The Channel Tunnel has been closed in both directions since early afternoon (Weds 20 Aug 1997). The reason for the closure is that several alarms had been set off for a yet undetermined cause. [Source: AFP]
*The New York Times* "CyberTimes" section has an article describing adventures with a satellite navigation system installed in a rental car. The system, *Neverlost*, was not always helpful. Of course, the author was using it in Boston, ``land of streets made from cow-paths and drivers made from pure adrenaline.'' <http://www.nytimes.com/library/cyber/compcol/081997compcol-manes.html> Martin Minow email@example.com
Reuters News Service (18 Aug 1997) quotes President Clinton as follows in a speech at the National Archives on 15 Aug 1997: We can't have the American people looking to a new century and a new millennium with their computers, the very symbol of modernity in the modern age, holding them back and we are determined to see that it doesn't happen. ... I want to assure the American people that the federal government, in cooperation with state and local government and the private sector, is taking steps to prevent any interruption in government services. However, a July 1997 OMB report noted that 71 percent of the government's ``most important computers'' were yet to be repaired or replaced. [... but there are still 2.365 years left! PGN] http://www.yahoo.com/headlines/970818/wired/stories/clinton_1.html
> There are more than 50 other card security products available for Internet > usage. They are generally simplier, faster, and avoid the SET exposures > identified above. I'm somewhat surprised by the inclusion of the above comment as a 'risk'; it presents risks that are well known as if they had been recently discovered serious flaws, which they are not. Indeed, Nathaniel Borenstein of First Virtual pointed out the same problem about two years ago. The purpose of financial cryptography is to control, not eliminate, risk. I am familiar with the details of more than 75 Internet payment schemes. The credit-card associations chose SET for sound reasons, like SIPPS and iKP/SEPP/SET before it, SET avoids the compilation of plaintext databases of credit-card numbers and authentication details by merchants. Absent the use of a 'smartcard' or similar protected memory product there is no way to ensure that financial software has not been suborned. This is a particular problem when unsecure operating systems such as DOS, OS/8, Windows 95 are in use. The commercial reality however is that such systems have to be supported, and in any case there is no point in requiring hundreds of dollars to secure each Internet credit-card user when the standard credit-card security system is so weak. Using a password that is presented to every merchant en-clair is hardly state of the art. In time it is likely that additional security measures will be justified. These are likely to start with the replacement of the plastic credit card itself with a smartcard of some description. SET was specifically designed to facilitate this. Merchants will probably be offered some form of discount for using an interface device sealed in a tamperproof box at some point. SET was certainly not presented as a solution to all forms of financial transaction risk. It is a flexible platform however and can be extended. It is probably quite possible to eliminate all conceivable risks in the first revision of the protocol. To do so would introduce additional complexity and reduce options for dealing with unanticipated risks however. The point of SET is not just to protect credit-card numbers, it is to allow a move away from a system so dependent on them for security in the future. Phill
This brought to mind a project I did years ago at SRI for a major US Airline, which explored vulnerabilities of their IT operation, inter alia. We found that a tug or barge going out of control on a nearby river and taking out a bridge would bankrupt the airline! The reservation communications lines all came from a single telephone company central office -- across the river. Estimates for minimal bridge construction were 90 days on an emergency basis, but 20 days without reservations capability would bankrupt the airline. They immediately put in a backup microwave link, but I wonder how many other businesses are in similar risk positions today. Bob Ratner
>Wordmail is an example of the extensibility of Exchange; actually anybody >can build an editor and hook it into Exchange as an Email editor using MAPI. Well, yes, but this wasn't what the original poster was complaining about. The point is that it's a custom, certainly, if not a standard, that the primary intelligence contained in an email message be in text, accessible to _any_ mail program, including this one I run here on my VT100. His assertion was that what Exchange was doing was putting that primary intelligence _in an attachment_, _in a proprietary format_, and leaving the main body of the message _empty_. If his assertion is incorrect, so be it... if not, then the design of that system is poor, in todays environment... because people will come to depend on it internally, and then be unpleasantly surprised when they send mail to correspondents outside the company, who can't _read_ the messages. Why is this feature so useful, anyway? If Word could save these documents in some standard interchange format, like HTML, for example, in a proper multipart/alternate format, that would be another story, but I gather that that is _not_ what it's doing... And which format of Word are you running, anyway? :-) The RISKS are obvious: assuming that what Microsoft thinks is good for you, actually is. Jay R. Ashworth, Ashworth & Associates, +1 813 790 7592 firstname.lastname@example.org http://rc5.distributed.net
