The following events happened about January this year, at our local Cable TV company; I worked for them over the summer vacation and I was told this story by one of the people involved.... Our local cable company makes no local programmes; a voluntary group makes about 40 minutes a month. This is shown every night at 7pm immediately after the close of service of the Children's Channel. Obviously the programs involved are quiet innocuous and suitable for family viewing. The company also offers a channel called HVC: this shows films which are distributed on tape to the cable operators. The tape format limits each tape to an hour so each film is split over two tapes. HVC`s films are low-budget romance and soft porn. Three films of progressively "stronger" content are shown each evening. Both local programmes and HVC are provided using a bank of tape machines and a "Kavicom" computer system is set up to activate each machine at the right time and send its output to a cable channel. On this occasion, the employee(X) who normally loaded the machines set up the computer for the evening, but didn't load the tapes because the machines were in use. In fact, one of the machines was unavailable so the tapes were to run in different machines from usual. X would return later and load the tapes. Slightly later, while X was working elsewhere, employee Y arrives and loads all the tapes (the machines are now available), notices the computer's been set and informs X upon his return that he's set up the system. At 7.15pm the station`s choef engineer is called at home to be told that there's porn on the Children's Channel. About 10 minutes later, someone gets to the [unmanned] station and stops the machines. The error in all this: Y had assumed the setup would be the same as always; X assumed that Y checked the details on the computer. The result: the second tape of the last film (the steamiest) was substituted for the local programmes. A general note: I've worked with two broadcasters and neither appears to have any real concern about the integrity of their communications links (it is assumed that the service providers for the links will keep them secure). For example, all the TV and radio service for Scotland passes through one site: this makes an obvious weak link (either in terms of vulnerability to takeover or to systems failure). TV and radio signals aren't encrypted (encoded using standard hardware though) for pre-transmission distribution. Have you ever wondered how much trust you place on what you see on television? Not only that broadcasters will show "appropriate" programs but that the service will provide information when you need it. With larger proportions of the network management being computer-controlled, there seems to me to be ample problems waiting in the wings.
There was a good deal of discussion on sci.virtual-worlds early in September about potential risks of using HMDs (Head mounted Displays). J. Hill posted a substantial extract from a front page article by Steve Connor and Susan Watts published in the Independent (in London) on Sept. 5. There was lively discussion in several subsequent postings. There are different approaches to HMD design, and approaches that don't use HMDs. Just when we thought we were learning to deal with the hazards of keyboards and displays, it seems that there are other ways for computers to get us. Hill's posting and disclaimer follow. A new toy that allows children to play computer video games in 'virtual reality' could permanently damage their eyesight. The equipment - a headset which beams stereoscopic images on to both eyes - is already in use in such hi-tech amusement arcades as London's Trocadero. Sega, the Japanese computer games company, intends to launch a home version in the United States later this year, and in Europe next year. Tests of virtual reality headsets on adults produced visual problems which scientists believe could be far more serious in young children. One fear is that the toys could lead to permanent squints. Two groups of researchers, one at Edinburgh University and one in the Ministry of Defense, have detected side-effects in adult volunteers who wear the 'head-mounted displays', which produce an illusion of reality by giving all-round, three-dimensional vision of moving objects. Such equipment is already used by the military and by commercial designers who want to see their work in three dimensions. The Health and Safety Executive has set up an investigation of the headsets because of fears raised by a research team led by John Wann, a lecturer in human perception at Edinburgh. `Our results suggests it seems particularly unwise to introduce them as a toy for children,' Dr Wann said. 'If they are spending more than a few minutes with these headsets, there are serious considerations for their eyesight.' Mark Mon-Williams, an optometrist, said that people who used the headsets for 10 minutes showed similar visual disturbances to those who spend eight hours at a computer screen. 'It's amazing what you are asking your eyes to do inside the headset,' he said. Of 20 young adults who took part in a 10-minutes test, 12 experienced side-effects such as headaches, nausea and blurred vision. Mr Mon-Williams said that a particular concern is that the headset puts a lot of strain on binocular vision, which is fully developed in adults but is more liable to break down under stress in children under 12 years, causing squints. The Edinburgh findings are supported by researchers at the Army Personnel Research Establishment at Farnborough, Hampshire. In a test, 61 per cent of 150 volunteers reported symptoms such as dizziness, headaches, eyestrain, light-headedness and severe nausea. Mr Mon-Williams said the main problem stems from the headsets severely straining the eye muscles, leading to slightly cross-eyed vision. A slight misalignment of the two images in each eye produces a visual disparity that the muscles try to correct. Andrew Wright, software product manager for Sega in Britain, said that the new product would be tested extensively before coming on the market. Other health problems associated with virtual reality are beginning to emerge: a form of travel sickness is affecting people who spend too long in virtual environments. Symptoms such as nausea and disorientation are brought on by the slight time-lag between people moving their head and the scene they are immersed in 'catching up'." [I would say that Sega and the rest of the VR games manufacturers have some PR work to do. I will watch the Independent for any responses to this article. J. Hill, unrelated to University of Edinburgh research team cited in the article.]
