The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 18 Issue 63

Tuesday 26 November 1996


o Mars Probe crashes
Ben Morphett
o Massive NY tax fraud
Mich Kabay
o Complexity of the airplane pilot's interface
Mich Kabay
o Bell Atlantic 411 outage
Rich Mintz
o DIMACS Network Threats workshop, Rutgers, 4-6 December 1996
Rebecca Wright
o Year 2000 Problem Will Cause Lawsuits, Bankruptcies
o Y2K *Guardian* article on retroactive liability
Martin Minow
o Danish government puts its own records on the Web, illegally
Ketil Perstrup
o Badly placed hardware
o Digital footprints on the Internet
Martin Minow
o "Disappearing Cryptography" by Peter Wayner
Rob Slade
Peter Wayner
o Re: Effects of the next cycle of solar interference
o Risks of believing what you read: Re: Irish rock band
Stuart Woodward
o The SEI Conference on Risk Management
Carol Biesecker
o Info on RISKS (comp.risks)

Mars Probe crashes

Ben Morphett <>
Thu, 21 Nov 1996 09:28:23 +1100 (EST)
When the Russian Mars probe crashed earlier this week, it provided an
interesting example of the difference between precision and accuracy.

The first reports said that the probe would crash land in central Australia,
bringing with it 200 g of plutonium.  State emergency services all over
Australia went into yellow alert.  Soldiers were mobilised.

>From the TV pictures, the first estimates of where it would land were
anywhere in an area about 2000 km across.  The next reports said that it
would be landing at about the New South Wales/Queensland border, and they
seemed to think it would come down somewhere in an area about 500 km across.
The next reports said that it would come down somewhere in an area in the
north west of New South Wales, and the precision of this estimate seemed to
be about 100 km.

As it turned out, it came down about 2000 km west of Chile, in the Pacific
Ocean, a third of the way around the world from Australia.

So as the precision of the reports was increasing, the accuracy of the
reports was about staying about the same - very wrong.

Ben Morphett

Massive NY tax fraud

Mich Kabay <75300.3232@CompuServe.COM>
22 Nov 96 12:36:43 EST
  Hacker Scheme, By KAREN MATTHEWS, Associated Press Writer
  NEW YORK (AP) -- City workers, in exchange for bribes from property
  owners, falsified computer records to eliminate nearly $13 million in
  unpaid taxes in a scheme called the largest tax fraud case in New York
  City history.  [Associated Press news wire via CompuServe's Executive News
  Service, AP US & World, 22 Nov 1996]

The author makes the following key points:

o Some tax records erased.
o Other records falsely indicated as paid using funds from legitimate
  payments by innocent victims.
o So far, 29 people charged in federal court.
o 200 more expected to be charged.
o $13M of debts erased.
o $7M in interest lost.
o Fraud thought to have started in 1992.
o Investigation started in 1994.
o In a section particularly intriguing for RISKS and NCSA FORUM participants,
  the author writes, ``Three employees of the city collector's offices
  exploited computer "glitches" to make it appear that unpaid taxes had
  been paid, officials said.

More, no doubt, as the case unfolds.

M. E. Kabay, Ph.D. (Kirkland, QC), Director of Education
National Computer Security Association (

Complexity of the airplane pilot's interface

Mich Kabay <75300.3232@CompuServe.COM>
25 Nov 96 16:06:50 EST
This item from last week in Executive News Service on CompuServe caught my eye:

  Pilots said stretched to limit by cockpit high-tech
  Reuters World Report, 20 Nov 1996

  LONDON, Nov 20 (Reuter) - Airline pilots are being stretched
  to the limit by increasingly complex cockpit technology and need
  radically different training methods to cope in future, a top
  medical aviation specialist said on Wednesday.

The article makes the following key points:

o   Dr Michael Bagshaw is head of aviation medical services at
    British Airways.  He wonders, "Are we perhaps reaching the
    limit to pilots' mental processing capacity?"

o   However, he answered in his address in London to the Royal
    Society in London , "On the face of it we may have reached a
    plateau. But experience shows that having   reached a plateau,
    we then move on again."

o   According to the expert, "In both military and commercial
    aviation the complexity of the environment is increasing.
    Automation is being developed but the question remains
    as to whether the automation relieves workload or increases it."

o   "If we examine the accident rate by type of aircraft, it
    can be seen that although the overall trend is down ... new
    highly-automated types have a relatively higher accident rate."

