precedence: bulk Subject: Risks Digest 20.54 RISKS-LIST: Risks-Forum Digest Sunday 15 August 1999 Volume 20 : Issue 54 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at and at ftp.sri.com/risks/ . Contents: MCI WorldCom frame-relay network problems (PGN) "Spy Who Messaged Me" -- now playing at Microsoft! (NewsScan) High-flying hijinks: canine passenger sinks teeth into plane (Paul Costalas) Risks of the modern train (Ben Hutchings) Car won't start if payments are delinquent (Daniel P. B. Smith) Salary payment diskettes intercepted and manipulated (Peter Fokker) Risks of Internet Explorer 5 (Lloyd Wood) Refrigerator gasket frozen out (Ted Lee) Y2K upgrade went 'horribly wrong', admits utility giant (Doneel Edelson) Government: Lessening risks through encryption (Alan DeKok) Having private services such as voicemail on shared phones (David Crooke) Re: NCIC 2000 (Stephen Fairfax) Computers, Freedom, and Privacy: CFP for CFP (Bruce R Koball) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sat, 13 Aug 1999 10:12:17 PDT From: "Peter G. Neumann" Subject: MCI WorldCom frame-relay network problems Almost one-third of MCI WorldCom's long-distance frame-relay network customers experienced difficulties, beginning on 5 Aug 1999, apparently as a result of a Lucent software and hardware during a network upgrade. (AT&T had a similar outage in April 1999.) The Chicago Board of Trade trading system failed, and problems there persisted into the following week. ATMs (teller machines) were rendered inoperative. [We await a more definitive analysis than could be gleaned from the various media reports.] ------------------------------ Date: Fri, 13 Aug 1999 08:11:18 -0700 From: "NewsScan" Subject: "Spy Who Messaged Me" -- now playing at Microsoft! In the middle of the Microsoft-AOL battle over Microsoft's attempt to clone AOL's Instant Messaging system (which allows users to chat over the Internet), an unidentified "overpassionate" Microsoft employee has embarrassed the company by getting caught in a little industrial espionage. The rogue spy, whom Microsoft has acknowledged to be almost certainly one of its employees, falsely alleged in a message sent under a bogus identity that the AOL program contains an error responsible for creating a security vulnerability. (*The New York Times*, 13 Aug 1999) http://www.nytimes.com/library/tech/99/08/biztech/articles/13soft.html [NewsScan Daily, 13 August 1999; reproduced with permission. To subscribe or unsubscribe to NewsScan Daily, send an e-mail message to NewsScan@NewsScan.com with 'subscribe' or 'unsubscribe' in subject line.] ------------------------------ Date: Fri, 6 Aug 1999 17:33:03 -0400 From: paul.costalas@telos.com Subject: High-flying hijinks: canine passenger sinks teeth into plane Read the full story at the address below: http://www.phillynews.com/inquirer/99/Aug/06/national/DOG06.htm ["Spread the news" is a service of Philadelphia Online http://www.phillynews.com] This is a very interesting story about how a dog in the cargo bay was able to free itself and almost bring down a 767. The dog had managed to "gnaw into wires" that affected the landing gear, flaps, and cockpit warning lights. They are trying to figure out how the dog got out of its cage. I wonder if anyone is focusing on why the wires were accessible to the animal. I am not an aviation expert, but could the wires be accidentally cut by a sharp edge, etc.? Why aren't the wires better protected? Or is this the act of an angry animal striking out at the owners who neutered him? Paul J. Costalas [Perhaps the dog was tired of listening to all that electrical energy flowing, and was a wire-heard terrier? PGN] ------------------------------ Date: Fri, 6 Aug 1999 23:11:08 +0100 From: Ben Hutchings Subject: Risks of the modern train I was quite impressed by the apparent quality of the new rolling stock of the Anglia train I caught from Ely last Friday evening. This changed somewhat when I realised that although it was getting dark outside there were no lights on in my carriage. I turned on the back-light of my palm computer and continued to use it. Then, a few minutes later, I felt the need to use the lavatory. When I turned around to walk up the train, I saw that the next carriage was properly lit. In the lavatory there was no light - and no flush, no water and no hand-drier. This is because they all relied on electronic sensors. Furthermore, the doors to the next carriage were also inoperative! Thankfully, the announcement system and the doors to the outside did work. I moved up the train at the next station and found another lavatory. This one was designed for use by wheelchair users (as well as the able-bodied). The door is operated by yet more electronic switches - an open/close button and a lock button with a indicator. There are no instructions explaining what these do - just those labels. The open/close button works as I expected. By observation I deduced that the indicator is unlit when the door is open, flashing when it is closed but unlocked, and constantly lit when it is locked. The lock button takes the door from the closed state to the locked state or from the locked state to the open state. This behaviour does not seem very intuitive to me, and I have dealt with some fairly arcane interfaces! It was not until I left the lavatory that I understood that I had not successfully locked it. I overheard two members of the train staff talking about the problems of the train. One described a potential denial-of-service in this toilet. It is apparently possible to put the door in the locked state by pressing the lock button while it is closing; this means that an attacker can press both buttons and leave before the door has completely closed. However, the door closes shortly after an occupant leaves, and