My work place has recently moved to a new building. The new place has magnetic swipe cards which are used to gain entry to the building. One swipes the card through a reader and then types in a 4-digit PIN to unlock the door. The keypad has three lights, red, yellow and green, to indicate its state. The yellow light is on when you are expected to enter a PIN, the green light when the door is unlocked, and the red light when the wrong PIN is entered. The card does not indicate which building it is for, only giving the mailing address of the company which provides the entry mechanism. So it would not be obvious to anyone finding such a card as to which building they could now enter. Thus having to type a PIN, in addition to swiping the card, is an annoying additional security measure. However, to identify the card it has a unique 4 digit number on it. Stunningly, the access PIN is VERY closely related to this number — given a card, one can derive the access PIN, even a five year old could do it! Thus the additional security of the PIN is useless — if one did know which building the card was for, one might well know how to determine the PIN. One morning, as I was entering from the car park, I swiped the card and started entering a PIN. But I'd started entering the PIN for a different card. I noticed my error before completing the 4 digits, and as one simply remembers PINs by the pattern thay make on the keypad (well I do, at least), I didn't know how many digits I'd typed. No problem, I thought, I just swipe the card through and that will reset the lock, so I can type the right number. This I do, but the door remains locked. Confused by this, I carefully swipe the card through, notice that the yellow light flickers off and on (as it normally does when you swipe), and carefully retype the PIN. Part way through, the red light flickers. The door remains locked. Now I figure out how the lock works: 1) Reswiping the card does not reset the keypad, in spite of indicating otherwise, by the lights changing. 2) Entering the wrong PIN is not a sticky error mode. It is not cleared only by swiping a card through. Pressing a key will also reset the key sequence. So you cannot tell that an error occurred in a sequence, by the final state of the lights. All I need to do now is carefully press keys until I see the red light go on (I must still be part-way through a sequence). Then I can reswipe the card and type in the correct key. This I do, only to still be denied entry. Arrgh! After three failures, the system invalidates your card! So here I am in the carpark, locked out of the building, when I discover this door does NOT have an intercom on it to call reception (unlike the others). I have to leave the carpark (fortunately I don't need the card to do this) and walk round to reception to explain the problem. They do not seem to appreciate the problem — that the failure modes on the entry mechanism are 'surprising'. I also discovered another failure mode. While trying to call reception from the carpark, I noticed that in addition to having the digits 0-9, there are two buttons labeled A and B. These seemed to serve no function, except that simultaneously pressing both lit the green light. Unfortunately for me, this wasn't some kind of override, as the door remained unopenable, inspite of the keypad indicating otherwise. It is depressing that the high tech replacement for the humble key, fails so spectacularly. Dr Nathan Sidwell, Chameleon Software Group at SGS-Thomson email@example.com http://www.pact.srf.ac.uk/~nathan/ firstname.lastname@example.org email@example.com
A new development in the spam wars? I was away from my machine for the last fortnight, and set up my vacation program to reply to any mail with a brief `I'll get back to you' message. When I got back, I found in my mailbox an aggressively nasty message from Samsung America Inc.'s lawyer (Russell L. Allyn, Attorney at Law, SBN 143531, of Katz, Hoyt, Seigel & Kapor, Los Angeles), which included, among many things, the following (complete) paragraph: > Your email name was provided as being suspected of > connection to various acts of internet terrorism. Your acts > are illegal. For the curious, full text, with abuse and threats, is at http://www.mpi-sb.mpg.de/~sean/Samsung; it makes amusing reading. I'm not sure if it is legally correct even in L.A., never mind in Germany where I received it. Certainly that last complete sentence quoted seems, to put it mildly, very sloppy on the part of Mr. Allyn. Apparently some idiot at Samsung America spammed the net at the beginning of the month with a message which I deleted without even bothering to read. The person qualifies as an idiot not for spamming the net (which makes him merely offensive), but for leaving the reply-to field set to Samsung America's address and thus providing an barndoor sized target for anybody with a grudge about junk email. After the mail bombs arrived, it seems the lawyers gathered the addresses of all the replies together and bombed back. I got caught in the crossfire. I wonder if any of the hinted legal actions possible against mailbombing are applicable to unprompted threats of legal action delivered by email? Sean Matthews, Max-Planck-Institut fuer Informatik, Im Stadtwald, 66123 Saarbruecken, Germany +49 681 9325 217 http://www.mpi-sb.mpg.de/~sean/
> [Perhaps some of our Australian readers can say > whether any of *their* laws were violated! PGN] There has been some discussion as to whether or not our laws cover spam in general, but I believe they're as clear as US law when it comes to this particular method of masquerading. The relevant part of Australian law is: The Commonwealth Crimes Act 1914 (as amended). Section 76E was added under the Section 9 of the Crimes Legislation Amendment Act No. 108 of 1989. CRIMES ACT 1914 - SECT 76E Damaging data in Commonwealth and other computers by means of Commonwealth facility 76E. A person who, by means of a facility operated or provided by the Commonwealth or by a carrier, intentionally and without authority or lawful excuse: (a) destroys, erases or alters data stored in, or inserts data into, a computer; (b) interferes with, or interrupts or obstructs the lawful use of, a computer; or (c) impedes or prevents access to, or impairs the usefulness or effectiveness of, data stored in a computer; is guilty of an offence. Maximum penalty: Imprisonment for 10 years. When "inserts