The RISKS Digest
Volume 20 Issue 23

Monday, 1st March 1999

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Intruders commandeer UK military satellite
Software snafu slowed key data during Iraq raid
Paul Walczak
Schwab Squab Swabbed
Errant police computer wakes hundreds of Texans
Keith A Rhodes
Mobile phones cause memory loss
Martin Minow
Doctors to perform surgery over next-generation Internet
Keith A Rhodes
Digital broadcasting could hit cardiac monitoring gear
Andrew Robert Mitchell
Computer system results in errors in patient medical records
Doneel Edelson
Pentium III serial number is soft-switchable after all
Limiting liability for Y2K breakdowns
CIA predicts serious Y2K problems around the globe
Keith A Rhodes
Y2K Test Fine Test Data Causes Problem
Barry Frankel via Dave Farber
Self-inflicted single point of failure
Malcolm Pack
Rhode Islander sentenced for hacking
Andrew Koenig
Re: Store Baelt Bridge not Y2K safe
Mark Brader
Chris Bagge
Computers, Freedom, and Privacy, 6-8 April 1999, Washington, DC
Dave Banisar
IEEE Security and Privacy Symposium, 9-12 May 1999
Jon Millen
USENIX Workshop on Smartcard Technology, 10-11 May 1999
Jennifer Radtke
'99 USENIX Technical Conference, 6-11 June, Monterey CA
Jennifer Radtke
FastAbstracts at FTCS29, 15-18 Jun 1999
Chuck Weinstock
Info on RISKS (comp.risks)

Intruders commandeer UK military satellite

"Peter G. Neumann" <>
Mon, 1 Mar 99 8:42:12 PST
According to security sources cited by *The Sunday Business*, intruders have
seized control of one of Britain's four military communication satellites --
over two weeks ago — and demanded blackmail for them to stop interfering
with the satellite.  [Source: Reuters item 28 Feb 1999, PGN-ed. (*)]

   [Several respondents remarked on this item, suggesting either that it
   was a hoax, or a very serious event that has been largely covered up.  PGN]

   [* For those of you who might ask, "PGN-ed" is a new verbal noun form (or,
   if you prefer, a nounal verb pun) implying that the item has been
   abstracted, summarized, or otherwise adapted for RISKS without violating
   any copyrights, that is, ``PGN-ed'', which is intended to be pronounced
   either as ``pee-gee-en'd'' or ``pee-gee-en-ed'', according to your verbal
   and nounal linguistic preferences, respectively.]

Software snafu slowed key data during Iraq raid

Fri, 26 Feb 1999 17:18:53 -0500
The U.S. Department of Defense is still studying the software glitch that
caused DOD's $184 million Global Transportation Network (GTN) to have up to
eight-hour delays in the availability of updated worldwide logistics
information during the December 1999 Desert Fox bombing operations, despite
GTN having being designed to provide updates worldwide within 30 seconds.
GTN has 23 interfaces with other systems.  [Source: Article by Daniel
Verton (, Federal Computer Week, week of 22 Feb 1999.]
  [Reference added in archive copy.  PGN]

Schwab Squab Swabbed

"Peter G. Neumann" <>
Mon, 1 Mar 99 15:12:06 PST
Charles Schwab & Co's electronic brokerage Website and Street Smart computer
system were off the air for an hour and one-half, beginning 5 minutes after
trading opened on the NYSE on 24 Feb 1999.  The outage was the result of a
software upgrade to hook in a new mainframe system in Phoenix, which failed
to take flight.  This follows failures of other on-line brokerage systems
(E-Trade, Waterhouse, Ameritrade, and Datek) in recent weeks.  I guess the
market pressures are too great for anyone to take the time to do it right.
[Source: *San Francisco Chronicle*, 25 Feb 1999, B1.  PGN-ed.  However, the
fledgling Phoenix system eventually rose from its ashes.  Pigeon pennies,

