Another e-mail scam has appeared, informing you as a would-be victim that you have "only 24 hours to settle your outstanding account" and suggesting that you can call an 809 number to avoid subsequent court action. The call goes to a Caribbean telephone company (apparently in Tortola in the British Virgin Islands) and costs you $3 to $5 (and presumably more if you are dumb enough to hang around for their strategy of putting you on hold with a sequence of creative recorded messages). The FROM: address "Global Communications"@demon.net is BOGUS. This is a cheaper variant on a recent 809-900 pager scam, which costs you $25 if you return the call. [Source: *San Francisco Chronicle*, 3 Oct 1996, A2.]
A new e-mail service offered by New Century Technologies gives customers an e-mail address sporting a prestigious university domain name for $25 a year. The customer, who must have a valid e-mail address somewhere else, then receives mail addressed to user@DukeU.com, or whatever school is chosen. The vanity address closely resembles the real thing, except it ends in .com instead of .edu. The universities aren't happy about the impersonation: "You can't assume people understand that the address isn't affiliated with the university somehow," says Florida State's director of Web development. A member of Georgia Tech's licensing committee is even more adamant: "They can't do that. People can't sell anything over the Internet and use our name without paying us royalties. We will fight this." (*Chronicle of Higher Education Academe Today*, 19 Sep 1996) [This evidently came from Edupage. PGN]
Denise M. Johnson works for Aerotek (under subcontract from EDS) as a PC help-desk troubleshooter for Textron Corp. Textron is accusing her of planting a virus that caused them to lose all computer data for 15 hours beginning at 11 p.m. on 16 Sep 1996 and shutting down their system. She says she is innocent of the charge and attributes the allegation to ``office politics.'' She also noted that Textron's computers had been struggling with computer viruses for months and that the system crashed the same week she was accused of the crime. An investigation is in progress. ``The virus was already in the system,'' she said. [Source: Jonathan Saltzman, Computer Expert Faces Charge of Putting Virus in Textron's System, *Providence (R.I.) Journal-Bulletin*, 1 Oct 1996, page 1, PGN Abstracting]
The American Civil Liberties Union has filed suit in federal district court in Georgia, challenging a new law that makes it illegal for organizations to "fraudulently misrepresent their Web site as that of another organization," says Representative Don Parsons, who sponsored the Georgia bill. The law also prohibits anonymously sending e-mail in some circumstances. Parsons' critic, Rep. Mitchell Kaye, says, "We've chosen to regulate free speech in the same manner that communist China, North Korea, Cuba and Singapore have. Legislators' lack of understanding has turned to fear. It has given Georgia a black eye and sent a message to the world — that we don't understand and are inhospitable to technology." (*Wall Street Journal*, 25 Sep 1996, B1)
Attempting to compromise with critics of its "key escrow" approach to data encryption, the Clinton Administration now plans to begin allowing U.S. computer companies to export software using powerful encryption codes (or "keys") up to 56 bits long. However, the government will require those companies to develop, within two years, a "key recovery" system allowing U.S. law enforcement or anti-terrorist groups armed with a search warrant to get the key from the several third-party companies, each of which would hold one part of the key. IBM and some other large companies are supporting the plan, but other companies are expected to oppose it. The system will be successful only if the Administration can convince other countries to adopt the same kind of system. (*The New York Times*, 1 Oct 1996 C1; Edupage, 1 Oct 1996) [There is a huge amount of netspace devoted to this topic in the past two days. It is likely to generate much discussion, although much of the basic arguments are made in earlier issues. I include the Edupage item to remind us to dig for it. PGN]
Researchers at Bellcore have discovered that applying heat or radiation to a smart card's embedded chip can make it vulnerable to reverse engineering, allowing the data on the chips to be stolen. Michael Smith, director of the Smart Card Forum, discounts the researchers' findings, however. He points out that smart card transactions require security passes by several systems, not just those on the card itself, and that exposing the card to heat or radioactivity would not result in repeatable faults, which would be needed for reverse engineering. "If what Bellcore says is right, that would mean you could bake 10 personal computers, turn them on, run a spreadsheet, and each one would show two plus two equaling five," says Smith. (*Investor's Business Daily*, 1 Oct 1996, A8) [The researchers are Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. Their work is fascinating, and provides another wonderful reminder of how difficult the security problem is. An article by John Markoff in *The New York Times*, 26 Sep 1996, C1, seems more informative. The Smith quotes are evidently inaccurate. Repeatable faults are not required. Baking computers is not required. Stay tuned for the full article, which is due out imminently. PGN]
