Abstracted from an AP item in the Buffalo News, May 2, 1993: Two women accused of selling confidential information about adoptions have pleaded innocent to computer trespass, grand larceny, and other charges. State police and Department of Health officials allege that one of the women, a departmental employee, looked up confidential adoption records in state computers, then passed them onto the other defendant. The other defendant, who ran an adoption group called Birth Parents Network, then allegedly sold the information for $800 a listing to people seeking their birth parents or children. Comment: It is notoriously difficult to break the sealed records in adoption cases. Many people use private detectives to find out what the court doesn't want them to know. Why not an end run around the records, and, at $800, it's probably cheaper than the detective. john slimick firstname.lastname@example.org university of pittsburgh at bradford PA
The other evening, I received a number from an upset woman. It appears that her caller-id box told her she had just received a call from my number. The only call I had made that evening yielded me a pizza, and the number did not resemble hers. I did not ask her to described the call, because she seemed upset. But I gather I would not have wanted to be accused of making it. Anybody know whether this happens often? Does the caller-id report include an error check? Are all boxes required to verify the check? email@example.com
Appended to the end of this message is an announcement I received today. There's a new mailing list in town, the Risk Management and Insurance Mailing list. The new mailing list is named RISK. Perhaps this is an example of a RISK associated with the growing use of mailing lists. I wonder how many people, intending to subscribe to a mailing list version of the RISKS digest, will accidentally subscribe to the RISK mailing list. Cal jewell@Data-IO.com ...!pilchuck!jewell # Date: Wed, 5 May 1993 11:14:55 CDT # Reply-To: garven@UTXVM.CC.UTEXAS.EDU # Sender: NEW-LIST - New List Announcements <NEW-LIST@VM1.NoDak.EDU> # From: "James R. Garven" <garven@UTXVM.CC.UTEXAS.EDU> # Subject: NEW: RISK - Risk Management and Insurance Mailing list # # RISK on LISTSERV@UTXVM.CC.UTEXAS.EDU Risk and Insurance Issues # or LISTSERV@UTXVM.BITNET # # RISK is an electronic discussion list also known as RISKnet that will # allow persons around the world interested in Risk and Insurance # Issues to discuss matters of mutual concern. Although RISK is a # moderated list, it is the intention of the moderator to facilitate a # "no holds barred" discussion of Risk and Insurance issues. # Submissions to RISK are posted and redistributed around the world to # all who subscribe, subject to the following constraints: # # 1) submitted materials must not be copyrighted; # # 2) submissions must be (at least remotely) related to the purposes of # the list as outlined below; # # 3) basic rules of email etiquette are expected; i.e., character # assassination and/or profanity are not allowed, and neither are # anonymous submissions. # # Possible topics for discussion on the list might include any of the # following: # # 1) Substantive discussion over topics such as corporate risk # management, underwriting cycles, insurance solvency and regulation, # insurance pricing, insurance economics, economics of legal rules, # liability issues, political risk, environmental risk, interactions # between insurance and finance, globalization of insurance markets, # risk perception and assessment (to name a few). # # 2) Comment and contributions on curriculum questions; suggested # texts, new articles of common interest for course-related adoption. # # 3) Circulation of draft articles for comment and discussion. # # 4) Personal exchanges in the effort to develop a greater sense of # community among RISKNet colleagues. # # To join RISK, send electronic mail to LISTSERV@utxvm.cc.utexas.edu # (or on BITNET to LISTSERV@UTXVM) and include the following message in # the body of your mail: # # Sub RISK John Doe # # (in the above command, please substitute your own name for John Doe). # If you have any questions, please free to contact the owner. # # Owner and Editor: James R. Garven firstname.lastname@example.org # Department of Finance # University of Texas at Austin # Austin, TX 78712 # USA # # Editor's Note: Do not confuse the RISK list described above with # the RISKS list peered at several sites. The RISK list is about # insurance. The RISKS list is on issues related to the public use # of computer systems. mgh [ugh. pgn]
