precedence: bulk Subject: Risks Digest 20.10 RISKS-LIST: Risks-Forum Digest Thursday 3 December 1998 Volume 20 : Issue 10 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at and at ftp.sri.com/risks/ . Contents: Dulles radar fails for half-hour (Doneel Edelson) Pilots: Runway crossings a safety hazard (Doneel Edelson) DoD falsified Y2K data but has "good feeling" about future (Edupage) Virginia library removes software filters (Edupage) How the rest of the world views Americans (Declan McCullagh) False 911 calls traced to spliced cabling (Bryan O'Sullivan) Immigration process on hold due to fingerprint data format (Deepak N) Interesting bug in SecurID software (Drew Dean) V-Mail -- or Virus Mail? (Jason Stokes) PalmPilots voiding car locks in Europe (Brig C. McCoy) Sony infrared controllers lock up certain Macintosh systems (Fred Condo) IR-outfitted Macs and Sony remote controls (T Byfield) Paranoia or Parannoyance? (Al Christians) Y2K inflation risk (Marion Moon) Risks of Internet keywords (Erann Gat) Re: Internet speech is "on the record" (Silas S. Brown, Scott E. Preece) Re: 100-year-old woman "too old to vote" (Bob Heuman) Re: REVIEW: "Java Cryptography", Jonathan Knudsen (Fred Long) FEmSys99: Call for Participation/Program (Axel Poigne) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Tue, 24 Nov 1998 12:40:04 -0500 From: "Edelson, Doneel" Subject: Dulles radar fails for half-hour Radar failed for 31 minutes at the Washington D.C. area Dulles International Airport, leaving air traffic controllers unable to tell the exact locations of circling airliners. Controllers had no information on the altitude, airspeed or identification of about a dozen planes circling the airport. [Source: AP item in *USA Today*, 24 Nov 1998; PGN Abstracting] ------------------------------ Date: Fri, 13 Nov 1998 12:57:48 -0500 From: "Edelson, Doneel" Subject: Pilots: Runway crossings a safety hazard In an effort to speed up landings and takeoffs, tight runway crossings are common. In May 1997, strong winds were sufficient to alter the timing enough to force the aborting of the takeoff of a British Airways 747 at Chicago's O'Hare Airport because of a United jet landing directly in its path. Fortunately, the BA plane was able to stop in time, blowing 6 tires, locking 12 brakes, and scaring the passengers. Beginning with a discussion of this case, an article in *USA Today*, 13 Nov 1998 [PGN Stark Abstracting] analyzes the issues involved at some length. ------------------------------ Date: Sun, 29 Nov 1998 13:46:13 -0500 From: Edupage Editors Subject: DoD falsified Y2K data but has "good feeling" about future A Department of Defense inspector-general report says that the Defense Special Weapons Agency never conducted required tests on three of five "mission critical" computer systems it had certified as Y2K-compliant. The military officer assigned to correct the agency's Year 2000 problems says he agrees with the report, but that the systems in question will be "100% in compliance" by April 1999: "I have a good feeling about Y2K in this agency." (*USA Today*, 27-29 Nov 1998; Edupage, 29 Nov 1998) ------------------------------ Date: Thu, 03 Dec 1998 13:39:32 -0500 From: Edupage Editors Subject: Virginia library removes software filters Responding to a federal court's ruling that the Loudoun County (VA.) library's use of software filters to screen out sexually explicit material on the Internet was unconstitutional (Edupage 24 Nov 98), the Library Board has removed filters from some of its computers and left them on others; adults will decide whether they want to use a computer with a filter or one without, and parents of minors will be asked to sign a statement specifying whether or not they want their child to have unfiltered Internet access. Library patron Becky Montcastle-Jones urged the library board to appeal the court's ruling, saying: "We have not had pornographic or salacious material in our library. Why, just because we have new technology to get to it very quickly, should we have any different policy? In the video section, you can't go in there and get a pornographic movie. Librarians throughout history have had to make choices about what will be in the library. That's not censorship -- that's choice." But board member Marc Leepson expressed the view of 6 out of the 8 board members: "I'm completely comfortable with the new policy. It's constitutional, and it still protects children." (*The Washington Post*, 3 Dec 1998; Edupage, 3 December 1998) ------------------------------ Date: Tue, 01 Dec 1998 15:39:10 -0500 From: Declan McCullagh Subject: How the rest of the world views Americans > Another federal judge killed another Internet censorship law, in the > American state of Virginia; lawmakers, in order to protect The > Children(tm) from all that smut on the Net, had ordered public libraries > to install software filters; scoffed the judge, what a crock -- the law is > unconstitutional, get those filters off, right now; not only that but the > filters he saw even blocked Web sites about the Quaker religion and Beanie > Babies. A Philadelphia judge delayed Mr Clinton's unconstitutional