One more effect of the 10 Aug 1996 west-coast power outage has come to light in a letter from Sloane Citron of Menlo Park, published in the *Palo Alto Weekly*, 18 Sep 1996. When the lights went out, a standby generator kicked in at the Cable Co-op transmitting point (the ``headend''). Batteries kept their phone service working, although their shared answering service was seriously overloaded. Finally, the batteries ran out on their phone switch. When power was restored, the cable system had to be brought back on line, although the knowledge of which customers were affected was not available because the phones were out. Meanwhile, back at the headend, the circuit board that normally scrambles the Playboy Channel was fried — despite surge protection. Sloane Citron's letter on behalf of Cable Co-op apologized to those cable viewers who were offended by having received the Playboy Channel unscrambled. [Also known as raw video. I hope no lawyers tried on a surge suit. PGN]
The *Daily Telegraph* 1 Oct 1996 contains an article entitled: "When Failure is Out of the Question" by Paul Forster Quoting, admittedly *very* selectively, from the article (which is approx. 600 words long): National Air Traffic Services Ltd., part of the Civil Aviation Authority, is close to completing a new (pounds)300 million centre at Swanick . . . "It's all digital and probably the most advanced ATC setup anywhere," says Dr John Barrett, the Swanick project director, almost nonchalantly. "It's so complex I have difficulty in explaining it even to my board," he says. Throughout, safety is paramount. The whole system is made up of networked workstations rather than a central mainframe, so there is no single point of failure. . . The system totals roughly two million lines of software, but like most software it is behind schedule and is still being debugged . . . Operations are not now due to begin until the winter of 1997 . . . "With ATC it's obvious that we simply have to remove all the faults in the code, and we are now working 24 hour a day, seven days a week," says Barrett. "Our over-arching requirement is that the system has to be completely safe." How reassuring! Brian Randell, Dept. of Computing Science, University of Newcastle, Newcastle upon Tyne, NE1 7RU UK +44 191 222 7923 Brian.Randell@newcastle.ac.uk
Simson Garfinkel related the problem he experienced with a temporary change of address. I had a similar problem when my ex-wife moved out and filed permanent change-of-address forms for herself and our two-year-old son, of whom she had been awarded custody. Unfortunately, my son's name differs from mine only by middle initial. For the last five years I have had nothing but trouble as a result, including my and my father's mail being delivered to my ex-wife's address; companies I do business with continually having the wrong address in their records, in spite of numerous attempts to correct it; and my voter registration being changed without my approval. The risks of using change-of-address forms are many. For example, erroneous change-of-address data that continues to live on, long after it has been purged from post office systems; the inability or unwillingness of organizations to determine the age of change-of-address data, so that erroneous data continually displaces newer, corrected information; and governmental organizations changing registration records without direct, written notification from the party(ies) involved. Bill McFadden Tektronix, Inc. P.O. Box 500 MS 50-350 Beaverton, OR 97077 firstname.lastname@example.org http://www.rdrop.com/users/billmc (503) 627-6920
A friend was at his grocery store, using his MOST card to buy about $150.xx of groceries. He wanted $30 cash, so he keyed in $180.xx When he ran the card, it said "Daily limit exceeded". Which was wrong, as he'd not used the card at all that day. He tried again without the extra $30, and it worked. He then went over to the ATM to try to get the $30, and decided to get $100 instead. It said "Daily limit exceeded". He tried $30, and it said "Daily limit exceeded." The next day, he of course called his bank to find out what was up. They looked at it, and found that *every one of the transactions* was recorded as having been successful — so they'd deducted several hundred dollars more from his account than he'd received. Not a friendly failure mode. He's still working on getting it straightened out. The second item is from a web page, <http://www.usps.gov/moversnet/coa.html>. It *looks* as if you can now forward anyone else's mail without ever having to set foot in a Post Office. A friend found this while looking for online forms, to save him time, as he *was* moving; he used this form, and it sent back e-mail "to confirm". This doesn't appear real secure, although not having tried to use this facility fraudulently, I can't be sure that there isn't some additional level of checking. (And for those who say "Hey, don't spread FUD if you're not sure" — well, the fact that I can't *tell* is a problem in and of itself, eh?) ...phsiii
