precedence: bulk Subject: Risks Digest 20.07 RISKS-LIST: Risks-Forum Digest Saturday 14 November 1998 Volume 20 : Issue 07 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at http://catless.ncl.ac.uk/Risks/20.07.html and at ftp.sri.com/risks/ . Contents: Lovesick cod overload submarine sonar equipment (Christoph Conrad) O'Hare's radar malfunctioning (Doneel Edelson) Dallas-FortWorth ARTS air-traffic control upgrade backed out (PGN) NASAA spam investors by mistake (Mich Kabay) Interference risks on cruise missiles (Gordon Lennox) Talking elevator with off-by-one error? (George Michaelson) 3Com Security Advisory: We built in back doors, so you're at risk! (John Gilmore) Re: Unreliable reception of e-mailed WP documents (Garth Anderson) Re: LA 911 Outage (John Sheckler) Business jet trips/privacy (Daniel P.B. Smith) Corrections on recent issues (PGN) GPS internal clock problem (Bob Nicholson) Dumbing down English speech (Bertrand Meyer) REVIEW: "Cyberspace and the Law", Edward A. Cavazos/Gavino Morin (Rob Slade) REVIEW: "E-Commerce Security", Anup K. Ghosh (Rob Slade) System Safety Society Conference -- Call for Papers (Dixon Jack) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Fri, 13 Nov 1998 21:42:20 +0100 From: Christoph Conrad Subject: Lovesick cod overload submarine sonar equipment Associated Press in a German newsletter, 13 Nov 1998 (retranslated by me): "Norwegian submarines have discovered an unexpected problem while diving off the Norwegian coast: the grunting noise from swarms of lovesick cod overburdens the sonar equipment. Thereby navigation in Norwegian waters is almost impossible, said the Defense Department yesterday." Christoph.Conrad@post.rwth-aachen.de [For non-English readers, codfish = torsk in Scandinavian languages, while other linguistic fisk roots stem from bacalao, morue, merluzzo, Kabeljau, tara, ... For English speakers, it is evident that the submarines need a cod peace to hide their attractive nature. PGN] ------------------------------ Date: Thu, 29 Oct 1998 12:42:10 -0500 From: "Edelson, Doneel" Subject: O'Hare's radar malfunctioning Air-traffic controllers say a new radar system has been malfunctioning, causing them to lose track of planes at O'Hare International Airport, one of the world's busiest airports. The computer system repeatedly drops critical flight information, misidentifies aircraft location, and gives false information, according to Kurt Granger, president of the National Air Traffic Controllers Association in Elgin, Illinois. Federal Aviation Administration spokesman Don Zochert denied Granger's claims, saying the new system is safe. He said the new, up-to-date software is also used in Denver, Dallas and New York City. [Source: *USA Today*, 29 Oct 1998] ------------------------------ Date: Wed, 11 Nov 1998 11:26:35 -0500 From: "Peter G. Neumann" Subject: Dallas-FortWorth ARTS air-traffic control upgrade backed out The ARTS 6.05 software in use at the DFW regional TRACON (Terminal Radar Approach Control) center has been causing so much confusion for the controllers (who maintained that safety was compromised, whereas the FAA and the union had said there was no danger) that the system has been backed off to an earlier version, ARTS 6.04. Reportedly, there some ghost (nonexistent) aircraft showing up, while real planes were omitted. Controllers noted that 200 complaints in the past month had been ignored by the FAA until now. One particular case occurred on 30 Oct 1998, when a flight disappeared for 10 miles. Another case involved a plane at being handed off at 10,000 feet, with the recipient controller's screen showing the plane at 3,900 feet. Such problems had not occurred with ARTS 6.04, but ARTS 6.05 seems to have significant improvements (ignoring the glitches). This is the same software that is used in Chicago (see the previous item in this issue!), Denver, NY, and southern California. ``Officials compared the shift between the two programs to the difference between the Windows 95 and Windows 98 operating systems on personal computers. As with any new software, there are bugs to be worked out, they said.'' [That is REALLY reassuring. PGN] [Source: article by J. Lynn Lunsford, *Dallas Morning News*, 7 Nov 1998, and an article by G. Chambers Williams III, Fort Worth Star Telegram, 7 Nov 1998; the quote relating to Windows 95/98 is from the FW Star Telegram article. PGN Stark Abstracting] ------------------------------ Date: Mon, 2 Nov 1998 11:09:53 -0500 