The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 17 Issue 73

Weds 14 February 1996


o Wildcard inconsistencies in Windows 95
Lawrence D'Oliveiro
o Lack of Common Sense is Biggest Risk Of All
B. Gunderson
o More Web risks
David Gadbois
o Possible future risk of virtual reality
Martin Cohen
o Risks of your system clock being off?
J. Eric Townsend
o Time signals from TV stations
Clay Jackson
o Turn of the century
Lars-Henrik Eriksson
o Reverting to default PINs
Rebecca Walpole
o Medical Prescription Dispensing Robot
Sudhakaran Ram
o Spelling Checkers...(more)
Sudhakaran Ram
o RISKS of efficient netiquette enforcement?
Tim Kolar
o Re: The measurement of risk
Michael J Zehr
Clark Savage Turner
o Re: Homebanking NonSecurity demo
Sebastian Garbe
o IMC Resolving E-mail Security Complexity workshop
Dave Crocker
o Reliability Symposium
T Totev
o Call for Papers -- Journal of Technology Law & Policy
o Info on RISKS (comp.risks)

Wildcard inconsistencies in Windows 95

"Lawrence D'Oliveiro" <>
Wed, 14 Feb 1996 09:39:05 +1300

I just read something disturbing in PC Magazine, which I have verified is true. In Windows 95, the "?" wildcard is treated inconsistently in file specifications: sometimes it means "exactly one character", and other times it means "at most one character".

Suppose you have a directory with two files in it, one named XX and one named XXX. The command "DIR XX?" will only show the second file, but "DEL XX?" will delete both files!

One dependable rule in every computer system I have ever used prior to this, is that a wildcard specification will always expand to the same set of filenames, regardless of what command you use it in. Wind95 not only breaks this rule, it breaks it in the worst way: the "delete" command, given the same wildcard specification, will delete a larger set of files than the less harmful "directory" command will display! This means you can no longer use the technique of checking a wildcard specification with DIR to make sure it will only affect the right files, before letting it loose with DEL.

Lawrence D'Oliveiro, Computer Services Dept, University of Waikato
Hamilton, New Zealand +64-7-856-2889

Lack of Common Sense is Biggest Risk Of All

B Gunderson <>
Thu, 8 Feb 96 15:18:01 PST

Excerpted from a front page article of Feb. 5th, 1996 issue of Federal Computer Week titled "Budget cuts, culture hurt NASA systems", article written by Elizabeth Sikorovsky:

Hackers have already attached password sniffers to NASA systems and used the space agency's computers to store and exchange stolen data and software. And there are fears that satellites could be "hijacked" by hackers armed with nothing more than a PC and a ham radio.

This is not science fiction, NASA security inspectors insist. No attacks on satellites have been detected, but "the only reason it hasn't happened is because hackers haven't thought about it yet," said [name deleted by the person submitting this to the RISKS forum, out of kindness], a communications security specialist at NASA.

Amazing. I wonder how many people are out there, right now, trying to be the first to drive a NASA satellite from home. The biggest RISK will always be people. Unless of course, the folks at NASA just wanted to encourage some independent 'assessments' of their satellite comms' security posture.

B. Gunderson

More Web risks

David Gadbois <>
Thu, 8 Feb 1996 20:33:52 -0600 (CST)

One Web-related risk that many folks seem oblivious to is the amount of information that a Web server can receive when they retrieve a document: The client host name, the referring URL, and personal identifying information (if the client is running a finger or ident server.)

Furthermore, the Alta Vista server includes the search keywords in the URL corresponding to the search results: I was initially alarmed when I saw a referring URL on my server that had the keywords "explicit," "sex," and "images." It turned out that the Alta Vista webcrawler had indexed a technical report that just happened to contain those three words.

--David Gadbois
[Perhaps RISKS will now be on the censored list?]

