Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
I just purchased a 900Mhz spread spectrum phone from Escort (the radar detector people). They don't take P/O's, so I had to order with a credit card. I'm not sure I want to show the following credit card receipt to the ladies down in purchasing... ESCORT PHONE, WHITE $299 ADULT SIGNATURE REQUIRED (Thank goodness they didn't name the thing after a Cobra or an English Sheepdog or mention the "rubber-duckie" antenna... at least this way I only look like your run-of-the-mill degenerate).
A pressure valve in the St. Louis city water system opened inadvertently and the resulting pressure spike damaged water mains in 15 locations throughout the City. It also tripped 14 fire alarms by disrupting sprinkler systems. The city water division suspects that a Southwestern Bell Telephone Company repair crew caused an "errant electronic command" which opened the 66-inch (168 cm) diameter valve. The crew was working on a data transmission line at the pressure control room at the Chain of Rocks water works in St. Louis. Southwestern Bell is not officially aware of any link between the repair and the mishap but will "be happy to work with the city to determine if there is any link." [Source: Article by Tim O'Neil and Melanie Robinson in the St. Louis Post-Dispatch, 30 August 1994.] - David Himrich
A 25 Aug 1994 article in the *San Jose Mercury News* discusses BADGER (Bay Area Digital GeoResource), an "electronic library of maps, census data, property lines and environmental features." This is a project funded by NASA and involves Bay Area cities+towns, a company called Smart Valley, NASA Ames, Lockheed, and other companies to "create a shared data base of geographic information about the Bay Area and the software to help cities use it to identify polluters, prevent power failures or plan land-use policies." Sounds pretty benign until you get to the discussion of use of this data by private companies for identifying potential customers, to wit: Organizers say private companies might make use of the mapping service as well. For example, a satellite photo that located swimming pools could be cross-referenced to a property-tax map to create a data base of pool owners. That could be useful to pool-cleaning services. With high-resolution satellite images, roofers might be able to locate homeowners with aging wood shake roofs. The risks to personal privacy are, I think, obvious. Denis Haskin, Sr. Mgr., Production Engineering, Information Access Company, 10 Presidents' Landing, Medford, MA 02155 dwh@epub.ziff.com 617 393 3649
KINGSTON, Ontario — The success of a recent trial of the Northern Telecom Millennium pay phone at Collins Bay Prison in Kingston, Ontario, may mean the system is set to go to prison for life. Northern Telecom partnered with the Canadian Federal Correctional Services, telephone consortium Stentor, and Bell Canada, to customize the flexible Millennium system architecture to fit the unique demands of a prison setting. The resulting "Millennium Inmate Solution" includes real-time management of inmate phone traffic to allow or restrict numbers, and enhance fraud control. Production on the Millennium Inmate Solution is slated to begin in Calgary by year-end, after final reviews by Stentor and the federal government. Roll out to federal prisons coast to coast is planned for the first quarter of 1995. The new prison phone system was also very well received by the American Correctional Association when it was shown at their conference this month in St. Louis, Missouri.
[Based on radio reports] Last night (Tue Aug 30), callers to the NSW Police's emergency 000 phone number in Sydney could not get through for a period of about five hours from 7.30 pm. Emergency calls to fire and ambulance, which are also reached by 000, were not affected. One caller, who was reporting a robbery in progress, was asked to call the local police station. 000 calls in other areas e.g. Newcastle and Wollongong were not affected. The State Commander [Officer in charge of day to day operations for NSW] said that nothing like this had ever happen before, to his knowledge. Police are investigating the failure. John Colville, School of Computing Sciences, University of Technology, Sydney Broadway, NSW, Australia, 2007 colville@socs.uts.edu.au +61-2-330-1854
I noticed the following on net-happenings as an explanation of why a promised World Wide Web search tool was not released. It doesn't give full details, but, for those who can read between the lines, you can see that such a local client search tool would consume enormous amounts of bandwidth. I'm glad that the developer had the good sense not to pursue it. "Some searches were not meant to be meddled with, Dr. Lemieux!" :-) (btw, for those without W3 who want to access the document cited, send mail to listproc@www0.cern.ch with the command: www http://web.nexor.co.uk/mak/doc/robots/robots.html in the body of the message.) ---------- Forwarded message ---------- Date: Sun, 28 Aug 1994 19:03:53 -0400 (EDT) SENDER: Mac WWW Worm <lemieuse@ere.umontreal.ca> Subject: [announce] Mac WWW Worm First, sorry for my french colleagues for this english answer. I just didn't want to write it twice... ---------- Here are my presents thoughts about that: 1- Due to the net traffic that would be produce by such an easy-to-use 'bot, I first decided that it should _never_ be widely released. 2- My Mac WWW worm was an engine designed to search for specific topics. He was downloading lots of pages, but kept informations only about a little portion of them. This way there's a lot of wasting in net resource. So, if you were striving to get such a tool, you should consider using one of the publicly accessible WWW Database. 