The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 19 Issue 97

Friday 25 September 1998

Contents

o END OF VOLUME 19
PGN
o Hackers changed troops' blood types on DOD Web site
PGN
o Rasputin-like footnotes in Starr report
Mark Eckenwiler
o Risks of format conversion in the Starr report
Epstein Family
o Nancy Kerrigan settles X-rated net suit
Declan McCullagh
o Re: Sexy risks of searching for MP3
Larry
o Copenhagen Airport plagued by new baggage system
Debora Weber-Wulff
o Zenit failure attributed to flight control computer problems
Peter B. Ladkin
o Minutes away from nuclear holocaust
Mark Corcoran
o Bank error turns payday to mayday
John Oliver
o Pentagon security barriers -- a rising problem
Mich Kabay
o Hacker accused of using U S West computers on math problem
Mark Sugarman
o Spelling checker yields "General Negro" for Position Available
Matt McPherson
o Re: De-Rail Canada
Ruth Milner
o Re: "Windows NT Security"
John Nolan
o REVIEW: "Web Security Sourcebook", Rubin/Geer/Ranum
Rob Slade
o REVIEW: "Computer Crisis 2000", W. Michael Fletcher
Rob Slade
o Info on RISKS (comp.risks)

END OF VOLUME 19

"Peter G. Neumann" <Neumann@CSL.sri.com>
Fri, 25 Sep 1998
The end-volume summary issue (RISKS-19.98) is available on the ftp site as
risks-19.00 in the main directory, and is now also in the new subdirectory
19 as both risks-19.00 and risks-19.98 -- along with the rest of volume 19.


Hackers changed troops' blood types on DOD Web site

"Peter G. Neumann" <neumann@csl.sri.com>
Wed, 23 Sep 98 11:58:50 PDT
In a talk to the Washington D.C. chapter of AFCEA (the Armed Forces
Communications and Electronics Association), Art Money (nominee-to-be for
U.S. AsstSecDef for C-cubed-I) said that "Cyberterrorists have hacked into
and altered the Defense Department's medical World Wide Web pages that
contain information on troops' blood types" according to an article by Bob
Brewin (antenna@fcw.com).  Apparently, the intruders penetrated and altered
medical databases at DoD hospitals in the Southeastern United States.  This
incident has reportedly caused the DoD to revisit its policy of what
information to put on its Web pages.

  [I guess the PREVIOUS hacks did not raise enough alarms?  Well, maybe
  that will change if Money is on the line.  For new readers, the earlier
  cases of DoD Web site hacks were in RISKS-19.63 (the Army) and RISKS-18.64
  (the Air Force), with other U.S. Government Web site hacks noted in
  RISKS-18.35 (Justice Department), RISKS-18.49 (CIA), and RISKS-18.88
  (NASA).  Then there was the Cloverdale case, which DeputySecDef John Hamre
  called the "most organized and systematic" attack (RISKS-19.60).
  ``Can you spell "security"?'' (and while you are at it, address integrity,
  preventing denials of service, and other aspects of security -- as well as
  the general preoccupation with confidentiality). ]


Rasputin-like footnotes in Starr report

Mark Eckenwiler <eck@panix.com>
Wed, 16 Sep 1998 11:05:04 -0400 (EDT)
File under "Yet Another Case of 'Deleted' Text That Isn't":

*The Washington Post* reports (16 Sep 1998) that the copy of the Starr
report made available on the Internet by the House contained footnotes
absent from the printed version delivered to Congress.

It seems that Starr's team wrote the document in WordPerfect, and provided
the House with an authoritative disk copy.  When House computer technicians
converted the document to HTML format for release on the Web, footnotes that
had been "deleted" in the drafting process suddenly reappeared.

According to the *Post* story, when one deletes a WordPerfect footnote, the
program simply inserts a token "that says, in effect, ignore the following
passage.  But the conversion to HTML had the effect of inserting a
countermanding symbol: Ignore the ignore command."

One of the erroneously resurrected footnotes contained an alleged comment by
Lewinsky when, upon being barred from the White House, she learned that the
President was meeting with TV journalist Eleanor Mondale.  The "deleted"
footnote quoted Lewinsky as saying, "Maybe she's not sleeping with him yet.
Anyway, there's the excitement.  It's the president."  (A quick check
reveals this to be footnote 739 of the Narrative chapter, which I downloaded
from the Post web site Friday afternoon.)

