Monday, June 29, 2009

Major Bugs with Most Notable Consequences

Space exploration
A booster went off course during launch, resulting in the destruction of NASA Mariner 1. This was the result of the failure of a transcriber to notice an overbar in a written specification for the guidance program, resulting in the coding of an incorrect formula in its FORTRAN software. (July 22, 1962).
The Russian Space Research Institute's Phobos 1 deactivated its attitude thrusters and could no longer properly orient its solar arrays or communicate with Earth, eventually depleting its batteries. (September 10, 1988).
The European Space Agency's Ariane 5 Flight 501 was destroyed 40 seconds after takeoff (June 4, 1996). The US$1 billion prototype rocket self-destructed due to a bug in the on-board guidance software.
NASA Mars Polar Lander was destroyed because its flight software mistook vibrations due to atmospheric turbulance for evidence that the vehicle had landed and shut off the engines 40 meters from the Martian surface (December 3, 1999). Its sister spacecraft Mars Climate Orbiter was also destroyed, but due to human error and not, as is sometimes reported, due to a software bug.
A mis-sent command from Earth caused the software of the NASA Mars Global Surveyor to incorrectly assume that a motor had failed, causing it to point one of its batteries at the sun - subsequently overheating it. (November 2, 2006).

A bug in the code controlling the Therac-25 radiation therapy machine was directly responsible for at least five patient deaths in the 1980s when it administered excessive quantities of X-rays.
A Medtronic heart device was found vulnerable to remote attacks in March 2008

The year 2000 problem spawned fears of worldwide economic collapse and an industry of consultants providing last-minute fixes.[13] In addition, it is possible the problem could recur in 2038 (the year 2038 problem), as many Unix systems calculate the time in seconds since 1 January 1970, and store this figure as a 32-bit signed integer, for which the maximum possible value is 231 (2,147,483,648).

Electric power transmission
The 2003 North America blackout was triggered by a local outage that went undetected due to a race condition in General Electric Energy's XA/21 monitoring software.

AT&T long distance network crash (January 15, 1990), in which the failure of one switching system would cause a message to be sent to nearby switching units to tell them that there was a problem. Unfortunately, the arrival of that message would cause those other systems to fail too - resulting in a 'wave' of failure that rapidly spread across the entire AT&T long distance network.
In January 2009, Google's search engine erroneously notified users that every web site world wide was potentially malicious.

The software error of a MIM-104 Patriot, caused its system clock to drift by one third of a second - resulting in failure to locate and intercept an incoming missile. The scud impacted in a military compound in Dhahran, Saudi Arabia (February 25, 1991), killing 28 Americans.
A Chinook crash on Mull of Kintyre in June 1994. A Royal Air Force Chinook helicopter crashed into the Mull of Kintyre, killing 29. This was initially dismissed as pilot error, but an investigation by Computer Weekly uncovered sufficient evidence to convince a House of Lords inquiry that it may have been caused by a software bug in the aircraft's engine control computer.
Smart ship USS Yorktown was left dead in the water in 1998 for nearly 3 hours after a divide by zero error.
A software glitch in a South African antiaircraft cannon had killed 9 soldiers and seriously injured 14 others in 2007 during a shooting exercise.

Eve Online's deployment of the Trinity patch, which erased the boot.ini file from several thousand users' computers, rendering them unable to boot. This was due to the usage of a legacy system within the game that was also named boot.ini. As such, the deletion had targeted the wrong directory instead of the /eve directory.
In the Sony BMG CD copy prevention scandal (October 2005), Sony BMG produced a Van Zant music CD that employed a copy protection scheme that covertly installed a "rootkit" on any Windows PC that was used to play it. Their intent was to hide the copy protection mechanism to make it harder to circumvent. Unfortunately, the rootkit inadvertently opened a security hole resulting in a wave of successful trojan horse attacks on the computers of those who had innocently played the CD. Sony's subsequent efforts to provide a utility to fix the problem actually exacerbated it.

In order to fix a warning issued by Valgrind, a maintainer of Debian patched OpenSSL and broke the random number generator in the process. The patch was uploaded in September 2006 and made its way into the official release; it was not reported until April 2008. Every key generated with the broken version is compromised, as is all data encrypted with it, threatening many applications that rely on encryption such as S/MIME, TOR, SSL or TLS protected connections and SSH.

No comments:

Post a Comment