From: Mich Kabay Subject: NASAA spam investors by mistake Anti-fraud vigilantes responded to an appeal from the North American Securities Administrators Association (NASAA) for leads on possible securities fraud involving junk e-mail. Unfortunately, last week (30 October), these good citizens each received up to 300 messages thanking them for their tip. The glitch was solved by Friday morning. Anyone wanting to contribute to the fight against stock fraud is invited to visit the NASAA web site at for information on how to participate. [Source: a Reuters item , 31 Oct 1998] M. E. Kabay, PhD, CISSP / Director of Education ICSA, Inc. ------------------------------ Date: Wed, 4 Nov 1998 13:25:20 +0100 From: Gordon.LENNOX@BXL.DG13.cec.be Subject: Interference risks on cruise missiles Following the Patriot item... > From Aviation Week & Space Technology - 2 Nov 1998 - Page 23 > The auctioning of frequency spectrum to commercial telecommunication > providers is undermining the Pentagon's ability to counter low-observable > (LO) cruise missiles.... The large amount of spectrum already auctioned off > even now is impacting at least one classified system used to detect > low-observable aircraft and missiles... [... not to mention the Leonid shower of meteorites coming up in a few days. PGN] ------------------------------ Date: Thu, 12 Nov 1998 11:19:10 +1000 (EST) From: George Michaelson Subject: Talking elevator with off-by-one error? new building. 7 floors labelled [1..7] enter lift [elevator]. select floor 1. arrive at floor 1. lift announces: "floor eight" My guess is that the software is generic and is loosely coupled to the real "I know where I am" function the lift has innately, talking or not. I have a mild concern that a lift this confused maybe doesn't want to be used. Shades of Douglas Adams.. -George ------------------------------ Date: Wed, 28 Oct 1998 12:08:25 -0800 From: John Gilmore Subject: 3Com Security Advisory: We built in back doors, so you're at risk! They don't quite admit to not knowing anything about security -- putting undocumented back-door passwords into their switches, and putting in a way to read the administrator's password via an un-authenticated SNMP query. But you can tell that the information secured by this incredible obscurity is all over the cracker community, if 3Com is now willing to put it up on their Web page. As usual, only when the bad guys have had your system wide open for months, will the supposed "good guys" tell you, ahem, you have a problem. They *did* release fixed firmware, I give them credit for that. John http://www.3com.com/news/advisory51498.html > 3Com Security Advisory for CoreBuilder and SuperStack II customers > > 3Com is issuing a security advisory affecting select > CoreBuilder LAN switches and SuperStack II Switch products. > This is in response to the widespread distribution of special > logins intended for service and recovery procedures issued > only by 3Com's Customer Service Organization under conditions > of extreme emergency, such as in the event of a customer > losing passwords. > > Due to this disclosure some 3Com switching products may be > vulnerable to security breaches caused by unauthorized access > via special logins. > > To address these issues, customers should immediately log in > to their switches via the following usernames and passwords. > They should then proceed to change the password via the > appropriate Password parameter to prevent unauthorized access. > > * CoreBuilder 6000/2500 - username: debug password: synnet > * CoreBuilder 3500 (Version 1.0) - username: debug password: synnet > * CoreBuilder 7000 - username: tech password: tech > * SuperStack II Switch 2200 - username: debug password: synnet > * SuperStack II Switch 2700 - username: tech password: tech > > The CoreBuilder 3500 (Version 1.1), SuperStack II Switch 3900 > and 9300 also have these mechanisms, but the special login > password is changed to match the admin level password when the > admin level password is changed. [Here's the best part:] > Customers should also immediately change the SNMP Community > string from the default to a proprietary and confidential > identifier known only to authorized network management staff. > This is due to the fact that the admin password is available > through a specific proprietary MIB variable when accessed > through the read/write SNMP community string. > > This issue applies only to the CoreBuilder 2500/6000/3500 and > SuperStack