In addition to reviving deleted footnotes, the document conversion process
also dropped some passages included in the official report.  The erroneous
additions and deletions made their way into innumerable online copies
available on the Web, as well as full-text copies of the report included in
the Saturday editions of the Post and several other newspapers.

There's a old saying about Supreme Court opinions to the effect that the
bodies are buried in the footnotes (e.g., that the most potent and difficult
opposing legal arguments are cursorily dealt with there).  One wonders what
other tidbits are on the Starr disk.  Fragmentary copies of earlier drafts?
Slack space at the ends of files?  Other WordPerfect hidden text?

Mark Eckenwiler    eck@panix.com


Risks of format conversion in the Starr report

Epstein Family <jepstein@mail.mnsinc.com>
Fri, 18 Sep 1998 07:56:10 -0400
  [... more on the foregoing ...]

Risks:

(1) The old one, mostly discussed in terms of Microsoft Word in the past,
that wysiNwod (what you see is NOT what's on disk).  There have been
numerous articles in RISKS noting that deleted text is frequently still
there in Word.  I don't ever recall seeing anything to this effect with
WordPerfect, though.

(2) A newer risk but related risk, that since conversion programs don't
follow the same algorithms for figuring out what text to translate, things
get added or dropped without the user's knowledge.  This can happen even
when the converter comes from the same company as the proprietary format.
For example, the pluggin converted for MS Word 7 (i.e., for Office 95) to
convert Word to HTML silently drops all footnotes.

(3) As has also been noted too many times to count, as the technology has
become ubiquitous, but knowledge of the limitations has not, we run
increasing risks that we'll get tripped (Tripped?) up by such problems.

Starr should thank his lucky stars (starrs?) that there have not been more
significant or embarrassing discrepancies uncovered.  Perhaps had he been
smarter and used a lighter-weight word processor, he could have been spared
this glitch.  Starr light, starr not-so-bright, ....  [I know it's a
stretch, but I couldn't resist.]

  [Also noted and commented on by A. Michael Froomkin.]

    [In other news, I heard an item that some of Monica Lewinsky's
    deleted computer files have been recovered from her computer.  PGN]


Nancy Kerrigan settles X-rated net suit

Declan McCullagh <declan@well.com>
Sun, 20 Sep 1998 13:09:35 -0700 (PDT)
Former Olympic figure skater Nancy Kerrigan has settled a lawsuit against
Marvista Computing Co. after a faked porno photo with her face and someone
else's body appeared on their Web site as a come-on to attract customers.
Their three computers will be stripped of porno images and donated to a
local school.  [Source: UPI, 17 Sep 1998, PGN Abstracting]

  Let's hope the files on those hard drives can't be undeleted...  Declan

    [Combine digital photography with the see-through infrared camera
    technology described in RISKS-19.93 and we get undie-lewded truth?  PGN]

  [To subscribe to POLITECH, send a message to majordomo@vorlon.mit.edu
    subscribe politech
  More information is at http://www.well.com/~declan/politech/ ]


Re: Sexy risks of searching for MP3 (Markowitz, RISKS-19.96)

Larry <lan@panix.com>
Wed, 16 Sep 1998 02:29:52 -0400
In RISKS-19.96 Sidney Markowitz writes about pornsite Webmasters padding
their META tags with inappropriate keywords, trying to boost their
hitrates -- sounds like web-spam to me.   [*]

Removal of those sites is a very easy way for the search engines to increase
their hit relevance (the newest golden virtue).  Objective verification of
complaints should be relatively easy, and the penalty - complete removal of
all of that company's pages from the engine might carry some weight.

An alternative solution: A parallel search through a main database and a
list of known "bad hits".  This could be set up similarly to the meta-search
engines, with the side-search results used to modify the relevance sorting,
or remove hits entirely.

Difference of opinion on what constitutes abuse could be settled by allowing
the user to choose which 'abuse' database to sort against.  The logical
extension of this seems to turn into a NoCeM for web search engines.

