Security Watch

Keeping Track of patches and hacks in the IT security world.

Internet (Mostly) Hale and Hearty After Daylight-Saving Time Switchover

The daylight-saving time switchover was indeed another Y2K—in other words, not much happened.

The Internet Storm Center reported on Saturday and Sunday a handful of minor issues. One was time zones not updating on Windows 2003, XP or 2000. It looks like that was a glitch with the Windows DST2007 hotfix 931836. Technet has a quick fix.

The domain name registrar Go Daddy was also having problems with the changeover, the ISC reported, with Web sites not resolving correctly. So if you're having accessing Web sites, the ISC says, it's possible they're hosted on Go Daddy.

Go Daddy hadn't responded to an inquiry on the status of the problem by the time this posted, although they had earlier posted a notice to the effect that it was DST-related.

For its part, Yahoo mail seems to have hiccupped on Sunday, possibly due to DST, with many people unable to access their mail. The issue seems to be resolved today.

On Saturday, Sun posted an Alert Bulletin regarding DST and "Olson time zon data tzdata2005r or greater incompatibility." According to Sun's alert, there are two problems associated with Eastern, Mountain and Hawaiian time zones. Under certain cirucumstances, Sun says, DST isn't being calculated correctly. For background, see alert 102836.

Sun says you're affected if you use the three letter time zone IDs "EST", "HST", or "MST" instead of the long format, e.g., "America/New_York." You're also affected if you parse time strings containing "EDT", "HDT", or "MDT." Sun says you're OK if you're using releases Java SE v1.3.x and below or when processing "HST" and "HDT" Hawaiian dates before 1947.

The ISC also had reports that atomic clocks didn't update, that Watchguard Fireware 8.3.1 and Watchguard System Manager 8.3.1 were reporting incorrect times and symptoms, that there was a problem with Symantec Backup Exec 10d and 10.1.

Symantec backup jobs scheduled for 11 p.m. got bumped to 10 p.m., according to an ISC correspondent, even though the program versions were reportedly DST compliant. Here's what the ISC reader, Alan, had to say, as posted by the ISC:

"Nor will it allow you to change the time back to the correct time of 11:00 PM. It reports that it will, allows the change, and reports the new time in the summary when the job is resubmitted. But the scheduled time immediately reverts back to 10:00 PM. Restarting the Backup services does not appear to correct this either, so we're now an hour off on all backups and banging our heads on our desks repeating expletives directed at certain vendors."

Further, the reader, Alan, reported to the ISC that older, unpatched backups were fine. Symantec hadn't returned a request for status of the problem by the time this was posted.

Other people reported to the ISC problems with Cisco phones not changing date properly and APC Powerchute on Windows Server 2003 SP1 not shutting down and rebooting as per schedule.

If you're experiencing any DST-related security problems, please let me know at