3- Everyone running a bot without letting other people acces the data is _wasting_ resources, and should not be permitted to do that... Anyone interested in the subject of WWW Robot should consider reading the following document: http://web.nexor.co.uk/mak/doc/robots/robots.html Before flaming me for not releasing the 'bot, read every thing you can find under that URL. ---------- Beside that, the MacWWW worm program still contains lots of neat HyperCard script that can be easily recycled for any internet based material... I would accept to share all this material with any other HC-minded people. Be aware that building net program is not a little thing. Even if HC permit it to be really easy, you should always keep in mind that the internet is a _public_ network. Don't waste other's resources... Anyway, thanks for your interest. Sebastien Lemieux, dept. biol. lemieuse@alize.ERE.UMontreal.CA http://alize.ere.umontreal.ca:8001/~lemieuse/ Ce message a ete reposte par le reposteur TCL Pour info: lemieuse@ere.umontreal.ca [Very lemieusing! PGN]
In RISKS-16.36 it was noted that `On some old versions of Basic for PDP-11s, you could assign any value to the "constant" pi.' I believe that on some versions of FORTRAN you could do even better. You could assign any value to numerical constants. While I never tried it, our FORTRAN lecturer told us that (at least in the local implementation of the time) numerical constants were collected by the compiler and stored in writable memory. Statements like `3=4' could then cause the chaos that you might expect. James Ashton, Department of Systems Engineering, Australian National Univ. Canberra ACT 0200 Australia +61 6 249 0681 James.Ashton@anu.edu.au
I would suggest that another plausible explanation is that the cut was designed to allow for insertion of <something> into the line at another point, while the first cut was being fixed. While the line was down for repairs, such an insertion wouldn't be noticed... I hope someone at MCI is thinking. -cpf Paul.Ferroni@ab.com
> If all you use is printed copies, you're okay. However, if you give somebody > the file on disk or send it by E-mail, then there may be unintended info... This problem is not at all limited to Microsoft Word--there is another way in which a file can end up containing unintentional disclosures visible to a raw data editor. Checking my own disk, I have found several instances of this. There are many applications that don't write to every byte of their files. On the Macintosh (and presumably some other systems), when file space is allocated, the system doesn't zero the allocated blocks. Whatever data was written there previously remains. Thus, documents can end up with bits of other--completely unrelated, perhaps sensitive--documents trapped inside them. It's a particularly insidious problem, because once the old bits are trapped in the new document, they remain with the document forever. Even if you prepare your CD-ROM (or whatever) on a pristine, newly formatted hard disk, you may be copying little excerpts from the disks of all the machines the documents originated from. - Walter Smith / Newton Software / Apple Computer, Inc.
In the August issue of Byte Magazine, columnist Pournelle (Chaos Manor) recommends turning Fast-Save off - he reported losing hours of work because of it. Steen Hansen, Computer Specialist, Ohio State University hansen+@osu.edu
Gadzooks! You (and the fellow that originally reported it!) are correct. The problem also exists on the Mac - though I don't see the "Summary" problem as he stated for Windows. Norton revealed the truth of the matter on the Mac. Still, I don't consider this _fatal_ by any means. I just won't send out any Word (Fast Saved - which I keep don't use / disable, BTW!) discs. Thanks to both of you for the warning(s). I thought MS fixed the Fast Save bugs in 5.1a (note the "a"!). Evidently not this one! Hullo Mr. Gates, are you there? Tell me, do you know if this is a problem in Word 5.1a for Macintosh? I haven't encountered it yet, but I seldom rip into Word files with anything but Word. I'm curious, if this might not be used for a (future?) "restore to previously saved version" type thing... but again, why just on "Fast Save"?! Hmmmm.... I'd like to hear MS explain/correct this one (making a note to call tomorrow!). Bullwinkle sez: "Watch this Rocky! Now I'll use CPS Tools to do a Word file recover operation and see which variation of the file it prefers... " I suspect I know... :-< Pete Ferris, N5KBD pferris%mohawk.uucp@drd.com P.S.: To other readers: I stand corrected here... also: FYI: I use a Mac so not all Windows stuff is applicable here... [Another response from Pete, to Norloff, is omitted here. PGN]
>Word summary info area for each document that cannot be turned off. I was using On Location (an excellent Mac utility which builds indices and enables you to find every document on your hard disk containing a given text string) to look for a letter to "Richard Jones" I had written 2 years ago. OL found such a document — a WriteNow template letterhead I employ — but when I opened this document the contents appeared to be a later letter to someone else. On a hunch I tried the WriteNow "Revert to Saved" menu command, and the original letter to Richard Jones appeared. Whether this could be a security hole if I sent the later letter by file transfer or over a net to someone else who also had WriteNow, I can't say. Maybe I had only printed the later letter and not Saved it; maybe I typed it in and did a "Save As", leaving the Jones letter still hidden in the template's hidden backup area. --AES siegman@sierra.stanford.edu
