Category Archives: Y2K

Belated millennium bugs revisited.

In view of interest elsewhere, I revised and added some links at :
http://www.eset.com/threat-center/blog/2010/01/06/millennium-falcon-crash-burn-revisited

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com

Millennium Falcon crash and burn

Ironically, we seem to be seeing more date-related issues this month than we did at the start of the noughties, unless The Register is making this all up, which doesn’t seem likely.

http://www.theregister.co.uk/2010/01/05/windows_mobe_bug/
http://www.theregister.co.uk/2010/01/04/bank_queensland/
http://www.theregister.co.uk/2010/01/05/symantec_y2k10_bug/
http://www.spamresource.com/2010/01/spamassassin-2010-bug.html

[And this one:
http://www.msnbc.msn.com/id/34706092/ns/technology_and_science-security/?ocid=twitter]

It’s not really surprising: this is a more-or-less accidental cluster of somewhat similar bugs, as far as I can see. It’s certainly not an industry-wide issue that was foreseen years in advance and therefore attracted serious proactive research and remediation.

In fact, if there’s a lesson here, it’s one for the people who dismiss the entire Y2K remediation issue as hype and wasted resources. Well, there was a great deal of hype around at that time (did anyone actually see a Y2K virus?), and a number of consultants made money out of advising IT people on the ground to do what they were already doing.

However, given the (short-term) impact of this handful of unanticipated (but fairly easily fixed) bugs, I think it’s reasonable to assume that if system administrators and support technicians all over the globe hadn’t done that proactive remediative work, the first weeks of the new millennium would have been a lot more dramatic.

Like Ross Anderson (http://www.cl.cam.ac.uk/~rja14/Papers/y2k.pdf), I doubt if the sky would have fallen, but some of the consequent issues would have been harder and more expensive to fix reactively.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com

Another Anniversary

As I’ve pointed out elsewhere, it’s been something of a year of anniversaries. And as Mikko Hypponen has pointed out at http://www.f-secure.com/weblog/archives/00001846.html, around this time ten years ago we were preparing for global chaos as the Millennium Bug bit.

Well, actually, it largely passed me by. The institution I worked for decided that Y2K had no security implications, and in fact wasn’t really an IT issue, so they handed it over to the library to manage, though the IT department still did all the actual work, as far as I remember. In the event, I believe one piece of lab equipment misfunctioned when everything was switched on again after an enforced break over the New Year: not, as I remember, in any critical way, but it was ten years ago.

In fact, my principle memories are of going to bed early on New Year’s Eve and being awoken by a thunderous firework display over East London, and of fielding an awful lot of questions about those Y2K viruses that never turned up. And of being rapped over the knuckles after the event for hinting in an article for an in-house publication that there had ever been any risk of an unforeseen event. It’s always reassuring to work for people who know everything about everything.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/