o   In some cases, plane design prevents manual overrides
    even if the automated system is in trouble.

o   The increasing use of CRT and LCD displays means that what
    used to be on separate dials now appears, in the words of the
    author of the article, "on one cluttered computer
    display, which meant pilots needed to spend more time
    interpreting what they were seeing."

o   Dr Bagshaw added, "We are starting to see some of the
    limitations of information processing. This is the weak
    link -- information is derived from a number of sources.
    It has to be integrated, then interpreted, and the appropriate
    action taken to use that information appropriately."

o   The changes in technology necessitate new methods of training:
    "I think we can move on from the plateau by altering the
    way we approach training. We've now reached a watershed by
    accepting that human error is normal," said Baghshaw after his
    speech.  "The old approach was to think that human error was a
    mistake which should be avoided. Now we have to assume it will
    happen and instead assess how pilots cope with error."

M. E. Kabay, Ph.D. / Director of Education
National Computer Security Association (NCSA)

Bell Atlantic 411 outage

Rich Mintz <>
Tue, 26 Nov 1996 11:18:10 -0500
On Monday 25 Nov 1996, Bell Atlantic -- the local telephone company serving
the mid-Atlantic region of the USA, including Philadelphia and Washington,
D.C. -- saw an outage of several hours in its telephone directory assistance
service, due (apparently) to an errant operating system upgrade on a
database server.  For unknown reasons, the backup system also failed.  The
result was that for several hours, telephone operators ended up taking
callers' requests and telephone numbers, looking the requested information
up in printed directories, and calling the callers back with the

Apparently, the problem was solved by backing out the software upgrade.
Significantly (in my opinion), the Washington Post's article on the outage
mentioned this fact (albeit in slightly less technical language), which is
yet another indication of the pervasiveness of software, and of the growing
number of people in society at large that are generally aware of software
and how it works.

DIMACS Network Threats workshop, Rutgers, 4-6 December 1996

Rebecca Wright <>
Mon, 25 Nov 1996 14:57:02 -0500 (EST)
DIMACS Workshop on Network Threats

Sponsored by the DIMACS as part of the 1996-97 Special Year on Networks

December 4-6, 1996

DIMACS Center, CoRE Building (Computer Research and Education)
Rutgers University Busch Campus
New Brunswick, New Jersey, USA

Workshop organizers:
     Steve Bellovin, AT&T Labs - Research,
     Peter G. Neumann, SRI International,
     Rebecca Wright, AT&T Labs - Research,

As the use of computer networks, and in particular the Internet, has
increased, so has the potential threat to security. In the last several
years, we have seen numerous security-related attacks on Netscape, Java, and
the Internet protocols. New protocols and systems for electronic commerce,
secure financial transactions, and other applications are being introduced,
and are being deployed quickly, and on a large scale. This workshop aims to
bring together theorists and practitioners working in areas related to
network security in an informal setting to foster discussion regarding the
nature of the threat and what we, as researchers, can do to help manage it.

Confirmed speakers:
     Steven M. Bellovin (AT&T Labs - Research)
     Bill Cheswick (Bell Labs)
     Shiu-Kai Chin (Syracuse University)
     Cindy Cullen (Bellcore)
     Drew Dean (Princeton University)
     Yvo Desmedt (University of Wisconsin - Milwaukee)
     Ed Felten (Princeton University)
     Robert J. Hall (AT&T Labs - Research)
     Catherine Meadows  (Naval Research Laboratory)
     Peter G. Neumann (SRI International)
     Sarvar Patel (Bellcore)
     Jean-Jacques Quisquater (Universite de Louvain)
     Alexis Rosen (PANIX Public Access Networks Corporation)
     Avi Rubin (Bellcore)
     Adam Shostack (Consultant)

There is still room in the schedule for a few more talks.  If you
would like to give a talk describing current, unpublished work, please
e-mail a 1-2 page abstract (postscript or plain ASCII text) to Rebecca
Wright at


The full workshop program, plus information regarding registration,
travel and local arrangements for this workshop can be found at:

