Subject: RISKS DIGEST 17.58 RISKS-LIST: Risks-Forum Digest Friday 22 December 1995 Volume 17 : Issue 58 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, etc. ***** Contents: [Loose-end clean-up; I had a few extra end-year minutes. PGN] I've been Framed by Gondolas! (Paul Menon) Texas Instruments e-mail snafu... (Bruce R Koball) My name is mud! [alta vista] (Piers Thompson)) Re: Indelible words [alta vista] (Bill Hawthorne) Problems when PC BIOS is held in flash RAM (Martin Portman) Re: Domain Registration RISK? () Write protection is in *hardware* (Rob Slade) Re: German service providers must maintain covert customer databases? (Otto Stolz) Correction to previous posting re: IW attack on Navy by AF (iw@all.net) Re: Navy Battleship takeover (Jim Haynes, John Oram, RSR Madison, Mark Stalzer, Bob Brewin) Re: Risks of checking accounts (Geoff Kuenning) ABRIDGED info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Fri, 22 Dec 1995 20:04:44 +1100 (EST) From: Paul Big-Ears Menon Subject: I've been Framed by Gondolas! This year ('95) I think I've written a total of 3 memos. You know, those official things you resort to when e-mail won't suffice. It is for that reason I don't enjoy writing them. They're an extreme measure and have to be very carefully worded. Uhh .. huh .. so far, so good. My last two were no different. They were addressed to the same audience (my boss, the HOD, the academic enrollment officer and various people in the administrative group that `controls' the database - another department, including the director of that group). The subject, by the way, was regarding access to student enrolment data for use in accounts creation. A rather serious issue. The last memo was sent on the 19th of December. Today (the 22nd of December, halfway through our Departmental Christmas breakup, I wandered back into my room, making a final scan of the mess that was supposed to be my desktop. In a vain attempt to clean up I shuffled a few things around, and ended up with a copy of the last poison pen production in my hand. An idle scan revealed the first point on the memo to start [the names have been censored to protect the needle -- pnm]: "1. Mr XXXX's approach to the ASG early last year regarding data gondolas was in an expectation ..." I cracked up. Visualisation took over - yup that made sense. I could see it now. Extra large data packets are now to be termed as gondolas. How could anyone take this memo seriously? I shared my gaffe with a few in the Staff Room (still enjoying the festivities) - including my boss, and had them crying. My boss hadn't noticed it either. So what had happened? You guessed it, a spelling checker was used. I had used FrameMaker to compose the memo. I obviously got lazy when it was time to check the spelling and didn't notice what was being suggested as a correction (you know - hit the return key... just get on with it!). All I can assume is that the intended word was supposed to be _downloads_, and my fingers got out of synch with my brain, perhaps typing something like downdolas, I'm not exactly sure ... There's a risk where corrections to transposition errors cause an even greater error, whereas if the error was left intact, it may have been understood [mabye! :-)]. [And PGN had fun checking mispelings on this issue.] Such errors arise from what I term keyboard race conditions. Common typos are 'teh' instead of 'the'. I also have a dread of typing 'interested' as there's a 20% chance (I'm sure) of it ending up as 'inetereseted'. I've never suffered these race conditions when writing (by hand). A Merry Christmas and a preprosperous (..) New Year to you all. Paul Menon, Dept of Computer Science, Royal Melbourne Institute of Technology, 124 Latrobe St., Melbourne 3001, Victoria, Australia pnm@goanna.cs.rmit.edu.au ------------------------------ Date: Fri, 22 Dec 1995 11:14:59 -0800 From: Bruce R Koball Subject: Texas Instruments e-mail snafu... This is a relatively pedestrian RISK for any one who's had experience configuring e-mail lists, but it's notable, perhaps, because of the stature of the problem's source... Texas Instruments recently opened a Web site they're calling TI&ME, to provide all sorts of technical info on their products, including data sheets on their complete lines of analog and digital ICs (this is a lot of data... the TI data books in my library take almost 10 linear feet of shelf space... so such a resource could be quite useful to hardware designers). In an effort to qualify access to this site they initially required that, at sign-up time time, you select a login and password, and then wait while a validation code was separately e-mailed to you. You then had to log back into their Web site and enter the validation code before you could get access to the data sheets. While a bit awkward, this process