This is an old problem whose electronic reemergence represents a serious potential escalation. The U.S. Postal Service folks in charge of on-lining the USPS have insisted that this problem would go away in the new system, but evidently it may have worsened. Perhaps we need to flood them with requests to DISABLE ENTIRELY the ability to change our own addresses electronically or by postcard, requiring in-person or electronically certified requests (the USPS is now testing its entry into this business!), but it is likely to take a lot of requests before anyone will listen. By the way, the web page Philip Smith cites indicates that signing the change-of-address form certifies legitimacy of the request, and notes that anyone submitting false or inaccurate information is subject to punishment by fine or imprisonment. Given the ease of spoofing e-mail addresses, that is not likely to provide a sufficient disincentive. There have already been vastly too many scams (many untraceable) perpetrated using the old manual approach. Caveant omnes.
Today I got a message from David Jones (email@example.com, names changed to protect the guilty) with whom I correspond regularly. David has a unique writing style and signature that would be impossible to reproduce by accident. It was only after I sent him a response that I noticed that this message was not from David after all, but from someone I'd never heard of, John Smith (firstname.lastname@example.org). Without thinking the situation through all the way I dashed off another note to John Smith asking him essentially who the hell he was and what he was doing impersonating my friend Dave. Of course what happened was that Dave had been using a public Netscape browser that John Smith had at some earlier time configured for himself. David (who has a Ph.D. in nuclear physics, not a dumb guy) didn't know that you could even do that. He just assumed that the computer had some way of figuring out who you were and that you couldn't change it. The computer on his desk always does the Right Thing automagically, why wouldn't the one in the Library? So John Smith, who has never heard of me or David Jones, now has two very cryptic e-mail messages from me: my original reply to David, and my subsequent inquiry into John's identity. And David is wondering why I am taking so long to reply to his e-mail. What is astounding about this mess is not only the sheer number of errors that had to be made in order to bring it about (four - John Smith not removing his personal e-mail configuration from the public computer, David Jones not reconfiguring the program before using it to send e-mail, my not checking the From address in the message, and my not thinking the situation through before sending my second reply) but also how utterly easy it was for all those mistakes to be made. In fact, for *all* these mistakes to occur is the *natural* evolution of events in the presence of Netscape running on a publically accessible machine. To eliminate *any* of these mistakes requires considerable effort and knowledge. The risk: when you reply to an e-mail message you are *not* necessarily replying to the person who wrote it. You could be sending mail to a complete stranger through a completely innocent, and potentially very common, set of circumstances. Erann Gat email@example.com firstname.lastname@example.org
After reading an article in the Sydney Morning Herald regarding the theft of a laptop from a shop and subsequent death of the shop's owner [http://www.smh.com.au/daily/national/961003-national6.html] I checked out the Web page with the wanted poster for this crime, issued by the Queensland Police [http://www.OntheNet.com.au/gcpolice/]. It's certainly an inspired way to catch this guy, but the thing that strikes me is the RISK of the site being hacked [RISKS 18.49: CIA disconnects home page after being hacked] or the DNS being spoofed and some random person's picture replacing the bad guy's. Not to mention the ease with which copies of such 'wanted posters' could be made. I'm sure someone will point out that this sort of thing would be resolved when the bogus information was given to the Police. I am skeptical because it wouldn't be the first time that a wrong person/address mix up has occurred, sometimes with dire consequences.