Errant police computer wakes hundreds of Texans

"Keith A Rhodes" <>
Fri, 26 Feb 1999 08:16:39 -0500
A police computer in Fort Worth TX made 1,300 phone calls to invite
residents to a police community forum — beginning at 3 a.m. Sunday morning,
instead of during the day.  [Source: Reuters item 25 Feb 1999, PGN-ed.  At
least 400 people answered, and heard the programmed caller identified as
"reverse 911" — which sounds like "YOU ARE IN TROUBLE" rather than "I AM IN

Mobile phones cause memory loss

Martin Minow <>
Mon, 1 Mar 1999 16:20:38 -0800

Today's [London] *Daily Mail* reports that mobile phones cause memory loss.
This link was demonstrated by a hospital in Bristol, which attached
transmitters to the heads of volunteers, some with microwaves, others with
none.  On subsequent tests of mental acuity, the radiated patients did
significantly worse than the rest.  [Presumably relative to their previous
behavior.  The report is rather vague.  PGN-ed]

Doctors to perform surgery over next-generation Internet

"Keith A Rhodes" <>
Wed, 24 Feb 1999 11:08:44 -0500
The $500M Abilene Network is planned as a 2.4 gigabit/sec link among a few
dozen research universities.  To demonstrate this, a doctor in Washington
DC's Union Station will work with a surgical team at Ohio State performing
laparoscopic surgery on a volunteer patient suffering from a
gastrointestinal disorder [an Internaut? seeking gut reactions?].  [Source:
Article by Ted Bridis, Associated Press, 23 Feb 1999, PGN Abstracting]

[Plans for live surgery rather than just remote advice are in the offing.
<Pun NOT INTENDED.> Hopefully, by then the reliability, security, and
general availability of networked systems will have improved sufficiently
that would avoid risks of computer and network outages during open-brain
surgery.  PGN] (Stephen Wolff of Cisco Systems Inc. was quoted as asking one
of the RISKS-related questions that comes to mind: "Can a surgery and
multiplayer Doom coexist on a network?"  [Cisco supplied about $5 million
worth of high-tech network equipment for Abilene.]

[NOTE: They never discuss the stability of the network, do they? Why does
this article remind me of the Star Trek episode where Dr. McCoy is rewiring
Mr. Spock's brain? About half-way through the surgery — which McCoy had
described as "child's play" just prior to the commercial break — McCoy
starts to realize that he doesn't know what he's doing because the helmet
he's wearing with all the knowledge in it is starting to fail? Anyone should
be able to figure out when to launch the denial-of-service attack against
the remote connection.  Aren't there plenty of critical moments in just
routine surgery? In this case, there's a world-class specialist helping out
a not-so-world-class specialist, because the surgery is important for some
reason. A bunch of untraceable broken packets have no place in delicate
vascular surgery. KAR]

  [Archive copy corrected to Abilene.  PGN]

Digital broadcasting could hit cardiac monitoring gear

Andrew Robert Mitchell <>
Fri, 26 Feb 1999 20:54:42 +1100
[Source: ABC News Australia,]

> Cardiac monitoring equipment in a number of Australian hospitals is at
> risk of malfunctioning due to digital broadcasting interference.
> Melbourne's Epworth Hospital claims heart patients were put at risk
> recently because a television station was given the same digital channel
> it uses to monitor heart patients.  The hospital was unaware Channel Seven
> had been sold a licence to use part of the spectrum for tests ahead of
> digital broadcasting.

The risk is obvious: 

Computer system results in errors in patient medical records

"Edelson, Doneel" <>
Fri, 26 Feb 1999 12:26:31 -0500
Vancouver Hospital installed a new computer system in mid 1997 that sends
pathology reports on-line to the attending physicians.  However, the
software did not automatically update the patients' charts (unless staff
members used a special code, which apparently they usually did not),
significantly delaying treatments and discharges, and increasing costs.
[From Leonard Lee's Glitches of the week, Newsbytes News Network
<>, 24 Feb 1999, PGN-ed]
  ["Leonard Lee is a nationally recognized consultant and frequent speaker
  on computer errors.  Readers are encouraged to e-mail news clippings of
  interesting computer glitches at

