol – Wikipedia
GPSd – GPSd — Put your GPS on the net!
Image Linus Tech Tips screenshot
