An internal review of 64,000 unclassified computer systems throughout all major Department of Energy facilities has found serious security lapses, including the presence of classified and sensitive nuclear weapons information on 1,400 systems open to anyone on the Internet. This has stimulated a "contamination clean-up". Los Alamos alone has had 15 security breaches since Nov 1997. Apparently ftp reads — and *writes* — and readable password files are major problems. [Source: Brock N. Meeks, MSNBC, 29 May 1998, Stark Abstracting. RISKS Readers, Are You Surprised? PGN]
Some issues of the Canadian government publication Aviation Safety Vortex can be found at <http://www.tc.gc.ca/aviation/syssafe/vortex/index.htm>. Reproduced in one of them is a notice from Bell Helicopter Textron: | "The use of noise-cancelling headsets by helicopter crews has become | commonplace." Recently, an operator informed Bell Helicopter that he | was unable to hear the audio cautions and warnings while wearing one | of these headsets. If a flight crew member chooses to wear any kind of | headset, especially a noise-cancelling headset, then that person | should determine that all audio cautions and warnings can be heard | with the headset on, prior to takeoff. The editor observes that the principle has more general applications.
This happened today in the company I work for. For some reason they all (except me) use the Outlook Express which comes with MSIE4. They had some problems in the past with it (it simply discards mails with a correct but obviously unexpected delimiter for MIME-parts) but today one mailer started to send huge (10Mbyte) mail bombs. The reason: If Outlook tries to send mail it first puts the mail into a temporary box and after the mail is send it gets moved into the outbox. If it can't write to the outbox (in this case the outbox was one a server which had not enough space for this big mail) the mail stays in the temporary box and after a while it tries to send it again and again (interval varies). The bad thing is - it doesn't tell you about the problem. Only if you attempt to move the mails by hand into the outbox it tells you that there is no more space. Fortunately, all outgoing mail gets first spooled on a Linux-server which at intervals send the mail over a ISDN line. So after the person called me asking why the mail doesn't get send I could quickly login (from 600 kilometers away) and delete the 4 duplicates before they went out. This is not the first time this happened. A few days ago the Linux-server was swamped over night with about 50 30Mbyte big mails. Most of them went out, poor person who got them. Hopefully this will be the last time - today I installed a filter which tracks duplicates (they are not exactly duplicates - the Message-Id is different on each instance) and sends them back to the user ;)
This one here is fairly straightforward: http://www.slipstick.com/outlook98/add-ins/pgp.htm The Exchange/Outlook plug-in for PGP for Personal Privacy commercial) and PGPfreeware 5.5 from Pretty Good Privacy, Inc. (now part of Network Associates, Inc.) does not work with Outlook 98. In particular, sending a message in RTF, HTML or WordMail format can result in an unencrypted HTML or Word version being sent, along with the encrypted text version. "oops" ;) - http://boop.xensei.com/~n-choe/
Undersecretary Reinsch on crypto export controls at EPIC-98: "Neither fair nor efficient, but available". In contrast to the shocking admission by Associate Deputy Attorney General Litt that he hadn't bothered reading the CRISIS report produced by the National Research Council, Undersecretary Reinsch gave a very candid characterisation of US export controls on crypto at the same session of the EPIC conference. In answer to a question from the floor, the Undersecretary explained at some length that export controls are under the direct control of the Executive, specifically the President, with little room for oversight by the judiciary or legislature: in contrast, both controls on the domestic use of encryption technology and import controls would require legislation. In closing, Undersecretary Reinsch summarised with words very similar to these: "In the abstract, I couldn't honestly argue that export controls are either fair or particularly efficient as a means of control; they are however available." The abridged soundbite version - "Export controls: neither fair nor efficient, but available" - seems like worthy tagline material for updated editions of the Diffie-Landau book, ACP handouts, and similar. The significance of this admission of the intellectual bankruptcy - that is to say, the soundly pragmatic nature - of US export policy was overshadowed by Bob "CRISIS? What CRISIS?" Litt's gaffe... Stefek Zaba, HPLabs Bristol
According to the San Jose Mercury, the attack was launched using LAN sniffers. The exposure to unencrypted passwords was mentioned, with France with its extreme restrictions on encryption mentioned as a bad example. The consequences could include disabling the capability of researchers in France to log on to SLAC over the net.
Three Quebec City-area men in their 20s were arraigned in Quebec court on 8 Jun 1998 for stealing Internet passwords and offering on-line recipes for how to make explosives. [Source: _The Gazette_ (Montreal), 9 Jun 1998, A6]
---------- Forwarded message ---------- [Multiple (at least 5) forwardings deleted. PGN] [[ The "SIR-C processor" is big wad of custom hardware. SIR-C was the 3rd Shuttle Imaging Radar mission — the premiere unclassified spaceborne imaging radar dataset. Looks like it's about to go write-only ... /Frew ]] >From: Ellen O'Leary [mailto:email@example.com] There is a Year 2000 problem with the SIR-C processor and it is unlikely that there will be funds available to fix it. The purpose of this e-mail is to let you know this so, that you can request SIR-C data processing before this problem shuts the processor down. You can request SIR-C data processing over the World Wide Web at: http://edcwww.cr.usgs.gov/landdaac/sir-c Please try to space your requests out over the next year or so in order not to overload the processing team at EROS. Please pass this along to others who might like to know. Ellen O'Leary, Jet Propulsion Laboratory, 4800 Oak Grove Drive Pasadena, CA 91109 1-818-354-7250 firstname.lastname@example.org
In RISKS-19.75, Richard Cook mentions some of the problems introduced by the reliance of hospitals on "more efficient" technologies (pagers) that can fail (when the Galaxy IV satellite dies). I recently saw an interesting example of the negative effects of this "more efficient" technology *when it is working perfectly!* I was at a restaurant on evening with a relative who's a surgeon. His pager went off, and he returned the call using a cellphone. After a brief conversation, he hung up, pulled a scarp of paper out of his pocket and made some notes. He then remarked on what had happened. The call was from the lab at his hospital, reporting some lab results which, as it turned out, were a very strong contra-indication for an operation scheduled for the following morning. Now, in the old days, lab results were only reported on paper, though inefficient, slow mechanisms. Since all doctors now had pagers, the labs now called immediately with the results. On the one hand, this makes important information available immediately. On the other, it pretty much guarantees that much information will reported at inappropriate times and places. After this phone call, an essential bit of information resided in my relative's head, and on a scrap of paper in his pocket. Oh, it certainly was duplicated in the lab and patient records at the hospital — but those records might not be routinely examined before beginning an operation. Presumably there was at one time a method for delivering such information at the hospital, perhaps when a doctor arrived; but any such system would inevitably atrophy fairly rapidly as people came to rely on paging notifications. There are many lessons to be learned (again) here. Mostly, the problem is one of human interface: An efficient, (mainly) reliable system is being used in a way that does not match the needs and cognitive abilities of the human beings who must rely on it. But one can also point out that reliability and safety are system properties, not component properties, and it's not clear what effect the introduction of new technology has had on the overall system. It's tempting to attribute the problem to inappropriate technology and propose a technological fix. Perhaps the lab should use persistent E-mail messaging instead of volatile pager notifications. Perhaps the doctors should be using some "more advanced" technology (e.g., a Palm Pilot) instead of scraps of paper. Perhaps ... but one can speculate endlessly. The fact is, pagers are there; some information *does* need to be delivered and acted on immediately, for which pager technology is the appropriate choice; it's not clear that good alternative technologies for this particular problem really exist right now; and even if they did, adding yet more complex technologies might make things worse rather than better. (There is also, of course, the social/personal issue: Surgeons have always known that it's a part of the job that they may be called at almost any time in emergencies. It used to be difficult to do that, and calls really were (mainly) restricted to emergencies. Now, pagers are used for many things that *don't* qualify as emergencies. My relative isn't particularly bothered by this, but then he's known for his concern for his patients and willingness to put up with inconveniences on their behalf — he would otherwise never have chosen his subspecialty, which by its nature brings him patients who are typically extremely ill and often in unstable condition. Most would probably not be as tolerant — when everything is an emergency, soon nothing is an emergency.) Jerry
On 11 June 1998 residents of the state of Victoria, Australia, were advised to skip taking a shower and to eat a cold breakfast. Bread bakeries throughout the state, the Ford and Toyota vehicle and other manufacturing plants were closed. The cause was the disabling of 25 per cent of the state's natural gas supply by a metre long block of ice that had formed in a main supply pipe, apparently one of four. Some areas also temporarily lost electric power, due to consequent overload. At least 3000 workers were stood down and an estimated $30 million production was lost. The state's gas comes from undersea wells in Bass Strait and is treated for distribution at a plant near Melbourne, on the south coast. The previous night, temperatures dropped to an unseasonable 4 degrees Celsius (39 degrees F), and water that is a byproduct of gas extraction froze in the pipe. Attempts are being made to thaw the blockage with an electric blanket around the pipe. According to a television news report last night, if these fail and the apparatus is opened up, it may be up to a month before supply is restored, due to the time required to flush out air before feeding gas through again. As of 11 am today gas supply is back to normal although the pipe is still blocked. Clearly, some contingency provision must have existed. However the incident is a reminder that disasters can occur from causes that nobody thinks of. Sydney, Melbourne, Brisbane and Canberra, where the bulk of Australia's large computer centres are located, are at relatively low risk from civil insurrection, terrorism, tsunami, volcanic eruptions, earthquakes, catastrophic floods, forest fires, hurricanes and tornados. It is sometimes difficult to take IT disaster recovery seriously here, as the disasters that typically make foreign news headlines are of types that we are not very likely to suffer. This gas supply failure is a handy reminder (and the recent protracted failure of electrical supply to Auckland CBD is another) that causes that nobody has thought of and nobody has planned against, while individually rare, are many. Who would have thought that a temperature drop to 4 degrees could possibly have such an effect? Mike Martin, email@example.com, Sydney, Australia
I have been told that the British High Speed Trains have simple detectors on board which indicate to the driver if a bearing or wheel fails. If the indication is ignored, the braking system comes on automatically. If this is so, the sorry story indicates an obvious risk - that something that looks high-tech and sophisticated viz the ICE train, may not in fact be so.
I'm surprised no one has noted that Linux Journal's <http://www.linuxjournal.com/issue49/index.html> May issue carried a story about Linux being used for a data acquisition system on the ICE trains. The problem being studied? Prematurely out-of-round wheels... [URL corrected in archives, thanks to Rogier Wolff. PGN]
I suspect this is an old point to RISKS-ers, but: without disagreeing with the basic point, it's worth noting that such systems must, alas, be manual enough that the driver is the one who makes the ultimate decision. Anyone who has been on an airplane with a white-knuckled flyer knows that if there was an "emergency stop" button, it would get pressed for every bump, groan, or whine, and twice when fuel is vented from the overflow. While (presumably) most train passengers aren't as white-knuckled as some flyers, and I wouldn't be surprised if Germans were more self-controlled about such things than we Yanks, I'd hate to have them spend a fortune installing Emergency Stop buttons, only to find that 25 false emergencies the first week alone make them impractical... For a vaguely related column from _Upside_ magazine, see http://www.upside.com/texis/mvm/story?id=34712c1d63 ...phsiii
On May 26 I called AOL's billing department to test this, giving only name and home address, and they changed my password ON THE VERY FIRST ATTEMPT. C|Net's Jim Hu also reported the same results from his own test, though it took him a few more calls... http://www.news.com/News/Item/0,4,22538,00.html The day I called, most calls were ALREADY being forwarded to AOL's "small group of better-trained reps". I guess at least one phone rep hadn't learned to forward calls to the specially-trained password representatives in the first place. (I believe AOL's next step is to disable the ability to change a password for all but the specially-trained reps.) In AOL's defense, Steve Case reported in January that the reps handled over a million calls per week. But there's been other stories about AOL accounts being compromised recently... http://www.mtv.com/news/headlines/980601/story3.html http://www.netguide.com/Snapshot/Archive?guide=internet&id=1184 It's ironic, because in the wake of the [other] Timothy McVeigh incident in January, AOL's CEO Steve Case admitted they'd divulged a subscriber's real-life name, accepted responsibility — and added "AOL's commitment to protecting the privacy of our members is stronger than ever." David Cassel AOL Watch http://www.aolwatch.org
I just found out that Holiday Inn uses your Social Security Number as your "frequent stayer" account number. I called to enroll in the program, found out that I already was enrolled (11/95)) and that my account number was my SSN! No, they can't change your number now, but plan to do so later in the year for all "old" accounts that use the SSN. Can they have been that electronically clueless as recently as November 1995? Looks like it. Willis Frick
Are they trolling? (a) if it was a 15th-century invention, it would have been built in the 1400s, not in 1600 (b) how did it handle September 1752? (c) a report from an unnamed "Japanese press" outlet describing a similarly unnamed museum in Liverpool, England? [On (a), Off-by-one errors are very common in naming centuries. And this is only an off-by-one rather than off-by-two. Ignoring us computer folks who like to count from 0, 1600 was the last year of the 16th century. On (b), Obviously it didn't. but that was only a slip of a bunch of days and one doubts that this thing was accurate enough to worry about that — not to mention leap-second corrections. On (c), Apparently nando.net's logo confused our contributor? And then there is (d), This whole item was rather whimsical anyway. PGN]
The real problem to this ex-GI is that what happens when war breaks out and we find the GPS signal either jammed or, worse, meaconed[*] (theoretically, proper meaconing could result in your cruise missile heading for one of your own sites...). Given the reliance the US armed forces are placing on GPS, it is an obvious Achilles heel to attack. [* meaconed = misbeaconed, not misspeakin'? PGN] Yes, there are backups, principally: 1) Radio beacons (LORAN, SHORAN, etc): Subject to jamming and beaconing 2) Inertial Navigation: Subject to drift over time. Most commonly updated by ... STAR SHOTS (i.e.: celestial navigation) A related problem to this old grunt is that we are equipping every platoon in the US Army with GPS. Admittedly, there is an old army saying that the most dangerous thing on the battlefield is a second lieutenant with a map and compass, but what happens when the GPS takes a round, the battery resupply gets screwed up, the platoon dud forgets and leaves it behind... 150 years ago Carl Von Clausewitz came up with what he termed "friction" in warfare - all sorts of little things go wrong frustrating the commander's intent. Indeed, from his view, you don't win a battle, you avoid losing it by making the fewest screwups. This is such a military given, that the US Army lists "Simplicity" (who do you think came up with KISS - Keep It Simple, Stupid?) as one of the Nine Principals of War. Complex plans, complex devices fall apart...why do you think that a guy with a rifle with a bayonet on the end is what still decides wars? Now imagine you've got a unit which has become dependent on the GPS and have allowed their land navigation skills to atrophy. How would you like to be bringing in air strikes, calling artillery fire missions or even trying to bring up evening chow to this crowd? If I was a unit commander, I'd lock up the GPS's in the supply room and do all my field training without them. If the balloon goes up and they work, fine, If not, we are ready.
> The risks? When you are using that cordless phone, someone else may be > listening, even if it's illegal. This is true of *all* wireless conversations, unless you're using encryption of course. The US government went a bit further with cellular phone frequencies in the 800 MHz band and passed a law that requires them to be blocked on scanners; it wasn't long before enterprising scanner owners were opening them up, removing a diode, and re-enabling those frequencies. The US government then passed another law which stated that scanners cannot be easily modified to re-enable these frequencies, but this law of course is not effective in the rest of the world. The net effect has been that it's hard to get a scanner in Canada with these frequencies enabled because the US imports have them disabled, and the other imports are sold via mail order to US customers before Canadians have a chance to get their hands on them. And the result to cellular phone users? They have a larger illusion of privacy without actually having it. (Various US state governments have also tried to protect people's `right' to privacy while broadcasting what they say to everyone within a radius of miles; in some states, I understand, it's actually illegal to use a scanner while mobile, which prevents one even from walking out one's front door with it. As an observer from across the border, I'm mystified by US laws: it's too much a violation of one's freedoms to pass a law against carrying guns around, but carrying a scanner is so much more dangerous that there must be a law against it?) Curt Sampson, Internet Portal Services, Inc., Vancouver, BC (604) 257-9400 Info at http://www.portal.ca/ firstname.lastname@example.org
Several RISKS readers have questioned my claim that the military is prepared to launch spare GPS satellites from silos in the event of war. It turns out that they are right, and I am wrong. As it happens, I have a distant cousin who recently retired from a very high rank in the U.S. missile forces, so I asked him. Here's his answer: > To my knowledge Geoff, you got this one wrong. All of our missiles have > warheads on them. We used to have some that had a communications package > on (not a satellite but a up and down space probe) but they have all been > retired. Sorry. Guess I'll keep practicing with that sextant... Geoff Kuenning email@example.com http://fmg-www.cs.ucla.edu/geoff/
Please report problems with the web pages to the maintainer