Pentium III serial number is soft-switchable after all

"Peter G. Neumann" <>
Mon, 1 Mar 99 15:17:47 PST
After all the fuss about the risks of the Pentium III unique serial number,
and Intel's claim that it can be permanently masked, a report from the
German C't News says that despite Intel's claims, the ability to read the
serial number can be turned on and off remotely under software control,
without the user's knowledge.  The trick uses only documented features.
[Source: Christian Persson, *Computer Technology*, c't news, translated by
Juergen Kuri, dated 24 Feb 1999, also noted by Leander Kahney in Wired News,
23 Feb 1999 [note the time difference; c't article preceded Wired], .  PGN

Limiting liability for Y2K breakdowns

Edupage Editors <>
Thu, 25 Feb 1999 13:35:16 -0500 (EST)
A bipartisan group in the U.S. House of Representatives has introduced
legislation that would limit litigation, lawyers' fees, and damages caused
by Y2K-related computer breakdowns.  Supporters of the bill claim that it
would help avert Year 2000 problems, since the legislation would protect
only those businesses and individuals who take reasonable actions to prevent
them from occurring.  (*The New York Times*, 24 Feb 1999, Edupage, 25
February 1999) [CA, FL, GA, HA, NV, and VA have already passed such laws.
31 other states are considering such legislation.  There are of course also
risks of this making the situation worse as well.  PGN]

CIA predicts serious Y2K problems around the globe

"Keith A Rhodes" <>
Thu, 25 Feb 1999 09:12:16 -0500
Amidst all the discussion of possible Y2K effects is the issue of foreign
government preparedness.  Air Force Gen. John Gordon, deputy director of the
CIA, appeared at a hearing of the Senate Armed Services Committee and
testified that other countries (including Russia) are far behind in
preparing for possible crises, noting in particular breakdowns in nuclear
reactors and strategic missile systems, midwinter power outages and
disruptions in world trade and oil shipments.  However, he discounted the
possibility of accidentally missile launches due to Y2K.  But he did add
that malfunctions in temperature and humidity monitors could lead to
incorrect information.  He said that China will probably experience failures
in key sectors such as telecommunications, electric power and banking.
[Source: AP item by Jim Abrams, 25 Feb 1999, PGN Abstracting]

Y2K Test Fine Test Data Causes Problem (via Dave Farber)

Barry Frankel <>
Sat, 27 Feb 1999 09:19:42 -0500
Last October, PSE&G sent incorrect bills to 61,000 of their customers as a
result of an operator error.  Subsequent to testing their billing system for
Y2K compliance, the residues from the test data were not properly removed,
resulting in erroneous statements of past payments and amount owed.
However, this error was announced only recently.  [Source: New Jersey
Online, *The Times* (Mercer County, NJ); this item has been PGN-ed from .]

Self-inflicted single point of failure

Malcolm Pack <>
Mon, 22 Feb 1999 06:51:30 GMT
At approximately 04:10 on Sunday 21 Feb 1999, a transatlantic communications
link belonging to Teleglobe developed a fault. By 19:30 that evening the
fault (whatever it was) was repaired. In the interim period, almost all
Internet connectivity, both within and outside the UK, was lost to customers
of Teleglobe, of one of its major partners (and my main ISP) Cable Internet,
and other ISPs taking their feeds from these two companies, including many
of the UK's new "free" services such as Telinco and Aardvaak.

The situation was compounded by a mail server upgrade which Cable Internet
started at 4am, as part of which *all* routes and DNS caching were
reset. With no easy path to other countries, routers failed to discover new
routes and DNS lookups failed consistently.

I have access to another free ISP apparently unaffected by the cable outage;
but found it too slow to be of any use. That this was caused by increased
traffic as new routes were found, and increased logging-in by users
abandoning their primary ISPs, is mere speculation; but my son had to do
without a better translation than the one I could offer of a key passage in
"Le Roman de la Rose" because of timeouts on many search engines and their

All this is normal fare for the Internet. It is a non-guaranteed service,
after all. That there were no backup routes in place even 12 hours after the
failure is annoying, but I await an explanation of this from Cable Internet.

I was more bemused by the number of people posting messages on Cable
Internet's support newsgroup complaining that they were unable to run their
Internet-reliant businesses because of Cable Internet's failure to provide a
backup service. Naturally, not one of them had made his or her own provision
for a backup by using another ISP.