Child > Online Protection Act, a censorship law that requires Web sites to prove > the age of those who log on before showing them any pictures or "material > considered harmful to minors," whatever that is. > [*Bangok Post*, database technology section, 2 Dec 1998 -- with attitude...] [http://www.well.com/~declan/politech/] [VA VA voom!] ------------------------------ Date: Wed, 2 Dec 1998 01:10:36 -0800 (PST) From: "Bryan O'Sullivan" Subject: False 911 calls traced to spliced cabling San Francisco police and Pacific Bell have traced the source of over 120 false calls to the 911 emergency service during a 36-hour period. The problem manifested itself through several telephones in San Francisco's Mission district that called 9-1-1 repeatedly; when operators answered the calls, they heard only static. Apparently, a phone cable became wet at the point of a splice and shorted out intermittently, causing this rather odd problem. ------------------------------ Date: Mon, 30 Nov 1998 18:03:29 -0800 From: Deepak_N1@Verifone.Com Subject: Immigration process on hold due to fingerprint data format I just received this from my lawyer. > Earlier this week, the INS suspended the processing of all I-485s filed > with the INS Service Centers and District Offices on or after April 1, > 1998. A written announcement will be issued by INS Headquarters in the > very near future. The reason for the processing suspension is an error by > the outside INS CLAIMS contractor, EDS, which failed to deliver > fingerprint data tapes to both the FBI and CIA in a format that could be > read by these agencies. The INS has been working to resolve the problem > with the FBI and the CIA. Apparently, the FBI has now completed all > fingerprint checks for applications filed with the Service through the end > of September, 1998, but the CIA is still working on cases filed in April, > 1998. It is not clear at this time how long the processing suspension will > last. Concurrently filed I-765s and I-131s are not affected by the hold. > The immediate impact of the I-485 processing suspension will be on > applications filed at the NSC where they are now ready to close-out April, > 1998 filings. The backlogs at the other Service Centers and most District > Offices are much longer. Additionally, close-outs for aging-out cases > filed on or after April 1, 1998, are also on hold. ------------------------------ Date: Mon, 30 Nov 1998 16:56:54 -0500 From: Drew Dean Subject: Interesting bug in SecurID software I have a SecurID card for my Princeton Computer Science department account. The setup is that an old Sun, running SunOS 4.1.4, is running the SecurID software; you telnet to it, authenticate, and then rlogin to where you want to go. While this setup isn't perfect, the router hooking these machines to the outside world is setup to prevent spoofing, and the local network is deemed to be under reasonable control. A couple months ago, I logged in, and tried to rlogin to the workstation on my (former) desk. It said, "Not on system console." Funny, it only says that if you attempt to rlogin as root. I looked a little more closely, noticed a # prompt, and /usr/bin/id reported that I was UID 0. Hmmm. I had logged in as myself, and gotten a root shell on the SecurID server! How bizarre.... The head system administrator also received a root shell after logging in as himself. Further investigation yielded that our entries in /etc/passwd were of the form +:::::: i.e., to get our information from NIS. However, due to a pending network reconfiguration, the machine was temporarily not using NIS, and no ypbind was running. It appears that the SecurID software didn't check the return value, and used a default value of 0. (The SecurID software keeps a separate database for its authentication information.) This raises interesting questions about a denial of service attack escalating to a root compromise (for local users; you need a SecurID card to login with). I do not have the time or facilities handy to investigate further. In Security Dynamics defense, this software is more than 3 years old, and hasn't been updated because it otherwise works fine. (I can't find any version numbers in it). Security Dynamics has been notified. Drew Dean ------------------------------ Date: 2 Dec 1998 10:53:32 GMT From: jstok@SPAMBLOCKED.apana.org.au (Jason Stokes) Subject: V-Mail -- or Virus Mail? Just read about a new voice mail over e-mail product from Philips, reported in "New Scientist" for 28th November. Previous V-mail systems have worked only if the recipient has matching software to decode the sound-and-video file, but Philips bundles matching playback software with the message and packages it as a small executable file. The playback software works with any version of Windows. I don't have to remind comp.risks readers of the potential for viruses and Trojan horses to spread after being inserted into executable files sent over e-mail. Ugh. Jason Stokes: jstok@bluedog.apana.org.au [No, you don't, but apparently we need to remind everyone else. PGN] ------------------------------ Date: Thu, 03 Dec 1998 16:34:45 -0600 From: "Brig C. McCoy" Subject: PalmPilots voiding car locks in Europe There's at least one program for Palm devices with IR ports which "learns" the infrared codes from a remote-control device, letting the Palm device replace remote controls for your TV/VCR/Cable/Stereo/Whatever. According to a story in *New Scientist*, this same program can be used to "learn" the codes from several different makes of remote locks for cars in Europe. Wonder if 3Com's planning to include an RF interface for US cars? :) Brig C. McCoy, Southeast Kansas Library System, 218 East Madison Street, Iola, KS 66749 1-316-365-5136 [The NS article says that it takes only 10 seconds to capture the code, and is virtually undetectable. Discovery is credited to Lars Sorensen of PC World. I recall mention of this attack mode in RISKS many years ago. (Watch out for palm-palm girls.) Also noted by several others. PGN] ------------------------------ Date: Wed, 2 Dec 1998 10:21:01 -0800 From: Fred Condo Subject: Sony infrared controllers lock up certain Macintosh systems The Macintouch Web site reports at on an interaction between Sony infrared remote controllers and certain Macintosh models with infrared receivers. A risk of adopting a ubiquitous control technology for unrelated machinery where commands may leak between systems. ------------------------------ Date: Wed, 2 Dec 1998 13:47:46 -0500 From: t byfield Subject: IR-outfitted Macs and Sony remote controls The 3 Dec 1998 Macintouch reports that wristwatches "capable of sending IR remote controls to common brands of televisions" can also, it seems, control some Macs outfitted with an IR receiver on the front of the box . Symptoms varied between models (various Performas and LCs) and OS revisions (7.5.5-8.1), and despite several standard problem- prevention/solution techniques, ranging from access/function-limiting software to disabling extensions at startup. Problems included crippling slowness (several-minute delays in responses to input), and the necessary fixes seem to be quite varied, up to requiring a full hardware reset. The interesting thing is that these machines are doing exactly what they were designed for: respond to a Sony-compatible remote control. They could be powered up and down, the volume could be changed, and Apple Video Player could be launched with the TV/ Video button on the remote. Unfortunately, the remote--which in this case was a *wristwatch*--could send commands the machines couldn't cope with at all. Given the usual repertoire for solving enigmatic problems, it's a wonder that the sysops in the lab who stumbled across this problem actually figured it out--after running disk utilities, reinstalling software swapping hardware, and so on and so forth. Obviously, this trick could be the bane of innocent consumers who may have bought a particular Mac *because* it has some "multimedia integration" capability--and a real boon to someone who wanted to hogtie a computer lab, staff and all. What's especially noteworthy is the fact that this hardware/software integration can launch an application. Unless this is done by some completely nonstandard method, the MacOS does so *by name* --which means that if someone could contrive a way to install some relatively powerful software (e.g., UserLand Frontier) and rename it "Apple Video Player," say, while a sysop was off in search of some utility CD, s/he could pretty much have run of the house--without requiring direct physical access to the machine (a well-placed window would do just fine). Ted ------------------------------ Date: Tue, 01 Dec 1998 00:59:46 -0800 From: Al Christians Subject: Paranoia or Parannoyance? A curious thing happened to me last week. I made, by telephone, a hotel reservation in a distant city. About 12 hours later, I received by e-mail, a commercial solicitation from an 'escort service' in the same city. The solicitation was sexually explicit and obviously aimed at those who would like to do business with prostitutes. I did not give my e-mail address to the hotel, but I did make the reservation using my name exactly as I sign usenet postings, so I suspect that the hotel provided my name to someone who looked up my e-mail address in a compiled database and sent the solicitation. This juxtaposition of events disturbs me, for the following reasons: 1. A presumably reputable business, the only kind with which I deal, is likely providing personal information about me to a disreputable one. If 'escort services' can obtain this information about me, what other doers of unseemly deeds might also obtain it? 2. Not only don't I know of any way to prevent such solicitations in specific instances, I don't know of any way to keep such marketing methods from proliferating into business-as-usual. 3. I have long held 'thou shalt not tempt' to be one of the major dictums of modern morality. The power to tempt is the power to corrupt and destroy. 