I'm not sure if this is worth a Risks posting, but it's an interesting bit of information. (From alt.folklore.computers, posted by email@example.com) In article <1993Apr30.firstname.lastname@example.org> email@example.com (Mauricio Antonio Lopez Gutierrez) writes: >Paul Raveling (raveling@Unify.com) wrote: <>In article <C5uu7y.firstname.lastname@example.org>, email@example.com (Guy Dawson) writes: <>> <>> In our race car we use an analog tach for the driver and record <>> the telemetry data digitally. <>> <>> As for accuracy, the unit is VERY accurate. Internally the system is <>> digital and drives a stepper motor to which the needle is attached. <>> This is factory calibrated. The stepper motor mans that the needle <>> does not bounce around when the driver clips a curb or generally goofs. <> Much of this debate is based on opinion only and has little <> data to back it up. In the case of a watch it doesn't matter whether it is analogue or digital, for most people most of the time a quarter hour counter will do. In fact the minute hand is really not needed and was omitted from early clocks, the time between the hours was estimated. In the case of a speedometer the speeds to which one is driving (eg usually the limit) do matter. I was involved in research (yes the evil deed of getting real data) for Ford in Britain and we found that a digital, numeric readout, even in poor seven segment characters was uniformly at least as good and most times better than an analogue display. We found this effect in photographic presentations, a simulator and on the road with a $100,000 prototype. We knew from the "ergonomics" literature that an analogue display was supposed to be better for check reading and estimation but we failed to find what we expected even though the tests were sometimes biased to find out if such an effect occurred. Furthermore, older people preferred this display because the numbers were now so large that it was not necessary to focus on them as much as was necessary to see a needle (especially at night). The time taken to interpret the numeric display was "swamped" by the ease of reading it allowing people to look back at the road during the interpretation time. When we presented the results to a conference the German and Japanese auto researchers rushed back to their labs to do the research which only we had "bothered" to do. Never assume that "common sense" is enough when people's lives may be at stake. Call the Institute of Consumer Research (ICE) in England (phone 011-44-509-236161 or fax 610725) for further details.
I found this article in the newspaper last week. It's obvious that the story describes an attempt to "fish for information" on us, but I would like to know what questions you netters think these "census takers" might be asking. The simplest answer is that they are casing the joint to find out how many VCR's and how much jewelry people own, when they are at home, etc. But is there any other data that would have less tangible risks? SSNs, for example? George Entenman firstname.lastname@example.org Census imposters invading Cary, by Beverly Brown, Staff writer The News and Observer, Saturday, May 1, 1993, Page 7B [Abstracted by PGN] Cary [NC] - Beware of nosy people at your door claiming to be census workers. They probably aren't. Police Chief David Fortson said several residents have complained about people identifying themselves as census employees and proceeding to ask questions. Eighty legitimate census workers - carrying red, white and blue identification cards - won't start going door-to-door until May 20, when the town begins conducting a special census. Cary, at odds with the Census Bureau over the town's 1990 census, commissioned a special head-count last year. The latest census says the fast-growing town has a few more than 43,000 residents. But the town estimates that at least 48,000 people call Cary home. At stake are millions of dollars in state funding, allocated on the basis of population. For a new count, which will involve a week-long canvass, census workers will limit their questions to name, age, race, sex, national origin and relationship to the homeowner. Fortson said the imposters most likely are opportunists, using public knowledge about the town's forthcoming count as a chance to fish for information. "There are all kinds of things going on in terms of scams," he said. "Perhaps this is another way for folks to pull off a scam. I just don't know."
"The Scotsman", 6th May, reports an incident affecting possibly as many as "a couple of thousand" households in East Kilbride, near Glasgow. Residents have received information on council tax rebates (for low income and invalidity benefit claimants) relating to their neighbours. Apparently, the computer "broke down" midway through printing the 900,000 bills being issued, and after the computer was restarted, the problem occurred. Apparently, the rebate information on the FRONT of the bill was correct, but that the calculation on the BACK related to the next household (apparently the bills are issued in order of address). Presumably, when the computer crashed, it ejected one half-printed bill, and proceeded to pair the front and back pages wrongly for the remainder of the run. A council official said that most families would not be directly identified [though if you know that they live next door....]. The only names in bills would be those of "non-dependents" such as lodgers. [We had an almost identical case a few years back. PGN]
