Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
``It's not clear whether Morris Feline Stuart is a Democat, a Fat Cat or a Republicat — or even a fan of Ross Purr-O — but Morris is now a registered voter in Cuyahoga County.'' Normalee Stuart of Shaker Heights, Ohio, says that she registered her cat to prove there are few, if any, safeguards against voter fraud in the county. She got the idea when a a neighbor had told her of receiving a voter registration card addressed to a woman who had been dead for 12 years. Ohio law does not require people — or cats — to identify themselves when registering to vote. In fact, state law doesn't require identification from people when voting and allows mail-in registration. [Excerpted from a UPI item in the (Cleveland) *Plain Dealer*, as noted (without date) by Henry Cat(e). Soon cats and dogs will be able to vote by E-mail. On the Internet, no one knows whether it's reigning cats or dogs. Normalee, anyway. PGN]
Worker cleared of deleting planning files By James Burrus, Camera Staff Writer Boulder Daily Camera Thursday, November 10, 1994 A former Boulder County Planning Department employee was cleared Tuesday of charges that she deleted an unknown number of files from county computers. Charges against Vina Windes were dropped for "insufficient evidence" and because "information indicates no crime may have been committed," according to a motion filed Tuesday by the county's district attorney. Windes, 53, has worked as a secretary in the current planning division of the county Planning Department for five years. Graham Billingsley, Boulder County land use director, said charges were dropped after his department and Windes worked out a deal Monday in which "she would tell us what she did so we can put together the missing information. So far she hasn't done that so we don't know" what happened. But Windes said the files were never erased to begin with. "They just didn't know where anything was" in the computer system, Windes said. "All I did was leave. No one else did what I did, so they didn't know where to find anything on the computer when I was gone." Windes gave two weeks' notice of her resignation on Sept. 8 and started a new secretarial job Oct. 3. She was taken away from her new job in handcuffs Oct. 7 by Boulder County sheriff's officers and charged with computer crime, a felony, and abuse of public records. "The whole thing got blown out of proportion because of a lack of communication," Billingsley said. "Lack of communication?" Windes said. "There was no communication. All they had to do was call me and ask. Instead, they sent a sheriff's investigator to arrest me." Vinc Duran vincd@ile.com or vduran@nyx10.cs.du.edu
Imagine how often your network could go down with this new service: "Netsafe(tm) makes the Internet safe for K-12 schools. Netsafe keeps information away from minds that are not ready for it." Netsafe consists of a black box that monitors school traffic to the Internet and when an attempt to access a host with undesirable information is made (you select what categories to censor, they maintain the list of hosts), it shuts down all Internet access for 15 minutes and sends an email or beeper message to the local administration. Netsafe costs $20,000 the first year, $10,000 in successive years! They manage Netsafe over the Internet itself. Excerpts from product announcement by Russell Nelson, nelson@crynwr.com
The Canadian newspaper, _The Globe and Mail_, reports today (94.11.14) on a
disastrous attempt to tally votes by phone:
Alberta phone voting crashes: Liberal fiasco casts doubt
on future of high-tech balloting in Canada.
By Scott Feschuk, Alberta Bureau.
Calgary — Alberta Liberal officials will be trying this
morning to determine how the party's weekend leadership
convention degenerated into what they concede was an
outright debacle.
Edmonton MLA [Member of the Legislative Assembly] Grant
Mitchell, 43, was selected to head the opposition party,
but his second-ballot victory was all but overlooked as
the telephone voting system crashed, and many members
were unable to vote or their votes were not recorded.
