precedence: bulk Subject: RISKS DIGEST 19.44 RISKS-LIST: Risks-Forum Digest Saturday 1 November 1997 Volume 19 : Issue 44 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** Contents: AOL strikes again! (PGN) Pac*Bell Internet cites sabotage for blockade Another computer-miscontrolled jail (Scot Wilcoxon) Web sites open companies to computer fraud risk (Stevan Milunovic) Girl dies after storm cuts power (Matt Welsh) Stock-market overloads (Steve Bellovin) Re: NY Stock Exchange system "glitches" this week (Frank Carey) Re: NASDAQ (N Bender) Rat Dog column reports new web/e-mail scam (Barry L Gingrich) Re: End of daylight-saving time (Andy Marchant-Shapiro) Internet Besieged, edited by Denning and Denning (PGN) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 30 Oct 97 9:50:28 PST From: "Peter G. Neumann" Subject: AOL strikes again! America Online Inc went off-line at 11:15 a.m. PST on 29 Oct 1997, for almost two hours. Although some already logged-in users received partial service (but not e-mail), others attempting new access were denied. This outage was attributed to a hardware glitch, complicated by subsequent systemwide software problems. Users could not send or receive e-mail until after 4 p.m. [This was the worst AOL outage since the 19-hour outage on 7 August 1996 reported in RISKS-18.30.] ------------------------------ Date: Sat, 1 Nov 1997 9:03:31 PST From: "Peter G. Neumann" Subject: Pac*Bell Internet cites sabotage for blockade Someone spammed Pacific Bell Internet using a forged QueerNet address on 21 Oct 1997. Using anti-spam filtering in retaliation, Pac*Bell Internet blocked all subsequent messages from QueerNet, for at least a week. QN normally sends 150,000 messages a day to some 24,000 subscribers, and about 5000 messages were blocked to about 100 PBI subscribers. [Source: Martin Crutsinger, *San Francisco Chronicle*, 1 Nov 1997, D1. Martin quotes Jeff Lawhorn of Software Design Associates, who noted that half to three-fourths of all spam has forged reply addresses, estimating that the spam volume is now up to 1 billion messages a year.] ------------------------------ Date: Mon, 27 Oct 1997 20:17:37 -0600 (CST) From: sewilco@fieldday.mn.org Subject: Another computer-miscontrolled jail The *Minneapolis Star Tribune* reported on 27 October 1997 on the likely reasons behind the escape of a prisoner from the Carver County jail on 2 Oct. When a guard pressed buttons to let another guard through a door, he also bumped the button for an external emergency exit. The external door became unlocked, and air pressure popped it open. Several prisoners chose to stay in the room, and one escaped for a day. Opening that external door was supposed to require pressing a "door open" button, two "interlock open" buttons and then the button for the specific door. Somehow that door did unlock when its door button was bumped while an internal door that requires only pressing two buttons was being opened. Authorities were later able to open the door that way several more times. An internal investigation has not been completed, but three explanations were offered: 1. Reprogramming of operational software controlling internal doors may have inadvertently changed functions affecting the door. 2. Lightning struck the jail this past summer, which resulted in a power failure and a computer-system crash. Some of the software may have been damaged when the system was rebooted. 3. All the functions were tested when the system was installed over two years ago, but tests were not made to see if the door could be opened by hitting other buttons. Doors are also serviced after they've been opened 5,000 times, which makes it easier to detect if one isn't working. But this external emergency door has only been opened five times, with a key, for maintenance. Scot E. Wilcoxon sewilco@fieldday.mn.org [Another Risk of trying to test things that are rarely used. PGN] ------------------------------ Date: Thu, 30 Oct 1997 10:00:06 -0800 From: stevan@netscape.com (Stevan Milunovic) Subject: Web sites open companies to computer fraud risk Web sites open companies to computer fraud risk 30 Oct 1997 http://www.zdnet.com/zdnn/content/reut/1030/199007.html Multi-national companies that establish sites on the Internet open themselves to the growing risk of computer crimes such as extortion and fraud. "Computer fraud is growing at a rate of 500 percent a year," Alexander Baugh, senior vice president of professional indemnity at AIG Europe, said on Wednesday at a seminar on "The Internet and Crisis Management." "The Internet makes you visible worldwide, and it makes you easier to find," he said. "As you increase your connections, you increase the threat of attack." Fraud makes up 44 percent of computer crime, according to statistics from the U.S. National Centre for Computer Crime. An American Bar Association survey of 1,000 companies in 1996 showed that 48 percent had experienced computer fraud in the last five years, with respondents each reporting losses of $2 million to $10 million. Extortion is also becoming increasingly popular. "Extortion is probably one of the safest crimes around and is carried out by extremely sophisticated criminals," Baugh said. "The FBI estimates the odds on a successful prosecution are 22,000-to-1." The problem is made worse because companies are reluctant to talk about vulnerabilities in their computer systems. "Computer crime in the UK amounted to 250 million pounds (US$417.7 million) in 1996, according to the Association of British Insurers, but they estimate this is only 20 percent