II Switch 2200/3900/9300. > > Fixed versions of software for CoreBuilder 2500/6000/3500 and > SuperStack II Switch 2200/3900/9300 are available below. > > General administration of these systems should still be > performed through the normal documented usernames and > passwords. Other facilities found under these special logins > are for diagnostic purposes and should only be used under > specific guidance from 3Com's Customer Service Organization. > > For more information 3Com has dedicated a hotline at > 1-888-225-1733. Outside the United States please contact your > local Customer Service Organization location. ------------------------------ Date: Wed, 14 Oct 1998 14:08:10 EDT From: Outla@aol.com Subject: Re: Unreliable reception of e-mailed WP documents (RISKS-20.03) The blank-field problem is a well-known and well-understood bug that is much more general than which word processor or OS or software version is being used. It happens wherever text is displayed in a field, column, cell, or window on a screen. The most common fix is to make all fields a bit larger than seems necessary, just to account for variations on different machines. Text windows generally make the bottom line blank if that line doesn't completely fit in the window. The purpose seems to be preventing users from seeing only the top half of any letters. There are reasons for this beyond convenience, speed, or aesthetics: the top halfs of i and j look identical, as do v and y. It's quite possible to program a window to display a partial line, and many do, but that is a very common default. Fonts are interpreted and displayed by the local machine. Sometimes the original font is unavailable; sometimes the font is adjusted to fit the screen resolution or printer resolution or user preferences or even converted to bold or italics. If such conversion leads to a screen font taller than the field in which it will be displayed, then even the first line of text will be blanked. Note that the field or box which holds the text is itself drawn a subtly different size on each computer; even if the font converts exactly, some screens might still see a blank field. Also, even if you view (and print) the document on every configuration available there could still be surprises at run-time: the text may be reformatted temporarily, such as when the field is being edited or is made read-only. The RISK is that this default behavior is very unexpected in fields designed to display only one line of text, even when it is accepted as normal in multi- line text fields. The unexpected results can easily lead to miscommunication. Garth Anderson ------------------------------ Date: Wed, 14 Oct 1998 13:46:29 -0400 From: Subject: Re: LA 911 Outage (Maufer, RISKS-20.03) Here is how *The Washington Post* reported it. Interesting how the cause seems to have differed considerably. I suspect that they were describing the electricians' version of a high-temp hand-held blower for shrinking tubing and other heating purposes. These things are commonly called "hair dryers" only because they vaguely resemble one. L.A.'s 911 System Is Back in Service, *The Washington Post*, from news services 12 Oct 1998; Page A10; Nation in Brief http://search.washingtonpost.com/wp-srv/WPlate/1998-10/12/059l-101298-idx.html Workers using hair dryers to clean hundreds of delicate circuit boards brought the city's 911 system back on line yesterday after sprinklers flooded a communications room. A backup system kicked in and rerouted emergency calls to individual police stations during the 17 hours that power was shut off to the dispatch center. Sprinklers put out a fire Saturday afternoon in a storage room below City Hall, but 2,000 gallons of water seeped down and soaked ceiling-high racks of circuit boards that link 911 operators to area emergency dispatchers. "There were cables floating in six inches of water. That's the kiss of death. People aren't even allowed to drink coffee at their desks because they could spill it," said supervisor Monika Giles. "We're lucky it came back on at all." [...] John Sheckler, CQA, Software Productivity Consortium, 2214 Rock Hill Road, Herndon, VA 20170-4227 703-742-7156 http://www.software.org ------------------------------ Date: Sat, 31 Oct 1998 10:41:31 -0500 (EST) From: "Daniel P.B. Smith" Subject: Business jet trips/privacy Sorry, don't have the article at hand... hope others will give more details... there was an article in last week's Wall Street Journal--front