Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Did a 16-bit counter overflow shut down Comair?

from [Richard M. Smith] Network Security [Permanent Link]
Subject: Did a 16-bit counter overflow shut down Comair?
Date: Tue, 28 Dec 2004 12:44:20 -0500 
Hi,

On Christmas Day last Saturday, Comair Airlines had to completely stop
flying
all of its planes due to computer problems.  Comair blamed the computer
problems on their pilot scheduling software being overloaded after bad
weather earlier in the week forced many flights to be rescheduled.  Comair
now hopes to have all of its 1,100 daily flights restored by tomorrow.

An article which was published today at the Cincinnati Post Web site
provides some interesting details of a software failure in Comair's pilot
scheduling software:

   How it happened 
   http://www.cincypost.com/2004/12/28/comp12-28-2004.html

According to the article, Comair is running a 15-year old scheduling
software package from SBS International (www.sbsint.com).  The software has
a hard limit of 32,000 schedule changes per month.  With all of the bad
weather last week, Comair apparently hit this limit and then was unable to
assign pilots to planes.

It sounds like 16-bit integers are being used in the SBS International
scheduling software to identify transactions.  Given that the software is 15
years old, this design decision perhaps was made to save on memory usage.
In retrospect, 16-bit integers were probably not a good choice.

An anonymous message posted to Slashdot the day after Christmas first
described the software failure at Comair:

   http://slashdot.org/comments.pl?sid=134005&cid=11185556

Earlier this year, an overflow of a 32-bit counter in Windows shut down air
traffic control over southern California for 3 hours:

   Microsoft server crash nearly causes 800-plane pile-up
   http://www.techworld.com/opsys/news/index.cfm?NewsID=2275

This problem occurred because of a known design flaw in older versions of
Windows:

   http://tinyurl.com/5n9gc

Richard M. Smith
http://www.ComputerBytesMan.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Multiple WHM Autopilot Vulnerabilities, GulfTech Security
Next by Date:  Remote code execution with parameters withoutu ser interaction, even with XP SP2, ShredderSub7 SecExpert
Previous by Thread:  Multiple WHM Autopilot Vulnerabilities, GulfTech Security
Next by Thread:  Re: Did a 16-bit counter overflow shut down Comair?, Mike Nice
Indexes:  [Date] [Thread] [Top] [All Lists]