The RISKS Digest
Volume 20 Issue 07

Saturday, 14th November 1998

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Lovesick cod overload submarine sonar equipment
Christoph Conrad
O'Hare's radar malfunctioning
Doneel Edelson
Dallas-FortWorth ARTS air-traffic control upgrade backed out
NASAA spam investors by mistake
Mich Kabay
Interference risks on cruise missiles
Gordon Lennox
Talking elevator with off-by-one error?
George Michaelson
3Com Security Advisory: We built in back doors, so you're at risk!
John Gilmore
Re: Unreliable reception of e-mailed WP documents
Garth Anderson
Re: LA 911 Outage
John Sheckler
Business jet trips/privacy
Daniel P.B. Smith
Corrections on recent issues
GPS internal clock problem
Bob Nicholson
Dumbing down English speech
Bertrand Meyer
REVIEW: "Cyberspace and the Law", Edward A. Cavazos/Gavino Morin
Rob Slade
REVIEW: "E-Commerce Security", Anup K. Ghosh
Rob Slade
System Safety Society Conference — Call for Papers
Dixon Jack
Info on RISKS (comp.risks)

Lovesick cod overload submarine sonar equipment

Christoph Conrad <>
Fri, 13 Nov 1998 21:42:20 +0100
Associated Press in a German newsletter, 13 Nov 1998 (retranslated by me):

"Norwegian submarines have discovered an unexpected problem while diving
off the Norwegian coast: the grunting noise from swarms of lovesick cod
overburdens the sonar equipment.  Thereby navigation in Norwegian waters
is almost impossible, said the Defense Department yesterday."

  [For non-English readers, codfish = torsk in Scandinavian languages,
  while other linguistic fisk roots stem from bacalao, morue, merluzzo,
  Kabeljau, tara, ...  For English speakers, it is evident that the
  submarines need a cod peace to hide their attractive nature.  PGN]

O'Hare's radar malfunctioning

"Edelson, Doneel" <>
Thu, 29 Oct 1998 12:42:10 -0500
Air-traffic controllers say a new radar system has been malfunctioning,
causing them to lose track of planes at O'Hare International Airport, one of
the world's busiest airports.  The computer system repeatedly drops critical
flight information, misidentifies aircraft location, and gives false
information, according to Kurt Granger, president of the National Air
Traffic Controllers Association in Elgin, Illinois.  Federal Aviation
Administration spokesman Don Zochert denied Granger's claims, saying the new
system is safe.  He said the new, up-to-date software is also used in
Denver, Dallas and New York City.  [Source: *USA Today*, 29 Oct 1998]

Dallas-FortWorth ARTS air-traffic control upgrade backed out

"Peter G. Neumann" <>
Wed, 11 Nov 1998 11:26:35 -0500
The ARTS 6.05 software in use at the DFW regional TRACON (Terminal Radar
Approach Control) center has been causing so much confusion for the
controllers (who maintained that safety was compromised, whereas the FAA and
the union had said there was no danger) that the system has been backed off
to an earlier version, ARTS 6.04.  Reportedly, there some ghost
(nonexistent) aircraft showing up, while real planes were omitted.
Controllers noted that 200 complaints in the past month had been ignored by
the FAA until now.  One particular case occurred on 30 Oct 1998, when a
flight disappeared for 10 miles.  Another case involved a plane at being
handed off at 10,000 feet, with the recipient controller's screen showing
the plane at 3,900 feet.  Such problems had not occurred with ARTS 6.04, but
ARTS 6.05 seems to have significant improvements (ignoring the glitches).

This is the same software that is used in Chicago (see the previous item in
this issue!), Denver, NY, and southern California.

  ``Officials compared the shift between the two programs to the difference
  between the Windows 95 and Windows 98 operating systems on personal
  computers.  As with any new software, there are bugs to be worked out, they
  said.''  [That is REALLY reassuring.  PGN]

[Source: article by J. Lynn Lunsford, *Dallas Morning News*, 7 Nov 1998, and
an article by G. Chambers Williams III, Fort Worth Star Telegram, 7 Nov
1998; the quote relating to Windows 95/98 is from the FW Star Telegram
article.  PGN Stark Abstracting]

NASAA spam investors by mistake

Mich Kabay <>
Mon, 2 Nov 1998 11:09:53 -0500
Anti-fraud vigilantes responded to an appeal from the North American
Securities Administrators Association (NASAA) for leads on possible
securities fraud involving junk e-mail.  Unfortunately, last week (30
October), these good citizens each received up to 300 messages thanking them
for their tip.  The glitch was solved by Friday morning.  Anyone wanting to
contribute to the fight against stock fraud is invited to visit the NASAA
web site at <> for information on how to participate.
[Source: a Reuters item , 31 Oct 1998]

M. E. Kabay, PhD, CISSP / Director of Education
ICSA, Inc. <>

Interference risks on cruise missiles

Wed, 4 Nov 1998 13:25:20 +0100
Following the Patriot item...