>Typically, a court order is requested after a lengthy investigation and the >use of a "Dialed Number Recorder" (DNR). The DNR is used to track the >outgoing calls from the suspect's phone in order to demonstrate that the >suspect is communicating with known criminals. [...] >Electronic surveillance is a tool of last resort and cannot be used if other >methods of investigation could reasonably be used instead. Such normal >investigative methods usually include visual surveillance, interviewing >subjects, the use of informers, telephone record analysis, and DNRs. This implies that applying a DNR to a suspect's line does _not_ require a court order and is not considered wiretapping. In other words, the list of numbers called by a suspect is not protected as rigorously as the content of those calls. I'd like to hear more about how this data is protected or made available to investigators and others. I think it would be possible to deduce a great deal about a person's lifestyle and associated from the list of numbers he or she calls. This is the inversion, in a pseudo-mathematical sense, of the database that could be created by a Caller ID subscriber. Surely possession of this information should ordinarily be limited to the caller and the telephone carrier?
Dr. Denning's long article on wiretapping was most informative. This section in particular caught my attention: (4) major offenses involved (634 narcotics, 90 racketeering, 66 gambling, 35 homicide/ assault, 16 larceny/theft, 9 kidnapping, 8 bribery, 7 loansharking/usury/extortion, 54 other) If we exclude "other", and also "racketeering", which is a catch-all term like "offensive to Allah and corrupt of the earth", then, of the 775 major offenses involved, no less than 700, or 90%, involve victimless crimes, ie actions involving only consenting adults in free-market transactions. In other words, these wiretapping capabilities are not being used against real crimes, but against actions that are defined as criminal for no better reason than that Leviathan has a boot with which to stamp, and we have faces to be stamped on. The risk, I guess, is rather an old one: too many of us are in danger of forgetting that liberty is indivisible.
>I remember a glowing _Discover_ magazine article describing how perfect the >Hubble mirror was... The Hubble mirror actually was quite strikingly precise; it matched the (incorrect) test rig -- the specification, so to speak -- with unprecedented exactness. >The Hubble mirror was tested, but as I recall it was >*management* which balked at the necessity of building a second test jig >because of a few anomalous measurements... Not quite correct. There were three test rigs built for that mirror, and two of them reported the error. It happened that the third was considered the most accurate, so management -- under considerable pressure -- ignored the results from the other two. There was never any serious consideration of building the sort of test setup that would have been needed for an "end-to-end" test. Quite apart from the cost, and the perceived unlikelihood of finding anything -- this really was a one-in-a-million mistake -- it would have added substantial risks of contaminating the mirror surface. Incidentally, something to think about, with the repair mission imminent... Obviously, one crucial input to the manufacturing of the corrective mirrors was the exact error in the primary mirror. This could be measured in two ways: by examining the test rigs and results used to make the mirror, and by examining the images from the telescope (with its focussing adjustment in various positions). The two methods do not quite agree. The discrepancy is quite small, but it is larger than the known errors of the two methods (that is, the error bars don't overlap). By itself, it's probably not a problem -- the positions of the corrective mirrors can be adjusted from the ground to deal with minor errors -- but it does suggest that the situation may not be completely understood. Henry Spencer at U of Toronto Zoology email@example.com utzoo!henry
This months "Bulletin" for Toronto Dominion Visa customers announced the availability of an automated Voice Response System. It makes lots of information, including balance, and the last five payments, available to anyone who knows the card number and 3 digits from the customer's postal code. The card number is given out with every purchase, the postal code is easily obtained from the address available in every telephone book. In other words, anyone can get information about your purchases. I first became aware of this before I saw any announcement becaused I phoned to make an inquiry. Shocked at this exposure I asked if I could pick a PIN number different from my postal code. I was told that this was not possible with their computers! I then demanded that I be taken off the system and, after talking to 3 levels of employees, this was done. However, until today's announcement, most customers were not available of the exposure. Offering the user the choice of a PIN seems the least that they can do, but they won't do it. Prof. David Lorge Parnas, Dept. of Electrical and Computer Engineering, McMaster Univ., Hamilton, Ontario Canada L8S 4K1 905 525 9140 Ext. 7353