of actual losses," Baugh said. [PGN Stark Abstracting] ------------------------------ Date: Thu, 30 Oct 1997 17:25:28 +0900 From: Matt Welsh Subject: Girl dies after storm cuts power >From http://www.cnn.com/US/9710/29/briefs/snow.death.ap/index.html : A seven-year-old girl died in Lakin, Kansas after a blizzard set in and cut power to life-support machines in her home. The girl was a recipient of heart and lung transplants in 1994 and needed the machines to stay alive. According to the article, snow drifts that closed roads prevented her parents from taking her to the hospital and blocked help from reaching their home." I'm assuming that a helicopter either wasn't available or couldn't be dispatched in time to help. M. Welsh, UC Berkeley, http://www.cs.berkeley.edu/~mdw ------------------------------ Date: Thu, 30 Oct 1997 22:36:00 -0500 From: Steve Bellovin Subject: Stock-market overloads Judging from assorted news reports (from *The New York Times*, the *Wall Street Journal*, and the AP wire as carried by the *Times* Web site), different parts of the stock market industry fared quite differently during the turmoil on Monday and Tuesday. As noted in RISKS, many people who use Web-based trading systems couldn't get through. But this problem wasn't unique to the online brokerages; a number of conventional brokerages had trouble, too, even on their phone lines -- they ran out of lines, people to answer the calls, and/or capacity on their own internal systems. (At that, everyone agrees that the situation was much better than in the 1987 market crash.) The worst problems, though, seem to have affected assorted mutual funds, especially those that rely on NASDAQ. Several funds reported incorrect closing values; others were not able to report their closing prices in time for the next day's newspapers. Fidelity's problem, though, was the most interesting. The *Times* says that on Tuesday, they "tried to make a routine adjustment in the Monday closing prices". For some reason, NASDAQ took that as the Tuesday closing prices instead, confusing all the summary reports. Fidelity blames an early shutdown by the NASDAQ computer system; NASDAQ blames Fidelity's data. The New York Stock Exchange, by contrast, had little or no trouble. Their systems are engineered to handle a load of five times the normal peak. More to the point, every weekend they take the actual recorded data from Friday, quadruple it, and feed that into their system, to make sure it can really handle that much of an overload. Thus far, at least, they haven't mistaken the test data as live data... ------------------------------ Date: Thu, 30 Oct 1997 21:48:45 -0500 From: "Carey, F E (Frank), NCIO" Subject: Re: NY Stock Exchange system "glitches" this week *The New York Times* reported various problems at the New York Stock exchange over the last few days: - for the second straight night Fidelity Investments was unable to calculate closing prices in time for newspaper deadlines. - Internet trading systems rebuffed some orders with cryptic messages like "server not available". - NASDAQ systems were overwhelmed at 3:17 PM and did not show correct last sale prices after that. - Brokerage firms reported trades executed on time but delays up to an hour getting confirmations. - The president of E*Trade said its customers' problems could be traced to the precarious nature of the Internet. - Many brokerage firms were satisfied that investors fared better than in 1987. - The president of Charles Schwab credited technology with enabling them to handle as many transactions as they did. Half of their transactions are handled by computer or touch-tone phone, systems that were not available ten years ago. Bottom lines? - There weren't nearly as many problems as in 1987 - technology credited. - Internet trading doesn't seem ready for prime time. Frank Carey ------------------------------ Date: Thu, 30 Oct 1997 11:01:47 -0500 From: nbender@batterymarch.com (nbender) Subject: Re: NASDAQ Alas, not everything ran smoothly. While the exchanges themselves handled the volume, some of the downstream data vendors apparently did not escape completely unscathed. Attached is a note posted on FactSet (an online financial data service). Nick Bender Batterymarch Financial Management 29 Oct 1997 Problems with October 28 NASDAQ Prices Due to unprecedented trading volume on 10/28, end of day High, Low, Close, and Volume data is unavailable for NASDAQ securities. End of day Bid and Ask are available, however. Interactive Data expects to have the October 28, 1997, end of day High, Low, Close and Volume data available at some point on October 29, 1997. An exact time frame is not currently available. Please read this message from our pricing supplier, Interactive Data: Please be advised that NASDAQ end of day High, Low, Close and Volume data for October 28, 1997, is not available due to processing problems caused by the high volume of trades. The October 28, 1997, IDSI products contain the end of day Bid and Ask quotes for all NASDAQ securities, including Bulletin Board securities. The NASDAQ documentation for their trade feeds (NMS) specifies a six character sequence number. It is essential that this number uniquely identifies a trade in order to handle correction and re-transmission messages. Corrections contain the original sequence number and this is the only way the original trade can be identified. At approximately 3:15 p.m. ET the sequence number rolled over to from 999999 to zero and subsequently NASDAQ sent duplicate sequence numbers. Interactive Data's line