Category Archives: New Year date bugs

Millennium Falcon crash and burn

Ironically, we seem to be seeing more date-related issues this month than we did at the start of the noughties, unless The Register is making this all up, which doesn’t seem likely.

http://www.theregister.co.uk/2010/01/05/windows_mobe_bug/
http://www.theregister.co.uk/2010/01/04/bank_queensland/
http://www.theregister.co.uk/2010/01/05/symantec_y2k10_bug/
http://www.spamresource.com/2010/01/spamassassin-2010-bug.html

[And this one:
http://www.msnbc.msn.com/id/34706092/ns/technology_and_science-security/?ocid=twitter]

It’s not really surprising: this is a more-or-less accidental cluster of somewhat similar bugs, as far as I can see. It’s certainly not an industry-wide issue that was foreseen years in advance and therefore attracted serious proactive research and remediation.

In fact, if there’s a lesson here, it’s one for the people who dismiss the entire Y2K remediation issue as hype and wasted resources. Well, there was a great deal of hype around at that time (did anyone actually see a Y2K virus?), and a number of consultants made money out of advising IT people on the ground to do what they were already doing.

However, given the (short-term) impact of this handful of unanticipated (but fairly easily fixed) bugs, I think it’s reasonable to assume that if system administrators and support technicians all over the globe hadn’t done that proactive remediative work, the first weeks of the new millennium would have been a lot more dramatic.

Like Ross Anderson (http://www.cl.cam.ac.uk/~rja14/Papers/y2k.pdf), I doubt if the sky would have fallen, but some of the consequent issues would have been harder and more expensive to fix reactively.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com