It looks as though the concept of signing things with digital signatures is beginning to take off, and will surely become more commonplace. This is good, because we don't have to worry quite so much about forged email, etc. A few years from now, when we start using electronic means to order things from businesses, whether it's via email, or through our amazing new "Mall in a Box" piped to us through fiber lines to our TV, we'll also use digital signatures. Nobody will be able to order something posing as us, and credit card fraud should be greatly reduced, since all orders will be digitally signed. This is good, right? Well, now the businesses have our number. Our public key identifies us, uniquely. Nobody else will have the same public key. This means that businesses no longer have to try to track us down via our SSN or Driver's license number - they've got a much better number to use to refer to us in their database - our signature. We've given it to them voluntarily. That's not so good. Cross-referencing a few of these databases will divulge buying habits and other personaly information that's been mentioned in RISKS before. -- Karl J. Smith : SW JOAT -- Sparcom Corporation -- Corvallis, OR firstname.lastname@example.org : Phone (503) 757-8416 -- FAX (503) 753-7821
Readers of the list who are able to receive BBC Radio 4 may like to know that this week's "File on Four" is devoted to the subject of risks of complex systems and particularly safety-critical software. The programme goes out on Tuesday 19th Oct. at 19.20 (just after the Archers! :-) and again on Wednesday 20th at 15.00. Peter Mellor, Centre for Software Reliability, City University, Northampton Sq., London EC1V 0HB, Tel: +44(0)71-477-8422, JANET: email@example.com
Here is something I found in an Australian computer magazine, which sounded like something for the Risks Forum... Quoted from "PCWEEK October 20, 1993" The Australian Government has secretly developed its own data encryption firmware and algorithm, killing its dependence on the US DES (Data Encryption Standard) Algorithm. Called Seneca, the firmware element was developed as a joint project of the Defence Science and Technology Organisation (DSTO) in Adelaide and the Defense Signals Directorate (DSD) in Canberra. [...] "It is a symmetric encryption technology like DES, but can operate at very high speeds" said the source. Seneca's original specifications included a throughput of 2Mbps, but testing had achieved rates of 20Mbps. Isn't part of the security with DES its slowness, which implies that this new encryption method will be inherently risky because of its speed ? Kevin Burfitt firstname.lastname@example.org (Kevin Burfitt) Compuserve: 100240,2002 Torps Productions: torps.apana.org.au BBS +61-3-818-0986 FidoNet: 3:635/574
The FAA Discovers HERF Is John Q. Flyer In Danger? On a recent series of US Scare plane flights, I noticed a new flight attendant spiel. "We're descending below 10,000 feet for our approach into (safe major metropolitan airport). Please turn off all laptop computers, CD and cassette players. Thank you for flying US Scare." In the July 26, 1993 issue of Newsweek, the following appeared. "On an uneventful flight over the Southern Pacific last February, the 747-400 pilot stared wide-eyed as his navigational displays suddenly flared and crackled. The data made no sense. But a flight attendant was already whisking a passenger's laptop computer up to the flight deck. When the crew turned it on, the navigation displays went crazy. They returned to normal when the crew switched off the laptop. The plane reached its destination safely. Investigating the incident, Boeing engineers bought the same model laptop and tried to replicate the glitch in another 747. They couldn't." And then, "In a holding pattern 13,000 feet somewhere above the southeastern United States, the pilot saw the guidance computers and controls that maintain the craft's lateral stability shut down. A passenger in Row 1 - directly above the flight computers and near the navigation antennas - was using a radio transmitter and receiver, a flight attendant said. The first officer hurried back and the told the man to shut it off; the systems blinked back on. Five years later, no one can explain how, or even if, the radio zapped the computers." Welcome to the world of HERF. HERF is an acronym for High Energy Radio Frequency, and holds potential disaster within its enigmatic description. Over the last couple of years, Security Insider Report has discussed HERF and its potential for disrupting electronics (June, 1992, October, 1992, November, 1992, January, 1993). Word is getting out. A fundamental axiom of electronics is at the