Windows DLL Vulnerability Exploit In the Wild

WrongSizeGlass writes "Exploit code for the DLL loading issue that reportedly affects hundreds of Windows applications made its appearance on Monday. HD Moore, the creator of the Metasploit open-source hacking toolkit, released the exploit code along with an auditing tool that records which applications are vulnerable. 'Once it makes it into Metasploit, it doesn't take much more to execute an attack,' said Andrew Storms, director of security operations for nCircle Security. 'The hard part has already been done for [hackers].'"

The problem is not leap seconds...

[AB3A]

...the problem is in fact oversimplification of horology. We do not have a reasonable, standard practice for dealing with leap seconds. I've never heard of an OS that allows for 61 (or 59) seconds in a minute. Though it has never happened, leap seconds can theoretically go the other way.

To make matters worse, this concept needs to extend from the OS in to an application. Almost nobody has made the effort to handle this well. It is a relatively rare occurrence these days.

The ultimate question is why we're measuring time based upon the earth's rotation in the first place. Yes, our standards did come from the concept of dividing an astronomical day of the year in to smaller pieces, but our definition of those time units has not used the earth as a reference since 1967. Perhaps we have reached a point where the time of day concept is a bit more arbitrary?

We are able to find stars and know our longitude with very high accuracy without using leap seconds (that's how GPS does it). Is there still a reason why we should keep adjusting our concept of time according to what the earth does?