  [* Laced with odium hitrate?  PGN]


Copenhagen Airport plagued by new baggage system

Debora Weber-Wulff <Debora.Weber_Wulff@te.mah.se>
Thu, 24 Sep 1998 09:58:11 +0200
A small article in Sydsvenskan (Swedish newspaper) noted that SAS is having
a terrible time in Copenhagen getting peoples bags on the right plane. Seems
they have a new computer-operated baggage-handling system that is not
working properly... [now where have I heard that before?!].  SAS is having
to organize large-scale baggage-delivery operations, as the baggage tends
not to arrive until the next plane.  A spokesperson was certain, however,
that they would get the problem sorted out quickly and noted that it was not
the fault of SAS but of the Copenhagen Airport. [*]

Debora Weber-Wulff on sabbatical at Debora.Weber_Wulff@te.mah.se
040-325628  Hemsida: http://www.te.mah.se/person/dw/

  [* A classical case of (sur)passing the ruck(sack).  PGN]


Zenit failure attributed to flight control computer problems

"Peter B. Ladkin" <ladkin@rvs.uni-bielefeld.de>
Fri, 25 Sep 1998 15:45:54 +0200
According to *Aviation Week and Space Technology*, 21 Sep 1998, p21,
technicians believe that a malfunction of the flight control computers
and/or software resulted in the failure of the Zenit booster launched from
Baikonur on September 10. Zenit carried 12 commsats for Globalstar.

The Energomash second-stage engine was shut down prematurely, and the
payload impacted in Siberia. Telemetry data indicates that two of the three
primary flight computers shut down, a situation that `left the third
computer unable to control the vehicle', resulting in the cutoff of the
engine.

This is clearly not the full story. It suggests the primary flight control
had three parallel channels, but in that case one should have sufficed to
control the booster. Also, if loss of control resulted in cutoff of the
engine, then some machine `knew' that control had been lost (presumably the
inertial nav computer) and indicated that to whichever machine performed the
cutoff. An interesting contrast to Ariane 5, on which apparently the nav
computers shut down on detection of gross navigational errors.

Peter Ladkin, Universitaet Bielefeld, Postfach 10 01 31, D-33501 Bielefeld,
Germany  ladkin@rvs.uni-bielefeld.de    Tel: +49 (0)521 106-5326/5325/2952


Minutes away from nuclear holocaust

<Mark.Corcoran@softel.co.uk>
Thu, 24 Sep 1998 12:41:05 +0000
The Daily Express today (24-SEP-1998) reports - taken from Kommersant
Vlast magazine - on an event that took place almost 15 years ago,
at 21:00 BST, 25-SEP-1983.

Computer screens for the early warning system at the Serbukov-15 base,
indicatedthat a Minuteman ICBM was en route to Moscow, followed seconds
later by other missiles.

If the threat had been confirmed within 10 minutes, and Soviet leader Yuri
Andropov informed of this, a counter-strike would almost certainly have been
issued.

However, Lieutenant-Colonel Satnislav Petrov, "armed with a creaking
computer" was responsible for analysing data from the Oko satellite, Kosmos
1382, and knew that it was subject to faulty readings caused by radiation
damage.

He also knew that the launch was not confirmed by ground-based warning
systems, and did not alert the Kremlin.

An inquiry commission later came away "terrified" at the appalling dangers
created by the defective early warning system.

Re-run of "War Games", anyone?

Mark Corcoran, VMS Systems/Site/Security/Comms & Network Manager, Softel Ltd.
Email: postmaster OR Mark.Corcoran @softel.co.uk   PSImail: 234273400398::MARK


Bank error turns payday to mayday

John Oliver <jdoliver@ozemail.com.au>
Fri, 25 Sep 1998 00:19:40 GMT
From the *Sydney Morning Herald*, 25 Sep 1998:

Tens of thousands of people missed payday yesterday after an error in the
bank's computer program on Wednesday night failed to authorise payments to
banks across the nation.  Employees with more than 50 national companies who
bank with the NAB (National Australia Bank) were affected.  ... information
tecnologists testing the bank's computers last weekend had inadvertently
failed to restore the pay program.

The problem has been overcome and people's pays would be available first
thing this morning.