In the April 1993 issue of the MIT Information Systems magazine there is a description of a videoconferencing system. Apparently, in a multi-site conference, each site must call a bridge, or hub, which then acts as the traffic controller for transmission to and from the participating sites. The risk is in the bridge design: The bridge relies on voice activation to determine which site to show more or less on the principle that whoever talks the loudest gets seen" Does this system contravene the Americans with Disabilities Act? I never knew that lung power would some day make me more visible. Shyamal Jajodia (MIT)
This text was forwarded to me by a friend and professional colleague in the UK. I am dismayed that this type of activity is being condoned by an American Governmental Agency. I can only hope that this operation is shut down and the responsible parties are reprimanded. I am extremely disturbed by the thought that my tax money is being used for, what I consider, unethical, immoral and possibly illegal activities. ---- begin forwarded message ------------- AIS BBS Capture log. To: all interested parties, especially Americans who may wish to ask relevant questions of relevant people. Capture log from a BBS that claims to be run by the US Treasury Department, Bureau of the Public Debt. Notice - I have not verified that the US government is actually running this BBS, only that the BBS claims that it is. The capture was made live. I have cut out parts where the same area was visited twice, and the information is identical. Also cut out, is any information that could lead to the caller being identified, as the caller wishes to retain privacy. If indeed this is being run by the US Government, the caller would not wish to be harassed by that organisation. Also omitted are the "More" prompts for paging the display. And, after the first few displays of the main menu, some of those have also been omitted for brevity. The file 27-ASM.ZIP was downloaded, to check that there really were source codes. In fact, there were mostly recompilable disassemblies, some good, some bad. I've included, at the end of this file, the beginning of 512.ASM, a disassembly of Number of the Beast. But I've only included the header, the first couple of instructions (discover Dos version) and the end (the '666'). All the meat of the code, I've omitted for brevity, and because this capture is likely to become publicly available. [ portions deleted containing high-order ascii ] Bureau of Public Debt, OnLine Information System, AIS Files System Select: A File Areas: ---------- 4 ... UNDERGROUND-NEWSLTRS 5 ... UNDERGROUND-PHREAKING 6 ... UNDERGROUND-HACKING 7 ... UNDERGROUND-VIRUS 8 ... ABOVEGROUND-POLICY 9 ... ABOVEGROUND-TRAINING 10 ... ABOVEGROUND-UTILITIES 11 ... ABOVEGROUND-VIRUSES 12 ... ABOVEGROUND-BULLETINS 13 ... ABOVEGROUND-CRYPTO 14 ... ABOVEGROUND-MISC 15 ... ABOVEGROUND-NEWSLTR 17 ... BULLETINS (Non-Current) Select area: 7 U.S. Treasury Department Current File Area : UNDERGROUND-VIRUS ZDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD? 3 [A] Area Change [R] Raw Directory 3 3 [L] Locate by Keyword [W] Wild Card Search 3 3 [F] File List [B] Browse a Txt File 3 3 [N] New Files [*] Main Menu 3 3 [D] Download (Global) [G] Goodbye 3 3 [U] Upload 3 @DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDY To request an access level upgrade leave a message for Mary Clark Bureau of Public Debt OnLine Information System AIS Files System Select: F Press P to Pause, S to Stop 27-ASM.ZIP 137207 18-02-93 27 ASM files, incl. 1260, 4096, etc. 541.ZIP 3321 25-08-92 541 in ASM AIDS.ZIP 2065 25-08-92 AIDS in PASCAL AIRCOP.ZIP 2081 25-08-92 Aircop in ASM ANTHRAX.ZIP 3688 25-08-92 Anthrax in ASM ASM.ZIP 183429 25-08-92 Source code for 51 viruses BLOODY.ZIP 3037 25-08-92 Bloody in ASM BOB.ZIP 3221 25-08-92 Bob virus in ASM BOBVIRUS.ZIP 5812 25-08-92 Bob virus in ASM BOOT.ZIP 25975 25-08-92 Source code for 13 viruses CANCER.ZIP 1270 25-08-92 Cancer in ASM CONTEST.ZIP 7680 11-02-93 M. Ludwig's Virus Writing Contest Rules CRAZY.ZIP 514 25-08-92 Crazy in C CVIR_C.ZIP 2621 25-08-92 Cvirus in C CVIRUS.ZIP 3656 25-08-92 CVirus in ASM DETH001.ROT 4661 08-03-93 Megadeth's Guide to Virus Research part I - Virii DETH002.ROT 2662 08-03-93 Megadeth's Guide to Virus Research part II - Trojans GRITHER.ZIP 2393 25-08-92 Grither in ASM GUIDES.ZIP 35541 25-08-92 "How-To" for the budding virus writer ITALIANS.ZIP 4659 25-08-92 Italiano source in ASM ITTI-A.ZIP 1589 25-08-92 Itti-Bitti A in ASM ITTI-B.ZIP 1310 25-08-92 Itti-Bitti B in ASM LEPROSY.ZIP 2983 25-08-92 Leprosy in C LEPROSYB.ZIP 4024 25-08-92 Leprosy strain B in ASM MARAUDER.ZIP 3511 25-08-92 Marauder in ASM MTE-SRC.ZIP 14272 18-04-92 A supposed