data into" in clause (a) is related back to "intentionally and without authority", I think such masquerading falls within the intent of the law. The lack of physical presence within the borders of Australia do not excuse the sender from being bound by our laws when it comes to computers. CRIMES ACT 1914 - SECT. 3A. Operation of Act. 3A. This Act applies throughout the whole of the Commonwealth and the Territories and also applies beyond the Commonwealth and the Territories. Our laws allow a trial to occur "in absentia" where the Justice feels that such is in the best interests of the Crown. He or she may also issue a warrant for the arrest of the sender and initiate extradition. I send this along with the applicable US code in response to spam to the abuse and postmaster contacts along with the spammer. Thanks to Karl Ferguson <firstname.lastname@example.org>, who allowed me to use it. Martin Gleeson, Webmeister, Information Technology Services, Univ. of Melbourne +61 3 9344 7407 email@example.com http://www.unimelb.edu.au/%7Egleeson/
As it happens, I have some recent experience configuring mail software to deal with spam relaying. > ibm.net site that masqueraded as satech.net.au so it could relay the > message through satech.net.au's SMTP server. Actually, satech.net.au wasn't fooled by the masquerade. They looked up the IP address of the ibm.net host to determine its hostname, as shown in the header: > Received: from satech.net.au (slip166-72-12-169.us.ibm.net [184.108.40.206]) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Why did they relay the message? Probably because they don't discriminate: their mail system is configured to relay any message that's received. (See below for a possible reason). > Isn't this in violation of the U.S. federal law ... I'll let the lawyers talk about the legalities, but it sure seems like unauthorized use to me. That's why the systems I manage at UC Berkeley (a very small number of the thousands on campus) will relay mail only for which the sending host or the recipient is within the Berkeley.EDU domain. But a lot of sysadmins on campus are reluctant to do this kind of filtering because many of their users routinely use outside ISP's to access the campus network from home or while traveling. These users point their mail software at their campus mailservers, and legitimate email to off-campus addresses would be blocked if the mailservers didn't relay. We don't yet have a simple way to block the spammers while allowing specific users to relay mail through our systems. And retraining thousands of not-very-technically-savvy users to use their ISP's for mail relays would be a major task. George C. Kaplan, Communication & Network Services, University of California at Berkeley 510-643-0496 firstname.lastname@example.org
The point is that even though box.net.au did actually correctly identify the sending machine, by DNS lookup. It still accepted the information it was given, presumably via the SMTP "HELO" command. The risk here would be more of the sysadmin who dosn't configure their machines correctly. : Isn't this in violation of the U.S. federal law ... This would depend on such laws applying only to the access and not giving any restriction as to where they are accessing. : Why isn't the sender guilty of a felony ... Again the same potential problem if the laws have been written with the assumption that the cracker is in the same country as their target.
In RISKS-19.31, Dennis Glatting reports having blocked all e-mail from a site after having gotten just one spam that was apparently from that site. That's the biggest RISK of spam in my opinion. It cuts us off from each other. * Filters meant to discard spam often discard legitimate e-mail. * People who realize that much e-mail is discarded unread are less likely to take the time to write informative e-mail, since it will very likely never be seen by the recipient. * People who know where spammers find e-mail addresses are likely to stop posting useful messages to newsgroups or mailing lists, and are likely to ask that all their past messages be removed from any online archives. Or they may post using a fake address, making it impossible for them to receive legitimate replies. * Archivists may get disgusted at the number of people asking to be removed, and may shut down their archive. * People have been falsely accused of spamming, and unjustly punished. * Newsgroup posters who post under a fake address and direct all replies — including ones not of general interest — to the newsgroup, cause newsgroups to fill with junk, causing people to stop reading them. * So does newsgroup spam, which has already rendered numerous newsgroups totally unusable and abandoned. On several, I've checked 100 consecutive messages and found that every one of them was spam. Starting over with a new newsgroup doesn't help, since spammers will take over the new one too. Our moderator reports that he [*] rejects all e-mail from sites on which there are lots of spammers. [Not me; our entire site is being subjected to spams, and our Admins decided that is the only thing we can do at the moment. PGN] That's a perfect example of what I'm talking about. Spam is rapidly making the net unusable. It's as if you spent the day in a business meeting, a hobby club meeting, a PTA meeting, and an author talk at a bookstore, only to have every event repeatedly interrupted by outsiders who read a commercial pitch (probably for a pyramid scheme or a quack remedy) then leave without listening for replies. I wouldn't be surprised if the true costs of spam are already in the billions of dollars, mostly in lost opportunity costs. In return for which, perhaps a half-dozen people are making a mediocre living, mostly by selling spamming services to the gullible and larcenous who can't believe that if they send one-million ads for an MLM or credit-repair scheme, they will probably get fewer than ten positive responses. [Perhaps some of them actually do get tons of responses? PGN]*typos fixed Keith Lynch, email@example.com http://www.clark.net/pub/kfl/ I boycott all spammers.
