The RISKS Digest
Volume 20 Issue 10

Thursday, 3rd December 1998

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

Dulles radar fails for half-hour
Doneel Edelson
Pilots: Runway crossings a safety hazard
Doneel Edelson
DoD falsified Y2K data but has "good feeling" about future
Edupage
Virginia library removes software filters
Edupage
How the rest of the world views Americans
Declan McCullagh
False 911 calls traced to spliced cabling
Bryan O'Sullivan
Immigration process on hold due to fingerprint data format
Deepak N
Interesting bug in SecurID software
Drew Dean
V-Mail — or Virus Mail?
Jason Stokes
PalmPilots voiding car locks in Europe
Brig C. McCoy
Sony infrared controllers lock up certain Macintosh systems
Fred Condo
IR-outfitted Macs and Sony remote controls
T Byfield
Paranoia or Parannoyance?
Al Christians
Y2K inflation risk
Marion Moon
Risks of Internet keywords
Erann Gat
Re: Internet speech is "on the record"
Silas S. Brown
Scott E. Preece
Re: 100-year-old woman "too old to vote"
Bob Heuman
Re: REVIEW: "Java Cryptography", Jonathan Knudsen
Fred Long
FEmSys99: Call for Participation/Program
Axel Poigne
Info on RISKS (comp.risks)

Dulles radar fails for half-hour

"Edelson, Doneel" <doneeledelson@aciins.com>
Tue, 24 Nov 1998 12:40:04 -0500
Radar failed for 31 minutes at the Washington D.C. area Dulles International
Airport, leaving air traffic controllers unable to tell the exact locations
of circling airliners.  Controllers had no information on the altitude,
airspeed or identification of about a dozen planes circling the airport.
[Source: AP item in *USA Today*, 24 Nov 1998; PGN Abstracting]


Pilots: Runway crossings a safety hazard

"Edelson, Doneel" <doneeledelson@aciins.com>
Fri, 13 Nov 1998 12:57:48 -0500
In an effort to speed up landings and takeoffs, tight runway crossings are
common.  In May 1997, strong winds were sufficient to alter the timing
enough to force the aborting of the takeoff of a British Airways 747 at
Chicago's O'Hare Airport because of a United jet landing directly in its
path.  Fortunately, the BA plane was able to stop in time, blowing 6 tires,
locking 12 brakes, and scaring the passengers.  Beginning with a discussion
of this case, an article in *USA Today*, 13 Nov 1998 [PGN Stark Abstracting]
analyzes the issues involved at some length.


DoD falsified Y2K data but has "good feeling" about future

Edupage Editors <edupage@franklin.oit.unc.edu>
Sun, 29 Nov 1998 13:46:13 -0500
A Department of Defense inspector-general report says that the Defense
Special Weapons Agency never conducted required tests on three of five
"mission critical" computer systems it had certified as Y2K-compliant.  The
military officer assigned to correct the agency's Year 2000 problems says he
agrees with the report, but that the systems in question will be "100% in
compliance" by April 1999: "I have a good feeling about Y2K in this agency."
(*USA Today*, 27-29 Nov 1998; Edupage, 29 Nov 1998)


Virginia library removes software filters

Edupage Editors <edupage@franklin.oit.unc.edu>
Thu, 03 Dec 1998 13:39:32 -0500
Responding to a federal court's ruling that the Loudoun County (VA.)
library's use of software filters to screen out sexually explicit material
on the Internet was unconstitutional (Edupage 24 Nov 98), the Library Board
has removed filters from some of its computers and left them on others;
adults will decide whether they want to use a computer with a filter or one
without, and parents of minors will be asked to sign a statement specifying
whether or not they want their child to have unfiltered Internet access.
Library patron Becky Montcastle-Jones urged the library board to appeal the
court's ruling, saying: "We have not had pornographic or salacious material
in our library.  Why, just because we have new technology to get to it very
quickly, should we have any different policy?  In the video section, you
can't go in there and get a pornographic movie.  Librarians throughout
history have had to make choices about what will be in the library.  That's
not censorship — that's choice."  But board member Marc Leepson expressed
the view of 6 out of the 8 board members: "I'm completely comfortable with
the new policy.  It's constitutional, and it still protects children."
(*The Washington Post*, 3 Dec 1998; Edupage, 3 December 1998)


How the rest of the world views Americans

Declan McCullagh <declan@well.com>
Tue, 01 Dec 1998 15:39:10 -0500
> Another federal judge killed another Internet censorship law, in the
> American state of Virginia; lawmakers, in order to protect The
> Children(tm) from all that smut on the Net, had ordered public libraries
> to install software filters; scoffed the judge, what a crock — the law is
> unconstitutional, get those filters off, right now; not only that but the
> filters he saw even blocked Web sites about the Quaker religion and Beanie
> Babies.  A Philadelphia judge delayed Mr Clinton's unconstitutional Child
> Online Protection Act, a censorship law that requires Web sites to prove
> the age of those who log on before showing them any pictures or "material
> considered harmful to minors," whatever that is.
> [*Bangok Post*, database technology section, 2 Dec 1998 — with attitude...]