John (jdoliver@ozemail.com.au)


Pentagon security barriers -- a rising problem

Mich Kabay <mkabay@compuserve.com>
Wed, 23 Sep 1998 09:56:56 -0400
The Pentagon is studying why an automated anti-terrorist barrier suddenly
lifted the front end of a limousine several feet into the air on 21 Sep
1998.  The incident was embarrassing because Japanese Defense Minister
Fukushiro Nukaga suffered a sprained ankle and Rear Admiral Fumio Ota was
cut above his eye and needed several stitches.  Reportedly, three
investigations are being carried out by the Defense Department's police
force (which is responsible for maintaining Pentagon security), the company
that installed the barrier, and an independent analyst.  [Source: UPI US &
World, 22 Sep 1998.]

M. E. Kabay, PhD, CISSP / Director of Education
ICSA, Inc. <http://www.icsainc.net>

  [Perhaps the system is programmed to detect foreign cars?  PGN]


Hacker accused of using U S West computers on math problem

Mark Sugarman <sugarman@gti.net>
Wed, 23 Sep 1998 09:49:38 -0400 (EDT)
According to *The Associated Press*, 15 September 1998:

A 28-year-old computer consultant is under investigation by the FBI for
allegedly hacking into at least 2,585 computers at US West.  Aaron Blosser,
a self-described "math geek", was apparently trying to use the systems to
search for a new prime number.  The hacking was only discovered when the
computers took as long as 5 minutes to retrieve phone numbers, the operation
should normally take 3 to 5 seconds to complete.  The US West Intrusion
Response Team found the unauthorized program running on the computers on May
27th.  The team was able to track the software back to a terminal at one of
the comapany's Littleton offices, where they found Blosser, a contract
computer consultant who work for a vendor which was hired by US West.

"I've worked on this (math) problem for a long time," said Blosser. "When I
started working at U S West, all that computational power was just too
tempting for me."  Blosser ran up 10.63 years of CPU time in his failed
search for a new prime number.

The full article can be found at:

http://cnn.com/TECH/computing/9809/15/uswest.hacker.ap/index.html


Spelling checker yields "General Negro" for Position Available

Matt McPherson <mmcphers@great-lakes.net>
Fri, 25 Sep 1998 10:36:49 -0400
Although mined extensively already, the vein of risks associated with
automatic spelling checkers runs so rich that I can't resist a contribution.
This gem just came across our e-mail, in the form of a MS Word attachment,
as one entry in a list of job opportunities:

  GS-0801, General Negro

A little investigation reveals that GS-0801 is actually the job series
designation for "General Engr".  My experience with said word processor (in
its default configuration) is that it takes a very aggressive approach to
spell checking, and leaves me no doubt how this entry occurred.

I expect some of my non-RISKS reading colleagues here may require a
little explanation to see the humor.   [A little black humor, at that.  PGN]

Matt McPherson, U.S. Army Corps of Engineers, Detroit District
mattm@superior.lre.usace.army.mil


Re: De-Rail Canada (Martin, RISKS-19.94)

Ruth Milner <rmilner@aoc.nrao.edu>
Wed, 16 Sep 1998 18:17:59 -0600 (MDT)
Bruce Martin (Bruce_Martin@manulife.com) described a VIA Rail Canada
derailment on Sept 3, 1997, and the fact that although monitoring systems
generated an alarm, the crew had erroneously concluded that "the failure was
in the warning system, and [...] disconnected it."  He then commented:

   The "computer error" has become a truism, humans are often more
   likely to believe in the integrity of mechanical systems than
   computer systems.

This doesn't mesh with my experience.

Back in 1981, when I would guess that the majority of trains didn't have
computer-generated warnings of mechanical failure, a friend and I took the
TransCanada from Vancouver to Toronto. At a stop in eastern British
Columbia, we got talking to the engineers and they invited us to join them
in the engine compartment.

An hour or so after leaving the station, an alarm - a mechanical bell like
many older fire alarms - went off. One of the engineers went to the rear
part of the engine to check it out. A minute or so later, the alarm went
silent and he came back. When I asked what the problem had been, he said
that there was no problem: the alarms frequently went off for no apparent
reason and he had loosened the cover to shut it up.