page, that third-column-from-right "feature" story--that says that the TheTrip.com web site tracks not just commercial flights, but any flight for which you know the aircraft's tail number, and that there's some other site where you can look up the tail number. The result is that anyone can track the flights of any corporate jet. One corporate critic put this to use to get strong circumstantial evidence of expensive junketing ("I don't know any Fortune 500 companies with headquarters in The Hamptons.") Obviously this information can also be used for industrial espionage and by stock traders (hmmm, what's Sledge-O-Matic Software Systems' plane doing in Seattle?). The story wasn't completely clear on whether this information is _supposed_ to be public. The impression I got it that it is another example of information that _is_ supposed to be public but suddenly everything looks different when public access is widespread, easy, and cheap. To this naive individual, the most interesting sidelight was the revelation that the reason why companies bear the expense of corporate jets is not convenience, timeliness of flights, nor the desire to save precious minutes of time for individuals whose time is worth hundreds of dollars per minute, but the supposed secrecy of the flights. Daniel P. B. Smith ------------------------------ Date: Sat, 14 Nov 1998 11:21:12 -0500 From: RISKS List Owner Subject: Corrections on recent issues Too much traveling recently and too little time for RISKS. I messed up in preparing RISKS-20.05. Sensormatic of course makes the anti-theft device, not defibrillators. BADREF. I messed up in preparing RISKS-20.06. The month at the top of the issue was OFF-BY-ONE. Both corrections are noted in the respective catless and sri archive copies. I was hoping to put this issue out on Friday the 13th (yesterday), but perhaps it is just as well I had no time! [Which reminds me I just saw a note saying that a now-retired British vicar, Reverend Leslie Robinson, claims that the 1989 Kegworth air disaster in which a London-Belfast plane crashed onto the M1 highway, killing 47 and injuring 79, was influenced by a witches' coven operating under the flight path. The good engine had been turned off, instead of the malfunctioning one. Rebuttals are also included. *Yorkshire Evening Press*, 12 Nov 1998] I wonder how many problems RISKS will have because of Y2K? (I'll be back in WashDC during the coming week for another meeting of the General Accounting Office Executive Council on Information Management and Technology, dealing with the U.S. Government's Y2K preparedness -- or lack thereof. Progress still seems to be much slower than it ought to be. Check out Congressman Stephen Horn's cumulative report card at http://www.house.gov/reform/gmit .) PGN ------------------------------ Date: Wed, 11 Nov 1998 08:20:39 +0000 From: "Bob Nicholson" Subject: GPS internal clock problem [This has been reported earlier, beginning in RISKS-18.24, but is still a problem. PGN] As a licensed aircraft engineer, I regularly receive "AIRWORTHINESS NOTICES" from the British CAA. Here is one (verbatim) that may be of interest. CIVIL AVIATION AUTHORITY : o AIRWORTHINESS NOTICE No. 7* Issue l 23 October 1998 THE POTENTIAL RESETTING OF GLOBAL POSITIONING SYSTEM (GPS) RECEIVER INTERNAL CLOCKS 1 Introduction 1.1 The timing mechanism within GPS satellites may cause some GPS equipment to cease to function after 22 August 1999 due to a coding problem. The GPS measures time in weekly blocks of seconds starting from 6 January 1980. For example, at midday on Tuesday 17 September 1996, the system indicates week 868 and 302,400 seconds. However, the software in the satellites' clocks has been configured to deal with 1024 weeks. Consequently on 22 August 1999 (which is week 1025, some GPS receivers may revert to week one (i.e. 6 January 1980). 1.2 Most airborne GPS equipment manufacturers are aware of the potential problem and either have addressed the problem previously, or are working to resolve it. However, there may be some GPS equipment (including portable and hand held types) currently used in aviation that will be affected by this potential problem. 