What this all says about single points of failure is self-evident.

Malcolm Pack <>

Rhode Islander sentenced for hacking

"Peter G. Neumann" <>
Tue, 23 Feb 99 18:14:24 EST
Sean Trifero was sentenced to one year in prison by a U.S. District Judge
for intentionally damaging computer systems (Harvard, Amherst, a Florida
ISP, and Alliant Technologies, including planting sniffers and denial-of-
service attacks) and unauthorizedly accessing others (Arctic Slope Regional
Corp. and Barrows Cable, Alaska), three years subsequent probation, 150
hours of community service, and $31,650 restitution.  [Source: PRNewswire,
23 Feb 1999]


Andrew Koenig <>
Fri, 26 Feb 1999 11:08:01 -0500 (EST)
Recently, my wife and I ordered a bunch of tableware from a local
jewelry-and-china-and-crystal store.  Because of our slightly unusual taste,
we had the honor of being the first customers ever to order some of those
items, which meant that the store had no entries in their database for them.
They therefore separated our order into two orders, one for the items that
their database knew about, and the other for the new ones.  Because there
were two orders, there were two charge tickets.

Four days later, after we had finished dinner in a restaurant, and half an
hour before curtain time for the play we were about to see, our waiter
informed us that he had put our credit card through the machine twice, that
it had been declined twice, and that he could call them and talk to them if
we liked.  The ensuing confusion, which took long enough to clear up that we
came within eight minutes of missing our play, involved not only our waiter
but the restaurant manager, who said that the credit card people had
eventually approved the purchase, but that we were to call them at our
earliest convenience.

The problem, of course, was that two purchases in rapid succession at a
jewelry store had tripped the credit card company's fraud detectors, so they
wanted to be sure that we were still in possession of the card and that we
had actually made those purchases.  They had been meaning to call us, but
hadn't gotten around to it yet.

The risk?  Expert-system profilers are adding all kinds of unwritten
rules to our lives, with various kinds of inconvenience and harassment
as the penalty for violating them.

Andrew Koenig,,

Re: Store Baelt Bridge not Y2K safe (Weber-Wulff, Risks-20.22)

Mark Brader <>
Sun, 28 Feb 1999 22:48:55 -0500 (EST)
Not quite right.  The west half of the Storebaelt crossing consists of a
side-by-side road and rail bridge, but the east half has a separate road
bridge while the railway uses a tunnel.  It's the east bridge that opened
last year; the railway (which is presumably the part with a Y2K problem)
opened in April 1997 to freight and June 1997 to passenger trains.

See <> for a description
of the crossing in English.  (However, it never had the world's longest
main span, as claimed; the Akashi-Kaikyo Bridge in Japan is longer and
opened a month or two earlier.)

Mark Brader, Toronto,

Re: Store Baelt Bridge not Y2K-safe (Weber-Wulff, RISKS-20.22)

Chris Bagge <>
Mon, 22 Feb 1999 11:14:14 +0100
The problem is mainly not with the bridge, but with the double train-tunnel
running in parallel. This tunnel was heavily delayed during construction,
due to 'the-fault-that-cannot occur', as both tunnel were flooded!

The only limit on the road bridge would be the toll-gates, and there is a
fast (and cheap :-)) solution to that problem.


Chris Bagge

Computers, Freedom, and Privacy, 6-8 April 1999, Washington, DC

Dave Banisar <>
Sat, 20 Feb 1999 15:01:54 -0500
Register now for the cyber event of the year (

                    COMPUTERS, FREEDOM, AND PRIVACY:
                          THE GLOBAL INTERNET

                             WASHINGTON, DC
                          Omni Shoreham Hotel
                            April 6-8, 1999

For almost a decade, the conference on Computers, Freedom and Privacy has
shaped the public debate on the future of privacy and freedom in the online
world. Register now for the number one Internet policy conference. Join a
diverse audience from government, industry, academics, the non-profit
sector, the hacker community and the media. Enjoy the U.S. Capital in the
Spring at one of Washington's premier hotels.

