Is your business safe when your computer
mi2g launches new clock protection system
London, UK, 17:30 GMT 20th December 1999 - Date issues raised by Y2k
are not just confined to the new millennium transition. The computer clock
has been proven to be a vulnerable and soft target for hackers, malevolent
personnel and malicious code writers in 1999. mi2g software's recent
client experience has shown that Millennium Bug and other time related computer
glitches have been put in motion by tampering with the system clock.
In no time at all, the date has been altered and log tests have showed that
one false value for the current date has led to a loss of data, loss of communications
and corruption of transactions. Malicious software payloads delivered as a
benign program or document have also been shown to alter the clock rate (speeding
it up or slowing it down) or disabling the clock update by freezing the date
and time altogether.
Alterations to clock speed have passed unnoticed for relatively lengthy periods
on unprotected Real Time Clocks (RTCs) within networks, causing chaos in time
dependent applications such as invoicing and scheduling of automated tasks.
By moving the clock either forward or in reverse different malfunctions manifest
and it became essential for mi2g software clients that a solution be
found. This has resulted in the production of a new tool for mi2g's
BloodHound Suite called Clock Fortress to counter
"We are delighted to announce the introduction
of Clock Fortress as part of our BloodHound Suite. We are grateful to some
of our Bespoke Security Architecture clients for allowing us to use their
confidential log data which graphically illustrated clock malfunction and
resultant system problems. Learning from the on-line battlefield, our researchers
drew the inspiration for cracking this complex problem before the arrival
of 2000. I congratulate them and all our partners", said DK
Matai, Founder and Managing Director of mi2g software.
Clock Fortress is an "alert" facility for potentially
damaging instances of clock tampering. The program is loaded directly into
the PC memory after the Basic Input Output System's (BIOS) POST routine and
remains there the whole time the PC is on, checking the RTC nearly 20 times
a second. The reading is compared against the previous reading and any discrepancy
results in an alert to the user that the date or time have changed abnormally.
This alert can take the form of either a message on the screen say for a
stand alone PC or it can lock the screen and deliver an auto e-mail to the
System Manager/Operator (SYSOP) announcing that a specific PC's IP address
has potential date problems. The SYSOP may then accept this new date or time
on the remote PC or restore the date-time settings to that before the change.
In addition to the date-time checks, Clock Fortress also monitors
the status register settings for any change in the RTC date and time settings
(ie disable update, clock rate etc).
1. Of all the issues raised by the Millennium Bug perhaps the most striking
is the realisation of just how much damage and disruption a false date can
cause within IT systems and how few safeguards are present in most systems
to protect date information from corruption, whether accidental or malicious.
Immediate effects of clock tampering to businesses that are completely Y2K
compliant are the failure of software licenses, passwords, user accounts,
2. mi2g software presented seminars on e-risk and e-business key issues
in London at Richards Butler on 4th August, Hammond Suddards on 8th September,
Reuters on 27th October, Foreign and Commonwealth Office on 4th November,
the eb2 event at the Commonwealth Club on 18th November, Survive BS7799
forum at Prudential on 1st December, SBG at Browns in Mayfair on 9th
December and most recently the Publishers Association on 10th December. A
total of 715 CEOs, CTOs, COOs and Partners from USA, Canada, Germany, France,
Japan, Singapore and Britain have attended these events. We presented an update
on all major e-risk incidents and trends within the escalating threat to large
on-line businesses, financial institutions and multi-nationals. Future seminars
on e-risk are planned for January and February 2000.
3. Clock Fortress has been developed by mi2g as an additional
tool to its BloodHound Suite in close conjunction with software
affiliates in England, who have been heavily committed to production of software
and services in the Y2k field.
4. Downstream Liability is the real possibility of litigation
arising from customers and businesses that have bought a product or a service
from a vendor in good faith and have surrendered personal and financial information
about themselves for a declared purpose only.
5. mi2g software (www.mi2g.com) is a leading edge London based e-commerce
enterprise specialising in e-risk management and bespoke security architecture.
6. e-risk, e-risk analysis, e-risk management, How to manage
e-risk?, Downstream Liability, e-risk insurance, Bespoke
Security Architecture, Clock Fortress, BloodHound Suite
are trade marks of mi2g software (mi2g.com).