> who I'll call foo.com. ... This serves as a reminder to be careful about choosing dummy placeholder names. foo.com is a real domain (exists in the DNS), as are bar.com, foobar.com, foo.org, bar.org, foobar.org, example.com, dummy.com, badguys.com,... You get the idea. A lot of "obvious" dummy names actually exist as valid domain or host names. There are at least two sorts of associated risk - * the risk of legal (or other) action in response to defamatory comments which used a dummy name (that happened to exist) to hide the identity of the domain actually being criticised, or other unwelcome (mis)uses of real domains (e.g. perhaps using "foo.com" as a dummy name in documentation that was unconnected with the real foo.com). * the risk of inadvertently allowing access to your own systems, or causing unwelcome network connections to remote systems, by failing to remove or comment out example entries in sample software configuration files which refer to "imaginary" systems or domains which just happen to exist (now, even if the authors of the examples checked and found the names were not in use when the examples were written). John Line - Cambridge University Computing Service, New Museums Site, Pembroke Street, Cambridge CB2 3QG, England firstname.lastname@example.org +44 1223 334708
How does this demonstrate technological incompetence? My school does not allow laptops in the classrooms because the sound of typing is distracting for the other students. Furthermore, I guess I would be a little irritated to think my Senator was receiving "real time analysis" of pending legislation and ongoing debates via email from highly-paid lobbyists and campaign contributors. It's nice to think that the Senate is thinking long and hard about the RISKS of upgrading their technology.
Several years ago in Alabama, the State House of Representatives passed a rule barring computers on the House floor. (Ironic that the one technology issue that Alabama is in the lead on is in barring the use of technology). According to the press reports of the time, there was only one representative who was using a laptop at the time, so the rule could be reasonably interpreted as directed at him. Apparently, the prevailing opinion of this representative among his colleagues was best described as the north end of a south bound mule. I have no idea if this applies in this case. The risk: Even with high-tech, you still have to be nice to people.
What I find more disturbing is an apparent lack of understanding that the Senate is supposed to be a deliberative body where members listen to and debate issues of the highest national policy. Regrettably, IMHO members already spend too much time off the floor, reading, posturing for the press, etc., etc. Notebook computers have no more business on the Senate floor (or many other places where human interaction is key, e.g., courtrooms) than cellular phones - for the same reasons. The RISK is to civility and the deliberative process.
In RISKS-19.29, R Spainhower <email@example.com> castigates the U.S. Senate for disallowing laptops on the Senate floor. But I think the issue is more complicated than just technophobia. My comments are based on hazily remembered information from an August 11, 1997, National Public Radio story on "All Things Considered". (The audio is available on-line at <http://www.realaudio.com/rafiles/npr/password/nc7A1101-4.ram>, but unfortunately I can't listen to it (again) from within our firewall.) The Senate is a very tradition-bound place. Right now senators may not carry pagers or cell phones on the Senate floor. Furthermore, access to them by aides, etc., is very much limited. The idea is for the Senate to be a deliberative body, free from external distractions. Imagine the potential distractions of having laptops. Trying to look up information while other Senators are speaking (and thus not closely following the argument the speaker is making.) Senators playing solitaire or Maze Wars. Senators exchanging email with each other or with their staffs via wireless networks. (And imagine the interesting security implications of that!) My first reaction to the flap was like R Spainhower's. But after some contemplation, I'm willing to let the Senate remain a body for deliberation and discussion, without electronic intrusion. (Oh, and I'm just as cynical as the next person about how well the Senate actually performs its deliberative function, but its not clear to me that allowing electronic gadgets on the floor would make things better.) Dave Kristol
Please report problems with the web pages to the maintainer