* Keynote speakers include Tim Berners-Lee (Director, World Wide Web
  Consortium), Vint Cerf (President, Internet Society), Congressman Ed
  Markey (sponsor of "The Electronic Bill of Rights Act"), Congressman Ron
  Paul (sponsor of the Freedom and Privacy Restoration Act), Henrikas
  Yushkiavitshus (Associate Director, UNESCO)

* Lively and thought-provoking panels on — "the Creation of a Global
  Surveillance Network," "Access and Equity on the Global Internet,"
  "Anonymity and Identity in Cyberspace," "Free Speech and Cyber
  Censorship," "Is Escrow Dead? And what is Wassenaar?", "Self-Regulation
  Reconsidered" and more

* Tutorials — "The Electronic Communications Privacy Act" (Mark
  Eckenwiler); "Cryptography: Basic Overview & Nontraditional Uses" (Matt
  Blaze and Phil Zimmermann), "Free Speech, The Constitution and Privacy in
  Cyberspace" (Mike Godwin), "Techniques for Circumventing Internet
  Censorship" (Bennett Haselton and Brian Ristuccia)

Early Registration Deadline - March 15, 1999
Register on-line at or
call +1 407 628 3602.  Registration inquiries may also be sent to

For more information about CFP99, visit or call +1 401 628 3186

            Sponsored by the Association for Computing Machinery

David Banisar (, Electronic Privacy Information Center,
666 Pennsylvania Ave, SE, Suite 301 Washington, DC 20003

IEEE Security and Privacy Symposium, 9-12 May 1999

Jon Millen <>
Mon, 01 Mar 1999 09:54:36 -0800
                 1999 IEEE Symposium on Security and Privacy
                       Special 20th Anniversary Program

                               9-12 May 1999
                            The Claremont Resort
                            Berkeley, California
     Sponsored by the IEEE Technical Committee on Security and Privacy
  In cooperation with the International Association of Cryptologic Research

                            Symposium Committee:
                         John McLean, General Chair
                         Jonathan Millen, Vice Chair
                           Li Gong, Program Co-Chair
                      Michael Reiter, Program Co-Chair

Advance registration deadline 5 Apr 1999.
Abridged for RISKS.  Full registration info:

                            PRELIMINARY PROGRAM
Monday, May 10, 1999
8:45am-9:00am Welcome: Chairs
9:00am-10:30am Systems, Session Chair: Roger Needham, Microsoft Research

Hardening COTS software with generic software wrappers
    Timothy Fraser, Lee Badger, Mark Feldman
    TIS Labs at Network Associates, Inc.

Firmato: A novel firewall management toolkit
    Yair Bartal, Alain Mayer, Kobbi Nissim, Avishai Wool, Lucent Bell Labs

Flexible policy-directed code safety, David Evans, Andrew Twyman, MIT

11:00am-12:00pm Policy, Session Chair: Ravi Sandhu, George Mason University

Local reconfiguration policies
    Jonathan K. Millen, SRI International

A modular, user-centered authorization service built on an RBAC foundation
    Mary Ellen Zurko, Richard T. Simon, Tom Sanfilippo, Iris Associates

12:00pm-12:30pm Surprise

2:00pm-3:00pm Verification, Session Chair: John Mitchell, Stanford University

Secure communications processing for distributed languages
    Martin Abadi, Cedric Fournet, Georges Gonthier
    Compaq Systems Research Center, Microsoft Research, and INRIA

Verification of control flow based security policies
    T. Jensen, D. Le Metayer, T. Thorn

3:30pm-5:00pm Panel Discussion
Brief History of Twenty Years of Computer Security Research
  Panel Chair: Teresa Lunt, Xerox PARC

        G.R. Blakley, Texas A&M University
          20 years of cryptography
        Virgil Gligor, U Maryland
          20 years of operating system security (Unix as one focus)
        Steve Lipner, MITRETEK
          20 years of criteria development/commercial technology
        Jonathan K. Millen, SRI International
          20 years of covert channel modeling and analysis
        John McLean, NRL
          20 years of formal methods
        Steve Kent BBN/GTE
          20 years of network security

Tuesday, May 11, 1999
9:00am-10:30am Intrusion Detection
    Session Chair: Cynthia Irvine, Naval Postgraduate School