> From Aviation Week & Space Technology - 2 Nov 1998 - Page 23

> The auctioning of frequency spectrum to commercial telecommunication
> providers is undermining the Pentagon's ability to counter low-observable
> (LO) cruise missiles.... The large amount of spectrum already auctioned off
> even now is impacting at least one classified system used to detect
> low-observable aircraft and missiles...

  [... not to mention the Leonid shower of meteorites
  coming up in a few days.  PGN]

Talking elevator with off-by-one error?

George Michaelson <>
Thu, 12 Nov 1998 11:19:10 +1000 (EST)
new building. 7 floors labelled [1..7]

  enter lift [elevator]. select floor 1.
  arrive at floor 1. lift announces:
  "floor eight"

My guess is that the software is generic and is loosely coupled to the real
"I know where I am" function the lift has innately, talking or not. I have a
mild concern that a lift this confused maybe doesn't want to be used.

Shades of Douglas Adams..


3Com Security Advisory: We built in back doors, so you're at risk!

John Gilmore <>
Wed, 28 Oct 1998 12:08:25 -0800
They don't quite admit to not knowing anything about security — putting
undocumented back-door passwords into their switches, and putting in a way
to read the administrator's password via an un-authenticated SNMP query.
But you can tell that the information secured by this incredible obscurity
is all over the cracker community, if 3Com is now willing to put it up on
their Web page.  As usual, only when the bad guys have had your system wide
open for months, will the supposed "good guys" tell you, ahem, you have a
problem.  They *did* release fixed firmware, I give them credit for that.


> 3Com Security Advisory for CoreBuilder and SuperStack II customers
> 3Com is issuing a security advisory affecting select
> CoreBuilder LAN switches and SuperStack II Switch products.
> This is in response to the widespread distribution of special
> logins intended for service and recovery procedures issued
> only by 3Com's Customer Service Organization under conditions
> of extreme emergency, such as in the event of a customer
> losing passwords.
> Due to this disclosure some 3Com switching products may be
> vulnerable to security breaches caused by unauthorized access
> via special logins.
> To address these issues, customers should immediately log in
> to their switches via the following usernames and passwords.
> They should then proceed to change the password via the
> appropriate Password parameter to prevent unauthorized access.
>   * CoreBuilder 6000/2500 - username: debug password: synnet
>   * CoreBuilder 3500 (Version 1.0) - username: debug password: synnet
>   * CoreBuilder 7000 - username: tech password: tech
>   * SuperStack II Switch 2200 - username: debug password: synnet
>   * SuperStack II Switch 2700 - username: tech password: tech
> The CoreBuilder 3500 (Version 1.1), SuperStack II Switch 3900
> and 9300 also have these mechanisms, but the special login
> password is changed to match the admin level password when the
> admin level password is changed.

[Here's the best part:]

> Customers should also immediately change the SNMP Community
> string from the default to a proprietary and confidential
> identifier known only to authorized network management staff.
> This is due to the fact that the admin password is available
> through a specific proprietary MIB variable when accessed
> through the read/write SNMP community string.
> This issue applies only to the CoreBuilder 2500/6000/3500 and
> SuperStack II Switch 2200/3900/9300.
> Fixed versions of software for CoreBuilder 2500/6000/3500 and
> SuperStack II Switch 2200/3900/9300 are available below.
> General administration of these systems should still be
> performed through the normal documented usernames and
> passwords. Other facilities found under these special logins
> are for diagnostic purposes and should only be used under
> specific guidance from 3Com's Customer Service Organization.
> For more information 3Com has dedicated a hotline at
> 1-888-225-1733. Outside the United States please contact your
> local Customer Service Organization location.

Re: Unreliable reception of e-mailed WP documents (RISKS-20.03)

Wed, 14 Oct 1998 14:08:10 EDT
The blank-field problem is a well-known and well-understood bug that is much
more general than which word processor or OS or software version is being
used.  It happens wherever text is displayed in a field, column, cell, or
window on a screen.  The most common fix is to make all fields a bit larger
than seems necessary, just to account for variations on different machines.

Text windows generally make the bottom line blank if that line doesn't
completely fit in the window.  The purpose seems to be preventing users from
seeing only the top half of any letters.  There are reasons for this beyond
convenience, speed, or aesthetics: the top halfs of i and j look identical, as
do v and y.  It's quite possible to program a window to display a partial
line, and many do, but that is a very common default.

