Full Disclosure mailing list archives

RE: Windoze almost managed to 200x repeat 9/11

From: Michal Zalewski <lcamtuf () ghettot org>
Date: Fri, 24 Sep 2004 23:25:33 +0200 (CEST)

On Fri, 24 Sep 2004, joe wrote:

It says right in the article they were running Windows 2000 Advanced Server.
The systems were not impacted by the Win95 hang bug. Almost certainly
Windows was fine... period.


Ahem... the most informative piece I could find reads:

http://www.latimes.com/news/local/la-me-faa16sep16,1,3729661.story

     When the system was upgraded about a year ago, the original [unix]
     computers were replaced by Dell computers using Microsoft software.
     Baggett said the Microsoft software contained an internal clock
     designed to shut the system down after 49.7 days to prevent it from
     becoming overloaded with data.

This appears to be a fine example of a meaningless gibberish, but it seems
that the only valid approximation of what it could originally mean is an
OS problem. Which is consistent with what we know about old Microsoft
OSes.

Sure, the same problem could happen if the application running on that box
used a 32-bit integer to store milisecond count since its launch - but:

  - Why would they use such a ridiculous counter? Applications usually
    do not have to count time on their own, and usually rely on RTC data.
    Counting miliseconds seems futile, though I suppose it could be
    just a matter of an obscure design.

  - Why wouldn't the same code fail on unix previously?

  - Why would they claim again and again that this was an OS "feature"?

It seems that all the claims support the OS flaw version, though of course
it's not a good idea to trust the press on technical issues.

Until we know more, getting into an off-topic, groundless flamewar is not
needed.

-- 
------------------------- bash$ :(){ :|:&};: --
 Michal Zalewski * [http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2004-09-24 23:08 --

   http://lcamtuf.coredump.cx/photo/current/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Windoze almost managed to 200x repeat 9/11, (continued)
- - - Re: Windoze almost managed to 200x repeat 9/11 Barry Fitzgerald (Sep 24)
    - RE: Windoze almost managed to 200x repeat 9/11 joe (Sep 24)
    - Re: Windoze almost managed to 200x repeat 9/11 Nancy Kramer (Sep 24)
    - RE: Windoze almost managed to 200x repeat 9/11 joe (Sep 24)
    - Re: Windoze almost managed to 200x repeat 9/11 Ron DuFresne (Sep 24)
    - Re: Windoze almost managed to 200x repeat 9/11 Frank Knobbe (Sep 24)
    - RE: Windoze almost managed to 200x repeat 9/11 joe (Sep 24)
    - Re: Windoze almost managed to 200x repeat 9/11 ASB (Sep 24)
    - Re: Windoze almost managed to 200x repeat 9/11 Michal Zalewski (Sep 24)
    - RE: Windoze almost managed to 200x repeat 9/11 joe (Sep 24)
    - RE: Windoze almost managed to 200x repeat 9/11 Michal Zalewski (Sep 24)
    - RE: Windoze almost managed to 200x repeat 9/11 joe (Sep 24)
    - Re: Windoze almost managed to 200x repeat 9/11 devis (Sep 25)
    - Re: Windoze almost managed to 200x repeat 9/11 Barry Fitzgerald (Sep 24)
    - Re: Windoze almost managed to 200x repeat 9/11 ASB (Sep 26)
    - RE: [inbox] Re: Windoze almost managed to 200x repeat 9/11 Exibar (Sep 26)
    - RE: [inbox] Re: Windoze almost managed to 200x repeat 9/11 Ron DuFresne (Sep 26)
    - Re: Windoze almost managed to 200x repeat 9/11 Barry Fitzgerald (Sep 26)
    - Re: Windoze almost managed to 200x repeat 9/11 Vince Able (Sep 26)
    - Re: Windoze almost managed to 200x repeat 9/11 ASB (Sep 26)
  - Re: Windoze almost managed to 200x repeat 9/11 Frank Knobbe (Sep 24)

(Thread continues...)