  [http://www.well.com/~declan/politech/]

     [VA VA voom!]


False 911 calls traced to spliced cabling

"Bryan O'Sullivan" <bos@serpentine.com>
Wed, 2 Dec 1998 01:10:36 -0800 (PST)
San Francisco police and Pacific Bell have traced the source of over 120
false calls to the 911 emergency service during a 36-hour period.  The
problem manifested itself through several telephones in San Francisco's
Mission district that called 9-1-1 repeatedly; when operators answered the
calls, they heard only static.  Apparently, a phone cable became wet at the
point of a splice and shorted out intermittently, causing this rather odd
problem.


Immigration process on hold due to fingerprint data format

<Deepak_N1@Verifone.Com>
Mon, 30 Nov 1998 18:03:29 -0800
I just received this from my lawyer.

> Earlier this week, the INS suspended the processing of all I-485s filed
> with the INS Service Centers and District Offices on or after April 1,
> 1998. A written announcement will be issued by INS Headquarters in the
> very near future. The reason for the processing suspension is an error by
> the outside INS CLAIMS contractor, EDS, which failed to deliver
> fingerprint data tapes to both the FBI and CIA in a format that could be
> read by these agencies. The INS has been working to resolve the problem
> with the FBI and the CIA. Apparently, the FBI has now completed all
> fingerprint checks for applications filed with the Service through the end
> of September, 1998, but the CIA is still working on cases filed in April,
> 1998. It is not clear at this time how long the processing suspension will
> last. Concurrently filed I-765s and I-131s are not affected by the hold.

> The immediate impact of the I-485 processing suspension will be on
> applications filed at the NSC where they are now ready to close-out April,
> 1998 filings. The backlogs at the other Service Centers and most District
> Offices are much longer.  Additionally, close-outs for aging-out cases
> filed on or after April 1, 1998, are also on hold.


Interesting bug in SecurID software

Drew Dean <ddean@CS.Princeton.EDU>
Mon, 30 Nov 1998 16:56:54 -0500
I have a SecurID card for my Princeton Computer Science department account.
The setup is that an old Sun, running SunOS 4.1.4, is running the SecurID
software; you telnet to it, authenticate, and then rlogin to where you want
to go.  While this setup isn't perfect, the router hooking these machines to
the outside world is setup to prevent spoofing, and the local network is
deemed to be under reasonable control.

A couple months ago, I logged in, and tried to rlogin to the workstation on
my (former) desk.  It said, "Not on system console."  Funny, it only says
that if you attempt to rlogin as root.  I looked a little more closely,
noticed a # prompt, and /usr/bin/id reported that I was UID 0.  Hmmm.  I had
logged in as myself, and gotten a root shell on the SecurID server!  How
bizarre....  The head system administrator also received a root shell after
logging in as himself.

Further investigation yielded that our entries in /etc/passwd were of the
form +<username>:::::: i.e., to get our information from NIS.  However, due
to a pending network reconfiguration, the machine was temporarily not using
NIS, and no ypbind was running.  It appears that the SecurID software didn't
check the return value, and used a default value of 0.  (The SecurID
software keeps a separate database for its authentication information.)
This raises interesting questions about a denial of service attack
escalating to a root compromise (for local users; you need a SecurID card to
login with).  I do not have the time or facilities handy to investigate
further.

In Security Dynamics defense, this software is more than 3 years old, and
hasn't been updated because it otherwise works fine.  (I can't find any
version numbers in it).

Security Dynamics has been notified.

Drew Dean <ddean@cs.princeton.edu>


V-Mail — or Virus Mail?

Jason Stokes <jstok@SPAMBLOCKED.apana.org.au>
2 Dec 1998 10:53:32 GMT
Just read about a new voice mail over e-mail product from Philips, reported
in "New Scientist" for 28th November.

  Previous V-mail systems have worked only if the recipient has
  matching software to decode the sound-and-video file, but Philips
  bundles matching playback software with the message and packages it
  as a small executable file.  The playback software works with any
  version of Windows.

