Saturday, May 22, 2010

Year 2038 problem - not very far away

Maybe some of you have already heard about the year 2038 problem, caused by software and systems storing system time as a signed 32-bit integer. I thought it would be quite a while until I'd have to care about it, but it seems that isn't the case.

A little while ago, my yahoo mailbox was hit by a lot of spammers sending from the future date of 18th Jan 2038. Back then, I thought it was funny. Spammers always want their spam mails to appear on top by setting the date to the farthest in the future. But this is as far as they can go ;)

However, recently, I have discovered the bug lying in an authentication server by a well-known security company I'm testing. It appears all certificates signed by the server cannot have an expiry date of later than 19th Jan 2038. If not discovered early, this could cost us a lot of maintenance fee when the time comes close.

No comments: