The RISKS Digest
Volume 20 Issue 76

Sunday, 23rd January 2000

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o The Net enables a Farther Confessor Website
o U.S. National Archives loses 43K e-mail messages
Jeremy Epstein
o Rhode Island computer arrested innocents
David Mediavilla Ezquibela
Mark Richards
o Hackers steal passwords, cause havoc
o Bug lists babies as aged 100
Brian Randell
o Y2K and satellite orbit predictor software
Erling Kristiansen
o Y2K Problems with Flight Sim 2000 Professional Edition?
David H Smith
o U.S. removes most restrictions on encryption software
o Re: British Visa source-code compromised
G Bell
o Re: Woman ordered to pay back four pence
G Bell
o Re: Lookout Outlook!
Dan Franklin
Laura Stinson
o Here's an update to the simulated Kangaroos story
Walter and Paul Mallory via Paul Green
o Computers, Freedom & Privacy 2000 Advance Program
o 2000 IEEE Symposium on Security and Privacy
o Info on RISKS (comp.risks)

The Net enables a Farther Confessor Website

"Peter G. Neumann" <>
Fri, 21 Jan 2000 07:23:17 -0800 (PST)
There are plenty of opportunities for sin on the Internet, but precious few
sources of absolution.  So today, Britain's only Christian radio station
launches an online "confession box" for sinful surfers who feel the need to
repent.  The website, allows users to file their
wrongdoings - in return for a comforting Bible text.  The automated response
will not reflect the gravity of the offence: coveting thy neighbour's wife
and throttling thy neighbour's tearaway teenage son elicit similarly
sympathetic passages.  They see a series of contemplative texts and then a
page offering the chance to type out a confession.  They are reassured with
the message: "All you type remains on your computer and will not be
transmitted in any way to anyone else.  This is between you and God and your
privacy is respected."  [Source: *The Guardian* online, 21 Jan 2000]

U.S. National Archives loses 43K e-mail messages

Jeremy Epstein <>
Tue, 18 Jan 2000 15:32:11 -0500 (EST)
*The Washington Post*, 6 Jan 2000, reported that the National Archives lost
an estimated 43,000 e-mail messages (the number is a guess based on the
number of users).  The backup system also failed: the contractor was not
doing as instructed (according to the Archives).  The audit log, which might
have shed light, had been turned off because it reduced performance.

The Assistant Archivist says that they've improved the backup system now,
but "the safest way to save important messages is to print them out".
Hurrah for the paperless office!

RISKS: What good are backups & audits if they're not used correctly?

Full article at

Rhode Island computer arrested innocents

<David Mediavilla Ezquibela>
Thu, 20 Jan 2000 01:45:48 -0800 (PST)
According to Noticias Intercom (in Spanish)
quoting *Providence Journal*, the Rhode Island police have stopped arresting
people, because they found that their new system Justice Link asked them to
arrest eight innocent people.  Justice Link is made by Oracle and Systems &
Computer Technology Corp. Developers found 350 bugs to trigger detention.

Rhode Island computer arrested innocents

"Richards, Mark" <>
Thu, 20 Jan 2000 17:47:32 -0500

The risk is that the innocent victim argues with the police and ends up
dead ... or worse, is beaten, thrown before a judge and falsely convicted.

Makes the prospect of encountering criminals a safer bet than a drive
through Rhode Island.

The part of this that really gets my ire: "We knew we had bad data in the
old warrant system," Harrall said. He added that neither Oracle nor SCT are
at fault, instead attributing a large part of the problem to a rush to get
the system up and running to meet a Y2K deadline.  "I will not hang those on
the vendor," Harrall said.

Thanks for hanging it on the innocent public, instead.