I don't have to remind comp.risks readers of the potential for viruses and
Trojan horses to spread after being inserted into executable files sent
over e-mail.  Ugh.

Jason Stokes: jstok@bluedog.apana.org.au

  [No, you don't, but apparently we need to remind everyone else.  PGN]


PalmPilots voiding car locks in Europe

"Brig C. McCoy" <brigc@world.std.com>
Thu, 03 Dec 1998 16:34:45 -0600
There's at least one program for Palm devices with IR ports which "learns"
the infrared codes from a remote-control device, letting the Palm device
replace remote controls for your TV/VCR/Cable/Stereo/Whatever.

According to a story in *New Scientist*, this same program can be used to
"learn" the codes from several different makes of remote locks for cars in
Europe.

Wonder if 3Com's planning to include an RF interface for US cars? :)

<http://www.newscientist.com/cgi-bin/pageserver.cgi?/ns/981205/newsstory6.html>

Brig C. McCoy, Southeast Kansas Library System, 218 East Madison Street,
Iola, KS  66749  1-316-365-5136   <http://www.sekls.lib.ks.us/staff/brigc>

  [The NS article says that it takes only 10 seconds to capture the code,
  and is virtually undetectable.  Discovery is credited to Lars Sorensen of
  PC World.  I recall mention of this attack mode in RISKS many years ago.
  (Watch out for palm-palm girls.)  Also noted by several others.  PGN]


Sony infrared controllers lock up certain Macintosh systems

Fred Condo <fcondo@csuchico.edu>
Wed, 2 Dec 1998 10:21:01 -0800
The Macintouch Web site reports at <http://www.macintouch.com/time.html> on
an interaction between Sony infrared remote controllers and certain
Macintosh models with infrared receivers.  A risk of adopting a ubiquitous
control technology for unrelated machinery where commands may leak between
systems.


IR-outfitted Macs and Sony remote controls

t byfield <tbyfield@panix.com>
Wed, 2 Dec 1998 13:47:46 -0500
The 3 Dec 1998 Macintouch reports that wristwatches "capable of sending IR
remote controls to common brands of televisions" can also, it seems, control
some Macs outfitted with an IR receiver on the front of the box
<http://www.macintouch.com/time.html>.  Symptoms varied between models
(various Performas and LCs) and OS revisions (7.5.5-8.1), and despite
several standard problem- prevention/solution techniques, ranging from
access/function-limiting software to disabling extensions at
startup. Problems included crippling slowness (several-minute delays in
responses to input), and the necessary fixes seem to be quite varied, up to
requiring a full hardware reset.

The interesting thing is that these machines are doing exactly what they
were designed for: respond to a Sony-compatible remote control. They could
be powered up and down, the volume could be changed, and Apple Video Player
could be launched with the TV/ Video button on the remote. Unfortunately,
the remote--which in this case was a *wristwatch*--could send commands the
machines couldn't cope with at all. Given the usual repertoire for solving
enigmatic problems, it's a wonder that the sysops in the lab who stumbled
across this problem actually figured it out--after running disk utilities,
reinstalling software swapping hardware, and so on and so forth. Obviously,
this trick could be the bane of innocent consumers who may have bought a
particular Mac *because* it has some "multimedia integration"
capability--and a real boon to someone who wanted to hogtie a computer lab,
staff and all.

What's especially noteworthy is the fact that this hardware/software
integration can launch an application. Unless this is done by some
completely nonstandard method, the MacOS does so *by name* --which means
that if someone could contrive a way to install some relatively powerful
software (e.g., UserLand Frontier) and rename it "Apple Video Player," say,
while a sysop was off in search of some utility CD, s/he could pretty much
have run of the house--without requiring direct physical access to the
machine (a well-placed window would do just fine).

Ted


Paranoia or Parannoyance?

Al Christians <achrist@easystreet.com>
Tue, 01 Dec 1998 00:59:46 -0800
A curious thing happened to me last week.  I made, by telephone, a hotel
reservation in a distant city.  About 12 hours later, I received by e-mail,
a commercial solicitation from an 'escort service' in the same city. The
solicitation was sexually explicit and obviously aimed at those who would
like to do business with prostitutes.

I did not give my e-mail address to the hotel, but I did make the
reservation using my name exactly as I sign usenet postings, so I suspect
that the hotel provided my name to someone who looked up my e-mail address
in a compiled database and sent the solicitation.

This juxtaposition of events disturbs me, for the following reasons:

1. A presumably reputable business, the only kind with which I deal, is
likely providing personal information about me to a disreputable one.  If
'escort services' can obtain this information about me, what other doers of
unseemly deeds might also obtain it?