Today my doctor sent me to the HMO's lab to have some blood drawn. After jumping through the usual hoops (put the form in the slot, hand over the ID card, sign here, sign there) I was called in and seated in the little room with racks of empty vials on the wall. Twenty or so minutes passed, which seemed a little unusual, so I got up to find out what was causing the delay. I found the lab technician in another room looking at a computer screen. When I asked him what was going on he responded that he was unfamiliar with the procedure for one of the tests my doctor had ordered, and was having some trouble getting the instructions from the computer. Mo, there was no one else around whom he could ask. Be afraid. Be very afraid. Erann Gat email@example.com firstname.lastname@example.org
Jim Garrison's <email@example.com> description of an incident with heart monitor software in RISKS-18.49 omitted to say whether either the nurse or doctor took a pulse before ordering a confirming ECG to determine if the heart monitor was inaccurate. If this was the case, it points out another risk not confined to computers, that of immediately attempting a "high-tech" solution to a problem when a "low tech" solution was at hand. Often the "low tech" solution offers results that are more intuitive and easier to interpret. Bill Ragland
I'm referring to the recent posting about the safety of medical monitoring devices. Or better, about the failure of people to read these properly. First of all, as the poster said, they are no EKG (ECG if you're British) replacement. They are only used to diagnose disturbances of the heart's rhythm or frequency. Of course, if somebody switches the display to half speed, the spikes will still appear at the same rate which really is obvious (should be). Second, during an exercise situation it may be very difficult for the monitor to pick up the correct frequency because of all the artifacts generated by movement of the electrodes. On the other hand, the monitors are smarter than you might think from watching Arnold's latest movie "Eraser": No monitor I've seen would respond to disconnection of an electrode by showing a flatline EKG, so this "risk" is fictitious. What's more, no nurse or doctor would (should?) shock a patient who is moving about and protesting, only because his EKG is flatline. Moral: With all the machines we doctors get, we still have to think. Tim
So it was the triggering condition that was wrong, not that the trigger caused an audible alarm. Sigh. > She immediately went into "emergency mode", ... This sounds quite good to me, actually, although not necessarily for the reasons implied. Ok, so it seems that a mistake was made, and was luckily detected before damage occurred. On the other hand, the nurse was acting as though a serious, time-critical problem existed, and moved to handle that problem, rather than wasting time checking the equipment - how often does RISKS carry tales of operators not believing that the situation was as bad as indicators claimed? Also, a sanity check was applied, *after* events were set in motion, but *before* damage was done. Personally, I would have thought a quick sanity-check with a stethoscope might have been appropriate, but I'm not in the medical profession, and don't know how effective it would have been. steve
RISKS readers are well aware of the difficulties inherent in trying to achieve strong security. JavaSoft is trying to increase general awareness of these problems relating to Java and related approaches, and has begun a series of forums that should be of considerable interest to many of you. The first forum was on the topic of ActiveX and Java. The second forum is on the topic of security, and started running last week. You can find it at http://java.sun.com/ . (Follow the link from the top level page.) We're now hosting the second in the series of online Forums, and are inviting experts to comment on an opening statement from JavaSoft. We will publish statement and comments on our web page, and invite comments from the Internet community at large. We are interested in feedback and comments. One thing we're hoping to do is to raise the level of commentary about security, because we feel that security is really an architectural issue, not a black-and-white-checkbox kind of issue. We recognize there are things that need to be fixed and we're working on that from an architectural or fundamental point of view. Check out the Forum and send us your comments. We can't personally answer all the comments, but we plan to publish a subset of the feedback we get in a follow-up Forum. Marianne Mueller firstname.lastname@example.org
Edited by Rob Kling Computerization and Controversy: Value Conflicts and Social Choices Second Edition Academic Press, San Diego CA, 1996 The second edition of Rob Kling's book contains 78 articles with a wide variety of views representing a spectrum of authors, many of whom are familiar to long-time RISKS readers. The parts of the book are as follows: I. Heads Up! Mental Models for Traveling Through the Computer World II. The Dreams of Technological Utopianism III. The Economic, Cultural, and Organizational Dimensions of Computerization IV. Computerization and the Transformation of Work V. Social Relationships in Electronic Forums VI. Privacy and Social Control VII. System Safety and Social Vulnerability VIII. Ethical Perspectives and Professional Responsibilities for Information and Computer Science Professionals There is much provocative thought in this collection, with a lot more than just a little something for everyone.