So much for believing in the integrity of mechanical systems.

Furthermore, probably like most people reading this article, I have lost
count of the number of times I have tried to explain to someone why
information is not necessarily correct simply because it's "what the
computer says". This happens even in situations where the information is
blatantly wrong, but because it is displayed on a computer screen, it is
taken as gospel and the people accepting it don't make the slightest effort
to evaluate it for themselves. (The cynic in me believes that this ability
is rapidly atrophying.)

In the end, for whatever reasons, perhaps humans are simply more
likely to believe what they want to believe - a big risk in itself,
of course.

Ruth Milner, Assistant to the Director, Computing, NRAO, Socorro NM
rmilner@nrao.edu  1-505-835-7282


Re: "Windows NT Security" (Frankston, RISKS-19.95)

John Nolan <jpnolan@Op.Net>
Thu, 17 Sep 1998 23:41:40 -0400 (EDT)
Bob Frankston mentioned that Windows NT "has been C2 certified," without
elaborating.  This is a misleading comment.

Some years ago, a specially-prepared version of Windows NT 3.51 was
certified as C2 secure.  But this is the *only* version of Windows NT that
was ever certified as such. Extensive modifications were made to the system
registry in order to meet the standard, and the machine was not networked at
the time.

Windows NT 4.0 has *never* been certified as C2 secure, neither in specially
modified form, nor otherwise.  It is not C2 certified.

I hope someone with expert knowledge will fill us in on the details.  I just
think it's a shame that this myth is constantly repeated.

John Nolan, jn@n2k.com


REVIEW: "Web Security Sourcebook", Rubin/Geer/Ranum

"Rob Slade" <rslade@sprint.ca>
Fri, 18 Sep 1998 10:18:53 -0800
BKWBSCSB.RVW   980711

"Web Security Sourcebook", Aviel D. Rubin/Daniel Geer/Marcus J. Ranum,
1997, 0-471-18148-X, U$29.99/C$42.50
%A   Aviel D. Rubin rubin@bellcore.com
%A   Daniel Geer
%A   Marcus J. Ranum
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   1997
%G   0-471-18148-X
%I   John Wiley & Sons, Inc.
%O   U$29.99/C$42.50 416-236-4433 fax: 416-236-4448
%P   350 p.
%T   "Web Security Sourcebook"

As Steve Bellovin notes in the foreword, complexity and security are
antithetical.  To have a complete picture of the security of a single
transaction in World Wide Web activity one must consider the hardware of the
user, the operating system of the user, the client software of the user, the
hardware of the host, the operating system of the host, the server software
of the host, the base transport protocol, the higher level (generally HTTP:
the HyperText Transport Protocol) protocol, the general structure of the
network itself, and the various forms of content.  To expect a short book to
cover all of this material is unrealistic.  The current work, however, is of
inconsistent quality and falls short even of a much reduced target.

Chapter one looks at basic Web history and technology plus a few
illustrative security loopholes.  While basic browser security information
is presented in chapter two, the presentation is disorganized and seems to
stress some relatively improbable risks.  On the other hand, it does point
out some important and little known problems with Internet Explorer.
Advanced browser security lists a good deal of misinformation about cookies
(along with some real dope) and discusses anonymous remailers in chapter
three.

The discussion of scripting, in chapter four, is simplistic in the extreme.
While I would personally agree with the assessment that JavaScript and
ActiveX are not worth the security hazards they represent, these
technologies deserve more than the terse dismissal they receive in the text.
Java gets somewhat more detailed discussion but the authors do not appear to
distinguish between design factors and specific implementation bugs limited
to a given platform.  Server security is limited to UNIX permissions in
chapter five.  Chapter six looks primarily at commercial cryptographic
products, but without having built a solid foundation for their effective
use.  Scripting is again reviewed in chapter seven, this time concentrating
on (again) UNIX CGI (Common Gateway Interface) programming for sanitizing
input from users.

