[AccessD] 2010 Bug hits Germany

Collins, Darryl Darryl.Collins at anz.com
Wed Jan 6 16:45:50 CST 2010 

Fasincating stuff.  Thanks for this Gustav.

My first thought on this, which I knew was certain to be wrong, but I
would still look there first, was a basic code typo type error.  Someone
had written down 2010 to be entered somewhere in the code and it was
actaully keyed as 2016 in error.

I used to do a lot of reco type work so these sort of things and basic
transposition errors are often the most likely suspect.

In this case it is not likely as I cannot imagine any of these systems
using a fixed internal calendar like that, but hey.....  Gotta start
somewhere.

Cheers
Darryl.

 

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Gustav Brock
Sent: Wednesday, 6 January 2010 7:27 PM
To: accessd at databaseadvisors.com
Subject: Re: [AccessD] 2010 Bug hits Germany

Hi Max

It happens when one system using decimal numbers (10) sends data to
another expecting hexadecimal values (0A for ten). Thus 10 dec -> 10 hex
= sixteen.

This is a bug in some Siemens automation equipment reading data from
card readers. These units are designed to be driven by solar power as,
for example, seen in parking ticket machines many places in Europe. The
firmware programmers for some reason believed that, first, skipping 2000
and go with two digits only (00-99) and, second, using hexadecimal
numbers to save two bytes would help keep power consumption at a
minimum. 
This is hard to believe but nevertheless the official explanation from
Siemens in Denmark. The spokesman admitted that the issue has revealed
that testing of the equipment has been inadequate. The firmware has been
updated and the issue resolved in a few days.

/gustav


>>> max.wanadoo at gmail.com 05-01-2010 21:33 >>>
http://www.msnbc.msn.com/id/34706092/ns/technology_and_science-security/


Why would this happen?

Max



--
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

"This e-mail and any attachments to it (the "Communication") is, unless otherwise stated, confidential,  may contain copyright material and is for the use only of the intended recipient. If you receive the Communication in error, please notify the sender immediately by return e-mail, delete the Communication and the return e-mail, and do not read, copy, retransmit or otherwise deal with it. Any views expressed in the Communication are those of the individual sender only, unless expressly stated to be those of Australia and New Zealand Banking Group Limited ABN 11 005 357 522, or any of its related entities including ANZ National Bank Limited (together "ANZ"). ANZ does not accept liability in connection with the integrity of or errors in the Communication, computer virus, data corruption, interference or delay arising from or in respect of the Communication."

More information about the AccessD mailing list