Hackers steal passwords, cause havoc

"NewsScan" <>
Wed, 12 Jan 2000 10:15:58 -0700
A 16-year-old hacker, one of a group calling themselves Global Hell,
infiltrated Pacific Bell's Internet service and lifted codes to the accounts
of 200,000 subscribers. When Eldorado, Calif., detectives checked his
bedroom last week, they found that he'd decrypted 63,000 of those accounts,
causing PacBell to advise those subscribers to change their passwords.
Authorities found the boy after he broke into the computers of an Eldorado
Hills Internet service provider and began bragging about his exploits in a
chat room. According to a sheriff's detective, the same teenager hacked into
26 other sites, including a master computing system at Harvard, before he
was arrested Dec. 14. Authorities expect to charge him with unlawful
computer access and grand theft next month. [Source: *Los Angeles Times*,
12 Jan 2000,;
NewsScan Daily, 12 Jan 2000]

Bug lists babies as aged 100

Brian Randell <>
Mon, 17 Jan 2000 15:11:39 +0000
Thousands of newborn babies have been listed officially as 100 years old.
Computers at English register offices are refusing to recognise the year as
2000 and are printing 1900 on birth certificates.  [...]
  [Source: The (London) *Times*, 17 Jan 2000; The full story is online at:]

Brian Randell, University of Newcastle, Newcastle upon Tyne, NE1 7RU, UK
+44 191 222 7923

Y2K and satellite orbit predictor software

Erling Kristiansen <>
Mon, 17 Jan 2000 16:18:31 +0100
A popular free-of-charge predictor for UNIX platforms, SatTrack V3.1,
went completely haywire.
On 7 Jan. it told me:
   Date: XXX -358Jan01    (I think the XXX should be the day of the week)
   UTC : -358-11:-32:-94
   Countdown to next pass: 657443 days 11 hours 32 minutes 10 seconds
      (this is rather precisely 1800 years)
   Satellite position: 0.0 deg lat. 0.0 deg. long. (does not move)

In all fairness, this version is a few years old; the latest version
comes at a cost, and is said to be Y2K compliant.

Another popular program, WinOrbit 3.5 for Windows 95/98 nearly got it right.
I found only one problem:
   If you want to print the prediction for several future passes, you get a
   pop-up on which you have to enter the starting time for the calculation.
   There is a "NOW" button that fills in this entry, giving the year as 00.
   00 means 1900 to the program.
   You can type 2000 instead of 00, and you get the correct results.
   Easy, once you know. But it took some time to first discover that the
   results were wrong, then figure out the work-around.

I am told that yet another predictor works fine in 2000, as long as you use
the orbit parameters, the so-called "2-line elements", from end 1999, but
goes wrong with parameters that have a year entry of 00. I haven't got the

Erling Kristiansen

Y2K Problems with Flight Sim 2000 Professional Edition?

David H Smith <>
Mon, 17 Jan 2000 10:58:36 +0000
I managed to get Microsoft Flight Sim 2000 Pro Edition for Xmas, great!
After installing I went to the Microsoft web site and found an update - of
course there was one - 9 megabytes in total. I downloaded it, installed it,
everything was fine.

A few days later I did my in-frequent disk cleanups, etc. I had not run
scandisk for ages so set it off. I was surprised when it announced that it
had found a bad file. The file was with one of the Flight Sim 2000 files,
and the problem was that it had an invalid date. This problem occurred with
all the Flight Sim 2000 files that had come as part of the update I had

Was it a Y2K problem? I'm not sure. Everything worked okay and McAfee Virus
Checker didn't complain about funny dates on the files. Of course, it could
have been a problem with the disk scan program.

Dave Smith

U.S. removes most restrictions on encryption software

"NewsScan" <>
Thu, 13 Jan 2000 09:17:28 -0700
Finally relenting to continued pressure from the technology industry, the
Clinton Administration has decided to remove virtually all restrictions on
the exportation of powerful data encryption software, and to require
companies to seek government permission only when they plan to sell the
technology to a foreign government or military organization. Companies will
still be prohibited from selling to seven nations thought to be supporting
terrorism: Iran, Iraq, Libya, Syria, Sudan, North Korea, and Cuba. Industry
leaders expect the decision to give a significant boost to the sale of U.S.
technology, and Novell chairman Eric Schmidt says it "clearly sets the stage
for the next big growth phase of the Internet." [AP/*San Jose Mercury News*,
13 Jan 2000;
NewsScan Daily, 13 Jan 2000]

  [Open-source software is apparently unrestricted.  PGN]

Re: British Visa source-code compromised (RISKS-20.75)

Tue, 18 Jan 2000 10:37:57 +1000
Before we all get too carried away about perceived risks, a few questions
need to be asked. In the interests of credibility, we should not fall into

