this post was submitted on 30 Mar 2025
94 points (84.1% liked)

Not The Onion

15550 readers
622 users here now

Welcome

We're not The Onion! Not affiliated with them in any way! Not operated by them in any way! All the news here is real!

The Rules

Posts must be:

  1. Links to news stories from...
  2. ...credible sources, with...
  3. ...their original headlines, that...
  4. ...would make people who see the headline think, “That has got to be a story from The Onion, America’s Finest News Source.”

Please also avoid duplicates.

Comments and post content must abide by the server rules for Lemmy.world and generally abstain from trollish, bigoted, or otherwise disruptive behavior that makes this community less fun for everyone.

And that’s basically it!

founded 2 years ago
MODERATORS
kescusay@lemmy.world
94
FBI alert issued as time traveling hackers attack—act now (www.forbes.com)
submitted 1 day ago by MHLoppy@fedia.io to c/nottheonion@lemmy.world
10 comments fedilink hide all child comments
 

What if hackers could time travel? That’s the eyebrow-raising reality of this latest attack, and the FBI wants you to act today.

top 10 comments
sorted by: hot top controversial new old
[–] Shdwdrgn@mander.xyz 201 points 1 day ago (7 children)

God that article was a horrible read. So for anyone who wants to skip it...

tl;dr: Hackers are using SSL certs from 2012 and changing the unprotected system clock in order to bypass security measures.

[–] itisileclerk@lemmy.world 5 points 6 hours ago

Thank you.

[–] CuddlyCassowary@lemmy.world 79 points 1 day ago

Thank you for taking one for the team.

[–] foggy@lemmy.world 36 points 1 day ago* (last edited 1 day ago)

Its some of the most hilarious titlegore I've ever seen in my life

[–] BestBouclettes@jlai.lu 25 points 1 day ago

TLDR: encrypt and authenticate your fucking NTP traffic

[–] Lost_My_Mind@lemmy.world 16 points 1 day ago

Upvoted for 2 reasons.

  1. I didn't have to read the article

  2. You were at 68 upvotes before I upvoted. Nice!

[–] Semi_Hemi_Demigod@lemmy.world 12 points 1 day ago

I used the same trick to get around time limits on shareware games back in the day

[–] LovableSidekick@lemmy.world 4 points 1 day ago (1 children)

I can understand (meaning have heard of) not enforcing certificate expirations, but who let's just anybody set their system date?

[–] computergeek125@lemmy.world 2 points 3 hours ago

Typically the same level of permissions needed to load drivers - which if they're attacking the system using custom out of date drivers is relevant.

Having users and services at least privileges is one step of attack surface area reduction, but the "better" solution is to make sure that revocation check is enabled and that the compromised cert is revoked by its issuer. Or if it's an old, unused root, you can ban that root at the machine level.