disassembly of the Mutation Engine MTE91B.ZIP 12719 29-06-92 Dark Avenger's Mutation Engine MUSICBUG.ZIP 3322 01-01-93 Music Bug in ??? N1.ZIP 1986 25-08-92 Number One in PASCAL NEWINSTL.ZIP 161536 25-08-92 Nowhere Man's Virus Creation Lab (PKUNZip 1.93) PEBBLE.ZIP 1454 25-08-92 Pebble in ASM PS-MPC90.ZIP 41802 31-07-92 Phalcon/Skism Mass Produced Code Generator SAT-BUG.ZIP 18158 25-02-93 Source Code of a poly-virus SATNLH.ZIP 2137 25-08-92 Satan's Little Helper in ASM SHHS.ZIP 2922 25-08-92 South Houston High School in ASM STONEDII.ARJ 2377 26-03-93 The Stoned 2 virus w/ source VBASEABC.ZIP 242816 05-02-93 New, accurate virus info database VCL.ZIP 167472 21-07-92 Nowhere Man's GUI based Virus Creation Lab <Chiba City> VIRULIST.ZIP 168192 25-08-92 40-Odd Viruses in ASM VIRUS.ZIP 3191 25-08-92 Virus source in ASM WORM.ZIP 1110 28-10-92 Internet Worm source code in "C" XMAS.ZIP 892 25-08-92 Christmas in ??? TPE11.ZIP 7747 23-12-92 Trident Polymorphic Engine ver 1.1 Press (Enter) to continue: [ remainder deleted ] ------ end of forwarded text -------- I submit this text in an anonymous fashion for fear of reprisal. I respectfully request that Ken van Wyk and Peter G. Nuemann allow that it be posted to both VIRUS-L and RISKS Digests. I think the risks of Government sponsored virus exchange are crystal clear. Quis Custodiet Ipsos Custodes?
: The pyramids are a poor example to bring into the argument about manned : space exploration. They cost more than just money. It's not just cost. After all, manned space exploration costs more than just money, too. It's that, with a few thousand years of hindsight, pyramids *were* a remarkably stupid thing to do with those resources. If I thought that manned space flight was "like" building the pyramids, I'd immediately say "flush it". I mean, was it *really* sensible to build those structures, when the only thing that the heirs of all this effort find practical to do with it is to mine the dressing stones from the surface, recover the burial goods, and promote tourism income? Hmmmmmm. Do you suppose there were those who said "well, just look at the technological spinoffs! We now can pile large stone slabs up with joints you can't fit a knife into! We can build structures of enormous size with incredibly accurate right angles!"? Bogus then. Bogus now. Don't get me wrong, I don't suppose that there are no adequate justifications for manned space exploration. It's just that the argument that "it'll turn out to be just as good an investment as the pyramids" is a remarkably poor one, roughly like saying that "He's evewy bit as good a wabbit hunter as Elmer Fudd." So what's the computer risk here? Perhaps the oldest of them all. The risk of being impressed by spinning tape drives or blinking lights or neat rows of numbers on printout. Which is, after all, a variant of the very human risk of being impressed by appearance rather than substance. Wayne Throop email@example.com
There have been a few postings in the past on alleged pathological (esp. neurological) conditions induced by playing video games (e.g., Nintendo). Apparently, there have been reported several cases of "photosensitive epilepsy", due to the flashing of some patterns and the strong attention of the (young) players. One poster to comp.risks reported some action from the British Government. A quick search in a database reported the following two published references: 1. E.J. Hart, Nintendo epilepsy, in New England J. of Med., 322(20), 1473 2. TK Daneshmend et al., Dark Warrior epilepsy, BMJ 1982; 284:1751-2. I would appreciate if someone could post (or e-mail) any reference to (preferably published) further work on the subject. Any pointer to other information and/or to possible technical tools (if any) for reducing the risks are appreciated. Many thanks, Antonella D'Alessandro, Pisa — Italy. firstname.lastname@example.org
>A contribution to RISKS (14.56) once again repeats the propaganda that it is >only through human cleverness and ingenuity that complex space missions are >saved. That is sheer propaganda. Even though I'm personally in favor of sending men into space, I don't think they are required or desirable for every mission, and this recent example just cited, if anything, is hardly a strong case in favor of manned missions. Think: if you hadn't had the men there to bump the plastic part and break it in the first place, you wouldn't have had any problem that needed a man to fix. You also need to be careful not to read too much into the "cleverness/ingenuity" issues: a man on the ground could have been just as clever and directed a fairly simple robot arm to insert the felt tip pen. There are examples where having a man there saved the mission, but this wasn't one of them, and economically you'd be a lot farther ahead if you had twice as many unmanned missions (costing half as much) even if 25% of them did fail. If you want some hard facts, consider the amount that we have spent recently trying to get a working toilet, and how much time was spent trying to fix it. Without men there, you don't need toilets. Flint Pellett, Global Information Systems Technology, Inc., 100 Trade Centre Drive, Suite 301, Champaign, IL 61820 (217) 352-1165 uunet!gistdev!flint