Fonts are interpreted and displayed by the local machine.  Sometimes the
original font is unavailable; sometimes the font is adjusted to fit the screen
resolution or printer resolution or user preferences or even converted to bold
or italics.  If such conversion leads to a screen font taller than the field
in which it will be displayed, then even the first line of text will be

Note that the field or box which holds the text is itself drawn a subtly
different size on each computer; even if the font converts exactly, some
screens might still see a blank field.  Also, even if you view (and print) the
document on every configuration available there could still be surprises at
run-time: the text may be reformatted temporarily, such as when the field is
being edited or is made read-only.

The RISK is that this default behavior is very unexpected in fields designed
to display only one line of text, even when it is accepted as normal in multi-
line text fields.  The unexpected results can easily lead to miscommunication.

Garth Anderson <>

Re: LA 911 Outage (Maufer, RISKS-20.03)

Wed, 14 Oct 1998 13:46:29 -0400
Here is how *The Washington Post* reported it.  Interesting how the cause
seems to have differed considerably.  I suspect that they were describing
the electricians' version of a high-temp hand-held blower for shrinking
tubing and other heating purposes.  These things are commonly called "hair
dryers" only because they vaguely resemble one.

L.A.'s 911 System Is Back in Service, *The Washington Post*, from news
services 12 Oct 1998; Page A10; Nation in Brief

Workers using hair dryers to clean hundreds of delicate circuit boards
brought the city's 911 system back on line yesterday after sprinklers
flooded a communications room.  A backup system kicked in and rerouted
emergency calls to individual police stations during the 17 hours that power
was shut off to the dispatch center.  Sprinklers put out a fire Saturday
afternoon in a storage room below City Hall, but 2,000 gallons of water
seeped down and soaked ceiling-high racks of circuit boards that link 911
operators to area emergency dispatchers.  "There were cables floating in six
inches of water. That's the kiss of death. People aren't even allowed to
drink coffee at their desks because they could spill it," said supervisor
Monika Giles. "We're lucky it came back on at all."  [...]

John Sheckler, CQA, Software Productivity Consortium, 2214 Rock Hill Road,
Herndon, VA 20170-4227 703-742-7156

Business jet trips/privacy

"Daniel P.B. Smith" <>
Sat, 31 Oct 1998 10:41:31 -0500 (EST)
Sorry, don't have the article at hand... hope others will give more
details... there was an article in last week's Wall Street Journal--front
page, that third-column-from-right "feature" story--that says that the web site tracks not just commercial flights, but any flight
for which you know the aircraft's tail number, and that there's some other
site where you can look up the tail number.  The result is that anyone can
track the flights of any corporate jet.

One corporate critic put this to use to get strong circumstantial evidence
of expensive junketing ("I don't know any Fortune 500 companies with
headquarters in The Hamptons.")  Obviously this information can also be used
for industrial espionage and by stock traders (hmmm, what's Sledge-O-Matic
Software Systems' plane doing in Seattle?).

The story wasn't completely clear on whether this information is _supposed_
to be public.  The impression I got it that it is another example of
information that _is_ supposed to be public but suddenly everything looks
different when public access is widespread, easy, and cheap.

To this naive individual, the most interesting sidelight was the revelation
that the reason why companies bear the expense of corporate jets is not
convenience, timeliness of flights, nor the desire to save precious minutes
of time for individuals whose time is worth hundreds of dollars per minute,
but the supposed secrecy of the flights.

Daniel P. B. Smith <>

Corrections on recent issues

RISKS List Owner <>
Sat, 14 Nov 1998 11:21:12 -0500
Too much traveling recently and too little time for RISKS.

I messed up in preparing RISKS-20.05.
Sensormatic of course makes the anti-theft device, not defibrillators.

I messed up in preparing RISKS-20.06.
The month at the top of the issue was OFF-BY-ONE.

Both corrections are noted in the respective catless and sri archive copies.

I was hoping to put this issue out on Friday the 13th (yesterday), but
perhaps it is just as well I had no time!

  [Which reminds me I just saw a note saying that a now-retired British
  vicar, Reverend Leslie Robinson, claims that the 1989 Kegworth air
  disaster in which a London-Belfast plane crashed onto the M1 highway,
  killing 47 and injuring 79, was influenced by a witches' coven operating
  under the flight path.  The good engine had been turned off, instead of
  the malfunctioning one.  Rebuttals are also included.  *Yorkshire Evening
  Press*, 12 Nov 1998]

I wonder how many problems RISKS will have because of Y2K?  (I'll be back in
WashDC during the coming week for another meeting of the General Accounting
Office Executive Council on Information Management and Technology, dealing
with the U.S. Government's Y2K preparedness — or lack thereof.  Progress
still seems to be much slower than it ought to be.  Check out Congressman
Stephen Horn's cumulative report card at .)


