Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
OK, folks, I have never before asked you to slow down in your contributions, and am not about to do so now. Perhaps the evident lag time will help to do that naturally. But the recent volume of mail to RISKS is horrendous — on droids, dumbing-down, qwertyuiop, EMI (as of 2 March), warranties and free software (as of 28 Feb, with a double-size issue's worth of stuff still backlogged waiting for my immoderation), etc., all under consideration. (And BARFmail is on the increase again, for no apparent reasons, just the usual net flakiness, people moving, host names changing, FROM: addresses TO which I cannot even answer your mail, especially unregistered portions of UUCP, etc.). I was away most of today and noticed that my backlog of UNSEEN NEW messages was over 100, and the backlog of UNSEEN messages was about almost twice that, just over the past few days. Thanks for all your enthusiasm! On an old subject, I get complaints from some of you when I do NOT use draconian pruning shears, because you would like to rely on my moderation to be incisively oriented toward exciting and really interesting material, so that you do not have to wade through the less interesting stuff. But what is interesting to some may not be interesting to others. I also get queries from some of you when your message has not appeared after a while. I know I cannot please everyone, but I'll continue to try to do the best I can. I am currently batching heavy-response items together into self-contained issues, so that if you are bored with the topic you may simply ignore the entire issue. I long ago gave up trying to acknowledge every message. If you really want to make sure a particular message got through or try to wedge it out of the queueueueueueue, please feel free to do so. Otherwise, please just have patience. Thanks. PGN
>From MacWeek, Mar 12, 1991: [edited for space]. "New Visions Limited Partnership last month shipped a new [Macintosh] password- recovery utility called MasterKey. "MasterKey comes in three versions [for WingZ, Excel, and WordPerfect 1.0]. ... MasterKey is intended for use by law-enforcement agencies to access files belonging to drug criminals, embezzlers and terrorists; by companies to access files that disgruntled or terminated employees have locked; and by users to access their own files. "Features ... include the ability to rever passwords from MS-DOS files, [and] an access code to prevent use by unauthorized users...." I rather like the fact that they decided to password-protect their utility: maybe I should write a utility to break their password scheme! Martin Minow minow@ranger.enet.dec.com
Slightly off the original subject, but I noticed in a recent visit to a
hospital that in the public hallway outside of the CAT/MRI scan area were open
rack upon open rack of magtapes, no doubt containing images of patients. It
struck me that anybody could just pick up a tape and walk off with it. Surely
they would not be so sloppy with "official medical records". My guess is that
it never really occurred to them that these tapes are part of the medical
records, just as surely as the bit of paper charts the doctors scribble in are.
-- Roy Smith, Public Health Research Institute 455 First Avenue, New York, NY
10016 roy@alanine.phri.nyu.edu -OR- {att,cmcl2,rutgers,hombre}!phri!roy
[Clearly not an integrity concern, but it could be a privacy concern
if some eager journalist stole a tape, or a denial of service concern
if the tape goes astray. PGN]
I wanted to subscribe to MCI's three major calling packages: Prime Time, Call Europe, and Call Pacific. I was told by MCI representatives that I couldn't do so because their computer couldn't handle the complicated billing computation. The maximum is two packages per account. Li Gong, ORA Corp, 675 Mass Ave, Cambridge, MA
With the recent discussion on voting-by-phone in RISKS, I thought
the following (excerpted) article, taken from "U.: The National
College Newspaper" might be of interest to readers.
"Test Taking Goes Touch-Tone": Seema Desai, _The_Daily_Pennsylvanian_
(student newspaper of the University of Pennsylvania)
At Governors State U., a wrong number can cost students more than a quarter.
It can cost them their grade point averages. The small university near Chicago
recently adopted a telephone system that lets students take multiple-choice
exams over a touch-tone telephone.
Donald Fricker, a management professor who spent about two years developing the
application, said students call a special number and respond to recorded
multiple choice questions by pressing digits on their phones. The system,
named Big Mouth, has been in operation since this fall, and four professor
currently use it to administer exams. Fricker said more than 100 students in
classes ranging from psychology to management have taken exams on the system,
adding that most students have responded positively to the new technology.
[student and faculty testimonial deleted]
Some students and faculty have raised concerns about abuse of the system.
Currently, students have to enter their social security number to access the
system. Students are on their honor not to cheat, Fricker said. And because
students have only five seconds to answer, Scherzinger said cheating is
difficult. [quote deleted]
In the near future, Big Mouth will have the ability to repeat questions and
accept short essay answers. Fricker said he also plans to add more security
measures to the system, including offering multiple versions of exams and
giving each student a special security code. [...]
Despite some of the system's drawbacks, Scherzinger said he thinks it will gain
wide acceptance in the academic community. "I personally believe that the
system will come to every college within the next 10 years."
The RISKS here are abundant: students hiring other students to take their exams
for them (a risk that is somewhat minimized by an in-person exam) using their
identification number, students deliberately using someone else's Social
Security number to flunk the exam for them, and students recording the exam as
it is being given in order to distribute copies to their friends.
I hope Big Mouth never comes to Michigan.
Jim Huggins, Univ. of Michigan (huggins@zip.eecs.umich.edu)
[This is getting to be an old-hat topic. But it will recur. PGN]
>From Henry Spencer at U of Toronto Zoology ...
> because we must rely on such extrapolation and we already do;
> the questions are how best to do such extrapolation and what
> form of testing must be done to permit confident extrapolation.
Surely it's also very important to assess the magnitude of the damage that
could be done by overconfident extrapolation.
Failure of a large airliner due to some unanticipated worst-case behavior
(e.g., the early Comets) will kill at most a few thousands (in the air and on
the ground).
(I suppose a really worst-case failure in which an airliner comes down in
Yankee stadium could kill several tens of thousands; but one can at least
estimate with fair confidence the probability that a falling airline will hit
Yankee Stadium.)
[Shea, Hey, Willie?]
In any event one can accept this level of tragedy and then use it to improve
the system. Indeed that's more or less how large-scale civil aviation has made
progress. The ``confident extrapolation'' in this instance, based on several
decades of experience, is really that unanticipated worst-case behavior
probably WILL happen; and one is nonetheless willing to accept this risk.
Worst-case failure of a nuclear power plant in Sacramento, California, on the
other hand, could render the entire San Francisco Bay Area uninhabitable for
generations if not centuries (perhaps I'm exaggerating here, but it's hard to
be certain). In any event, an really ``confident extrapolation'' that this
worst-case event can't happen may be near to impossible; and past performance
(Browns Ferry, Three Mile Island, Chernobyl) may lead one to have doubts about
the ability (or wisdom?) of those who put such forth confident extrapolations.
This is NOT an anti-nuclear message; I merely wish to make the points that:
1) The conservative confident extrapolation, based on past experience, may be
that in most cases a worst case failure IS LIKELY to happen.
2) The most crucial question then is not "Will it happen?", but "Can we live
with it, if it does?" (or "when it does").
--AES
> The 1989 discovery of an apparent supernova-remnant pulsar, blinking 2000 > times per second, has now been attributed to electrical interference from a > closed-circuit television camera used to operate the telescope in Chile. > [Source: an AP item in the San Francisco Chronicle, 11 Mar 91, p.A8] Interesting that this item has now surfaced thru AP. This was news item on Sky & Telescope magazine a few months back when it was debugged. (Reported around August-90?) What your extract doesn't tell is whether or not SFC mentioned it was a suspected OPTICAL pulsar — which vanished next night. (No radio pulsar has been detected either.) It is very difficult to measure small but fast variations on very low levels of light intensity. Long lags from news to their appearance in newspapers seem to be common, also time lag and amount of errors correlate positively. Maybe feeding some RISKS to papers like Datamation would help? (I doubt they know what ACM is..) > I suppose it would have been much more obvious had it been blinking at 60 > cycles (or is it 50 in Chile?), although certainly less spectacular. A little > like hearing a loud thumping in a quiet room and discovering it the pulse of > your own heart beat? Or faint ticking at 2Hz, and you start to suspect bugs until you notice your watch... Anyway, it tells that while we use complex systems we must be carefull to spot all possible interference sources before we jump to conclusions. (Aren't we always?) About two weeks ago I saw on national TV news something telling that Australian radio astronomers had spotted an "ET" signal (me: immediate frown), but the way it was told on TV (as their "ending joke"), associated picture material etc., gave me conclusion: this is a red herring, forget it. "Hey, lets tell this joke from Down Under about those Radio Astronomers..." (Maybe 15 seconds total.) Today I went to do some UNIX system maintenance at the University of Turku Astronomy departement. Professor asked if I had heard anything about those Aussies, because local commercial radio wanted to make a program about this ET signal, and to interview some local radio astronomer... Our problem? No word about it from verifiable sources, thus do we dare to dip into USENET to fish out POSSIBLE information about it? (I hope there is information, but I doubt it... Good luck for SETI anyway!) /Matti Aarnio <mea@utu.fi>
I have read in this month's British Airways Business magazine that Pilkington's, the UK's glass manufacturer has attempted to tackle the problem of electromagnetic spying with a new "shielded" glass. The glass sheets are similar to the ones usually mounted on new sky-scrapers, with a shiny surface. However, this metallic film can be tied to earth, thus providing shielding which stops any electromagnetic radiation from leaving the building. It is therefore impossible to hack inside information from outside by picking-up electromagnetic radiation. Solutions were very costly up to now, with actual physical shielding of the building using metallic plates etc. Olivier M.J. Crepin-Leblond, Comms.Sys., Imperial College, London, UK. disclaimer: I am NOT related to Pilkington Glass or British Airways in any way !
I am seeking information on current practices and prospects for the use of cellular telephone systems in surveillance of individuals. 1. Given that the telephone companies have traditionally facilitated the tapping of individual telephones by law enforcement agencies if a court order has been obtained, I would assume that most cellular telephone systems have been instrumented to provide this capability. True? 2. Given that cellular telephone systems must track each individual instrument as it moves between cells (by checking relative signal strengths at cellular receiving stations) and given that phones can be tracked even when they are not in use, it would be a simple task for the cellular computers to record a time log of the movements of any selected phone. Has this capability been included in the software of these systems? 3. By using signal strength information from more than one cellular receiving station it is possible to estimate the location of a given phone more accurately than just which cell it is in. With existing equipment and signal strength accuracy, what is the typical positional accuracy of this estimate? 4. Motorola's planned Iridium system is expected to provide global cellular telephone service via 77 satellites in polar orbits. What kind of positional tracking accuracy will that system be able to provide on individual cellular telephones? Les Earnest, 12769 Dianne Dr., Los Altos Hills, CA 94022 415 941-3984 Internet: Les@cs.Stanford.edu UUCP: . . . decwrl!cs.Stanford.edu!Les
A recent poster questioned the cellular phone fraud loss figure mentioned in RISKS. He seemed to feel that 10 minutes/day/person would be a large amount of usage for cellular phones. In fact, this would be a very modest usage! While many cellular phone calls are short, many are VERY long, with individual calls longer than an hour not at all rare. Many people sit on those things all day long, making call after call. Whether the duration and number of calls is related in any way to whether or not the user is paying for the call or committing "cellular fraud" is difficult to determine from the "outside", of course. But persons who have "accidently" tuned in cellular conversations will tell you that it is amazing how many of the calls are such things as long, intimate chats between couples, people with handheld phones chatting with others for hours on end, lawyers talking about cases, etc. Not to mention the drug and prostitution rings (the latter two groups are BIG TIME users of cellular systems--and may well be among the more likely to be operating modified, illegal phones). There also seemed to be some concern that many of the calls would not have been made if the person weren't stealing the service. This is no doubt true, but there aren't many other obvious ways to quantify loss other than the unbillable amounts. The same could be said about toll fraud and intellectual property thefts.
Who said anything about long-distance? A $5000 bill for cellular calls
wouldn't be that hard to accrue for someone who spent a lot of time on the
phone. Remember that you have to pay to *receive* as well as make cellular
calls.
I can think of one occupation where a person might receive dozens of calls a
day, and where the anonymity provided by the counterfeit chips would be a big
plus. In fact, this particular occupation might also afford a ready connection
to the underground market for such devices, and its practitioners wouldn't be
likely to worry about their illegality. You've probably guessed the occupation
I'm thinking of: drug dealing. Indeed, cellular phones have replaced pocket
pagers as the major technological tool of the "upscale" retail illicit drug
trade. Considering the size of the drug trade in a city like New York, $100
million in calls a year sounds like a reasonable estimate to a city-dwelling
layperson like me.
-Ed Hall
Let's be real for a second. When was the last time you made a phone call
to a friend that was less than ten minutes?
It's very easy to talk for five minutes at a go. The few people I know who
have cellular phones use them for an average of ten minutes a day, if they can
afford it.
Someone who plunks down $5000 for a modified phone can afford it. Not
because he has $5000 to plunk down, but because he has free phone service.
I'd make ten minutes of calls a day if they were free.
I'd make a couple of hours of calls a day if they were free.
I have friends all over the country. I can't afford to call them. But if I
had a modified phone, I could. I would say, "Hey, I wanna talk to mike, let me
get in the car ..."
Of course, I think using phones like this *is* theft, and not something I would
do at all. But I'm trying to get across the salient facts here.
== pj karafiol
All of the listed features really are one: calling phone identifies itself or is identified for us by the telco. This one feature is used to provide n services. [...] > Welcome to the age of Big Brother. Big Brother is a state of mind which belongs to bureaucrats, in government as well as in private enterprises. It was always there. Technology is now such that their particular vice can easily be satisfied. But don't kid yourself, Big Brother was always watching. Instead of fighting it, why not setup social and legal structures which will negate the benefits of snooping? Examples: * Let's make wiretapping legal; this way, we know and we expect our communications are monitored. We can always invest in cryptographic systems. And we can listen to the cellular calls of our politicians (:-). * Our medical files are violated by law enforcers as a matter of routine. Employers are not far behind. Insurance companies are misusing this same information. Government agencies are unable to protect it against leaks. And, big insult, I am not allowed to see the file my own doctor keeps on my subject. Therefore I propose all medical files should be made public. If I am discriminated against by an insurance company for smoking pot, why should their president be sheltered from the public revelation that he is a drunk and a wife abuser? * All of my past employers know about my checkered past. I know nothing about theirs. Why should their resume be confidential? I ask that human resource departments make all resumes public. * Police and politicians keep tabs on our every move through passport controls and credit cards. But politicians travel with diplomatic passports and they use assumed names to protect their privacy. My credit history (yours too) is known by so many people that it would make little difference if it were made public. I ask credit records be made public and that borders be opened. Etc... What makes our privacy so fragile is that we value it; it makes us vulnerable to B.B.: being homosexual is a problem only as long as one has to hide the fact. In the same manner, if all our foibles and weaknesses are made public, right along those of our neighbours and friends, who is to cast the first stone? Who will need to snoop then? In other words, since we can't protect privacy, let's replace it with the right to know. Technology would then work for us peons. Alain Home+Office: (514) 934 6320 UUCP: alain@elevia.UUCP
Your data looks good, but I don't think your conclusions are well-founded. Let's assume that SUZY is a valid cross-section of the computer-using populace. Also, let's ignore the inactive users on the grounds that they're not participating in discussions on *any* topic. You claim this leaves us with only 20% of the active computer-using popluace that cares enough to talk about viri, implying that the remaining 80% are ignorant of the matter. Well, count me in that 80%, though I'm *not* ignorant. I don't use SUZY, but I use other information networks such as Usenet and local BBSs. I'm pretty active on them as well. And I don't subscribe to VIRUS-L or any other anti-viral discussions. Why? Is it that I'm unaware of the threat of viri? Hardly. It's that I have a limited amount of time, and I prefer to spend it in other ways. I pick and choose my discussions carefully, tempering my decisions with real-world affairs like cooking dinner. Yes, I'm aware of the threat of viri. Yes, I care about them. But I don't care enough to devote time to discussing the latest ones, or the latest theories on how to combat them. I suspect that you'll find a large number of people who fall into this category. While it's reasonable to say that only 20% of the populace care enough to discuss matters, it hardly follows that the remaining 80% is apathetic and ignorant. We're just off saving a different corner of the world... Steven King, Motorola Cellular (...uunet!motcid!king)
Please report problems with the web pages to the maintainer