Possible future risk of virtual reality

Martin Cohen <>
Wed, 14 Feb 96 17:10:50 PST

I was recently watching my 11-year-old son play a computer racing game. His car was invulnerable, and he crashed into other cars at every opportunity. It occurred to me that enhancements of this might lead to this future risk:

A 15 year old is an expert player of a VR racing game (this is set about 5 years from now) that almost completely simulates reality - steering wheel, pedals, eyes and ears with VR input, and more. In the game, you do better by crashing into cars that cut you off.

At sixteen, our hero gets a driver's license. On the road, another driver cuts him off. Using his finely tuned, VR trained reflexes, he immediately crashes into the other car.

Is this risk plausible?

What other risks might there be from using reflexes developed in VR games in real-life situations?

Risks of your system clock being off?

J. Eric Townsend <>
Sat, 10 Feb 1996 22:29:57 -0800

[How many of us don't care what time our non-networked micro is set to? How many of us might care now? --jet]

SYRACUSE, N.Y. (AP) -- A convicted felon was charged with possession of pornography after he asked a repairman to delete pornographic images of young boys from his computer, officials said.
[... blah blah, claimed some kids had been at his house using the computer, said he wasn't there... children said they were 'looking at things they shouldn't have... blah blah ]
Instead the repairman took a computer disc containing the images to police, who turned it over to the FBI, Riker said.

The dates on the files did not match Moore's story, Riker said.

Moore was sentenced to five years' probation May 15, 1995, after he was convicted of first-degree sexual abuse in Onondaga County Court.

Time signals from TV stations

Clay Jackson <>
Fri, 09 Feb 1996 22:47:04 -0800

Here's an interesting twist - we purchased a new VCR recently, it has a "feature" that will receive time signals "over the air". The signals are mostly broadcast on PBS channels.

The other night, we set the VCR up to record a program, as normal, and just happened to be near the VCR at the time it should have come on - it didn't. We recorded the program manually, and then went troubleshooting. It turns out that the date/time in the VCR had been set by a signal from KCTS (Channel 9, here in Seattle) which had the correct TIME, but was off by a full day! When I called Channel 9, it took them 2 days to get back to me, and the person who returned the call said "Thanks for letting us know - we have no real monitors on that system, and it took a 'power hit' a few days ago".

I'm glad I wasn't trying to do anything more serious with that time signal...

Clay Jackson

Turn of the century

Lars-Henrik Eriksson <>
Tue, 13 Feb 1996 23:10:12 +0100

Yesterday my wife noticed the first tangible evidence of software problems caused by two-digit year fields rolling over from 99 to 00, that I have seen here in Sweden. A note was stuck on a credit-card parking meter in my town, with the text: "Due to a software error this machine does not accept XX cards with an expiration date after 1999". I happen to have an XX card which was issued only two months or so ago. I took a quick look to see that it expires in November 1999. The first cards expiring in January 2000 must just have been issued...

Lars-Henrik Eriksson Logikkonsult NP AB, Swedenborgsgatan 2, S-118 48
STOCKHOLM, SWEDEN +46 8 615 68 69 Fax: +46 8 641 19 06

Reverting to default PINs

Fri, 09 Feb 96 17:17:25 PST

My university uses phone registration with a PIN that depending on your department and status is either assigned to you or is your birthdate. Students can also access and change certain personal information online using the same PIN. This Access program allows you to change your PIN as well, so I did, since I was one of those with a birthdate PIN.

Unfortunately, these PINs are reset automatically and without notification! I was unable to log in until, in desperation, I tried the old birthdate PIN. Being a swamped graduate student, I let this happen 3 times before I found someone to complain to. Here's the response I received:

> I was not aware that we were changing PINs back to dates, but it does
>not surprise me. The University is in the process of bringing up a new
>version of Telephone Registration that will use a separate PIN for
>advising functions, (Unfortunately, it will not be coming up as soon as we
>would have liked.) At that time the Access PIN we use now will not be
>continually reset. Until then however, I guess we have to put up with it.

Besides the obvious risk of a malicious person dropping me from all my classes, giving me late registration fees, or changing my address, I can now worry about the risks of non-risk-sensitive people in high places.