2. Not only don't I know of any way to prevent such solicitations in
specific instances, I don't know of any way to keep such marketing methods
from proliferating into business-as-usual.

3. I have long held 'thou shalt not tempt' to be one of the major dictums of
modern morality.  The power to tempt is the power to corrupt and destroy.

4. A little paranoia, inspired by this surprising evidence that someone out
there knows more about me than I want them to know, gets me thinking where
this will lead.  It is easy to imagine that a business obtaining customers
this way might next go ahead and find out if the client has a spouse back
home.  They might then send mail or e-mail to the spouse or household that
is intended to raise the spouse's suspicions of infidelity. The might send
solicitations to the spouse for detective services to check up on their
itinerant mate.  They might send solicitations to the spouse for similar
'escort services' while their mate is away.  They might market legal
services related to divorce to each spouse.  That would all be legal.  If
they wanted to do anything illegal, the opportunities for extortion and
blackmail abound.

5.  Other vices and weaknesses might be exploited similarly.  Travelers away
from home are often separated from the social support that they may need to
regulate their behavior.  Customized mass-marketing like this could
profitably target those with problems related to gambling, liquor,
etc. According to my morality, it would be wrong to exploit the weaknesses
of the weak when they are most vulnerable, but it seems inevitable that
there will always be some who can't resist taking advantage and some who
will tragically be their prey.

Al Christians


Y2K inflation risk

<mmoon@west.raytheon.com>
Mon, 30 Nov 1998 11:09 -0800 (PST)
Here is another unintended consequence of technology. When a local regional
hospital could not get the vendor of an older *analog* nuclear medicine
machine to declare that the machine was Y2K compliant, the hospital decided
to buy a new digital machine at a cost of over $700,000. The older machine
was still useful but the hospital felt it would be liable if it couldn't
state that the machine was compliant. It is doing the same thing with other
less expensive machines also — discard and replace. The implications for
patients and insurance companies is obvious; no wonder medical cost
inflation is increasing faster the CPI.

Marion Moon


Risks of Internet keywords

Erann Gat <gat@binkley.jpl.nasa.gov>
Wed, 2 Dec 1998 13:21:56 -0800 (PST)
Internet keywords are a new feature in version 4 of Netscape Navigator.  On
the surface they seem like a great idea: instead of just a URL, you can now
type a set of search keywords in the "location" selector mini-buffer at the
top of the browser.  Anything that is not a valid URL is interpreted as
search keywords and are sent to Netscape's search engine.  It seems like a
cool feature that can save you a step when you are doing a search.  Instead
of having to go back to the search engine every time, you have a shortcut to
a search engine always at the ready.

So just now I was editing some records in a web database on one of our local
servers when I was suddenly surprised by the appearance of a set of search
results from the Netscape search engine.  What's more, every attempt to get
back to the database server resulted in the same set of search results.
Even typing in the URL with the http:// header didn't help.  It was as if
the search engine had suddenly hijacked my browser.  What's more, trying to
access the server from a different browser running on a different machine
yielded the same result!

What turned out to have happened is (I think) this: the database server
suddenly shut down for reasons unknown.  Because I had typed in the URL
without the domain (since it was a local machine) Netscape now interpreted
the name of the machine (which, as far as Netscape was concerned, had
suddenly ceased to exist) as an internet keyword, which popped me in to the
search engine.

A little sleuthing turned up an extra risk: before dumping me in to the
search engine it turned out that Netscape tried several variations on the
machine name, such as prepending 'www' onto the name.  It turned out that
none of these variations existed, but if they had I could have suddenly
found myself looking at a completely random web page.  If this page happened
to have content deemed "inappropriate" for viewing at work I might have had
a hard time explaining to Big Brother that I really had not intended to
download that page.

What made it all the more confusing was this: the database server was
running on a nonstandard port, so the URL I originally typed looked like
"server:81".  Only the database server died, not the whole machine, so going
to the URL "server" still did the Right Thing (i.e. it took me to the
server's http home page).  Only when qualified with a port number for a
nonexistent service did this problem manifest itself.  Netscape is
apparently not smart enough to figure out that the existence of a port
qualifier in the URL means that this is *not* a keyword.  (Netscape does
seem to know that a fully qualified host name with its domain name should
not be interpreted as a keyword.)

There are several risks here: 1) An apparently useful feature displays
surprising and potentially dangerous behavior.  This surprising behavior can
be triggered suddenly by a crash on a different machine.  There is no
indication as to the actual source of the problem.  2) The existence of
internet keywords fills out the space of legal things to type in to the
"location" buffer in the browser, making it more likely that a typo will
take you somewhere you don't want to be rather than generating an error.