2 Action to be taken by Aircraft Operators Aircraft operators, who use GPS equipment (including portable and hand held types), as additional radio equipment to the approved means of navigation, should enquire from the GPS manufacturer whether the GPS equipment will exhibit the problem. Equipment that exhibits the problem must not be used after 21 August 1999 and either be removed from the aircraft or its operation inhibited. For the Civil Aviation Authority, Safety Regulation Group, Aviation House, Gatwick Airport South, West Sussex RH6 OYR ------------------------------ Date: Tue, 10 Nov 98 14:40:31 PST From: Bertrand.Meyer@eiffel.com Subject: Dumbing down English speech Although complaints about Microsoft Word's eagerness to correct what it sees as mistakes are not new in RISKS, I think it is still useful to protest vehemently the way Word 97 promotes the dumbing down of English writing by flagging (when you use its default options) any sentence which, according to some mysterious criterion, it deems too long, even if the sentence is made of several semicolon-separated clauses, and even though it is perfectly obvious to anyone, fan of Proust or not, that clarity is not a direct function of length, since it is just as easy to write obscurely with short sentences as with longish ones and, conversely, quite possible to produce an absolutely limpid sentence that is very, very long. Bertrand Meyer, Interactive Software Engineering, Santa Barbara , http://eiffel.com ------------------------------ Date: Thu, 29 Oct 1998 10:37:38 -0800 From: "Rob Slade" Subject: REVIEW: "Cyberspace and the Law", Edward A. Cavazos/Gavino Morin BKCYSPLW.RVW 980817 "Cyberspace and the Law", Edward A. Cavazos/Gavino Morin, 1994, 0-262-53123-2, U$19.95 %A Edward A. Cavazos polekat@well.sf.ca.us %A Gavino Morin gmorin@bga.com %C 55 Hayward Street, Cambridge, MA 02142-1399 %D 1994 %G 0-262-53123-2 %I MIT Press %O U$19.95 +1-800-356-0343 fax: +1-617-625-6660 manak@mit.edu %P 215 p. %T "Cyberspace and the Law: Your Rights and Duties in the On-Line World" "Net Law" (cf. BKNLHLUI.RVW) was written for the lawyer. "SysLaw" (cf. BKSYSLAW.RVW) was written for the layman, rather than lawyer, but was still aimed at sysops rather than the common herd. This book fills that space, and is the first I can recall that does so. Chapter one provides a very brief description of cyberspace, starting with William Gibson's invention of the term, running through various different electronic entities, and including some basic online activities. Privacy, and particularly the Electronic Communications Privacy Act as applied to the Steve Jackson Games case, is the topic of chapter two. The chapter ends with a rather odd look at encryption. Eventually getting around to PGP's problems with ITAR (the International Traffic in Arms Regulations), the book seems to state that PGP should be avoided because simple possession of it may be illegal. Since the book is based entirely on US law, it is obviously aimed at an American audience, and the issue of export does not appear to be mentioned. Contracts are the subject of chapter three, mostly dealing with common law. Chapter four covers copyright. I must say that I am always amused by the wording of the American First Amendment; that government shall make no laws regarding the abridgement of freedom of speech or press; since there are laws about defamation, fraud, and pornography. These, and free speech, are dealt with in chapter five. Considerations of prurient material are discussed in significantly more detail in chapter six, and I must say that this is one of the most informative and even-handed explanations of the topic in any book reviewed to date. Chapter seven closes off the book with a grab bag of potentially illegal computer related activities. The intent seems to be to warn users about apparently innocuous actions that could bring them afoul of the law. As usual, there is a section on computer viruses, and, as usual, it isn't very good. Appendix A provides a good list of contacts for legal and paralegal interest groups. Other appendices list various US statutes examined in the book. While this work once again limits itself to the US, and fails to note the international nature of cyberspace, it does provide its information in a readable and accessible form. The authors do not always deliver on their promise to avoid legal jargon (such as "color of law"), but all the contents can be understood by the intelligent and determined lay reader. Where legal niceties are not completely delineated they would only be of interest to other lawyers anyway. copyright Robert M. Slade, 1998 BKCYSPLW.RVW 980817 ------------------------------ Date: Thu, 5 Nov 1998 11:28:36 -0800 From: "Rob Slade" Subject: REVIEW: "E-Commerce