seemed to work OK... Last night, however, I got e-mail from their service announcing that they had removed the validation code requirement from their sign-up procedure... fine by me... I was already in... Unfortunately, whatever change they made in their system also seems to have triggered an avalanche of bogus e-mail to people on their list... this morning I logged in to find dozens of bounced mail replys, replys to bounced mail replys, replys to replys of bounced mail, etc... all originating from TI's site... and I'm hoping they fix it soon... What's the RISK lesson? I suppose it's best summed up by something Mitch Ratcliffe said a while back: "Computers let you make more mistakes faster than anything except handguns and tequila..." Bruce R. Koball, 2210 Sixth St., Berkeley, CA 94710 510 845-1350 bkoball@well.com (fax) 510 845-3946 ------------------------------ Date: Fri, 22 Dec 95 13:15:30 GMT From: pjt1@scigen.co.uk (Piers Thompson \(Ionica\)) Subject: My name is mud! [alta vista] I am interviewing job applicants at the moment. I saw the mention of the alta vista search engine in Risks and thought it could be a useful tool for gathering extra information about applicants from their usenet participation. I am dubious about the morality of this course of action but I am also keen to recruit the best person for the job. Anyway, to cut a long story short, I didn't get any hits on any of the applicants. So I tried searching for myself......and the first hit was an obscene mailing to one of the alt newsgroups. I have an unusual name so any prospective employer might very well assume that the obscene poster was me. In a way I think that this experience was amusing in an ironic way. I tried to use underhand means to discover things about job applicants and, instead, found out that my name's net image isn't quite as expected. Piers pjt1@scigen.co.uk ------------------------------ Date: Fri, 22 Dec 1995 08:38:05 GMT From: haz1@kimbark.uchicago.edu (Bill H.) Subject: Re: Indelible words [alta vista] (Hawthorne, RISKS-17.56) There's also a hidden RISK in such archives, arising from the public's ignorance of the way USENET works: It's natural to assume that a person actually reads all the newsgroups they post to; however, this is not always the case. Followups to a crossposted article in most cases go to all of the original newsgroups, which is usually not a serious issue; however, some posters make a nasty hobby of crossposting "trolls" to totally unrelated newsgroups, often including groups on pretty damning topics, in the eyes, for instance, of potential employers. For a case in point do a search on Alta Vista for: drugs.pot and haz1@midway.uchicago.edu Now, look at the actual content of the posts this search turns up... :-) The RISK? If you aren't careful about following up to someone else's post, you could be listed in search engines across the net as a regular poster to newsgroups you don't actually read-- and there's no guarantee that potential clients or employers will think to double-check the content of those posts. - Bill H. (haz1@midway.uchicago.edu) ------------------------------ Date: Fri, 22 Dec 95 09:39:51 GMT From: Martin Portman Subject: Problems when PC BIOS is held in flash RAM Some pc motherboards now (or soon will) have flash RAM chips placed where the old bios rom chips used to live. So after production, the bios code is loaded into the flash RAM. The benefits are shorter time to market (the bios doesn't have to be finished until the last minute) and upgrades will also be possible in the field. The RISK here is from code that would write to the flash RAM, ie. altering the operation of the bios (viruses), or maybe deleting random segments of it. Each PC will have to come supplied with a re-load trusted bios program, but I have no idea how (or if) this would work. Another RISK is that the flash RAM will probably only be good for tens of program cycles (updates) to keep costs down. After a few virus attacks and reloading the bios and legitimately updating it, writes to the RAM chips may start to fail and the whole pc will be useless. Martin ------------------------------ Date: Fri, 22 Dec 1995 011:51:58 -0800 [received time] From: [Same person as the RISKS-17.57 item with the same subject:] Subject: Re: Domain Registration RISK? (update to yesterday's note/today's posting) Well, my No! Stop! Don't do it! e-mail to the hostmaster at the InterNIC did not stop the erroneous DNS update from taking place. [I sent in a request to update a domain i own XXXXs.net and made a typo of XXXX.net (no "s").] The "system" is supposed to allow updates only from the "owner", technical contact, or admin contact of a domain. Obviously, there is a "improvement opportunity" in the current system, as I just checked and the erroneous update occurred this morning, despite