heart of the phenomena, and needs to be understood to appreciate the potential severity of the problem. An electric current creates a magnetic field, which travels at the speed of light in all directions. This is the principle of radio and TV and cell phones. If you stick a wire in the air, and connect it a completed circuit, a magnetic field will induce a current flow. Again, radio and TV. If you modulate the signal with information, then the information can be sent from one place to another almost instantaneously. On the other hand, we have all heard interference on the radio or a cell phone when passing through a tunnel or on a bridge. HERF is the magnetic field, intentional or not, that when detected by an electric circuit can disrupt its operation to varying degrees of intensity. A HERF signal, if properly aimed at an electronic target can so disrupt its operation as to render it useless. This may well be what's happening to the 747-400's that experience anomalies such as those Newsweek described. You see, the latest generation of planes are known as "fly-by-wire", meaning that the planes functions, from nose to tail are controlled by a maze of computers and 145 miles of wires and cables. Many of these signals are so-called low-level signals, high impedance low voltage signals that are the most susceptible to interference. Now, a laptop computer or CD player will emit unintentionally, a quantity of radiation by its very nature. Despite the regulations made by the FCC to minimize electromagnetic emissions on consumer equipment, the shielding is far from complete. While the home computer may no longer screw up a TV picture as it did in the days of the TRS-80 and VIC-20, enough signal leakage occurs as to be of concern to the DoD and NSA. That's why they have the Tempest program - to stop all leakage at all costs. That's an intelligence concern, but the principle is the same. While the FAA and most airlines deny that there are any safety concerns to worry about, malfunctions of avionics systems do bring up serious public safety issues. Since 1990 the FAA has complied almost 100 reports of such occurrences with a six-fold increase this year alone. Why? We suspect, as many do, that fly-by-wire planes are indeed affected by computers and digital music systems. The number of potential paths that a radiated signal can take include flowing down the metal skin of the airplane, down the conduits of the wiring, directly into low level paths, or bouncing off of metal surfaces directly into antennas. Another possibility is one of resonance; where the radiated signal and the affected circuitry operate at the same frequency, thus increasing the apparent effects. A 10 MHz signal tends to attract and apparently "multiply" the energy of a nearby induced 10MHz signal. It's the nature of the beast. Another culprit is the FCC testing method for emissions certification of consumer products, especially computers. The tests as run by the manufacturer are idealized, under nearly perfect conditions. But, if you add RAM or a bigger hard disk, or one from another manufacturer, or use a higher speed CPU or add a modem, the rules change, and the emissions characteristics change. The power supply is drained faster, the clock cycles differently, and the location of the added RAM creates new magnetic patterns that might not still meet the barely adequate FCC emissions standards. Back in the mid 1980's, I worked for computer companies who spared no effort in minimizing compliance with the FCC. The bare minimum configurations were tested, and often we had to run back and forth to the factory to find the one single, unique computer system that would comply. Manufacturing tolerances and the bottom line took precedence over compliance. In many cases, the mere addition of 256RAM, bringing the machine up to a fully loaded 640K, would literally increase the emissions by a factor of 10! The FCC be damned. And then the addition of peripherals were even worse. Only those peripherals which actually had a port or a cable were required to have their own FCC compliance, but there's no provision for the synergistic effects of different manufacturer's products working together and still meeting the specifications. It was a total scam by every company I worked for. The edict was clear: Do whatever it takes to pass the test, for every day we're not selling, we're losing money. Also, some of the approved FCC testing laboratories were less than on the up and up. A typical suite of tests can run from $2500 to $25,000 and take 6 weeks or so; a costly death knoll for the competitive computer biz. But a double payment, in cash, often insured that the product was guaranteed to pass in less than a week. Get the point? Then there's the mice. A mouse - in distinction to a built in track ball within the unit itself - is attached by a wire. Another word for a wire is an antenna, and antennas are meant to amplify signals. In the case of the mouse, the wire