Security", Anup K. Ghosh BKECMSEC.RVW 981003 "E-Commerce Security", Anup K. Ghosh, 1998, 0-471-19223-6, U$24.99/C$35.50 %A Anup K. Ghosh %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 1998 %G 0-471-19223-6 %I John Wiley & Sons, Inc. %O U$24.99/C$35.50 416-236-4433 fax: 416-236-4448 %P 288 p. %T "E-Commerce Security: Weak Links, Best Defenses" The title is ever so slightly misleading in that the topic is not electronic commerce as a whole, but the (admittedly most popular) Web segment of it. However, within this limit, the book does provide solid coverage and good advice for a whole range of issues. Chapter one is a general introduction to the factors involved, looking at some recent "attacks" of various types, and then reviewing the client, transport, server, and operating system components to be examined in the remainder of the book. Client (generally browser) flaws are covered thoroughly in chapter two. The breadth of coverage even includes mention of topics such as the concern for privacy considerations with cookies. Active content is the major concern, with an excellent discussion of ActiveX (entitled "ActiveX [In]security"), a reasonably detailed review of the Java security model, and a look at JavaScript. Unfortunately, very little of this touches directly on e-commerce as such, except insofar as insecure client technology is going to make e-commerce a harder sell to the general public. While covering the transport of transaction information, in chapter three, Ghosh makes an interesting distinction between stored account systems (where you want to secure the transmission of identification data) and stored value systems (where the data, once transmitted, is useless to an eavesdropper). Many books concentrate on either channel security or electronic cash systems, so this comparison is instructive. A server involves multiple programs, and may involve multiple machines. Server security can quickly become complex, and this is quite evident in chapter four. While a great deal of useful and thought-provoking information is presented, the complicated nature of the undertaking works against this chapter. Not all topics are dealt with thoroughly, or as well as the previous material was. Oddly, one issue not covered in depth is the firewall, which is handled very well in chapter five, with operating system problems. Ghosh sets up a classification scheme for OS attacks, illustrated by specific weaknesses in Windows NT and UNIX. The book ends in chapter six with a call for certification of software, greater attention to security in all forms of software, and, interestingly, for greater use of component software. (From the jacket material, it appears that Ghosh is currently involved in the promotion of component software systems.) Each chapter ends with a set of references. Unlike all too many books with bibliographies stuff with obscure citations from esoteric journals, the bulk of the material listed is available on the Internet. (RISKS-FORUM Digest readers may already have seen much of it.) A separate section lists Web sites used in the text. The various issues dealt with in the book are explained clearly, and generally present counsel on the best practices for secure online commerce. A compact but comprehensive guide to the current state of electronic transaction security. copyright Robert M. Slade, 1998 BKECMSEC.RVW 981003 ------------------------------ Date: Wed, 04 Nov 1998 14:58:23 -0500 From: "Dixon, Jack" Subject: System Safety Society Conference -- Call for Papers System Safety -- System Safety at the Dawn of a New Millennium 17th International System Safety Conference 16--21 August 1999 Holiday Inn International Drive Resort Orlando, Florida, USA See http://www.system-safety.org Abstracts due 15 Jan 1998. Jack Dixon -- Technical Program Chair, ISSC1999@yahoo.com P.O. Box 780660, Orlando, Fl 32878-0660 USA Ph: (407) 306-5141. Registration and Orlando Information: CPS, Inc., 2453 Orlando Central Parkway, Orlando, FL 32809 (800) 777-5333, fax (407) 851-8313 ------------------------------ Date: 23 Sep 1998 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, SEND DIRECT E-MAIL REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 19" for volume 19] or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. PostScript copy of PGN's comprehensive historical summary of one liners: illustrative.PS at ftp.sri.com/risks . ------------------------------ End of RISKS-FORUM Digest 20.07 ************************