GPS internal clock problem

"Bob Nicholson" <>
Wed, 11 Nov 1998 08:20:39 +0000
  [This has been reported earlier, beginning in
  RISKS-18.24, but is still a problem. PGN]

As a licensed aircraft engineer, I regularly receive "AIRWORTHINESS NOTICES"
from the British CAA.  Here is one (verbatim) that may be of interest.

No. 7*
Issue l
23 October 1998


1 Introduction

1.1 The timing mechanism within GPS satellites may cause some GPS equipment
to cease to function after 22 August 1999 due to a coding problem. The GPS
measures time in weekly blocks of seconds starting from 6 January 1980.  For
example, at midday on Tuesday 17 September 1996, the system indicates week
868 and 302,400 seconds.  However, the software in the satellites' clocks
has been configured to deal with 1024 weeks. Consequently on 22 August 1999
(which is week 1025, some GPS receivers may revert to week one (i.e. 6
January 1980).

1.2 Most airborne GPS equipment manufacturers are aware of the potential
problem and either have addressed the problem previously, or are working to
resolve it.  However, there may be some GPS equipment (including portable
and hand held types) currently used in aviation that will be affected by
this potential problem.

2 Action to be taken by Aircraft Operators Aircraft operators, who use GPS
equipment (including portable and hand held types), as additional radio
equipment to the approved means of navigation, should enquire from the GPS
manufacturer whether the GPS equipment will exhibit the problem. Equipment
that exhibits the problem must not be used after 21 August 1999 and either
be removed from the aircraft or its operation inhibited.

For the Civil Aviation Authority, Safety Regulation Group, Aviation House,
Gatwick Airport South, West Sussex RH6 OYR

Dumbing down English speech

Tue, 10 Nov 98 14:40:31 PST
Although complaints about Microsoft Word's eagerness to correct what it sees
as mistakes are not new in RISKS, I think it is still useful to protest
vehemently the way Word 97 promotes the dumbing down of English writing by
flagging (when you use its default options) any sentence which, according to
some mysterious criterion, it deems too long, even if the sentence is made
of several semicolon-separated clauses, and even though it is perfectly
obvious to anyone, fan of Proust or not, that clarity is not a direct
function of length, since it is just as easy to write obscurely with short
sentences as with longish ones and, conversely, quite possible to produce an
absolutely limpid sentence that is very, very long.

Bertrand Meyer, Interactive Software Engineering, Santa Barbara

REVIEW: "Cyberspace and the Law", Edward A. Cavazos/Gavino Morin

"Rob Slade" <>
Thu, 29 Oct 1998 10:37:38 -0800

"Cyberspace and the Law", Edward A. Cavazos/Gavino Morin, 1994,
0-262-53123-2, U$19.95
%A   Edward A. Cavazos
%A   Gavino Morin
%C   55 Hayward Street, Cambridge, MA   02142-1399
%D   1994
%G   0-262-53123-2
%I   MIT Press
%O   U$19.95 +1-800-356-0343 fax: +1-617-625-6660
%P   215 p.
%T   "Cyberspace and the Law: Your Rights and Duties in the On-Line

"Net Law" (cf. BKNLHLUI.RVW) was written for the lawyer.  "SysLaw"
(cf. BKSYSLAW.RVW) was written for the layman, rather than lawyer, but was
still aimed at sysops rather than the common herd.  This book fills that
space, and is the first I can recall that does so.

Chapter one provides a very brief description of cyberspace, starting with
William Gibson's invention of the term, running through various different
electronic entities, and including some basic online activities.  Privacy,
and particularly the Electronic Communications Privacy Act as applied to the
Steve Jackson Games case, is the topic of chapter two.  The chapter ends
with a rather odd look at encryption.  Eventually getting around to PGP's
problems with ITAR (the International Traffic in Arms Regulations), the book
seems to state that PGP should be avoided because simple possession of it
may be illegal.  Since the book is based entirely on US law, it is obviously
aimed at an American audience, and the issue of export does not appear to be
mentioned.  Contracts are the subject of chapter three, mostly dealing with
common law.