The overview of firewall technologies in chapter eight is reasonable and
balanced, citing the different types of firewalls, their strengths and
weaknesses, and the fact that firewalls can only be one tool in a larger
security strategy, never a complete answer.  Chapter nine presents the
different protocols in transaction security quite well, but fails to give an
analysis of the social and market forces that are equally important to the
overall picture.  Some systems for electronic payment are compared in
chapter ten.  Predicting the future is, of course, problematic, but chapter
eleven seems to contains more faults than can legitimately be said to be
inherent to the process.  As only one example, the authors look forward with
trepidation to "network aware" viruses.  I'm sorry to tell you this, guys,
but the proof of that concept happened in the wild more than a decade before
you wrote the book, and has transpired depressingly often since.

The presentation of this text as a sourcebook is probably valid on the one
hand: the primary value of the tome lies in the mention of various
commercial systems related to Web security.  It cannot, however, be
recommended as a sole source.  Both a conceptual background and an overall
review of the totality of Web security factors are missing.  There are
interesting points in the book, and even useful tips, but while it may
belong on the bookshelf of the dedicated Web administrator it is not
necessarily a must read for those with limited resources.

copyright Robert M. Slade, 1998   BKWBSCSB.RVW   980711


REVIEW: "Computer Crisis 2000", W. Michael Fletcher

"Rob Slade" <rslade@sprint.ca>
Wed, 23 Sep 1998 10:04:53 -0800
BKCMCR2K.RVW   980619

"Computer Crisis 2000", W. Michael Fletcher, 1998, 1-55180-138-8,
U$12.95/C$15.95
%A   W. Michael Fletcher feedback@highspin.com
%C   1481 Charlotte Road, North Vancouver, BC   V7J 1H1
%D   1998
%G   1-55180-138-8
%I   Self-Counsel Press
%O   U$12.95/C$15.95 604-986-3366 fax: 604-986-3947 selfcoun@pinc.com
%P   232 p.
%T   "Computer Crisis 2000"

The book jacket states that the author has thirty years of experience in
advising businesspeople how to deal with technology.  If so, then he is, of
course, part of the problem, since this problem is not one that wasn't
foreseen.  Indeed, in the preface he admits he came late to the problem, and
certainly a warning book now is just a tad behind the times.  However, the
book is aimed at small and medium sized businesses.  This market has been
neglected in other works on the topic, and may still have room to fix the
situation as far as it can be dealt with internally, since their computing
needs are presumably less monolithic than those of the corporate giants.

Part one is a definition of the problem and how it may affect people and
businesses.  The explanation is split into the first two chapters (the book
chapters are very short).  Generally the exegesis is reasonable, although
not altogether convincing of the seriousness of the situation, but it also
contains some sections detailing accounting functions that have only a
minimal bearing on the issue.  A third chapter lists some excuses for
avoiding the work involved, but adds nothing to the book.  Possible impacts
get sidetracked into the beginnings of an action plan, the action plan is
disorganized, and the section ends with a look at legalities that ends, for
some reason, with some thoughts on tax law.

Part two looks at large institutions.  The review of government says
what the author thinks they should be doing, but gives limited (and
likely incorrect) analysis of what the situation and prognosis
actually is.  Much the same applies to the chapter on infrastructure
and utilities.  (The optimistic view of the Internet in the event of a
communications failure is particularly naive.)  The overview of
finances simply looks at a bleak set of possible problems, most
without solution.

Planning and implementation is addressed in part three.  The initial outline
is quite good, stressing that the time for delay and cheap solutions is
past, but it may not be entirely convincing to managers and business owners
due to the weak opening in part one.  Personnel and inventory get some
detail, but the implementation itself is strung over four chapters with
questionable organization.

The final two parts contain two chapters looking at the possible ancillary
benefits of going through the year 2000 process, and a very terse look at
the international scene.  An appendix lists both print and online resources.

As Fletcher notes in the preface, he could not put absolutely everything
into the book, and polishing and the inclusion of more material would have
delayed a project that is late enough as it is.  The concentration on
personal computers and shrink wrapped software is valid given the target
audience.  However, more detail on certain implementation areas would have
greatly improved the book.  As only one example, getting commitments from
suppliers is lacking in breadth and range, and there should be contingency
plans for the inevitable failures in some part of the infrastructure.  This
book is not alarmist: if anything it does not paint the scene widely enough.

copyright Robert M. Slade, 1998   BKCMCR2K.RVW   980619

Please report problems with the web pages to the maintainer

Top