readers are written to recognize the unique sequence number and therefore ignored the messages. For vendors such as Interactive Data who look at the sequence number as part of their quality control work, NASDAQ messages sent after 3:15PM were not processed and were lost. Upon noticing the problem Interactive Data created a special line reader to attempt to compensate for this problem but NASDAQ was not able to re-transmit the post 3:15 p.m. messages. When it was determined that Interactive Data would not receive the missing, a decision was made to provide the Bid and Ask quotes which were not affected by this problem. ------------------------------ Date: Thu, 30 Oct 1997 20:44:42 -0700 (MST) From: Barry L Gingrich Subject: Rat Dog column reports new web/e-mail scam An expansion of an old scam given a wired twist was described by author/investigator Fay Faron in her "Rat Dog" column. The column is syndicated by King Features. I read it in the 29 Oct 1997 *Denver Post*, page 4G. Ms. Faron is the owner of the Rat Dog Dick detective agency in San Francisco, and answers reader questions in her column. R.J.A. wrote an urgent memo to her, worried about a recent (e-mail?) message (s)he had been sent: "I received a copy of my own Web page, along with an invoice for $40. The accompanying letter said my 'unsolicited advertisement' had arrived at this person's e-mail address, in violation of Section 227 (b)(3)(B) of US Code Title 47." RJA was warned to pay up or else "be turned over to the authorities". Obviously concerned, but not completely naive, RJA asked "Rat Dog" if this was a scam. Her answer: "You bet!" She describes it as the latest incarnation of an age-old office supply scam, where, due to the problems companies often have with internal communication about procurement, unordered, inferior products are delivered and billed to an unsuspecting company. ("Well, *somebody* must have ordered this stuff...we'd better pay.") In this new twist, the con artist preys on non-techno-savvy folk by forging a quick cut-and-paste of the mark's web page into an e-mail message along with the threats described above. Note how the scam plays off recent well-publicized stories about advertisers (ok, spammers) being attacked from all legal angles. The mark is expected to panic and rifle off a check for the not-so-huge amount. Apparently, the scam is becoming more common, so much so that it's even been attempted on the folks at the Consumer Fraud Alert Network. It failed miserably, but it *was* attempted. While the crooks who attempted to scam CFAN may not end up on "America's Stupidest Criminals" anytime soon, the danger to unsuspecting and unknowledgeable cyberians is (apparently) quite real. The Federal Trade Commission told CFAN that duped marks may end up on a widely-spread "sucker list" or have legal problems associated with getting sued by the scammers for having established a business relationship by paying the first time around, then reneging on future extortion...er...fees. Needless to say, the FTC looks on the scheme with substantial disfavor. CFAN's website is www.pic.net/microsmarts/fraud.htm . I was unable to find the "Rat Dog" column online, but CFAN has a nice article about their experience with the (alleged) scammers at www.pic.net/microsmarts/newscam.htm . Barry L. Gingrich ------------------------------ Date: Thu, 30 Oct 1997 10:02:35 -0500 From: "Andy Marchant-Shapiro" Subject: Re: End of daylight-saving time (RISKS-19.43) With all the reports about the DS time change, I was a little concerned about my home machine. I was working late on a project at home, and when I went to bed, had only the OS (Win95B) running on my machine. The changeover worked just fine (Eastern US time zone) and the notice and acknowledgement stuff was sitting on my desktop in the morning. So Microsoft *may* be doing SOMETHING right. Is it possible that the various multiple clock resets we hear about are due to network servers trying to update the time on their workstations? If so, there really should be a variable you can set in Win95 to avoid the problem, but Win95 really is (it seems to me) targeted to home users, so I'm not sure how much you should blame Bill Gates for this problem. Or perhaps it was just something that got fixed in OSR2... Any similar complaints from NT 4.0 users? Andrew Marchant-Shapiro, PC Porting/Support Specialist, Power Technologies, Inc. am.shapiro@pti-us.com www.pti-us.com (518) 395-5112 ------------------------------ Date: Thu, 30 Oct 97 9:28:18 PST From: "Peter G. Neumann" Subject: Internet Besieged, edited by Denning and Denning I just received a copy of the successor to Peter Denning's ``Computers Under Attack'': Dorothy E. Denning and Peter J. Denning Internet Besieged: Countering Cyberspace Scofflaws ACM Press, NY, and Addison-Wesley, Reading, Massachusetts, 1998 ISBN 0-201-30820-7 xii+545 This is a remarkably comprehensive collection of diverse viewpoints. The list of contributors to the 34 chapters includes many individuals who will be very familiar to RISKS readers. ------------------------------ Date: 1 Apr 1997 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Or use Bitnet LISTSERV. Alternatively, (via majordomo) DIRECT REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] => The INFO file (submissions, default disclaimers, archive sites, .mil/.uk subscribers, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 18" for volume 18] or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS ------------------------------ End of RISKS-FORUM Digest 19.44 ************************