this leads me to suspect that there is an IR presence detector within the lavatory that affects the door behaviour. ------------------------------ Date: Sat, 14 Aug 1999 12:01:29 -0400 (EDT) From: "Daniel P. B. Smith" Subject: Car won't start if payments are delinquent *The Boston Globe*, 14 Aug 1999, p.3, carries an AP story. A Detroit auto dealer sold cars to people with bad credit containing "a high-tech dashboard device that prevents cars from starting if the customer is delinquent on payments." The story says that "customers get a six-digit code when they pay their bills every week. If they punch the proper code into the device, the car can be started. If more than a week passes without a new code, the car will not start." Two customers contend that the "On-Time Device" shut off their cars _while driving_ and are suing. The RISK here is that computer technology is enabling the invention and _rapid_ proliferation of _new_ machinery which is intended to directly and physically enforce policy. From a technical standpoint, the device is not very different from the aftermarket antitheft device I installed on my own car, which similarly a) uses digital technology, and b) interferes with the starting circuits. I worry about its reliability, of course. The big difference is that an ignition lock malfunction puts the _purchaser_ at risk, so presumably market forces would work to insure reliability. The "On-Time Device" puts someone _other_ than the device's purchaser at risk. Daniel P. B. Smith ------------------------------ Date: Fri, 06 Aug 1999 06:32:34 +0100 (CET) From: peter@fokker.demon.nl (Peter Fokker) Subject: Salary payment diskettes intercepted and manipulated My local newspaper (NRC/Handelsblad, 5 August 1999) reports about a successful way to steal money by intercepting diskettes with payment information that are sent - by mail or via a courier service - to the bank subsidiary (Interpay) that handles this kind of payments for all banks here in The Netherlands. The intercepted diskettes were "cracked" and the swindlers changed one or more destination bank account numbers and amounts, "repaired" the diskettes and sent them to Interpay as if nothing happened. Some twenty people have been arrested. The damages, "a few million NLG" (1 USD = 2 NLG), for the bank's customers have been compensated by the bank. It is unclear where the diskettes were intercepted (NL Postal services, the courier or within Interpay). Interpay and the combined banks have announced measures for better protection of these diskettes and the transportation thereof. The RISKS are obvious. I would say: be very concerned when someone tells you that "the cheque is in the mail". --Peter Fokker ------------------------------ Date: Fri, 6 Aug 1999 16:09:51 +0100 (BST) From: Lloyd Wood Subject: Risks of Internet Explorer 5 http://msdn.microsoft.com/workshop/essentials/versions/ICPIE5.asp To pick one example from that page: AutoComplete speeds the collection of demographic information by making it easier to fill out online forms. AutoComplete provides a drop-down list of items that the user has previously entered in a particular text box on a Web page. When the user selects the item, it is automatically put into the field (except for password fields). The feature is very useful on its own, but its real power shines through when the benefit is transferred between Web sites. Once you mark your input tags with AutoComplete attributes, your users won't have to retype common elements -- such as names, telephone numbers, and e-mail addresses -- because they will have already filled in this information on someone else's site. Internet Explorer stores the form field entries in a secure, client-side store. 1. Don't let anyone else use Internet Explorer 5 on your machine. They might get ideas when filling in forms, and use your personal information instead of typing in their own. 2. client-side is not necessarily secure, as has been previously demonstrated many times. 3. This assumes that password fields are indicated as such; a risk in itself. PGP ------------------------------ Date: Wed, 11 Aug 1999 08:32:00 -0500 From: TED_LEE@udlp.com Subject: Refrigerator gasket frozen out Seeing the item in RISKS-20.53 about a cellphone endangering a plane reminded me of a recent incident that gave me pause to realize that sometimes people may take reasonable precautions. The magnetic gasket on our refrigerator is wearing out so I called around the local appliance parts shops to find one. It turns out that even though (or perhaps because) it is a major brand, there are so many variations they aren't stocked locally (Minneapolis) and it had to be shipped from a Chicago warehouse. I was told I did *not* have the option of air freight or express: it had to go surface because it was regarded as hazardous cargo. I assume that is because it is essentially one big magnet that there is concern it might interfere with navigation -- but does anyone actually know of an incident or two that might have given rise to that concern? After all, modern planes don't use magnetic compasses anymore, it ain't *that* strong a magnet, and I can't think that its motion in the belly of the plane would generate strong enough radio waves to be of concern. Ted Lee ------------------------------ Date: Thu, 12 Aug 1999 16:55:51 -0400 From: "Edelson, Doneel" Subject: Y2K upgrade went 'horribly wrong', admits utility giant London Electricity has admitted its Y2K upgrade for 400,000 prepayment customers (costing 2 million pounds) went ``horribly wrong'', leaving 2000 customers without power and light for days, and another 2000 having ``difficulties''. The process of providing new Rechargeable Powerkeys to customers was in progress, but for a fourth of the clients the payment credit did