Medical Prescription Dispensing Robot

Sudhakaran Ram - 7035 <>
Fri, 9 Feb 96 15:18:06 PST

Few days ago there was a report on CNN that a Hospital in Atlanta has switched to a Robot system to dispense inhouse medications for the Hospital patients. Patient prescriptions will be read from barcodes. How many times have heard about patients being wrongly tagged. Risks are obvious, the human factor involved (tagging wrongly) and a robot blindly dispensing what it sees.

Spelling Checkers...(more)

Sudhakaran Ram - 7035 <>
Fri, 9 Feb 96 15:12:56 PST

Here is another item on spelling checkers. I had misspelled the word "Contributed" as "Contibuted" in a FrameMaker document. The following were the alternatives that it gave: Countability, Conduplicate, Conductible, Contiguity, Contiguities, Conjugated, Contested, etc. "Contributed" was never listed. This from a popular word processing software.

[You've contibplated another spelling checker? PGN]

RISKS of efficient netiquette enforcement? (Garfinkel, RISKS-17.72)

Tim Kolar <>
Tue, 13 Feb 96 23:28:16 PST

In a recent RISKS article, recounted the tale of a friend who had accidentally left a program running that looked like it was attacking LANL over the network. He told of LANLs rather aggressive response, threating to sue both his friend and his friend's ISP, and (apparently having received no response) ended up getting the ISP to shut down the account. His last paragraph:

>This is really scary --- the thought that some government official can call
>up your ISP and, through a combination of threats and legal citations, have
>somebody's internet feed immediately terminated. What about due process of
>law? What about innocent until proven guilty? What about having to go
>through the mere formality of obtaining a court injunction before having
>action such as this taken?

I read this with some amusement, reflecting that calling up a suspected hacker's ISP (usually a university) has *always* been the fastest and easiest way to deal with a threat. Shutting down an account until you could figure out what was going on was SOP.

Back in college I had my student account (mistakenly) shut down this way once, and later as an system administrator I was involved in a number of cases that started with a concerned phone call from a remote sysadmin. When people of talk of the internet being a cooperative effort, this implicit responsibility taken by ISPs is the first thing that springs to my mind.

But there's an important wrinkle now -- to my knowledge no student has ever sued a university over having a computer account shut down by accident (though I did get a homework extension when it happened to me). A lawsuit against a commercial ISP is almost a certainty.

Obviously LANL knows this and went completely over the top in order to secure the ISPs' cooperation. In the process what used to be a respectful exchange between sysadmins has been turned into a legal feeding frenzy.

Was LANL wrong to do this? I don't know. Commercial ISPs have been increasingly strident in refusing to take responsibility for their users, and may need prodding. On the other hand, LANL could simply have stopped accepting all traffic from that ISP and called it a day. It would be interesting to know their reasoning.

The only RISKs in this situation are ones we already know about. Lawsuits follow money, and money has found the internet. Who can sue who, and for how much, is still being worked out.


Re: The measurement of risk (Minow and Walking-Owl, RISKS-17.72)

Wed, 14 Feb 96 20:08:27 -0500

The "Us vs. Them" and the business of groups weighing the economic costs of risks leads to the issue of not only how do people evaluate risks, but how to groups evaluate risks.

Individuals have inherently different means of valuing things than groups do, and this is only sound economic principles at work. For example, most individuals will expend virtually all their assets in order to maintain their health and prolong their life. (They tend to do this more at the later stages than the earlier ones, based on the future vs. immediate risks, as has been mentioned here.) Yet while this makes fine sense for an individual, it would be ludicrous to suggest that 100% of the world's GDP should be spent on medicine and hospitals.

The community as a whole has to allocate both benefits and risks to the individuals around, but allocating a risk or benefit isn't the same as evaluating the worth of the individuals involved.

As previously noted, people downplay risks they understand, such as the risk of being in a car accident. Likewise they downplay the reduction in such risks. Having mobile phones means that the average response time to many emergencies (car accidents, crimes, fires, etc) can be reduced thanks to a person having a phone in their hand as the emergency occurs. (Of course this goes along with the added risk of a drive on a mobil phone *causing* an accident!)