Direct mail marketers are, of course, interested in "targeting" their mailings to recipients in known categories such as Porsche owners or toad collectors. I have long felt that if you request that the Direct Marketing Association put your name on the "no unsolicited material" database, you would eventually be categorized as a person interested in privacy issues and mailbox pollution. Steve Mick, email@example.com
From the front page of "Computing", a weekly UK newspaper, 6 May 1993: China executes hacker over #122,000 [UK pounds] theft The Chinese government said this week it had executed convicted hacker Shi Biao as a warning to others that computer crime does not pay. Biao, who worked as an accountant at the Agricultural Bank of China, embezzled more that #122,000 [UK pounds] over three months in 1991 by forging bank-deposit slips. He was caught when he and an accomplice tried to transfer some of the money to the province of Shenzhen in southern China.
I think that if the owner of a phone line wanted to communicate with sexually explicit services (whether 900 numbers or anything else), he or she should be required to request, in writing, that those services be enabled. (Hey, the phone company could charge for the service!) If you've got kids and don't want to talk dirty on the phone yourself, you do nothing. If you don't have kids, then you can sign up. If you have kids and sign up, then it is up to you to deal with keeping your kids out of it. But the bottom line would be that services would be obligated to reject calls from any line that had not explicitly requested access to such services. >In my opinion, they were trying to blame technology for a social problem... There are technological issues here. My own son got involved with one of these "services" recently, and am glad to hear that others are upset about it. A couple of points: (1) When you call this supposedly free 800-number, you don't have to "leave your phone number", the company gets it automatically when you call. You get a recorded number telling you to hang up. You then get an automatic, collect callback. (2) The callback apparently doesn't require any explicit response to enable the collect call. If you stay on the line for more than a few seconds, you are charged. There is no mention of how much the call will cost. To answer your last question: (1) There is nothing wrong with "talking about sex." However, I do think that there is something wrong with adults describing explicit sex acts to a preteen child. We do discuss sex with our kids, and assume that they discuss it with their friends (in terms rather different than we do with them :-) ), but I certainly wouldn't take any of them to a hardcore porno movie. (2) There is pretty much a consensus in our society that children should not have free access to sexually explicit materials. I may be overstating this, but consider what would happen to an "adult" bookstore owner who sold materials to minors (or at least young minors). I feel that anyone distributing such materials, whether in a store, by mail, or electronically, has the obligation to take reasonable steps to ensure that the recipient is of "reasonable" age. (3) We will take responsibility for what our son knew he was doing. called, that we (and he) will take responsibility for. (He called some other, regular long distance numbers with recorded messages, and has repaid us for them.) However, I am not happy about this end run around 900-number blocking that turns a supposedly-free phone call into a charged call. (The company in question did eliminate the charge, by the way, when informed that they had made a collect, obscene phone call to a minor child. I kind of wish that they hadn't been so accommodating. I was ready to make a very big stink.) An interesting side effect to all of this. Since our little incident, I have been getting some very unusual mail, not even in a "pain brown wrapper." I had never realized that calling a 1-800 number could put you onto a mailing list! David A. Willcox, Motorola MCG - Urbana, 1101 E. University Ave., Urbana, IL 61801 217-384-8534 ...!uiucuxc!udc!willcox firstname.lastname@example.org
Here is the reference for a detailed San Jose Mercury on the use of utility information by the police to detect marijuana growers etc. The article is more generally about the highly developed practice of informal personal-data sharing among various public and private organizations in the San Jose area. Gary Webb, Utilities give cops data on their customers, San Jose Mercury News, 27 December 1992, pages A1, A21.
Please report problems with the web pages to the maintainer