What You Need To Know About The Leap Second Bug

Posted by UpGuard

Leap Second Bug

For those of you planning on enjoying the sunset on June 30, 2015an extra second of bliss awaits, compliments of the Earth’s inconsistent wobble. However, if Y2K sent you running for the hills, start packing again.

Analysts predict technological fallout ranging from undeliverable tweets to outright digital armageddon, but for faithful IT folks with more grounded concerns like SLAs and business continuity, keeping critical systems up and running trump all other concerns. Fortunately, resolving potential issues related to the Leap Second Bug is a fairly straightforward matter—as long as you know what to look for and where to find it.

The Leap Second Bug caused quite a commotion when it caused service disruptions for prominent sites like Yelp, FourSquare, Reddit and LinkedIn back in 2012. In a nutshell, the earth’s occasional rotational irregularities cause astronomical and atomic clocks to fall out of sync from time to time, which in turn prompts the IERS (International Earth Rotation & Reference Systems Service) to add/subtract a second from the Coordinated Universal Time (UTC).


Leap Second Bug

The bulletin from the IERS displaying the extra second being added. Source: IERS.
 

In fact, this has happened 26 times since 1972. So if the IERS has been making periodic adjustments on an ongoing basis, why didn’t problems surface prior to 2012—and more importantly, why is it a major concern this time around?

The answer has to do with the rise of Linux in the enterprise and its eventual predominance in the data center. By 2012, many of the world’s largest companies were relying on various *nix platforms to power their businesses—with many technology upstarts following suit. And since the Leap Second Bug is related to issues in the *nix kernel—specifically, the Network Time Protocol’s (NTP) inability to handle unforeseen extra seconds widespread problems and outages plagued systems synchronized to an NTP server. Many organizations affected by the bug had to disable NTP in order to get back up and running.

Leap Second Bug

Cloudera’s systems during and after the 2012 Leap Second. Source: Cloudera.
 

As it stands, leap seconds cause no problems for the latest versions of *nix flavors, but unpatched versions are still susceptible to the bug. The following is a partial list of technologies affected by the Leap Second Bug:

  • Unpatched Linux kernels

  • Hadoop instances and ElasticSearch Servers

  • Cassandra databases

  • Java-based applications

  • MySQL database servers

In preparation of Leap Second, organizations should ensure that appropriate patches have been applied to their *nix servers—as well as any of the above technologies. The bug was found to affect kernel version numbers 2.2.26 to 3.3, with versions 3.4 and higher not susceptible to the bug. Also, keep in mind that the Leap Second Bug is not relegated to the above—switches, routers, firewalls, and load-balancers are also equally at risk. UpGuard can scan all of these and more, ensuring that critical patches and updates have been applied and are consistent across environments.

Your website isn't secure either

More Blogs

The "Hacking" Of 000webhost—Or Why Free Should Never Be Synonymous With Unsecure

So how do events like 000webhost's massive data breach involving free web hosting providing 000webhost transpire? In a word, negligence. Gross negligence, to be precise.
Read Blog >

Why We Made Our Vulnerability Assessment Free for Everyone

Access to free vulnerability assessment should be a basic right in a world where computing is integral to social and economic life. For our part, we're offering our full product, including vulnerability assessment, free forever for a user's first ten machines.
Read Blog >

Understanding Risk in the 21st Century

Even today, the risk of data breaches in particular threaten to hamper business innovation. So what is cyber risk, and what can be done about it?
Read Blog >

Source(s):

http://www.timeanddate.com/time/leapseconds.html

http://googleblog.blogspot.com/2011/09/time-technology-and-leaping-seconds.html

http://www.wired.com/2015/01/leap-second-rattle-internet-theres-plot-kill/

http://www.networkworld.com/article/2872578/business-continuity/watch-out-for-an-upcoming-leap-second.html

http://www.datastax.com/dev/blog/preparing-for-the-leap-second

Topics: cyber risk

UpGuard Customers