The biannual daylight savings time confusion began this weekend in Sweden. When Sweden joined the EU (Common Market), it changed the fall changeover from the last weekend in September to the last weekend in October to conform with the rest of Europe. Unfortunately, a few hundred thousand Windows '95 machines were not informed of the changeover and, followed pre-programmed instructions, switched on the old schedule. This is, of course, one small example of a much more difficult problem: there is no obvious way to pre-program daylight savings time changeover in a way that is sufficiently robust to withstand government intervention. (My favorite example is Arizona, where federal land changes, but state land remains on mountain standard time year around.) Martin Minow email@example.com
In RISKS-18.45 Mark Brader forwarded an article originally posted by Dewayne Matthews in sci.aeronautics.airliners. In it Dewayne, commenting on a previous post that RFI interference with airliner systems is based on unsubstantiated anecdotal evidence goes on to give exactly the same sort of anecdote. A valid reading of the episode is that the MD88's glass cockpit crashed for some unspecified reason and started to quietly re-boot. The pilot assumed RFI interference from PCs (he'd heard those anecdotes too) and got the only PC on board which was on turned off. Meanwhile the cockpit had completed its re-boot, entirely unrelated to the PC. So yup, it's just another anecdote proving precisely nothing, expect perhaps that pilots listen to these stories too. PS: meanwhile back in the real world of RFI interference I wonder if it's occurred to the airlines that many PDAs are actually all the time in standby mode and produce RFI. Just try putting an AM radio next to your PDA and listen. Paul Oldham Milton, Cambridge http://www.bizanal.demon.co.uk/paul/
I'm not really sure if these guys really know what they're doing, but the Advance Bank in Australia has offered Internet Banking: http://www.advance.com.au/advance/intbank/startup.htm It claims to use RSA and IDEA for encrypting the traffic between a PC based client and the server. The RISKS? Where can I start? They currently don't offer a Java version, but they say: Will a Java Version be released? Not for a while. While Advance Bank is often seen to be an "early leader" in new technology, Java is not yet a released product, nor are the security aspects finalised to our satisfaction. We'll keep a close eye on it, though. "early leader?" Ahh... bleeding edge?
The Second International Workshop on Formal Methods for Industrial Critical Systems will take place in CESENA (Italy), 4-5 July 1997, close to Bologna (Italy) as a Satellite Workshop to the 24th International Colloquium on Automata, Languages, and Programming, sponsored by ERCIM Working Group on Formal Methods for Industrial Critical Systems, University of Bologna, CNR / Ist. CNUCE - Pisa, CNR / Ist. Elaborazione dell'Informazione, Pisa Dependable Computing Center. More information can be obtained from http://fdt.cnuce.cnr.it:8080/Home/fm-ercim/WS/Cesena97/workshop.html STEERING COMMITTEE: S. Gnesi - CNR/IEI - Pisa (IT) D. Latella - CNR/CNUCE - Pisa (IT) L. Simoncini - Univ. of Pisa and CNR/CNUCE - Pisa (IT)
Please report problems with the web pages to the maintainer