Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


12:30 PM
Connect Directly

Daylight Saving Switch Won't Help Hackers

Daylight Saving Time changes won't have a big impact on security, but some things could fall through the cracks

Microsoft's not worried about the impact of the extended Daylight Saving Time (DST), which moves up by three weeks this year to March 11 and extends by one week, to November 4.

Should you be?

M3 Sweatt, chief of staff for Microsoft's customer and partner satisfaction group, says he's been working closely with customers to prepare for the time change, and the majority of Microsoft's patches for the new DST are already out. And most security tools use the atomic clock-based Coordinated Universal Time, also known as UTC, to keep time, he says, so there won't be any major security implications of an extended DST.

"I don't think a lot will be impacted by this on a security basis," he says.

Experts agree DST won't be the frenzied non-event that Y2K was, nor will it cause major security breaches. But DST could still cause some headaches and open some potential security holes. Gartner has warned that DST changes could wreak havoc on arrival and departure times for the travel sector, as well as cause potential financial transaction errors leading to late payments.

Michael Rothman, president of Security Incite, says the risk of any major security fallout due to DST is minimal. The most likely problems would stem from calendars not synchronized with the new DST. "If you have a triage meeting to discuss what to fix today, and half the team shows up an hour later, that could problematic."

Sweatt says Microsoft isn't issuing any DST patches for its Antigen or Forefront security tools because they use the UTC for time. Windows Vista and Office 2007 don't need patching because they were built with the new DST changes in mind. Networking products for the most part won't be affected by the DST changes, either, he says. "Unless they do things that render time from a DST-displayed clock."

"We have heard examples of businesses who have coded their read-time directly from a system clock... They may have to retool their applications," Sweatt says.

"It's the old [software] you worry about -- you'll get time and date discrepancies which could cause systems to crash or result in corrupted data," notes Rob Enderle, principal analyst at the Enderle Group. "Manual fixes could leave systems exposed as people have to go into a lot of systems that aren't touched very often and probably aren't that secure." Many such older systems use administrator privileges that could open up potential windows for attack, he says.

Microsoft is advising customers to watch their electronic calendars closely during those first three weeks of DST. "We're telling them 'you know your calendar best,'" Sweatt says. "For those three weeks, make note and make sure they are correct," including the start and end times, body, and subject.

Overall, security experts say they don't expect any major security fallout from the DST change, just some isolated problems. "There's too much UTC and NTP [Network Time Protocol] daemons" out there, says Ralph Logan, partner with The Logan Group. "There's always the theoretical problem with time/date shifts... But the window of opportunity [for an attacker] is so small and the technological 'advantage' is so small."

"I don't really expect the DST thing to register much past 1.0 on the Richter scale," Security Incite's Rothman says.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Microsoft Corp. (Nasdaq: MSFT)
  • Security Incite
  • Enderle Group Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Sodinokibi Ransomware: Where Attackers' Money Goes
    Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
    Data Privacy Protections for the Most Vulnerable -- Children
    Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    7 Threats & Disruptive Forces Changing the Face of Cybersecurity
    This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
    Flash Poll
    2019 Online Malware and Threats
    2019 Online Malware and Threats
    As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2019-10-18
    In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
    PUBLISHED: 2019-10-18
    In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...
    PUBLISHED: 2019-10-18
    HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the entere...
    PUBLISHED: 2019-10-18
    In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution.
    PUBLISHED: 2019-10-18
    In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code.