I don't want to be the one in a million that catches cancer, but neither do I want to be the one in a million that needs emergency help when the phone lines are down but a mobile phone would still be functioning....

-michael j zehr

Re: The measurement of risk (Shaw, RISKS-17.71)

Clark Savage Turner WA3JPG <turner@safety.ICS.UCI.EDU>
Wed, 14 Feb 1996 16:42:03 -0800

Dave Shaw's comments are well taken, and the ideas have been around for some time.

A particularly interesting formulation of the main ideas is expressed by Martin and Schinzinger in their book, "Ethics in Engineering" (McGraw-Hill 1989). They view engineering as a form of social experimentation.
Engineers do not have complete knowledge of the world and all its natural and social laws, but go ahead with projects due to the perceived benefits. Viewing engineering as an experiment on a societal scale puts the focus where it "should be" - on the human beings affected by technology.

In an analogy with medical experimentation, the authors note that society has recently come to recognize the primacy of the subject's safety and freedom of choice as to whether to participate. Informed consent is considered an important moral and legal safeguard in this respect. Informed consent is seen as having two elements: (1) subjects must be given all the information needed to make a reasonable decision, and (2) subjects must enter into the experiment without being subjected to force, fraud, or deception.

What is "sometimes overlooked" is "the common enough human readiness to accept risks voluntarily undertaken (as in daring sports), even while objecting to involuntary risks resulting from activities in which the individual is neither a direct participant nor a decision maker. In other words, we all prefer to be the subjects of our own experiments rather than those of somebody else." (page 69)

Clark Savage Turner, Esq., Grad Student in computer science at UC, Irvine.

Re: Homebanking NonSecurity demo (Brunnstein, RISKS-17.66)

Sebastian Garbe <garbe@wallace.khm.uni-koeln.DE>
Fri, 2 Feb 1996 21:03:09 +0100 (MET)

Is the German Homebanking unsecure?

In his article Klaus Brunnstein "proved" that Homebanking in Germany is unsecure. But this is not true in practice! I had the possibility to correct this in an television interview this Monday in the same TV Magazine in which Mr. Brunnstein gave his "proof" of NonSecurity last week. Indeed theoretically there are some possible attacks concerning PARTS of the whole security system. But a whole system is secure for the customer and the bank if the sum of all necessary criminal acts that are necessary to break the system do not destroy the interest of potential criminal hackers. Our Homebanking-System is really very secure as the statistics show: Over 15 Years, with now over 1.5 million accounts, there was not even one successful attack!!!!

Why isn't there any encryption?

Most of our customers use simple terminals so called "BTX-Decoder". These terminals do not support any encryption or signature and do not have any intelligence. A lot of the customers even use hardware-terminals (special telephones or TV-set-top-boxes) which don't have any possibility to be updated. We feel, that we don't have the right to exclude all these people from our homebanking, especially as there never has been any fraud.

Will there be any improvements in the future?

Yes there will! For some time we are already working on an new Homebanking-Standard called "Homebanking Computer Interface (HBCI)" which will provide a whole bunch of new features, digital signature and encryption. It will only be usable for PC users (not for users of dump BTX-terminals), but for those it will really be a fantastic improvement (especially it is supported be all German banks, so you will be able to use the homebanking-software of your choice with all German banks).

Sebastian Garbe, Association of German Banks
Kuempchenshof 13, D-50670 Koeln (Germany) Tel. (priv): ++49-221/1300 189

IMC Resolving E-mail Security Complexity workshop

Dave Crocker <>
Fri, 9 Feb 1996 10:53:58 -0800

For those who have not already seen this announcement:

Resolving E-mail Security Complexity Workshop

21 February 1996 * 8:30 AM - 5:00 PM
San Jose (CA) Hilton & Towers * San Carlos Room (next to Convention Center)

Pre-registration & payment: $50 * After February 16: $75 (cash, check, wire transfer, money order, or First Virtual)

Security is critical for moving the Internet further into the mass- and commercial-market. There are multiple choices for e-mail-based security over the Internet, but they do not interoperate with each other. MOSS, PGP, and S/MIME each has supporters and detractors. In general, the constituencies are not communicating with each other, instead pursuing their development and deployment independently, promising us all a future filled with considerable complexity and non- interoperability. We suffer an excess of riches.