Chapter four covers copyright.  I must say that I am always amused by the
wording of the American First Amendment; that government shall make no laws
regarding the abridgement of freedom of speech or press; since there are
laws about defamation, fraud, and pornography.  These, and free speech, are
dealt with in chapter five.  Considerations of prurient material are
discussed in significantly more detail in chapter six, and I must say that
this is one of the most informative and even-handed explanations of the
topic in any book reviewed to date.  Chapter seven closes off the book with
a grab bag of potentially illegal computer related activities.  The intent
seems to be to warn users about apparently innocuous actions that could
bring them afoul of the law.  As usual, there is a section on computer
viruses, and, as usual, it isn't very good.  Appendix A provides a good list
of contacts for legal and paralegal interest groups.  Other appendices list
various US statutes examined in the book.

While this work once again limits itself to the US, and fails to note the
international nature of cyberspace, it does provide its information in a
readable and accessible form.  The authors do not always deliver on their
promise to avoid legal jargon (such as "color of law"), but all the contents
can be understood by the intelligent and determined lay reader.  Where legal
niceties are not completely delineated they would only be of interest to
other lawyers anyway.

copyright Robert M. Slade, 1998   BKCYSPLW.RVW   980817

REVIEW: "E-Commerce Security", Anup K. Ghosh

"Rob Slade" <>
Thu, 5 Nov 1998 11:28:36 -0800

"E-Commerce Security", Anup K. Ghosh, 1998, 0-471-19223-6,
%A   Anup K. Ghosh
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   1998
%G   0-471-19223-6
%I   John Wiley & Sons, Inc.
%O   U$24.99/C$35.50 416-236-4433 fax: 416-236-4448
%P   288 p.
%T   "E-Commerce Security: Weak Links, Best Defenses"

The title is ever so slightly misleading in that the topic is not electronic
commerce as a whole, but the (admittedly most popular) Web segment of it.
However, within this limit, the book does provide solid coverage and good
advice for a whole range of issues.

Chapter one is a general introduction to the factors involved, looking at
some recent "attacks" of various types, and then reviewing the client,
transport, server, and operating system components to be examined in the
remainder of the book.  Client (generally browser) flaws are covered
thoroughly in chapter two.  The breadth of coverage even includes mention of
topics such as the concern for privacy considerations with cookies.  Active
content is the major concern, with an excellent discussion of ActiveX
(entitled "ActiveX [In]security"), a reasonably detailed review of the Java
security model, and a look at JavaScript.  Unfortunately, very little of
this touches directly on e-commerce as such, except insofar as insecure
client technology is going to make e-commerce a harder sell to the general
public.  While covering the transport of transaction information, in chapter
three, Ghosh makes an interesting distinction between stored account systems
(where you want to secure the transmission of identification data) and
stored value systems (where the data, once transmitted, is useless to an
eavesdropper).  Many books concentrate on either channel security or
electronic cash systems, so this comparison is instructive.

A server involves multiple programs, and may involve multiple machines.
Server security can quickly become complex, and this is quite evident in
chapter four.  While a great deal of useful and thought-provoking
information is presented, the complicated nature of the undertaking works
against this chapter.  Not all topics are dealt with thoroughly, or as well
as the previous material was.  Oddly, one issue not covered in depth is the
firewall, which is handled very well in chapter five, with operating system
problems.  Ghosh sets up a classification scheme for OS attacks, illustrated
by specific weaknesses in Windows NT and UNIX.

The book ends in chapter six with a call for certification of software,
greater attention to security in all forms of software, and, interestingly,
for greater use of component software.  (From the jacket material, it
appears that Ghosh is currently involved in the promotion of component
software systems.)

Each chapter ends with a set of references.  Unlike all too many books with
bibliographies stuff with obscure citations from esoteric journals, the bulk
of the material listed is available on the Internet.  (RISKS-FORUM Digest
readers may already have seen much of it.)  A separate section lists Web
sites used in the text.

The various issues dealt with in the book are explained clearly, and
generally present counsel on the best practices for secure online commerce.
A compact but comprehensive guide to the current state of electronic
transaction security.

copyright Robert M. Slade, 1998   BKECMSEC.RVW   981003

System Safety Society Conference — Call for Papers

"Dixon, Jack" <>
Wed, 04 Nov 1998 14:58:23 -0500
System Safety — System Safety at the Dawn of a New Millennium
17th International System Safety Conference
16--21 August 1999
Holiday Inn International Drive Resort
Orlando, Florida, USA
Abstracts due 15 Jan 1998.

Jack Dixon — Technical Program Chair,
P.O. Box 780660, Orlando, Fl 32878-0660 USA  Ph: (407) 306-5141.

Registration and Orlando Information:
CPS, Inc., 2453 Orlando Central Parkway, Orlando, FL 32809
(800) 777-5333, fax (407) 851-8313

Please report problems with the web pages to the maintainer