4. A little paranoia, inspired by this surprising evidence that someone out there knows more about me than I want them to know, gets me thinking where this will lead. It is easy to imagine that a business obtaining customers this way might next go ahead and find out if the client has a spouse back home. They might then send mail or e-mail to the spouse or household that is intended to raise the spouse's suspicions of infidelity. The might send solicitations to the spouse for detective services to check up on their itinerant mate. They might send solicitations to the spouse for similar 'escort services' while their mate is away. They might market legal services related to divorce to each spouse. That would all be legal. If they wanted to do anything illegal, the opportunities for extortion and blackmail abound. 5. Other vices and weaknesses might be exploited similarly. Travelers away from home are often separated from the social support that they may need to regulate their behavior. Customized mass-marketing like this could profitably target those with problems related to gambling, liquor, etc. According to my morality, it would be wrong to exploit the weaknesses of the weak when they are most vulnerable, but it seems inevitable that there will always be some who can't resist taking advantage and some who will tragically be their prey. Al Christians ------------------------------ Date: Mon, 30 Nov 1998 11:09 -0800 (PST) From: mmoon@west.raytheon.com Subject: Y2K inflation risk Here is another unintended consequence of technology. When a local regional hospital could not get the vendor of an older *analog* nuclear medicine machine to declare that the machine was Y2K compliant, the hospital decided to buy a new digital machine at a cost of over $700,000. The older machine was still useful but the hospital felt it would be liable if it couldn't state that the machine was compliant. It is doing the same thing with other less expensive machines also -- discard and replace. The implications for patients and insurance companies is obvious; no wonder medical cost inflation is increasing faster the CPI. Marion Moon ------------------------------ Date: Wed, 2 Dec 1998 13:21:56 -0800 (PST) From: Erann Gat Subject: Risks of Internet keywords Internet keywords are a new feature in version 4 of Netscape Navigator. On the surface they seem like a great idea: instead of just a URL, you can now type a set of search keywords in the "location" selector mini-buffer at the top of the browser. Anything that is not a valid URL is interpreted as search keywords and are sent to Netscape's search engine. It seems like a cool feature that can save you a step when you are doing a search. Instead of having to go back to the search engine every time, you have a shortcut to a search engine always at the ready. So just now I was editing some records in a web database on one of our local servers when I was suddenly surprised by the appearance of a set of search results from the Netscape search engine. What's more, every attempt to get back to the database server resulted in the same set of search results. Even typing in the URL with the http:// header didn't help. It was as if the search engine had suddenly hijacked my browser. What's more, trying to access the server from a different browser running on a different machine yielded the same result! What turned out to have happened is (I think) this: the database server suddenly shut down for reasons unknown. Because I had typed in the URL without the domain (since it was a local machine) Netscape now interpreted the name of the machine (which, as far as Netscape was concerned, had suddenly ceased to exist) as an internet keyword, which popped me in to the search engine. A little sleuthing turned up an extra risk: before dumping me in to the search engine it turned out that Netscape tried several variations on the machine name, such as prepending 'www' onto the name. It turned out that none of these variations existed, but if they had I could have suddenly found myself looking at a completely random web page. If this page happened to have content deemed "inappropriate" for viewing at work I might have had a hard time explaining to Big Brother that I really had not intended to download that page. What made it all the more confusing was this: the database server was running on a nonstandard port, so the URL I originally typed looked like "server:81". Only the database server died, not the whole machine, so going to the URL "server" still did the Right Thing (i.e. it took me to the server's http home page). Only when qualified with a port number for a nonexistent service did this problem manifest itself. Netscape is apparently not smart enough to figure out that the existence of a port qualifier in the URL means that this is *not* a keyword. (Netscape does seem to know that a fully qualified host name with its domain name should not be interpreted as a keyword.) There are several risks here: 1) An apparently useful feature displays surprising and potentially dangerous behavior. This surprising behavior can be triggered suddenly by a crash on a different machine. There is no indication as to the actual source of the problem. 