my not being associated with the other domain in any way and sending a note to the NIC telling them NOT to make the update.... [Date: Fri, 22 Dec 1995 14:57:02 -0800 received time] I just got a reply acknowledging my "NO! Don't do it!" note which I sent to the InterNIC after receiving their confirmation of my (typoed) request to update my domain nameserver XXXXs.net The note says that the _correct_ update has now been performed and will be available on Monday - what a Christmas present for the folks in the other domain. Checking with the NICs whois service today, I see the (incorrect) data is available, earlier than promised (5 PM today). ] ------------------------------ Date: Fri, 22 Dec 1995 14:21:33 EST From: "Rob Slade" Subject: Write protection is in *hardware* As much as I hate to disagree with anyone saying anything bad about Win95 ... > it is possible to format write-protected disks when using the German > version of Windows 95. Sorry, but either they are wrong or the report was incomplete. Win95 mostly, and to the best of my knowledge only, runs on BIOS/Intel/DOS compatible machines. Almost without exception, these computers use disk drives where the write protection circuitry is built into the hardware. (Believe me, we have discussed this times without number in the virus discussion area.) It is possible for the circuitry to fail. Also, 3.5 inch drives fail "writeable" while 5.25 inch drives fail "safe". And there are interesting problems with transparent or silvered tabs or disks. Macs generally have the same type of hardware write protection, although I believe there was discussion of bypassable write protection on some obsolete models. DECUS Canada Communications roberts@decus.ca slade@freenet.victoria.bc.ca Author "Robert Slade's Guide to Computer Viruses" 0-387-94311-0/3-540-94311-0 [NUMEROUS e-mails on that point, including memorex@cats.ucsc.edu (Did the author mean files?), "Robert Beckman" , Alain Knaff , PGN.] ------------------------------ Date: Fri, 22 Dec 1995 10:00:34 +0100 From: Otto Stolz Subject: Re: German service providers must maintain covert customer databases? (RISKS-17.57) I have not read that article yet. However, I wish to improve on the translation of the two terms given in German: > Such a practical ["praktisches"!] information system is needed by the In this context, "praktisch" usually means both "useful", and "easy-to-use". Hence, the preceding sentence means: Such a handy information system is needed by the German government and secret services. (A rather cynical remark, typical for the "Bulkware" column that does not mince matters.) > This database must be organised so that it can be accessed by higher > places ["hoeheren Orts"!] without the telecommunication provider noticing "Hoeheren Orts" is an almost obsolete term, from Prussian and the Kaiser's times, meaning "by the authorities", or "by the powers that be"; this term was often used to indicate personal involvement of the emperor. ("Man war hoeheren Ortes nicht erfreut" == "His Majesty was not amused".) Again, Bulkware hints at an attempt to reinstate features of an authoritarian state that supposedly had been overcome. Otto Stolz ------------------------------ Date: Fri, 22 Dec 1995 16:36:17 -0500 (EST) From: iw@all.net (Information Warfare Mailing List) Subject: Correction to previous posting re: IW attack on Navy by AF I made an error in my previous posting to Risks. I incorrectly stated that a Navy captain was the person responsible for the demonstration - it was an Air Force captain - a big difference. Please let your readers know. [For some reason there was a difference between the original IW posting and its almost equivalent RISKS posting. PGN] ------------------------------ Date: Fri, 22 Dec 1995 10:57:41 -0800 From: haynes@cats.ucsc.edu (Jim Haynes) Subject: Re: Naval Battleship takeover (Long, RISKS-17.55) In correcting/debunking this story the moderator has managed to introduce a new error. He talks about the improbability of a teenaged Navy captain; while the original story said an Air Force captain. "Captain" has a very different meaning between the two services. Air Force captains, while not teenagers, tend to be many years younger than Navy captains. Navy captain <~=> Air Force colonel; Air Force captain <~=> Navy lieutenant. (where ~= means "approximately equal") ------------------------------ Date: Thu, 21 Dec 1995 20:54:49 -0800 From: oram@unixg.ubc.ca (John Oram) Subject: Re: Naval Battleship takeover (Long, RISKS-17.55) >If he was a Navy captain, he could not have been all that young. Whizzkids >are usually considered teenagers. Anyone know of any teenaged Navy captains? Minor point - the guy was supposed to be an Air Force captain (third officer rank), not a Navy captain (6th officer rank). A U.S. Air Force captain could be as