Erann Gat    gat@jpl.nasa.gov


Re: Internet speech is "on the record" (Minow, RISKS-20.09)

"Silas S. Brown" <ssb22@cam.ac.uk>
Sat, 28 Nov 1998 06:42:35 +0000
The *Salon* article several times mentions searching for a person's name,
the assumption apparently being that that is a unique identifier.  It is
not.  For example, every so often my Web page gets hits with an AltaVista
query for "Silas Brown" as the referral page, and I recently received fan
mail destined for a Silas Brown who is apparently a religious pop singer in
America (and doesn't seem to have an online presence).  My name is unusual
in my culture but this is not universally true.

If someone called Yuki Tadeka (random example) were running for President of
the US, and I were a sleaze journalist and showed you "Yuki Tadeka's Home
Page" as it was twenty years ago, even if you could prove by going to the
archives yourself that the page really existed, how would you know that it
was generated by the same person?

Somewhere on www.newscientist.com is a rather misinformed letter written on
27 April 1996 by a "Silas S. Brown" about the nature of time and space (and
they accidentally included the e-mail signature).  If I denied that that was
me, would you be able to prove otherwise?

Silas S Brown, St John's College Cambridge UK http://ban.joh.cam.ac.uk/~ssb22/
Databus magazine http://www.cam.ac.uk/CambUniv/Societies/cucs/


Re: Internet speech is "on the record" (Minow, RISKS-20.09)

Scott E. Preece <preece@urbana.css.mot.com>
01 Dec 1998 09:08:49 -0600
While the Web does sometimes seem to be all things to all people, it's
ironic that while Martin Minow (RISKS-20.09) points at an article reminding
us that web materials may persist far longer than we expect, archivists and
librarians have decried the web as having no past, pointing out that today's
link may tomorrow point into a cyber-hole and that the things that links
point to may change unpredictably, so that that citations become
meaningless.  The web needs a Library of Congress-grade authoritative
repository; it wouldn't hurt if there were also a reliable expiration
mechanism...

scott preece, motorola/css urbana design center preece@urbana.css.mot.com
1101 e. university, urbana, IL 61801      1-217-384-8589


Re: 100-year-old woman "too old to vote" (RISKS-20.09)

<rsh@idirect.com>
Sat, 28 Nov 1998 11:23:50 -0500
Having read the information in my newspaper, it appears that age is *not*
the reason for the removal of the right to vote, but rather a judgement that
the little old lady is no longer completely competent.  Note that three
other residents of the same senior's residence were also denied the right to
vote, and they were not yet 100 years old.  They were interviewed in person,
and apparently her nodding of her head in response to questions was not
deemed sufficient evidence of her competency.  Whether this decision is
correct or not is not subject to correction under the law being used - that
is the real issue. It has nothing to do with computers or the
two-digit/three-digit controversies.

R.S. (Bob) Heuman, Toronto, ON, Canada
<heuman@intria.com> or <rsh@idirect.com>

  [Also noted by quite a few others.  TNX.  PGN]


Re: REVIEW: "Java Cryptography", Jonathan Knudsen (Slade, RISKS-20.09)

"Fred Long" <fwl@aber.ac.uk>
Mon, 30 Nov 1998 13:38:32 +0000
I really must take exception to Rob Slade, in his otherwise fine review
of "Java Cryptography" by Jonathan Knudsen, where he says:

  There is one other limitation: much of the book relies on the
  Java Cryptography Extensions (JCE) which are only available to
  those in the United States and Canada (nudge, nudge, wink, wink).

Firstly, the JCE is a *specification*, which is available world-wide.

Secondly, there are implementations of the JCE available outside the US and
Canada as, indeed, the "Java Cryptography" book itself indicates.  (Another
book, "Java Security" by Scott Oaks, lists such implementations in an
appendix.)

Dr Fred Long, Department of Computer Science, University of Wales, Penglais,
Aberystwyth, SY23 3DB, UK  +44 1970 622440  fwl@aber.ac.uk


FEmSys99: Call for Participation/Program

Axel Poigne <ap@borneo.gmd.de>
Thu, 3 Dec 1998 08:33:37 +0100
Workshop on Formal Design of Safety Critical Embedded Systems
15-17 March 1999, Munich, Germany

The workshop intends to bring together researcher, R&D engineers from
industry, and tool vendors concerned with the specification and construction
of Embedded Systems, particularly of Safety Critical Embedded Systems.
For detailed information see
              http://set.gmd.de/EES/femsys99

Please report problems with the web pages to the maintainer

x
Top