2) The existence of internet keywords fills out the space of legal things to type in to the "location" buffer in the browser, making it more likely that a typo will take you somewhere you don't want to be rather than generating an error. Erann Gat gat@jpl.nasa.gov ------------------------------ Date: Sat, 28 Nov 1998 06:42:35 +0000 From: "Silas S. Brown" Subject: Re: Internet speech is "on the record" (Minow, RISKS-20.09) The *Salon* article several times mentions searching for a person's name, the assumption apparently being that that is a unique identifier. It is not. For example, every so often my Web page gets hits with an AltaVista query for "Silas Brown" as the referral page, and I recently received fan mail destined for a Silas Brown who is apparently a religious pop singer in America (and doesn't seem to have an online presence). My name is unusual in my culture but this is not universally true. If someone called Yuki Tadeka (random example) were running for President of the US, and I were a sleaze journalist and showed you "Yuki Tadeka's Home Page" as it was twenty years ago, even if you could prove by going to the archives yourself that the page really existed, how would you know that it was generated by the same person? Somewhere on www.newscientist.com is a rather misinformed letter written on 27 April 1996 by a "Silas S. Brown" about the nature of time and space (and they accidentally included the e-mail signature). If I denied that that was me, would you be able to prove otherwise? Silas S Brown, St John's College Cambridge UK http://ban.joh.cam.ac.uk/~ssb22/ Databus magazine http://www.cam.ac.uk/CambUniv/Societies/cucs/ ------------------------------ Date: 01 Dec 1998 09:08:49 -0600 From: preece@urbana.css.mot.com (Scott E. Preece) Subject: Re: Internet speech is "on the record" (Minow, RISKS-20.09) While the Web does sometimes seem to be all things to all people, it's ironic that while Martin Minow (RISKS-20.09) points at an article reminding us that web materials may persist far longer than we expect, archivists and librarians have decried the web as having no past, pointing out that today's link may tomorrow point into a cyber-hole and that the things that links point to may change unpredictably, so that that citations become meaningless. The web needs a Library of Congress-grade authoritative repository; it wouldn't hurt if there were also a reliable expiration mechanism... scott preece, motorola/css urbana design center preece@urbana.css.mot.com 1101 e. university, urbana, IL 61801 1-217-384-8589 ------------------------------ Date: Sat, 28 Nov 1998 11:23:50 -0500 From: rsh@idirect.com Subject: Re: 100-year-old woman "too old to vote" (RISKS-20.09) Having read the information in my newspaper, it appears that age is *not* the reason for the removal of the right to vote, but rather a judgement that the little old lady is no longer completely competent. Note that three other residents of the same senior's residence were also denied the right to vote, and they were not yet 100 years old. They were interviewed in person, and apparently her nodding of her head in response to questions was not deemed sufficient evidence of her competency. Whether this decision is correct or not is not subject to correction under the law being used - that is the real issue. It has nothing to do with computers or the two-digit/three-digit controversies. R.S. (Bob) Heuman, Toronto, ON, Canada or [Also noted by quite a few others. TNX. PGN] ------------------------------ Date: Mon, 30 Nov 1998 13:38:32 +0000 From: "Fred Long" Subject: Re: REVIEW: "Java Cryptography", Jonathan Knudsen (Slade, RISKS-20.09) I really must take exception to Rob Slade, in his otherwise fine review of "Java Cryptography" by Jonathan Knudsen, where he says: There is one other limitation: much of the book relies on the Java Cryptography Extensions (JCE) which are only available to those in the United States and Canada (nudge, nudge, wink, wink). Firstly, the JCE is a *specification*, which is available world-wide. Secondly, there are implementations of the JCE available outside the US and Canada as, indeed, the "Java Cryptography" book itself indicates. (Another book, "Java Security" by Scott Oaks, lists such implementations in an appendix.) Dr Fred Long, Department of Computer Science, University of Wales, Penglais, Aberystwyth, SY23 3DB, UK +44 1970 622440 fwl@aber.ac.uk ------------------------------ Date: Thu, 3 Dec 1998 08:33:37 +0100 From: Axel Poigne Subject: FEmSys99: Call for Participation/Program Workshop on Formal Design of Safety Critical Embedded Systems 15-17 March 1999, Munich, Germany The workshop intends to bring together researcher, R&D engineers from industry, and tool vendors concerned with the specification and construction of Embedded Systems, particularly of Safety Critical Embedded Systems. For detailed information see http://set.gmd.de/EES/femsys99 ------------------------------ Date: 23 Sep 1998 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, SEND DIRECT E-MAIL REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 19" for volume 19] or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. PostScript copy of PGN's comprehensive historical summary of one liners: illustrative.PS at ftp.sri.com/risks . ------------------------------ End of RISKS-FORUM Digest 20.10 ************************