young as 25 or so, which could be considered whizzkid-esque from an upper-echelon (i.e. Navy captain, early to mid forties) perspective. To make things more confusing, the Navy equivalent of an AF captain is a lieutenant, and the Navy equivalent of a AF lieutenant is an ensign. Convoluting matters further, in the Canadian and British militaries, lieutenant is pronounced 'lef-tenant' yet spelled the same. And the AF equivalent of a captain is a colonel, which is also not pronounced as it sounds because of a horrific entomological journey from Italian via French to English. A 2nd Lieutenant wears a gold bar, yet a 1st lieutenant wears a silver bar. And even though a major outranks a lieutenant, a lieutenant general (3 stars) outranks a major general (2 stars). Ranks make much sense sometimes. The RISK - not using unique keys for different military service's ranks. :) John Oram (son of an Air Force Colonel), MIS Department University of British Columbia [Also noted by Mark Stalzer , Sten Drescher , and others. PGN] ------------------------------ Date: Fri, 22 Dec 1995 00:59:09 -0500 From: RSRMadison@aol.com Subject: Re: Naval Battleship takeover (Long, RISKS-17.55) >From Richard S. Russell (RSRMadison@aol.com): A message from the InfoWar list noted that: <> As stated, this is true. However, let the record show that the US Navy still flies the flag daily over 1 commissioned battleship, the USS Arizona, permanently stationed in Honolulu. ------------------------------ Date: Fri, 22 Dec 95 08:21:13 EST From: mstalzer@etsd.ml.com (Mark Stalzer) Subject: Re: Naval Battleship takeover (Long, RISKS-17.55) Thanks for debunking the battleship takeover story. It's right up there with the death ray that supposedly cooked the President's helicopter. Mark Stalzer, mas@acm.org ------------------------------ Date: Fri, 22 Dec 1995 10:53:56 -0500 From: Bob Brewin Subject: Re: Naval Battleship takeover (Long, RISKS-17.55) Yikes. This story will not die -- it just lives on a Web site at the Daily Telegraph in London. Having worked for a British news organization (Reuters) for years, if you believe the Telly story, call me about a bridge I have for sale. The Air Force did not hack the Navy over the Internet. They did it over a secure network (SIPRNET) which is firewalled from the Internet. The Air Force conducted this attack with the Navy's knowledge and permission. The Navy does not have any battleships on active duty. The Air Force did not get control of the none-existent battleship. Yep. This does have the makings of a legend. Bob Brewin editor-at-large (whatever that means) federal computer week antenna@fcw.com brewin@access.digex.net ------------------------------ Date: Fri, 22 Dec 1995 11:13:07 -0800 From: Geoff Kuenning Re: Risks of checking accounts (Watson, RISKS-17.57) In RISKS 17.57, Gary M. Watson tells of receiving someone else's checking statement, and writes: > 2. Don't put all sorts of important numbers on check Memos. Unfortunately, this won't help. Take a look at the back of your cancelled checks sometime. When you make a payment to any moderately large company, the first thing they do is print important audit-trail information on the back: the date, the amount of the payment, and the account number credited are always included, among other things. They need this in case a problem arises. So a moderately knowledgeable thief can extract the critical numbers regardless of whether you put the account number in the memo line. (The only time the "please put account number on check" advice is actually useful is when your check gets separated from the bill stub before it can get into the processing machine, which one hopes is a rare occurrence. I ignore the advice out of laziness, not for security purposes.) Geoff Kuenning g.kuenning@ieee.org geoff@ITcorp.com http://www.cs.ucla.edu/ficus-members/geoff/ ------------------------------ Date: 6 September 1995 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: ABRIDGED info on RISKS (comp.risks) The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. [...] DIRECT REQUESTS to (majordomo) with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] INFO [for further information] CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. [...] ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. RISKS can also be read on the web at URL http://catless.ncl.ac.uk/Risks RISKS ARCHIVES: "ftp ftp.sri.comlogin anonymous[YourNetAddress] cd risks or cwd risks, depending on your particular FTP. [...] [Back issues are in the subdirectory corresponding to the volume number.] Individual issues can be accessed using a URL of the form http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue] ftp://unix.sri.com/risks [if your browser accepts URLs.] ------------------------------ End of RISKS-FORUM Digest 17.58 ************************