not get transferred or their meters were corrupted. A similar upgrade in Sussex was done at the same time, which compounded the problems. [Source: Mike Simons, *Computer Weekly News*, 12 August 1999; PGN-ed] ------------------------------ Date: Tue, 10 Aug 1999 08:50:50 -0400 From: Alan DeKok Subject: Government: Lessening risks through encryption This is one of the happier risks related items I've seen in a while. The local provincial government has actually *recommended* the use of encryption to secure e-mail. http://www.wired.com/news/news/politics/story/21140.html While the US Congress recoils in horror at the prospect of a population armed with cryptographic tools, a government department in Ontario wants to make it clear that encryption is good. More than that, in a paper released Thursday, the Ontario Information and Privacy Commission said it wants everyone to learn to use encryption. The paper is available at: http://www.ipc.on.ca/Web_site.ups/MATTERS/SUM_PAP/PAPERS/encrypt.htm Some good quotes from the Introduction: Does it really matter who reads your e-mails? If the answer is no, then e-mail encryption could be a potentially cumbersome luxury. However, if you e-mail sensitive, personal, or business information, then encryption is likely a necessity. [...] Those people who use some form of encryption system relax comfortably at their keyboards. Nonetheless, they feel a cold chill each time someone reports a new security hole. Some holes are found in the encryption tools. More often though, the application that uses the encryption tool has bugs. Internet browser applications are prone to this due to their large size and complexity. While the cryptographic component might remain secure, back door bugs to the application can nullify the value of the e-mail encryption. ------------------------------ Date: Sat, 07 Aug 1999 00:03:09 -0500 From: David Crooke Subject: Having private services such as voicemail on shared phones Many hotels now offer phones in rooms with services such as voicemail. I checked into one such establishment recently, and was surprised to find a message already waiting as I always use a mobile phone when travelling. Needless to say, the message turned out to be for someone else, presumably the previous occupant, and was somewhat (ahem) personal in content, and I hastily deleted it. When I returned the following evening the message light was on again, the voicemail software having seemingly requeued the message. This went on all week, and I presume will be causing blushes for some time. David Crooke, Austin TX, USA. +1 (512) 656 6102 "Open source software - with no walls and fences, who needs Windows and Gates?" ------------------------------ Date: Thu, 12 Aug 1999 19:39:12 -0400 From: Stephen Fairfax Subject: Re: NCIC 2000 (Fenner, RISKS-20.53) >5) One wonders how long it will be until this system will be used as a >method of collecting and storing fingerprints on citizens not convicted--or >even charged with--any crime. That particular RISK predates the NCIC 2000 system. A Massachusetts law effective October, 1998 requires all owners of firearms to report to their local police stations for full 10-print fingerprints and digital mug shots. The fingerprints and mug shots are forwarded (by law) to the Criminal History Systems Board. This agency "serves as the hub for information services for the law enforcement and criminal justice communities." (see http://www.magnet.state.ma.us/chsb/about.htm) The same agency provides access to the FBI NCIC and to all 49 state criminal justice databases. While the web page does not go into details, does any long time RISKS reader doubt that the access is reciprocal? What are the RISKS associated with having the de facto equivalent of a criminal record? What is particularly ironic about the new licensing requirement is that (legal) firearms ownership has long been limited to those persons who have no criminal record. Thus, the statute mandates the collection and dissemination of fingerprints from people who are known to have committed no crime. Stephen Fairfax ------------------------------ Date: Thu, 12 Aug 1999 13:48:26 -0700 (PDT) From: Bruce R Koball Subject: Computers, Freedom, and Privacy: CFP for CFP The Tenth Conference on Computers Freedom and Privacy CFP2000: CHALLENGING THE ASSUMPTIONS http://www.cfp2000.org The Westin Harbour Castle Hotel Toronto, Ontario, Canada April 4-7, 2000 The Program Committee of the Tenth Conference on Computers, Freedom, and Privacy (CFP2000) is seeking proposals for conference sessions and speakers. We are seeking proposals for tutorials, plenary sessions, workshops, and birds-of-a-feather sessions. We are also seeking suggestions for speakers and topics. Sessions should present a wide range of thinking on a topic by including speakers from different viewpoints. Complete submission instructions appear on the CFP2000 web site at http://www.cfp2000.org/submissions/. All submissions must be received by October 15, 1999. The CFP2000 Program Committee will notify submitters of the status of their proposals by December 3. Workshop on Freedom and Privacy by Design (first day of CFP 2000) Complete submission instructions are available at http://www.cfp2000.org/workshop/ Program Chair: Lorrie Cranor, AT&T Labs-Research FOR MORE INFORMATION VISIT http://www.cfp2000.org/ ------------------------------ Date: 23 Sep 1998 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, SEND DIRECT E-MAIL REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 19" for volume 19] or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. PostScript copy of PGN's comprehensive historical summary of one liners: illustrative.PS at ftp.sri.com/risks . ------------------------------ End of RISKS-FORUM Digest 20.54 ************************