Leap year problems
You can see what the February 29 error looks like in real code here bug report open source project Coreboot. The timing bug was fixed on February 29th, too late to deliver the updated version to users and to update related projects. Here is an unconfirmed, but revealing anecdote from Hacker News: In the Chinese system for preparing a marriage certificate, there is an age verification of the newlyweds. It works like this: the current date is taken and 22 years are subtracted from it (the minimum age for marriage in China for men). Because the date February 29, 2002 does not exist, the system returns an error. Similar problem observed when trying to purchase a Youtube Premium subscription, unless you are lucky and your date of birth is February 29th.
From Citrix stopped operate a system for optimizing video playback in a virtual environment. In Sophos products broken SSL/TLS certificate processor. In Japan refused new driver's license registration system. In Sweden, as in New Zealand, Broke down payment terminals in a chain of grocery stores. Best Buy, according to users, on February 29 stopped accepting credit cards that expire in February 2024, although they were technically still valid.
Many companies and individual developers have had their build servers broken. The Apple Weather app was showing the wrong average temperature for the month. In Ireland, the railway company broke train schedule. The public transport operator in Berlin simply asked customers to select the 28th in the company application to view the schedule for February 29th. There is also good news: in Switzerland, employees of the municipality of Zurich paid double salary for February.
Matt Johnson-Pitt, owner of the site Code of Matt, collected similar collections of bugs in 2020 And 2016 years. It is not very clear what to do with this clearly massive and regular problem. The above-mentioned representative of the New Zealand gas station chain, when asked on social networks how to avoid such problems in 2028, replied: “Let’s put a reminder in the calendar.”
What else happened:
Kaspersky Lab specialists have published a detailed study a children's robot connected to the Internet. The article demonstrates a typical approach to the study of IoT devices – with the study of hardware, analysis of the device firmware, and traditional analysis of network traffic. It was the analysis of network traffic that revealed serious problems in the authorization system.
Fresh study American scientists show how you can bypass the limitations of machine-learned chatbots by using ASCII art instead of forbidden words. The essence of the work can be briefly shown in one picture:
New details have become known about the incident with Ivanti VPN servers, which we described in detail earlier. At the time the actively exploited vulnerabilities were discovered, it was believed that checking the integrity of a server's code using vendor tools would accurately determine whether it had been compromised. Now it turns out that approval American government agency CISA that in some cases the Integrity Checking Tool from Ivanti was unable to determine whether the server on which the web shell was installed had been hacked.