A data mining framework for building intrusion detection models
    Wenke Lee, Sal Stolfo, Kui Mok, Columbia University

Detecting intrusions using system calls:  Alternative data models
    Christina Warrender, Stephanie Forrest, Barak Pearlmutter
    University of New Mexico

Detecting computer and network misuse through the production-based
  expert system toolset (P-BEST)
    Ulf Lindqvist, Phillip A. Porras, SRI International

11:00am-12:30pm Panel 2
Near Misses and Hidden Treasures in Early Computer Security Research
  Panel Chair: Stan Ames, MITRE
  Panelists: Tom Berson, Anagram Labs and Xerox PARC
             Marv Schaefer, Arca
             Dick Kemmerer, UC Santa Barbara

2:00pm-3:30pm Information Flow
    Session Chair: John McHugh, Portland State University
A multi-threading architecture for multilevel secure transaction processing
    Haruna Isa, William R. Shockley, Cynthia E. Irvine
    U.S. Navy, Cyberscape Computer Services, and Naval Postgraduate School

Specification and enforcement of classification and inference constraints
    Steven Dawson, Sabrina De Capitani di Vimercati, Pierangela Samarati
    SRI International and University of Milan

A test for non-disclosure in security level translations
    David Rosenthal, Francis Fung
    Odyssey Research Associates

4:00-5:30pm Work-In-Progress (5-minute Presentations)
    Session Chair: Heather Hinton, Ryerson Polytechnic University

Wednesday, May 12, 1999
9:00am-10:00am Authentication and Key Exchange
    Session Chair: Dieter Gollmann, Microsoft Research

Software smart cards via cryptographic camouflage
    D. Hoover, B. N. Kausik, Arcot Systems

Analysis of the internet key exchange protocol using the NRL protocol analyzer
    Catherine Meadows, Naval Research Laboratory

10:30am-12:00pm. Panel Discussion
Time Capsule — Twenty Years From Now
  Panel Chair: Michael Reiter, Lucent Bell Labs
        Mark Weiser, Xerox PARC, Future of computing
        Roger Needham, Microsoft Research,  Cambridge
          Future of hardware technology
        Howard Shrobe, MIT AI Lab, Future of software technology
    Hilarie Orman, DARPA, Future of networking
        Brian Snow, National Security Agency, Future of Security

USENIX Workshop on Smartcard Technology, 10-11 May 1999

Jennifer Radtke <jennifer@usenix.ORG>
Sat, 27 Feb 1999 00:14:52 GMT
10-11 May 1999, McCormick Place South, Chicago, Illinois, USA
For Researchers, Product Developers and Smart Card Deployers
Review the full program and register online at
Save when registering before Friday, April 16, 1999

'99 USENIX Technical Conference, 6-11 June, Monterey CA

Jennifer Radtke <jennifer@usenix.ORG>
Mon, 1 Mar 1999 23:40:46 GMT
A conference by and for programmers, developers, and system
administrators working in advanced systems and software.

June 6-11, 1999, Monterey, California
FREENIX TRACK--Quality Technical Forum Devoted To Open Source Software.
John Ousterhout, creator of Tcl/Tk, will focus his keynote on a
fundamental shift in software development to integration applications.

FastAbstracts at FTCS29, 15-18 Jun 1999

Chuck Weinstock <>
Tue, 23 Feb 1999 16:52:11 -0500
The Fault-Tolerant Computing Symposium is being held in Madison
Wisconsin, 15-18 Jun 1999.

Continuing a new tradition at FTCS, we are pleased to announce the
FastAbstracts session. FastAbstracts are intended as a mechanism to:

- report on current work that may or may not be complete
- introduce new ideas to the community
- state positions on controversial issues ("Outrageous Opinions")

Participants in this session will present a short talk (5 to 8 minutes
including 1 minute for questions), and publish a concise and succinct
(two pages) abstract in a printed proceedings. A web version of the
abstract will also be available on the FTCS website.

Full details regarding FTCS and the FastAbstracts submisson process are
available at <>.

Chuck Weinstock, FastAbstracts Chair, FTCS-29

Please report problems with the web pages to the maintainer