September 24, 2023

Let’s Do The Time Warp Once more!

A little bit recognized Home windows function is making information as a result of repercussions it just lately brought on a cellphone supplier, which has been intermittently making sysadmin’s lives fairly irritating for years.  Safe Time Seeding is supposed to offer a backup for the RTC on computer systems, in case battery failure causes the machine to lose the present time.  This actually seems like a good suggestion as a system with an incorrect time and date shouldn’t be capable of authenticate towards digital certificates and can begin scheduled jobs on the unsuitable time.  It will possibly additionally trigger immense issues on servers which preserve databases which observe information over time, as one moderately upset sysadmin found.

The Safe Time Seeding function checks the native system time towards values present in a subject within the SSL certificates it exchanges when making a safe connection to a different server.  It may seek the advice of the closest server, however as that connection shouldn’t be essentially safe that might open up one other assault vector.  The issue is that since nobody actually knew about this function, and so the sector containing the time worth in an SSL certificates typically simply incorporates a random quantity.  Why trouble to make sure it’s correct when nothing makes use of it?

This has result in some critical points with servers, however because it occurs so sometimes the trigger by no means revealed itself till now.  Ars Technica delves into the full story about STS and some of the fallout it has caused in this story.