Home page logo

basics logo Security Basics mailing list archives

Re: Energy Policy Act of 2005: mini Y2k needed?
From: Henry Troup <htroup () acm org>
Date: Fri, 02 Feb 2007 15:06:55 -0500

A proactive review on this is a good idea; however, there's no need to go overboard.

If you are already seeing all your logs in GMT/Zulu/UTC (pick a name...) and running your system clocks that way, 
you've got little to worry about on the logging side. 

It should be very rare to run in "local time".  Such systems typically break in fall - "fall back" - when a range of 
local times are repeated every year.

However, display anomalies are regrettably common - the program retrieves a UTC timestamp, and converts it to local 
based on the present value of the DST flag - instead of the value that applied to the retrieved date.  Time-based logic 
is always difficult, and cases like this require testing and inspection.


Henry Troup

Henry Troup
htroup () acm org

 On Thu Feb  1 17:15 , "Eggleston, Mark"  sent:

Hello all,

I got the message below regarding the upcoming change in daylight
savings time.  Are any of you conducting a "mini Y2k" to assess any
unforeseen consequences?

For example:

- Shouldn't a log aggregator or managed security services comparing
device logs have all event time stamp data synced on the same time?
- Do any of you know of any authentication mechanisms (on the
application side) that must sync with the OS system time?

Are there any other issues anyone has looked at or it this much ado
about nothing?

Your insights would be appreciated.  

Thank you,

Mark Eggleston
Manager, Security and Business Continuity
Information Services
Health Partners of Philadelphia, Inc.
(215) 991-4388

----Original Message-----
From: Techie Administrator [TAdministrator () strohlsystems com','','','')">TAdministrator () strohlsystems com] 
Sent: Thursday, January 25, 2007 9:42 AM
Subject: Strohl Systems

Dear Strohl Product User:

The Energy Policy Act of 2005 changes the start and end dates of
daylight saving time starting in 2007. Clocks will be set ahead one hour
on the second Sunday of March instead of the current first Sunday of
April. Clocks will be set back one hour on the first Sunday in November,
rather than the last Sunday of October. This will make electronic clocks
that had pre-programmed dates for adjusting to daylight saving time
obsolete and will require updates to computer operating systems.

All Strohl products use the Microsoft Windows Operating System generated
time and date to track certain transactions. As long as the Operating
System is updated and the system time and date are correct, all products
will track the transactions accurately and will report them without

The Strohl Systems Product Teams

All the information contained in this electronic communication and
any attachments is intended only for the use of the individual or
entity to which it is addressed. If you are not the intended
recipient, you are hereby notified that you should not disseminate,
distribute or copy any portion of this electronic communication. If
you have received this message in error, please notify the sender
by replying to this email and immediately deleting any and all
copies you may have inadvertently made.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]