Is your business safe when your computer clock isn't?

 e-risk analysis™

mi2g launches new clock protection system

London, UK, 17:30 GMT 20th December 1999 - Date issues raised by Y2k are not just confined to the new millennium transition. The computer clock has been proven to be a vulnerable and soft target for hackers, malevolent personnel and malicious code writers in 1999. mi2g software's recent client experience has shown that Millennium Bug and other time related computer glitches have been put in motion by tampering with the system clock.

In no time at all, the date has been altered and log tests have showed that one false value for the current date has led to a loss of data, loss of communications and corruption of transactions. Malicious software payloads delivered as a benign program or document have also been shown to alter the clock rate (speeding it up or slowing it down) or disabling the clock update by freezing the date and time altogether.

Alterations to clock speed have passed unnoticed for relatively lengthy periods on unprotected Real Time Clocks (RTCs) within networks, causing chaos in time dependent applications such as invoicing and scheduling of automated tasks. By moving the clock either forward or in reverse different malfunctions manifest and it became essential for mi2g software clients that a solution be found. This has resulted in the production of a new tool for mi2g's BloodHound Suite™ called Clock Fortress™ to counter clock tampering.

"We are delighted to announce the introduction of Clock Fortress as part of our BloodHound Suite. We are grateful to some of our Bespoke Security Architecture clients for allowing us to use their confidential log data which graphically illustrated clock malfunction and resultant system problems. Learning from the on-line battlefield, our researchers drew the inspiration for cracking this complex problem before the arrival of 2000. I congratulate them and all our partners", said DK Matai, Founder and Managing Director of mi2g software.

Clock Fortress™ is an "alert" facility for potentially damaging instances of clock tampering. The program is loaded directly into the PC memory after the Basic Input Output System's (BIOS) POST routine and remains there the whole time the PC is on, checking the RTC nearly 20 times a second. The reading is compared against the previous reading and any discrepancy results in an alert to the user that the date or time have changed abnormally.

This alert can take the form of either a message on the screen say for a stand alone PC or it can lock the screen and deliver an auto e-mail to the System Manager/Operator (SYSOP) announcing that a specific PC's IP address has potential date problems. The SYSOP may then accept this new date or time on the remote PC or restore the date-time settings to that before the change. In addition to the date-time checks, Clock Fortress™ also monitors the status register settings for any change in the RTC date and time settings (ie disable update, clock rate etc).

Background:

1. Of all the issues raised by the Millennium Bug perhaps the most striking is the realisation of just how much damage and disruption a false date can cause within IT systems and how few safeguards are present in most systems to protect date information from corruption, whether accidental or malicious. Immediate effects of clock tampering to businesses that are completely Y2K compliant are the failure of software licenses, passwords, user accounts, and/or files.

2. mi2g software presented seminars on e-risk and e-business key issues in London at Richards Butler on 4th August, Hammond Suddards on 8th September, Reuters on 27th October, Foreign and Commonwealth Office on 4th November, the eb2 event at the Commonwealth Club on 18th November, Survive BS7799 forum at Prudential on 1st December, SBG at Browns in Mayfair on 9th December and most recently the Publishers Association on 10th December. A total of 715 CEOs, CTOs, COOs and Partners from USA, Canada, Germany, France, Japan, Singapore and Britain have attended these events. We presented an update on all major e-risk incidents and trends within the escalating threat to large on-line businesses, financial institutions and multi-nationals. Future seminars on e-risk are planned for January and February 2000.

3. Clock Fortress™ has been developed by mi2g as an additional tool to its BloodHound Suite™ in close conjunction with software affiliates in England, who have been heavily committed to production of software and services in the Y2k field.

4. Downstream Liability™ is the real possibility of litigation arising from customers and businesses that have bought a product or a service from a vendor in good faith and have surrendered personal and financial information about themselves for a declared purpose only.

5. mi2g software (www.mi2g.com) is a leading edge London based e-commerce enterprise specialising in e-risk management™ and bespoke security architecture™.

6. e-risk™, e-risk analysis™, e-risk management™, How to manage e-risk?™, Downstream Liability™, e-risk insurance™, Bespoke Security Architecture™, Clock Fortress™, BloodHound Suite™ are trade marks of mi2g software™ (mi2g.com).