Year 2000 Problem Will Cause Lawsuits, Bankruptcies

Edupage Editors <>
Sun, 24 Nov 1996 15:12:08 -0500 (EST)
At a recent meeting sponsored by the Electronic Banking Economics Society,
one speaker predicted that a bankruptcy rate of between 1% and 5% could
result directly from costs related to fixing the notorious "Year 2000
Problem."  "If you have not yet begun a Year 2000 conversion today, you will
not be able to convert by 2000," he said, noting that there are only 150
weekends left to work on systems affected by the problem.  If companies
choose to ignore the problem, they'll be liable for millions in lawsuits
brought by shareholders when company stock prices begin to plummet.  Only
one third of U.S. companies are addressing the problem, with another third
entering the preliminary discussion phase, and the other third doing
nothing.  Still, that's better than the rest of the world: "Britain is three
steps behind the United States on this issue, Europe about 10 steps behind
the United States on the issue, and Japan is about 15 steps behind the
United States on the issue," the consultant said.  (*BNA Daily Report for
Executives*, 20 Nov 1996, A16; Edupage, 24 Nov 1996)

Y2K *Guardian* article on retroactive liability

Martin Minow <>
Thu, 21 Nov 1996 16:26:33 -0800
The online edition of the Guardian newspaper has an interesting article on
the year 2000 problem; concentrating on the legal responsibility of software
and hardware vendors.

The article quotes Stephen Castell, a consultant in computer technology:
"Castell believes that around the beginning of 1992 is the earliest time
from which suppliers may be liable. He says, "The problem was sufficiently
recognised in the industry from around then, and systems developers should
have considered moving on from the two-figure date."  However, if it is
correct that the potential problem should have been obvious, courts may be
less indulgent to developers who overlooked it even before 1992."
(Note that the Guardian may only archive articles for a short time.)

Martin Minow

Danish government puts its own records on the Web, illegally

Ketil Perstrup <>
Fri, 22 Nov 1996 15:28:58 +0100
Many of the requests processed by local government offices are requests for
information from government records. This fact has given the Danish
Ministry of Research a seemingly brilliant idea: Making government records
available on the World Wide Web would free local government officials from
processing these requests.

The first government records were made public on October 1 on
<>. The information was taken from
the land and building property evaluation records of the Danish Tax
Ministry. These records are used by employees in the tax offices of the
local government for taxation of land and building property. The published
information included the following for each piece of land and building
property in Denmark: Location, owner, estimated value, date and price
(including down payment) of last sale (if sold since last evaluation of the
property in 1992), debts to local government, rental value for
non-residential property (if rented) and further notes intended to assist

On the October 15 the records were made inaccessible when the large,
reputable Danish newspaper Berlingske Tidende published a critique by
professor Erik Frøkjær from the Department of Computer Science at
Copenhagen University. Two thing were criticized:

1. The records could be copied without explicit permit by anyone with
access to the Internet, something which is not allowed according to the
Danish Public Authorities' Registers Act.

2. The last three items in the list above were confidential information and
could not legally be published under Danish law.

Access to the records was reestablished the next day when the offending
items had been removed. At that time the publisher, Kommunedata, assured
the public and the Danish Data Surveillance Authority ("Registertilsynet")
that the records could not be copied. The company also publicly explained
that Erik Frøkjær could not possibly have copied the records except by
means that were not entirely legal.

Soon after this a group of researchers contacted the Danish Data
Surveillance Authority to demonstrate that the records are easily copied
(with entirely legal means), but the offer of a demonstration has been
declined by the Authority. Copies of the case obtained from the Authority
under the Danish Freedom of Information Act show that the Authority has been
made aware by other means that copying is possible. Despite this the
Authority refuses to take action based on this evidence so WWW access is
still possible. The only change since the reopening has been removal of most
of the information about sales when the Court in Århus informed the
Authority that this information is not and should not be publicly available.

This is the first case known to me of government records being published on
the World Wide Web. The case is instructive: There has been repeated valid
objections to the legal basis on which the records are made available. This
and the fact that the continuing operation of this service is not important
for anything but the reputation of the parties involved, leads me to expect
that access ought to be at least temporarily suspended until the questions
were resolved.

This case demonstrates a large collection of security problems inherent to
World Wide Web publication of government records as well as a lot of legal
problems that will not be mentioned here. These problems are probably
compounded because both the Danish government and Kommunedata wants to be
perceived as technologically advanced and "Internet-friendly".

1) The original records were used by the employees in local tax offices, so
information that was not meant to be disclosed publicly was maintained
together with the evaluation of each piece of property. When the records
were made available on the World Wide Web without cleanup, confidential
information was disclosed. Moral: When sensitive information is put to use
in a new way it should be checked to make sure that all information is
appropriate for the new use.