is merely meant to carry stepped signals to the CPU; however, the shield or ground signal, especially in a battery driven laptop, is what we call floating; that is, it never really reaches ground to sink into the power company's and Mother Earth's natural ground point. Instead it floats at some undetermined level above ground, and guess what it does? It radiates! At some undetermined level, depending upon what is stuck inside the machine and by whom. It's no wonder that the engineers at Boeing and NASA and Apple are having such a time trying to figure out what's happening. The rules are wrong in the first place. We live in an electromagnetic sewer, and God knows we shouldn't be playing "let's not worry about it" with computers flying planes at 37,000 feet. The FAA knows better, and I would hazard to guess, wants to do everything within its power to avoid a panic or loss of public faith in the airline industry. That's perhaps why, they have kept it pretty quiet that they are protecting their own airport based facilities against HERF and radiated emission interference. In a low-profile massive endeavor, the FAA is replacing the glass in its control towers and offices in and around airports. We have received information from sources close to the FAA that their very concerned about HERF interference problems in air traffic control systems from the high power radar that keeps the airways safe. According to these sources, they are replacing control tower and office glass with shielded glass which attenuates electromagnetic signals by anywhere from 60-100db depending upon the severity of the problem. The replacement program is supposed to last for several years, which coincides with the upgrading of the nations control systems - which will obviously be more automated and computer driven than ever. If the FAA is as aware of the problem and the possibilities as it appears they are, one would hope they would take some stronger proactive measures to protect passengers - even if they're is only a glimmer of a chance that a laptop or a CD player could cause a plane to crash. It seems entirely reasonable to suggest that the FAA should just go ahead and ban such electronic devices on planes altogether. What's the big deal? Would the traveling Road Warrior care that he would lose 5 hours of productivity on the Red Eye? Probably, but if all airlines stick to a policy (there's that word again . . . funny how it keeps cropping up) especially is mandated by the FAA, everyone would still be playing on a level playing field, and no one would lose business. On the other hand, if planes are in fact susceptible to low level emissions from computers, is that such a good thing to openly admit? Because, what if you just turn up the volume a few db? There are plenty of crazies out there; and with terrorist concerns on the rise, who knows what they might pull. Well, here are a couple of possibilities. Suppose I'm a real crazy bad guy, and I bring a specially modified laptop onto an airplane. The airport security is dismal and you can get just about any electronic device through with no trouble. But this laptop is modified to emit very high levels of radiation; either automatically or upon command. If I'm real nuts, and am totally committed to my cause celebre, I might be willing to bring the plane down with me on board. More than a few people meet that criteria. It might take a little tinkering and get on the right fly-by-wire plane to do it, but with the number of events already on the books, it's doable. Or, if my survival is important, I might check my luggage through with a HERF device, timed to 'go-off' at some point during the flight. Without me on board, of course. Luggage scanning can't tell the difference between a 'good' electronic device and a 'bad' one. If the FAA has something to worry about in this realm, this certainly qualifies. Or, let's replace the rocket launcher at the end of the O'Hare runway scenario which was disclosed by the FBI during a CPSR meeting in Washington, D.C. on June 7, 1993, with a powerful HERF Gun. A HERF Gun is an electromagnetic generator which is focused and aimable and frequency specific. Situated in a van, powered by a V-8 and an alternator, the HERF energy, several orders of magnitude louder than that emitted from a laptop, could have a devastating effect on planes taking off and landing. And acquiring such devices is pretty simple. You can go out and build one - it's an exercise in Electronics 101 - or I can buy one. Where? From the US government of course. A military surplus high power radar antenna is easily modified for higher signal strength and focussed targeting by someone familiar with electronics. Cyberspace has indeed come of age, and modern airplanes are as much a part of it as computer networks. It's just that the FAA doesn't know what to do about it yet. Let's hope they get up to speed quickly. Very quickly.
Please report problems with the web pages to the maintainer