The author continues with the following key points of interest to RISKS and
NCSA FORUM readers:
o Rural Albertans "found it all but impossible" to vote by phone
during most of the first ballot.
o The Maritime Telegraph and Telephone Co. claimed that "the system
could handle more than 500 calls a minute" but the system crashed when a
mere 11,000 people tried to vote in the 5.5 hours allotted.
o The voting was stopped for 40 minutes in the middle of the process.
o Distribution of the personal identification numbers (PIN) required to
vote was incomplete, prompting complaints from disenfranchised voters.
o Some users were informed by the computer system that their PIN had
already been used to vote.
o Some users reported that it took them over an hour to complete one
vote.
o Many users were informed that their vote had _not_ been counted even
though later analysis suggested it had.
o The sequence of touch-tone buttons required to vote on the second
ballot was _different_ from the sequence used during the first ballot,
resulting in confusion by an "unknown number of participants" whose votes
were therefore lost.
o Liberal Party officials are now "reluctant to pay Maritime tel's
C$100,000 fee [~U$72,000]."
o There were discrepancies in the numbers of people counted in the
votes; at one point, the chief electoral officer reported "that more than
12,500 people had voted in the first ballot...." but he later reported just
over 11,000 votes. However, "...[a]bout 19,000 people paid C$10 to
participate." Calgary MLA Frank Bruseker commented, "You really have to
wonder what happened to those other 8,000 people.... Did they not vote, or
did their votes get lost, or did they try to vote and just get too
frustrated?"
o The problematic balloting has discredited the Liberals' claim to be
an efficient alternative to the current government.
o Bad feeling has worsened between the rivals for the leadership as a
result of claims of unfairness due to the technological breakdown.
o Maritime Tel's system will next "be used again this weekend in
Saskatchewan, where provincial Conservatives will select a new leader."
M.E.Kabay,Ph.D./DirEd/Natl Computer Security Assn (HQ: Carlisle, PA)
Subject: Rob Slade's review of Robert Slade's (no relation :-) book [Rob Slade is one of our most prolific reviewers. Here we give him a change to review Robert Slade's book. PGN] BKCVP.RVW Please note that the following is a completely fair and unbiased review. I strive at all times to be even-handed in my reviewing. My vested interest in this work in no way can be said to influence my judgement. I mean, to say that just because I spent *THREE SOLID YEARS* writing it means I might have a biased opinion about it is a prejudiced opinion on your part, isn't it? :-) %A Robert M. Slade %C 175 Fifth Avenue, New York, NY 10010 %D 1994 %G 0-387-94311-0 or 3-540-94311-0 in Europe %I Springer-Verlag %O U$29.95 800-SPRINGER, fax 201-348-4505 %O in Europe email ertel@springer.de, UK viv@svl.co.uk %O (and the title was *NOT MY IDEA!*) %P 480 %T "Robert Slade's Guide to Computer Viruses" This is the most FANTASTIC virus book EVER WRITTEN! This is the most FANTASTIC virus book that EVER WILL BE WRITTEN!! The day this book was released the ENTIRE VIRUS WRITING COMMUNITY committed suicide from depression over the fact that no one would EVER BE HURT BY A VIRUS AGAIN! Book stores are advised to have LARGE STOCKS of the book on hand, prominently displayed, and probably to hire extra staff for the crush of buyers. Grown men have been known to pull their own liver out when told that they could not buy the book! (And that was before it was PUBLISHED!) When we sent the books to reviewers, they typically danced in the streets for joy for several days. However, we reprint here some of the less effusive comments: "Mr. Slade's lists are more interesting than the NYC phone book." - Dr. Fred Cohen "Obviously some johnny-come-lately upstart." - Harold Joseph Highland "Is this guy some kind of comedian?" - William Murray "i think its cute and i like the title but i have a few questions ..." - sara gordon "Wonderful! It certainly cured *my* insomnia!" - Dorothy Denning "A mantlepiece!" - Terry Jones "I only have a hundred new samples that came in this week, and then I'll read it. Promise." - Fridrik Skulason "Should have had more sample code." - Ralph Burger "" - John McAfee (forwarded by Aryeh Goretsky) "Vrooooom, vrooooom!" - Padgett Peterson "Too long." - Ross Greenberg "Still doesn't reliably detect MtE." - Vesselin Bontchev "[A bruised read]" - PGN "Should be powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards — and even then I have my doubts." - Eugene H. Spafford "Where's my baseball bat?" - Edwin Cleton "Is this legal?" - Paul Ferguson "I don't think this is funny." - Brad Templeton "We're the federal government. We don't *do* that." - James Earl Jones "Let me diagram that on a Turing machine for you ..." - Yaron Goland "A great virus book. No, I meant a great *anti*virus book. No, I meant a great *virus* book. No ..." - John Buchanan "Cool." - Ray Kaplan "My title was better than his." - Cliff Stoll "I elisted this book, and I have the password. Therefore I am now the author." - Gene Paris "We probably shouldn't be publicising stuff like this." - J. B. Condat Cecil B. DeMille, Alfred Hitchcock, John Ford, John Houston and Federico Fellini are working on a co-production of the movie version. Casting is not yet complete, but rumours indicate that Tom Hanks will play frisk, Arnold Schwartzenegger will portray Padgett Peterson, and Mark Ludwig will be Stoned. The part of Vesselin Bontchev will be played by a Cray YMP. DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733
Subject: Re: EMI and construction cranes (Summit, RISKS-16.55) While not directly related to computer RISKS, I feel a comment on how the FCC allocates frequencies is apropos here. Back in '91, the parts of the 72Mhz range that formerly were allocated in 40kHz wide ranges for R/C planes were re-allocated. Now, the R/C frequencies are 10Khz wide, 20Khz apart with various other devices allocated the frequencies between. These include pagers and some crane operations, among others. The old, pre-1991 transmitters are still legal to use until sometime around 1998. An older or poorly tuned R/C transmitter can cause short-ranged problems, like spurious pager signals or disruption of crane operations. R/C Tx are very low powered. Their effective range may be as far as 3 miles. The real RISKS are obvious to the public. In the R/C community, cranes are notorious for using very 'messy' and over-powered transmitters. A crane, pager tower, or other source of EMI could cause R/C fliers to lose control. A 10Kg object, hurtling through the air at over 200 KPH and spinning a razor- sharp 15" prop at 18000 RPM can cause a lot of damage or loss of life. Michael P. Hartley loadstone@ins.infonet.net
"Broadcast towers ... and consumer microwave ovens ... are suspected, (of causing interference to the radio controls of a crane.)" Not knowing the Seattle area, but assuming that the "Nearby hill" is probably several thousand feet away, and maybe several miles away, the quoted person's (Donovan) comment shows a very poor understanding of the technology he is working with. It is outraegous that the blame can be placed on a microwave oven. Maybe, if the oven were inside the crane, there would be enough leakage to cause interference, but it is not likely even then. Even a broken oven that would work with the door open, and pointed toward the crane, wouldn't interfere with the crane if it was more than several hundred feet away. We know of course that the "Broadcast Towers" themselves wouldn't affect the crane, but the transmitters using those towers could. The interesting thing is that in most cases of isolated RFI (interference affecting only a particula person or machine), the "Cause" is not the source of the interfering signal, but the receiver being affected. Poorly designed receivers are a major cause of headaches to legally operating radio transmitters. Arthur J. Byrnes (Licensed Radio user Amateur, and Commercial.)
Daniel Smith writes: > a) Each "ring signal" you hear is synchronized with the actual sounding of > the bell... No, it isn't. Our phone has a switch that turns the bell on and off. As we eventually discovered, a hard bump can switch off the bell; and in a household with children and animals, the phone is inevitably bumped hard enough. Furthermore, it's unplugged at times. It's obviously risky to assume that because one hears a ring signal, a phone is actually ringing. ___Pete kaiser@acm.org +33 92.95.62.97
The goals of automated telephone notification are to reduce the postage
costs and to notify people more quickly. For example, alerting you to
overdue books faster so the fines don't get as large.
DRA sells a few of different phone notification systems to libraries.
Ottawa Public Library is one of our customers, but I don't know their
exact setup. However, here is the basic (the specifics may vary depending
on hardware platform) notification method.
1) Dial phone
2) Monitor call progress signals (if we're lucky the library
has a telephone line that returns answer supervision)
3) When telephone line "answered"
speak notification message twice,
otherwise
after a number of failed attempts
send a mailed notice
otherwise
rescheduled call and exit
4) Wait up to 10 seconds for DTMF (touch-tone) key
if DTMF digit "0" pressed
go back to step 3
if other DTMF key pressed
record it in notice response (e.g. "Press 1 to confirm")
otherwise
record no response (rotary dial, answering machine?)
Its not a foolproof system. DTMF talk-off, wrong phone numbers, children
answering the phone can cause the notice to be marked "SENT" (note: I don't
use the word "received.") But it usually gets the job done under a
variety of adverse conditions on low-bid hardware. (Hint, hint, pass
that next tax increase for the library, and maybe they'll be able to
afford a more sophisticated system.)
>Well, I am. I know that it is only two bucks, but the implications that
>arise from misuse or overly trusting such a system are worrisome. What if
>the government started issuing parking tickets or summonses in this manner,
>or banks warning you of surcharges on financial transactions? What if my
>wife answered the phone and the book was "how to handle infidelity in you
>marriage" :) (it wasn't).
Some libraries use postcards to notify people when a copy of "How to
handle infidelity in your marriage" is available. Parking tickets
are presumed valid even if someone rips it off your windshield before
you see it. There are all sorts of risks in all sorts of notification
systems. Nevertheless we accept many risks as normal.
Libraries rarely send notices via certified return receipt requested mail.
The problem of "lost" notifications is something libraries have dealt
with for a long time. The dog ate it. The post office lost it. The
kids hid the overdue notice before the parent gets home. Different
libraries have different policies for handling reports of not receiving
a notice. Generally proof of receipt is not a requirement.
What should be considered a reasonable attempt at notification?
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
Domain: sean@dra.com, Voice: (Work) +1 314-432-1100
A quick description of security for PostScript FAX (as implemented in various laser printers) follows: If the ReceivePostScript FAX parameter is false, the printer will reject any attempt to inject PostScript through the modem. In this case, it will accept only the FAX format. If the PostScriptPassword FAX parameter is not the empty string, then the transmitting printer must supply a password. Receiver challenge and encryption are used. The default values of these parameters are true and the empty string, respectively, so a factory-new printer will accept PostScript without requiring a password. In this case, any attempt to change system or device parameters (such as passwords) from within an incoming FAX job will fail unless the (separate) system password is supplied. Also, attempts to generate outbound FAXes will fail. If no system password has been set (as in a factory new printer), then such attempts fail. I can't find anything in the documentation which gives disk files better protection from a FAX job than from a local job. The reference for all this is "PostScript Language Reference Manual Supplement for Version 2014" by Adobe Systems Incorporated. This is available, as a PostScript file (naturally), from ftp.adobe.com as "pub/adobe/DeveloperSupport/TechNotes/PS.Supp.2014.ps". "2014" here refers to the major revision number of the PostScript interpreter, as reported by the printer on the page that it prints at power-up. Similar files are available for versions 2011, 2012, and 2013. -=- Andrew Klossner (andrew@frip.wv.tek.com)
A similar situation may exist with NEXTSTEP's Mail application. NEXTSTEP uses Display PostScript as it's imaging model. When one selects for display a piece of email that contains an encapsulated PostScript file attachment, the PostScript is sent to the window server and executed. This feature has led several clever hackers to create NeXTmail PostScript "viri". I have seen several of these, all pranks, none malicious. One causes a number of spiders to scurry across the desktop, which must be squashed with a mouse click before allowing you to regain control of your desktop. Another causes all the window objects to drop off the bottom of the desktop one at a time, yet another shakes the entire desktop, giving the impression of an earthquake. Although I have personally not seen any destructive email viri, I can't say that none exist. I'll ask roughly the same question as the original poster. Was the possibility of malicious use of the PostScript language considered when determining standards for intelligent PostScript devices?? Brooks Benson Swiss Bank Corporation International Finance Division brooks_benson@il.us.swissbank.com
In RISKS-16.55, Mike Crawford write about the risks of remote configuration of intelligent devices such as his Postscript printer. One possible solution to this risk is to require a switch to be thrown, button pushed, jumper changed, or some other physical manipulation of the actual device before any critical configuration information can be changed. A physical "lock-out" would provide security when needed, yet still allow the benefits of remote configuration if desired. The company I work for manufactures X terminals, and we have incorporated this type of feature into our terminals. When a special type of keyboard, called a "secure keyboard" is attached to the terminal, the critical portion of the terminal's configuration data (stored in non-volatile memory) can be locked against further changes. The secure keyboard is then removed and replaced with a standard keyboard. Ross Oliver ross@ncd.com
In RISKS-16.55, Mike Crawford pointed out that accepting postscript to a fax machine is really accepting a program to be executed. Postscript is a programming language with operators for renamefile, deletefile, createfile, and some others that are risky in some situations. Moreover, operators can be created from other operators, so it is not even sufficient to scan the postscript stream for the offending sequences before executing them because they can be built from other strings at runtime. Many web viewers such as netscape and mosaic can be configured to invoke external viewers such as ghostscript that are in reality postscript language interpreters. It is therefore possible for someone to click on a URL inside a web viewer, and in so doing have changes made to their local file system that are not apparent to the user, because it caused a postscript file to be brought back and executed. The default mode (safer) for the recent version of ghostscript does not execute these operators, but the risk still exists for other configurations. Postscript is probably also not the worst offender for this - what if your local web viewer on a UNIX machine processes Bourne shell scripts locally by feeding them to /bin/sh, or your DOS viewer executes .bat files by feeding them to command.com? Click here to reformat your disk ... It is clearly possible to write internet software that is dangerous to operate, but the risk can easily be eliminated through proper configuration and coding. Many of us drive automobiles to work every day, recognizing that they possess the capability to inflict serious injury and death if used improperly or if they experience a catastrophic failure. Will the government someday legislate seatbelts for web viewers and fax machines because of the risks to uninformed or careless users? Kevin McCurley Sandia National Laboratories
> Would anyone know whether this has been considered under the postscript FAX
> standard? It seems to me it would be a problem for just regular PS faxes -
> one would just hack it over the phone line from another PS fax machine.
Indeed, this issue was considered at length in the design of PostScript fax.
There are several passwords that control access to both PostScript fax
specifically and to system administrator functions generally (such as
erasing the disk).
The defaults are set up to be relatively permissive. This decision is based
on the reality that many PostScript fax printers will be installed and
operated by unsophisticated users having no system administrator support and
who expect the product to work right out of the box. However, the defaults
are such that system administrator functions can't be executed by a fax job.
This, of course, solves only part of the problem. There is no
protection against a fax job that executes something like:
1000000 {showpage} repeat
More comprehensive facilities for authentication, access control, resource
accounting, etc., await implementation in future versions of PostScript fax
products.
Ed Taft taft@adobe.com
Don't you run the same risk when you print any PS file that you download from the net or receive as email and then send to your printer? Do you examine every PS file for security holes before you print it? PS FAX just gets rid of the middleman. As for changing the printer password, wouldn't they have to know the old password in order to get into the mode that allows it to be changed? [...] What's needed is probably a general concept of trust levels associated with PS document sources. Dangerous commands would only be permitted for documents that came from a trusted source. When printing PS files, the user could indicate the trust level (high trust if they generated the file themselves from an application, low trust if they got it from the net). For automated processing like PS FAX, it could simply default to low trust, or perhaps permit passwords to be included (either in the PS code, or perhaps in the FAX wrapper). In effect, a PS FAX machine needs to be like a computer with a dialin modem: you need to be able to define accounts and give them access privileges. Barry Margolin BBN Internet Services Corp. barmar@near.net
Please report problems with the web pages to the maintainer