2) The Danish Data Surveillance Authority does not have its own technical
staff, so it wasn't able to asses the correctness of the claim made by the
publisher, Kommunedata, that the records could not be copied. Moral:
Government authorities should not rely on experts employed by the companies
that are checked. When new types of problems are encountered the government
should use their own or independent security experts to assess the claims
made by companies.

3) It is not possible to prevent information published on the Internet from
being copied, so information that must not be copied should not be available
on the Internet.

4) Until now the companies and government authorities involved has ignored
criticism from computer professionals. Moral: Government officials does not
automatically listen when professionals criticize security. If the critique
goes against official policy you might very well be ignored or worse, no
matter how serious the problem is.

5) Denmark prides itself on its large information systems in the public
administration. These information systems have been accepted by the public
because of a set of very restrictive laws governing these records and strict
attention to security. Other governments may be tempted to publish similar
records on the World Wide Web because when the security-conscious Danes do
it, it must be OK.

6) To add insult to injury the programs used by Kommunedata to control
access to the records performs no parameter validation which shows that
this publication probably has yet more security problems in store.

Despite the problems with publication of the records the Ministry of
Research and Kommunedata wants to make even more sensitive and personal data
available on the World Wide Web in the future. I shudder as I contemplate
the consequences.

Ketil Perstrup (

Badly placed hardware

"Abigail" <>
Thu, 21 Nov 1996 01:52:04 -0500 (EST)
Two days ago, I was in a computer room of a large financial institution. A
whole range of different computers is in that room. One (PC) setup consisted
of a tower on the ground, and a monitor and keyboard on a table. Nothing
usual here.  But the monitor was placed on a box which had switches for the
monitor, the tower, and a printer, and a masterswitch, on one end, and
cables on the other. The switches where facing forward.

The machine was happily minding its own - important - business.

My partner and I were working on a different machine. At one moment, he
gives way to let me handle the machine. He puts his elbow on the table,
slightly disturbing the keyboard, which is moved enough to just have the
master switch break the contact for a moment, causing the machine to crash.

    - "Is that serious?", he asked.
    - "It is a live machine..."

When I left two hours later, at least 5 people had been trying to get it
working again, and at least 10 nervous people asked what was going on. They
were still trying to boot it.

Today I was in the room again. They had turned the box 90 degrees.


Digital footprints on the Internet (Article in UK Guardian)

Martin Minow <>
Thu, 21 Nov 1996 12:21:15 -0800
The online edition of the UK Guardian newspaper has a long article on the
way that "Internet users leave traces and records of every online action,
from sending e-mail or posting to newsgroups to visiting Web sites."

  ... At the moment unwanted e-mail is about the limit of the intrusion, but
  this could change. Internet commentator Dominique Paul Noth points out:
  "You have no guarantee that the information is intelligently or even
  accurately employed to your benefit." As more information is collected, it
  is more useful to those collecting it - and less easily controlled.

  ... One alternative is making yourself anonymous by deleting cookie files
  and using mail programs that disguise your identity.

  However, making yourself anonymous online means that you cannot
  personalise Web pages, ask for information via e-mail, or join mailing
  lists. The issue, as Noth and other commentators recognise, is more to do
  with how this information is used. Credit card companies know what we are
  buying, and there is a legal framework to control their use of this
  information. There is no such framework in force for online information.

  It seems that the very lack of "real world" controls over online activity
  which many Internet users favour has created the environment in which
  marketing companies can thrive. As long as the Internet is seen as somehow
  outside the reach of the law, then there will be those who abuse its
  freedom. So as you surf for Christmas presents, look out for surprises in
  your mailbox as a result.

The full article is at
(However, note that newspaper articles on the Web are often only
visible for a short time.)

Martin Minow

"Disappearing Cryptography" by Peter Wayner

"Rob Slade" <>
Mon, 25 Nov 1996 11:15:46 EST

"Disappearing Cryptography", Peter Wayner, 1996, 0-12-738671-8, U$29.95
%A   Peter Wayner
%C   1300 Boylston Street, Chestnut Hill, MA   02167
%D   1996
%G   0-12-738671-8
%I   Academic Press Professional
%O   U$29.95 +1-617-232-0500 +1-800-3131277
%P   295
%T   "Disappearing Cryptography"

The title seems to allude to, and the book jacket definitely trumpets,
steganography, the act or art of "hiding in plain sight".  An example of a
steganographic message would be one which appears to be an innocuous and
ordinary family letter, but which carries detailed information in the
background.  One chapter of the book does deal with this type of encryption,
although only in terms of hiding text data in pictures.  The book as a whole
seems more like a collection of essays on topics related to encryption.

The topics represented cover a broad range of information science.  The level
of detail provided varies, but in general the explanations are fairly simple.

copyright Robert M. Slade, 1996   BKDSCRPT.RVW   960902
Vancouver Institute for Research into User Security Vancouver Canada V7K 2G6

"Disappearing Cryptography" by Peter Wayner

Peter Wayner <>
Tue, 26 Nov 1996 09:43:08 -0500
Rob Slade is right.  Much of my book, _Disappearing Cryptography_ is filled
with simple discussion.  It was intended to offer many casual readers some
insight into how morphable information can be.  This is a highly important
technical topic these days because of the battles over encryption
regulation.  Sure, I could have written a nerd opera, but that wouldn't have
helped people without an advanced degree in number theory.  This topic is so
important for policy that I wanted to try and spread the knowledge around a

I think he's wrong on other counts.  The book discusses how to use
error-correcting codes, encryption, dining cryptographers networks,
compression functions, and compiler technology to make information look like
something else.  I think that each of these solutions offers a unique way to
make information `disappear' because, if it looks like something innocuous,
then it escapes detection.

My home page ( has the table
of contents for those that are interested.  Feel free to write if you have
more questions.  [A minireview by your moderator is in RISKS-18.17. PGN]

Re: Effects of the next cycle of solar interference (RISKS-18.62)

McInnis <>
Thu, 21 Nov 1996 10:52:43 -0600 (CST)
I guess one's man's poison is another man's feast.

I got a kick out of the article about the problems that could be caused by
the next peak of the 11-year sunspot cycle.  Most of us amateur radio
operators are waiting in breathless anticipation for the sunspots to pick up
because it "turns on" some of the radio frequencies to long range
communications.  It's sort of like a starry-eyed 4 year old kid waiting for
Christmas hearing someone grumbling about how they don't like Christmas.

Also, the 11-year sunspot cycle has been going on for several hundred years
since the last gap in the cycle.  It says something about our technology
that some systems might not be prepared for it.  It's like someone being
surprised that it's getting cold as winter approaches.  ("Gee, didn't it
start getting cold about this time last year, too?")

73 de KB5YAC  Mickey McInnis -

Risks of believing what you read: Re: Irish rock band (RISKS-18.62)

Stuart Woodward <>
Fri, 22 Nov 1996 17:13:18 GMT
> ... first group to be burglarized on the Internet [?]

Those who are following this story will already know that the samples from
U2's new album were not ""siphoned off" along cables feeding the band's own
video camera", that provides a one day delayed view of U2's studio
activities, but were copied from a promotional video that was sent out from
Island Records to their office in Hungary. The video was reported to have
been borrowed and samples taken from it - a purposely degraded recording -
were uploaded to a web page on the Internet.

The story seems to have got very quickly elaborated to include hackers. The
hacker aspect appears to have come from the quote in the Sunday Times from a
"former hacker":

  Hackers may have used the camera as a door into the studio's computers
  where the new songs are stored.

The real risk here is that it seems that newspapers don't employ anyone
qualified to proofread and follow up their Internet related stories. (Also
c.f. the recent Observer story about pornography on the Internet).

The SEI Conference on Risk Management

Carol Biesecker <cb@SEI.CMU.EDU>
25 Nov 1996 20:30:22 GMT
The SEI Conference on Risk Management: Managing Uncertainty in a Changing
World April 7-9, 1997, The Cavalier Hotel, Virginia Beach, Virginia.
Planned in cooperation with the Society for Risk Analysis, the IEEE Computer
Society, the Hampton Roads SPIN, and the Best Manufacturing Practices
Association; cooperation with Software Program Managers Network is pending.

[Featured renowned keynote speakers, distinguished presenters, contributed
presentations, papers, tutorials, workshops...]

For additional information about the conference, contact
  SEI Customer Relations, Software Engineering Institute
  Carnegie Mellon University, Pittsburgh, PA 15213
  Phone, Voice Mail, and On-Demand FAX 412 / 268-5800
  World Wide Web:

Event Registration: Contact
  Events, Software Engineering Institute
  Carnegie Mellon University, Pittsburgh, PA 15213-3890
  Phone, Voice Mail, and On-Demand FAX 412 / 268-7388
  FAX 412 / 268-7401

Please report problems with the web pages to the maintainer