The Internet Mail Consortium (IMC) is organizing a one-day workshop to consider the problem of multiple MIME-based security mechanisms. This is a complicated topic with a long and painful history, but the previous pain is insignificant compared to what is in store for vendors and, worse still, for users.

This is an open working meeting intended for e-mail security principal contributors and others involved in this area. It will include key contributors and solicit additional attendance by vendors, providers, users, and technologists who are knowledgeable about e-mail security and concerned with its lack of coherence.

The workshop is not a tutorial. Attendees are assumed to be familiar with the basics of the three major e-mail security alternatives. IMC is providing a pre-workshop discussion list and printed materials at the workshop.

The attendance goal is to have a critical mass of those with the technical expertise and industry involvement to review and debate the requirements, capabilities, and possibilities. The work goal is to seek common ground for a common solution.

While we are not overly hopeful that the end of the day will see peace and resolve among the masses, we do hope for improved understanding and some convergence. With luck, there will even be clarification of the constituencies -- that is, a strengthening of the political base for some of the alternatives.

This Workshop is scheduled on the last day of E-Mail World in San Jose, California and the day before a two- day ISOC Security conference in San Diego, California.


The meeting will be structured with a tight agenda, having a very focused sequence of work; it is definitely not for general education. Some amount of review is appropriate, but not much. The following agenda is tentative and will be reviewed and modified on the pre-workshop discussion list.


Afternoon Those who have worked on this topic in the IETF are quite tired of the whole situation, but the unfortunate reality is that the current product and user choices are quite problematic. We need to continue seeking a viable service.


The following Web page is provided for pre-meeting registration.

Registration: <>

For participating in on-line discussion before and after the meeting:

Discussion: <>

For information about the Internet Mail Consortium, see> or <>.

Dave Crocker +1 408 246 8253
Brandenburg Consulting fax: +1 408 249 6205
675 Spruce Dr.
Sunnyvale CA 94086 USA

Internet Mail Consortium,

Reliability Symposium

T Totev <>
5 Feb 1996 14:18:24 GMT

Tuesday 16th and Wednesday 17th April 1996
Holly Royde Conference Centre
University of Manchester, UK

Organised by:

Institution of Mechanical Engineers
Safety and Reliability Society
Universities of Manchester, Loughborough, Bradford,Liverpool and UMIST

A biennial event which provides an international forum for discussing current research and demonstrating recent advances, in the development and management of reliability engineering. To maximise academic participation, attendance costs have been kept as low as practicable. Also of interest to reliability consultants and practitioners.

Please contact:

12th ARTS, (M.J.Harris)
Division of Mechanical Engineering,
The School of Engineering,
The Simon Building, The University of Manchester, Oxford Road,
Manchester M13 9PL, UK
Tel. +44 161 275 4501; Fax +44 161 275 4346

Call for Papers -- Journal of Technology Law & Policy

Tue, 13 Feb 1996 19:21:56 -0500 (EST)

Journal of Technology Law & Policy, University of Florida, College of Law CALL FOR PAPERS: Spring 1996 issue

The Journal of Technology Law & Policy is devoted to exploring the legal and policy issues raised by emerging technology. We invite contributions of original works for our Spring, 1996 issue. Student contributions are encouraged.

To promote access to the Journal, the Journal will be published on the World Wide Web. Submissions to the Journal are encouraged to take full advantage of this medium. Relevant graphics, sound, and video may be utilized.

There are no length limitations for submissions. Submissions must include a copy in electronic form. All citations should be in Bluebook and endnote form. Please include the URL of any cited information available online.

Please direct all questions, and submissions to
Fax number: (352)-377-7655

Mailing Address: Journal of Technology Law & Policy, University of Florida College of Law, P.O. 117640, Gainesville, FL 32611-7640

Please report problems with the web pages to the maintainer