Y2K all over again in 2010?

2010 problems lock 30M out of cash machines, cause Symantec endpoint NAC to fail

A decade after the Y2K crisis, date changes still pose technology problems, making some security software upgrades difficult and locking millions of bank ATM users out of their accounts.

A decade after the Y2K crisis, date changes still pose technology problems, making some security software upgrades difficult and locking millions of bank ATM users out of their accounts.

Chips used in bank cards to identify account numbers could not read the year 2010 properly, making it impossible for ATMs and point of sale machines in Germany to read debit cards of 30 million people since New Year's Day, according to published reports. The workaround is to reprogram the machines so the chips don't have to deal with the number.

In Australia, point-of-sales machines skipped ahead to 2016 rather than 2010 at midnight Dec. 31, rendering them unusable by retailers, some of whom reported thousands of dollars in lost sales.

Meanwhile Symantec's network-access control (NAC) software that is supposed to check whether spam and virus definitions have been updated recently enough fails because of this 2010 problem, according to one of the company's security forums.

The problem isn't with the NAC host-integrity check itself but rather with Symantec Endpoint Protection Manager, which considers dates later than Dec. 31, 2009, 11:59 p.m., as too old. The definition updates the company sends out still take effect but SEPM classifies them as out of date. The NAC software relies on SEPM to report on the currency of updates.

As an interim measure, SEPM updates are being time stamped Dec. 31, 2009, with increasing revision numbers indicating which revision is the latest, Symantec says in its forum. The company post says it is working on a permanent fix and that the issue doesn't affect any other Symantec products. The post also includes three workarounds for addressing the problem via the host-integrity check.

Also of concern to businesses, SAP found a 2010 issue with the date that is used to help identify individual spool requests. Left unpatched, SAP software enters the data 2100, which effectively leaves active all requests made since 2010 started. SAP's OSS Note 1422843 and patches it contains clear up the issue, according to the site BASIS of SAP.

Another instance of Y2010 issues arises in open source mail filter Spam Assassin, increasing the spam score it gives to e-mails that come with 2010 date headers, making it more likely that those e-mails will be classified as spam, resulting in more false positives. The Spam Assassin project has posted a fix  that requires a rule change.

Some users of mobile phones report getting SMS messages time stamped from the future -- the year 2016 to be exact, the same year that the Australian point of sales machines rolled to. This is no coincidence, according to comments on sites discussing the issue. 2010 represented as a binary coded decimal is being interpreted by other devices as hexadecimal, which translates 2010 to 2016, they say. One way around the SMS problem is to have individual phones stamp the time on messages as they arrive rather than using the stamp placed on it by SMS servers.

Palm resolved a 2010 issue Jan. 1 when many of its users reported that their Palm Pre phones wouldn't sync and their calendar applications wouldn't work at all. Palm issued an OS version 1.3.5.1 that fixes the problem.

Learn more about this topic

Symantec unveils endpoint protection services

Y2K: The good, the bad and the crazy

Upgraded Dutch payment card still vulnerable to relay attack

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies