Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
mit.edu!hsdndev!wuarchive!uwm.edu!lll-winken!looking!clarinews
[Provided for USENET readers by ClariNet Communications Corp. This copyrighted
material is for one-time USENET distribution only.] [SEE END OF MESSAGE!]
SACRAMENTO (UPI) — Troops fighting in the Persian Gulf could vote in
California elections by using fax machines to cast their ballots under
legislation announced Tuesday.
The measure, SB293, would amend the state Elections Code to allow
members of the military and other California voters temporarily living outside
the United States to fax absentee ballot applications to county election
officials.
County officials would then use fax machines to send absentee ballots
to overseas voters, who could return the completed ballots by fax.
``Even when applications for overseas absentee ballots are received
early in the process, ballots sent halfway around the world sometimes arrive
too late to be returned by mail before the close of polls on Election Day,''
Secretary of State March Fong Eu said.
``This legislation would allow overseas voters, such as those members
of the armed forces stationed in the Middle East as part of Operation Desert
Storm, to fax their voted ballots back in time to be counted,'' she said.
The bill is coauthored by state Sen. Milton Marks, D-San Francisco, and
Assemblyman Peter Chacon, D-San Diego.
Only a few people stationed at U.S. embassies, working at projects
overseas, and members of the military would be expected to take advantage of
the vote-by-fax program, Eu's spokeswoman Melissa Warren said.
``The numbers aren't huge. We aren't expecting large numbers of people
to participate,'' she said.
Several states accepted vote-by-fax ballots during last November's
elections, Warren said. If the measure is quickly passed by the Legislature and
signed by Gov. Pete Wilson, the first California election with fax voting would
be the March 19 special elections for two state Senate seats and one Assembly
seat.
Marks said he would rush the measure through the Legislature. ``It
seems only fitting that at a time when we are engaged in a military struggle
with a ruthless despot, we make this effort to provide our servicemen and women
with the most important franchise of our democratic system — the right to
vote,'' he said.
[This item submitted to RISKS by Eric Postpischil <edp@jareth.enet.dec.com>.
THE RESPONSE FROM clarinews@clarinet.com TO PGN's REQUEST FOR PERMISSION TO
REUSE THE ABOVE IN RISKS IS From: Brad Templeton <brad@looking.on.ca>:
"The one time statement indicates you have to ask for more. You did, so
I'll grant permission for RISKS in electronic form. (We are unable to
grant permission for print forms). Brad"]
[Nice phrase, "take advantage" of it!!! Nice opportunities for
voter fraud? I hope some sort of authentication is planned... PGN]
McDonnell Douglas has switched to a full fly-by-wire flight control system for its MD-12X, reports Flight International (13-19 Feb 1991, p4). "With fly-by-wire we are able to retain the flying qualities of the aircraft and more easily resemble MD-11 [handling]". "The benefit is predominately in the area of cross-crew training". "A fly-by-wire aircraft should also be cheaper to produce". [quotes from MD-12X management]. The control system will be modelled on that developed by GE aerospace for the USAF C-17 airlifter. Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK. Tel: +44-225-444700. Email: mct@praxis.co.uk
RE: Jeff Johnson's article in RISKS 11.08 about the Vietnam Vets' memorial and a photo in the SF Chronicle, I didn't see the photo, but I do know that there is a possibility that this situation is *not* due to a typo. On the Vietnam Veterans' Memorial in DC, there is a set of symbols: one to denote "Killed" (a cross?), one for "Missing in Action", and "Formerly MIA but now known to have survived" (a circle?). The symbol used for MIA can be further carved in one way to become the symbol for Killed in Action, and can be further carved in a different way to become the symbol for "Formerly MIA". Because I don't know which symbol appeared next to Eugene J. Toni's name on the monument, I won't comment on the possibility of a typographical error, as reported by the Chronicle. However, the language in the caption (or perhaps the title of Johnson's RISKS article) makes it too easy for the reader to believe that Toni was formerly believed killed. Sam Levitin Digital Equipment Corporation
Today, I saw an advertisement in the mail about a new service on Bell's ALEX service offering income tax preparation assistance. Customers can supply income tax information and then order completed forms by mail. The RISKS I see are: 1) Transmitting confidential data in the clear over public phone lines. 2) Giving the service provider potential access to a lot of confidential information: SIN (SSN in the US), income, address, credit card number,... I found no mention of safeguards of confidential information when I browsed the literature. 3) Possible loss of all data entered if the phone connection is broken (unless the system provides a checkpoint facility. I don't want to spend $$$ to find out. 4) Underestimation of costs. The literature quotes about $12 for mailing, and this ALEX service costs $0.15/min. The literature estimates connect time to be 30 minutes for a couple. So we're talking about $35 or so here, and this may be optimistic (see 3, especially if the phone has Call Waiting.) 5) The system only covers certain basic forms (this is stated in the literature. So you have to be fairly knowledgeable about income tax to decide if the system is worth using. Peter Jones (514)-987-3542 UUCP: ...psuvax1!uqam.bitnet!maint Internet:Peter Jones <MAINT%UQAM.bitnet@ugw.utcs.utoronto.ca>
Comp.risks supports continuing discussions on advantages and disadvantages of automation of financial transactions; most recent was a proposal for an AmeriCard, which would facilitate or enforce movement of all purchases to equipment which would record those purchases. One of the advantages claimed for such schemes, including Mr. Gorbachev's latest "monetary reform", is that they'll flush not-fully-taxed activities into the spotlight of tax enforcement agencies. For example, if you rebuild your neighbor's carburetor in exchange for him removing the dying tree in your backyard, the Internal Revenue Service expects you both to declare those (imputed) incomes and pay corresponding taxes on them. Thus, as an article in the 21 January 1991 *Forbes* asks, "Politicians of all stripes love to claim the federal deficit can be cut by cracking down on tax cheats. Why cut spending when the IRS has $78 billion in total accounts receivable and is losing $100 billion a year to tax evasion?" The article's conclusion: "The argument ... grossly exaggerates the IRS' ability to raise more money through tougher enforcement." Note that the Agency has strong institutional pressures to overestimate its capabilities. Most interesting from the point of view of economic science is the (unsupported) assertion that, "As for outright cheating, even the IRS' toughest audits find less than half the evasion it claims goes on." In the midst of tendentious estimates and murkiness, there's a real value in looking at the actual operating experience of, for example, the IRS. I've marked the distribution of this note for "world" because it's at least as great an issue outside the USA. France, for example, sometimes prides itself on the vigor with which its citizens fail to co-operate with tax agencies; from my little experience there, though, I can report that people were generally more law-abiding than they should have to be, given the confusion those agencies generate. The article does make one incomplete reference to a scholarly study. The reporter might be willing to help someone pursue the subject; I've known some who do, and some who don't. I summarize: for the reasons others have already stated in comp.risks, tax enforcement does *not* yield the windfalls some expect of it; in particular, the IRS' own records suggest much lower returns than they estimate in their reports to Congress. Cameron Laird USA 713-579-4613 USA 713-996-8546
>From the Wall Street Journal Wednesday, February 13, 1991, p.A7 c.1
"Singapore Equals Push Buttons"
From cashless shopping to electronic paperwork and even a computerized
pig auction, Singapore is plugging its 2.6 million people into electronic
grids linking the entire island nation. It plans to build grids for
shopping, booking tickets, checking data and sending documents.
Singapore's small size and centralized bureaucracy simplified
establishing the electronic groundwork. All citizens carry a numbered
identification card, allowing cross-indexing of data. "The purpose ... is to
turn Singapore into an intelligent island in which IT [information
technology] will be fully exploited to improve business competiveness and,
more importantly, to enhance the quality of life," and education ministry
official said. A master plan, IT 2000, will be unveiled at year end.
Already, TRadeNet lets companies submit data electronically to the
state and accounts for 90% of all trade documents. The Network for
Electronic Transfers, a cashless shopping system, has been operating for five
years and is used by more than one-third of the population.
Other networks include StarNet for air cargo, MedNet for Medical
claims, and LawNet for company registry. Coming next: "Smart Town," linking
households.
I think it was mentioned in Risks, but was mentioned in WSJ that Singapore
plans to install sensors in cars and roads and start taxing vehicle owners
based on usage rather than an average fee to cover maintenance costs of roads.
Considering Singapore's government, widely considered autocratic, though it is
democratically elected, this will probably be less than beneficial to the entire
populace. (The Editorial and Letters pages of the WSJ recently had a debate on
this. Nepotism seems to be one indicator. Sorry no dates.)
The risk envolved is for those people whose idea of "quality of life" has
nothing to do with feeding the commercial/consumer dynamo. Then again they
probably don't live in Singapore.
Another is as long as you're a good little consumer and a good little
entrepreneur you're ok. The ability to catch laggards and other non-productive
types cannot be underestimated. You've heard of sin taxes, Lazy Tax anyone?
What the article doesn't mention is how much independence exists for the
businesses that use the Nets. Are the Nets a government service or control of
all players using them? Will the Nets provide a situation similar to the
national airline reservation system(s) or will they nationalize industries
under monarchical control.
Bill Biesty, Electronic Data Systems Corp., Research and Advanced Dev., 7223
Forest Lane, Dallas, TX 75230 edsr.eds.com!wjb wjb@edsr.eds.com 214-661-6058
In RISKS 11.04 Mark Gabriel writes about privacy issues concerning the new CA drivers license. In issue 11.07 David Redell responds with two points concerning recent privacy legislation and the clerks right to certain parts of the information. Like many modern marvels, the magnetic strip is easily defeated. If you're concerned about what a clerk may or may not record or know about you, run a magnet down the stripe. This will render the stripe useless and the clerk (or police officer) will once again have to rely on mechanical recording. I would be more concerned about the possibilities for abuse of this new technology. Insurance companies will surely ask potential customers for a drivers license to check the driving record (given CA's new insurance rules, there is much incentive to bit twiddle)--how long will it be before someone figures out how to rearrange bits on the stripe? --ian Ian Clements ian@sgi.com 415/962-3410
> This track will only contain 40 bytes of information, and will only
> contain the name, driver' license number, and expiration date.
This would not likely leave more than 32 bytes for the person's name.
Yet another problem. <Sigh>
Coercivity is a measure of how much magnetic energy it takes to imprint or
erase a magnetic medium, and it is measured in oersteds. The typical
coercivity of a cassette tape would be in the 280-380 oersted range. The
typical coercivity of a high-coercivity tape (such as DAT or 8 mm video) would
be 1000-1400 oersteds.
30 orsteds is quite low (surprisingly low, in fact). That may explain why my
bank card has been "zapped" twice in the past year. 3600 is quite high, but a
standard videotape eraser might be able to affect it if you put the stripe
right up against the surface. (An audiotape eraser would not affect it.)
I have little doubt that a dedicated hardware hacker would be able to
come up with a unit to read from and write to the cards with little
difficulty. The hardest part would probably be machining a head to read
the stripe. I wonder if the data is going to be encrypted in any way?
cjs curt@cynic.wimsey.bc.ca curt@cynic.uucp {uunet|ubc-cs}!van-bc!cynic!curt
[Re: Bryant on Olivier M.J. Crepin-Leblond" <UMEEB37@vaxa.cc.imperial.ac.uk> in RISKS-10.83] I believe the original poster is right. I am a private pilot, and I have noticed numerous times, that I do have a tendency to get sick when I go along a a passenger. I have even noticed this tendency when flying the aircraft myself with an instructor who tells me what to do. When a fly as the pilot-in-command, I have *no* problems with airsickness even on extended flights in rough weather. Lars-Henrik Eriksson, Swedish Institute of Computer Science, Box 1263, S-164 28 KISTA, SWEDEN +46 8 752 15 09
There seems to be some question regarding the legality of the radio telemetry
testing I described in an earlier post. The story was presented with a bent
toward the (objectively) humorous and the obvious risks presented by the
wireless network. Left out was some information that, by its absence, led some
to believe the the operation was an illegal one carried out by "sickos" and
technically incompetent bozos.
The oil company held a valid FCC license for data transmission over the
frequency in its normal operation mode, and a temporary permit for same at low
power in the Houston facility. While looking for the source of the
interference we did find some bad dummy loads which we replaced, but, following
that, our installation was on spec and fully legal. We did determine that the
delivery driver(s) were running linear amps and were bleeding over onto
adjacent frequencies when transmitting. That would explain their interfering
with our operation, but not our interfering with them. Odds were that the
driver(s) only heard the buzzing while driving directly past our building.
They should have had no problem receiving or transmitting.
As far as the personnel are concerned, the engineer and technicians all held
FCC tickets, were highly qualified for the work, and had been in the business
for many years. I have been doing data acquisition and communications software
for about twenty years and consider myself somewhat competent in the area.
None of us are necessarily sickos. One of the techs probably qualifies as a
bozo, but he's a nice enough fellow and a decent tech.
I hope that this quiets any unrest out there.
Frank Letts, Ferranti International Controls Corp., Sugar Land, Texas
(713)274-5509
Who SHOULD attend this year's Ides-of-March
Fourth Annual Computer VIRUS & SECURITY Conference
at the New York World Trade Center?
MIS Directors, Security Analysts, Software Engineers, Operations
Managers, Academic Researchers, Technical Writers, Criminal
Investigators, Hardware Manufacturers, Lead Programmers
who are interested in:
WORLD-RENOWNED SECURITY EXPERTS: CRIMINAL JUSTICE LEADERS:
Dorothy Denning - DEC Bill Cook - US Justice Dept
Harold Highland - Comp & Security Donn Parker - SRI Intl
Bill Murray - Deloitte & Touche Steve Purdy - US Secret Service
Dennis Steinauer - NIST Gail Thackeray - AZ Attorney
UNIVERSITY RESEARCH LEADERS: LEGAL/SOCIAL ISSUES EXPERTS:
Klaus Brunnstein - Hamburg Mike Godwin & Mitch Kapor - EFF
Lance Hoffman - GWU Emmanuel Goldstein - 2600 Magazine
Eugene Spafford - SERC/Purdue Tom Guidoboni - (R.Morris' lawyer)
Ken van Wyk - CERT/CMU Marc Rotenberg - CPSR
PLUS Fred Cohen, Ross (FluShot) Greenberg, Andy (DrPanda) Hopkins, and
over 40 MORE!
Over 35 PRODUCT DEMOS including: include Candle's Deltamon, HJC's
Virex, McAfeeSCAN, Symantec's SAM, ASP 3.0, DDI's Physician,
Gilmore's FICHEK, Certus, FluShot Plus, Iris's Virus Free, 5D/Mace's
Vaccine, Norton Utilities, PC Tools, Quarantine, Viruscan, Panda's
Bear Trap, Disk Defender, Top Secret, Omni, ACF2, RACF and OTHERS AS
REGISTRANTS REQUEST.
FIFTY PRESENTATIONS INCLUDE:
Security on UNIX Platforms, Tips for Investigators, HURRICANE Recovery,
Dissecting/Disassembling Viruses, 6 Bytes for Detection, LAN Recovery,
ISDN/X.25/VOICE Security, Encryption, Apple's Security, EARTHQUAKE Recovery,
IBM's High-Integrity Computing Lab, US/Export Issues, 22-ALARM Fire Recovery,
Publicly Available Help, Adding 66% More Security, NETWARE VIRUS Recovery,
Next Generation of Computer Creatures, THE WALL STREET BLACKOUT Recovery,
Mini Course in Computer Crime, Great Hacker Debate, REDUCING Recovery Costs,
S&L Crisis: Missing DP Controls, OSI and the Security Standard, Virus Myths,
Viruses in Electronic Warfare, US Armed Forces Contracts for New Ideas....
INTERESTED? ONLY $275 one day (Thurs 3/14 - Fri 3/15) or $375 both days:
* Bound, 600-page Proceedings containing ALL materials - no loose paper!
* Eight meal breaks, including Meet-the-Experts cocktail party 107th Floor
* 2-day track of product demo's * 2-day course for ICCP Security exam
* Full-day Legal & Justice Track * Full-day disaster Recoveries Track
There is a $25 discount for ACM/IEEE/DPMA members.
Fourth member in each group gets in for no charge!
To register by mail, send check payable to DPMA, credit card number
(VISA/MC/AMEX), or purchase order to:
Virus Conference
DPMA
Financial Industries Chapter
Box 894
New York, NY 10268
or FAX to (202) 728-0884. Be sure to include your member number if
requesting the discounted rate. Registrations received after 2/28/91
are $375/$395, so register now!
For registration information/assistance, call (202) 371-1013
Discounted rates available at the Penta Hotel. $89 per night. Call
(212) 736-5000, code "VIRUS"
Discounted airfares on Continental Airlines, call (800) 468-7022, code EZ3P71
Sponsored by DPMA Financial Industries Chapter, in cooperation with
ACM SIGSAC and IEEE-CS.
Please report problems with the web pages to the maintainer