I believe I can explain the reported 6-month auto. purge on check stops, in a way which precludes the obvious risk in the usual check-stop case, although not in the actual case reported by Christopher Klaus. There is a U.S. federal banking regulation which says that a check dated more than 6 months ago is deemed "stale," relieving the maker of the check of obligation to honor it. (The banks don't however themselves generally monitor the currency of this date, any more than they generally verify that the signature is valid. Instead, they generally accept the check only with recourse to the payee, and subject to collection from the maker; and they send the maker, their account holder, a periodic checking account statement saying that he has 10 days [or whatever] to protest, after which he is deemed to have accepted the checks for payment. Thus the banks mostly leave it to you to know and claim your rights, while making very sure that they don't get caught in the middle. Thus the only time the bank will actually fully vet a check is when they're cashing it without recourse back to the payee.) Anyway, the 6-month-stale rule was presumably established in pre-current-computer-technology days, to bound the records and balances which must be maintained for outstanding checks, by the maker for all such checks, by the maker and the bank for stopped checks. In conjunction with this rule, a 6-month check stop works fine for checks which have been made and dated and issued and then stopped for some reason. In contrast, a check stop doesn't hold up beyond 6 months for blank checks which have been lost or stolen. However, you've got the right to simply refuse a forged check on your account, per the discussion above, so technically you're still protected; but the bank may make you sweat to exercise that right. In this case, I believe the only response that's secure against even attempted forgery is to close the account, which is what most banks would push for here. Paul Gloger <Paul_Gloger.es_xfc@xerox.com>
Regarding Mich Kabay's article that reports the welfare benefits fraud case in the UK and then goes on to make some interesting speculations regarding the larger issues raised... If it is indeed true that we can take approximate measurements of multiple body characteristics and combine them to get a reliable indicator of identify (passes the common sense test; has any authority written on this subject?), then why not measure attributes of the face? >From what I have read of genetics and inheritance, and of course from my own observations, the human face is highly variable. We can speculate why random variation and natural selection has given our species this characteristic (reliably bonding parents and children?), but given that it is there, we can also take advantage of it. For example, we already measure head size (for hats) and inter-eye distance (for glasses). Other advantages are that it is noninvasive, fairly permanent, always at hand, difficult to forge, and well-established as an acceptable, nontechnical means of identification. Some difficulties would be separating identical twins (and someday, perhaps, clones), and accounting for the effects of injury, disease, and aging. As a footnote, I read recently that people whose faces are considered beautiful have facial measurements that are close to the average. Measuring faces could be fairly compute-intensive. If so, in the future, Helen of Troy could be the face that launched a thousand chips. (Gotcha!) Paul Green, Sr. Technical Consultant, Stratus Computer, Inc., Marlboro, MA 01752 (508) 460-2557 Paul_Green@vos.stratus.com; PaulGreen@aol.com
> Actually, my home state of Indiana did try to legislate that the value of pi > should be 3. Here is some information from the alt.folklore.urban archives > from an article written by Mark Bader (msb@sq.com) There are three important corrections to be made here. First, the act did not assign pi the value 3; this is quite clear if you actually read my article. Taking the term "pi" to mean the ratio of circumference to diameter, the bill assigned the reciprocal of this ratio the value (5/4)/4, or in other words, pi = 3.2. Second, my name is not Bader. Third, "try to legislate ... the value of pi" is not really accurate. A closer description of the legislation was that it attempted to *recognize* a better value for pi. However, because of the wording used, if passed it would, as a side-effect, have assigned that value. The intent is fairly clear from the description in... > (Further information can be found in "Mathematical Cranks", Underwood > Dudley, The Mathematical Association of America, Washington D.C.). Two additional references are: * Edington, Will E.: "House Bill No. 246, Indiana State Legislature, 1897", Proceedings of the Indiana Academy of Science (PIAS), 1935. * Singmaster, David: "The Legal Values of Pi", Mathematical Intelligencer, vol. 7 (1985) #2, p.69-72. As to the Kings-1 and Chronicles-2 items, one need only murmur the phrase "to one significant digit". [Incidentally several folks noted that the structure need not be circular to satisfy the stated conditions; an oval would do just fine. PGN] Mark Brader, msb@sq.com "But I want credit for all the words SoftQuad Inc., Toronto I spelled *right*!" — BEETLE BAILEY
(900#s in cyberspace) I. Overview During the final hours before the Senate telecommunications bill (S.1822) was marked-up by the Senate Commerce Committee, a provision was added which would expand the current FCC regulation on obscene and indecent audiotext (900 number) services to virtually all electronic information services, including commercial online service providers, the Internet, and BBS operators. This proposal, introduced by Senator Exon, would require all information service providers and all other electronic communication service providers, to take steps to assure that minors do not have access to obscene or indecent material through the services offered by the service provider. Placing the onus, and criminal liability, on the carrier, as opposed to the originator of the content, threatens to limit the free flow of all kinds of information in the online world. If carriers are operating under the threat of criminal liability for all of the content on their services, they will be forced to pre-screen all messages and limit both the privacy and free expression of the users of these services. Senator Exon's amendment raises fundamental questions about the locus on liability for harm done from content in new digital communications media. These questions must be discussed in a way that assures the free flow of information and holds content originators responsible for their actions. II. Summary of Exon Amendment The Exon amendment which is now part of S.1822, expands section of the Communications Act to cover anyone who "makes, transmits, or otherwise makes available" obscene or indecent communication. It makes no distinction between those entities which transmit the communications from those which create, process, or use the communication. This section of the Communications Act was originally intended to criminalize harassment accomplished over interstate telephone lines, and to require telephone companies that offer indecent 900 number services to prevent minors from having access to such services. The 900 number portions are known as the Helms Amendments, having been championed by Senator Jesse Helms. These sections have been the subject of extension constitutional litigation. If enacted into law, these amendments would require that anyone who "makes, transmits, or otherwise makes available" indecent communication take prescribed steps to assure that minors are prevented from having access to these communications. In the case of 900 numbers, acceptable procedures include written verification of a subscriber's age, payment by credit card, or use of a scrambling device given to the subscriber after having verified his or her age. Failure to do so would result in up to a $100,000 fine or up to two years imprisonment. III. Carrier Liability and Threats to the Free Flow of Information These provisions raise serious First Amendment concerns. (Note that we use the term 'carrier' here to refer to a wide range of information and communication service providers. This does not suggest that these entities are, or should be, common carriers in the traditional sense of the term.) Overbroad carrier liability forces carriers to stifle the free flow of information on their systems and to act as private censors If carriers are responsible for the content of all information and communication on their systems, then they will be forced to attempt to screen all content before it is allowed to enter the system. In many cases, this would be simply impossible. But even where it is possible, such pre-screening can severely limit the diversity and free flow of information in the online world. To be sure, some system operators will want to offer services that pre-screen content. However, if all systems were forced to do so, the usefulness of digital media as communication and information dissemination systems would be drastically limited. Where possible, we must avoid legal structures which force those who merely carry messages to screen their content. Carriers are often legally prohibited from screening messages In fact, under the Electronic Communications Privacy Act of 1986, electronic communication service providers are generally prohibited from examining the contents of messages or information carrier from one subscriber to another. Extension of the 900 number rules to all electronic information services may be unconstitutional The regulation of indecent 900 number programming was only accomplished after nearly a decade of constitutional litigation, with rules being overturned by the Supreme Court. The regulations were finally found constitutional only after being substantially narrowed to meet First Amendment scrutiny. Since the access methods offered by online service providers are significantly different than simple telephone access to 900 services, we doubt that the same constitutional justifications would support the newly expanded rules. This issue requires considerable study and analysis. Content creators, or those who represent the content as their own, should be responsible for liability arising out of the content In sum, it should be content originators, not carriers, who are responsible for their content. Any other approach will stifle the free flow of information in the new digital media. IV. Next Steps Having only just received the language offered by Senator Exon, EFF still needs to do further analysis, and consult with others in the online community. We also hope to speak with Senator Exon's staff to understand their intent. Another important hearing will be held on S.1822 in mid-September by the Senate Judiciary Committee. By that time, we hope to have this issue resolved. While we agree that these carrier liability problems are in need of Congressional consideration, we do not believe that the time is ripe to act. Before any action is taken, hearings must be held and careful evaluation of all the issues, not just indecency, must be undertaken. Daniel J. Weitzner, Deputy Policy Director, Electronic Frontier Foundation, 1001 G St. NW Suite 950 East, Washington, DC 20001 +1 202-347-5400(v)
Please report problems with the web pages to the maintainer