As supposedly expert practitioners in computing related risks, we should be
sure we have established a logical thread before we reach conclusion. Other
wise we *risk* being classified with the boy who cried wolf, and thereby
exclude ourselves from contributing to improved security and risk

In the Visa case, what source code was *stolen*? It is extremely unlikely
that it was *the source code for the Visa card system* as stated! There is
no such thing. Like any system, it would consist of many source libraries,
each relating to different modules of the overall system.  So we should be
asking what source was copied?  (You can hardly say it was *stolen*, as that
would imply that it was taken away, leaving the rightful owner without
possession of the item of stolen property, and we all know that is not what
happens in such cases. In a shop like Visa, the code promotion system
maintains multiple copies in the migration libraries, so erasure of the sole
copy is highly unlikely)

Was it the card number validation module?  Perhaps part of staff payroll
processing? or Some CGI for their public web site? or Perhaps an in-house
written reporting tool?  Was it the current version, an old one, a
pre-production one, a half-tested development one?

As it appears that Visa is not stating what code was copied, it is rather
hard to support the assertion that their system was *compromised* in the
manner implied. And what is the basis for stating that *Visa seems to have
had no fall back plan*. What fallback is appropriate when source is
illicitly copied?  What is the threat we need to counter?

It all depends on what was copied.

Re: Woman ordered to pay back four pence (RISKS-20.75)

Tue, 18 Jan 2000 10:37:57 +1000
Not all billing systems write off *small debts*, or at least didn't always
do so.  When I left UK in 1981 after living and working there for a time, I
took with me my Barclay Visa card and used it for expenses as I took the
long route home to Australia via the US.  Naturally, it took a few months
for all my purchase charges to catch up with me.  (1981 was before
widespread on-line merchant transaction processing). Finally all the charges
were in and I paid out my statement by wire transfer from my Australian
bank. Of course I left it to the last minute to pay, and the payment got to
my Visa account a day or so late.

So, next month I received a statement with one line item - Credit Charges:
40pence (equiv $US.050), contained in an envelope bearing 85 pence in
postage.  At $A5 ($US3.00) in fees per wire transfer, I chose to ignore the
statement.  Next month, another statement for 40p.  And then another.  And
then nothing.  I presume I appeared on the delinquent debtors list for
recovery action and someone at Barclays then realised they had spent
PndsStg2.55 in postage while attempting to recover 40p from the other side
of the world!

Although I've been back to UK numerous times since (twice in the employ of a
Bank and carrying a Corporate Visa card), I do wonder what Barclay's
reaction would be if I ever applied for another card with them? Am I black
listed as a credit risk forever? Or maybe their system has been revamped a
few times since then and the delinquents list wasn't transferred across?

Re: Lookout Outlook! (RISKS 20.75)

Dan Franklin <>
Mon, 17 Jan 2000 11:15:02 -0500
> Viridian Curia Member Laura Stinson points out that people unwise enough
> to use "Microsoft Outlook" cannot read the entire "Manifesto of January 3,
> 2000."  That's because one line of the text happens to begin with the word
> "begin," followed by two spaces.  When Microsoft Outlook sees this, it
> interprets everything that follows as an attachment.

I tried this at work as soon as I heard about it.  Of 5 Outlook users
reporting back, 4 were indeed "blinded" - they did not see the line
beginning "begin" or any text thereafter.  One of them reported seeing an
attachment she could not open.

One user saw the whole test text with no problem.  He believes that the
difference is that he gets his mail from a Microsoft Exchange server rather
than directly (using IMAP?  I don't use Outlook so I don't know what the
other choices are).

So unfortunately, rather than giving a preferential advantage to those who
"spurn Microsoft products" as the original message suggests, this problem
may be taken as evidence that if you buy one Microsoft product, then (to
coin a phrase) you "gotta get them all!"

Dan Franklin, Comverse Network Systems

Re: Lookout Outlook! (RISKS 20.75)

"Laura Stinson" <>
Wed, 19 Jan 2000 21:34:29 -0700
  [Many of you wrote that you were unable to reproduce this problem.
  This item is in response to a message to Linda from Tom Neff...  PGN]

I found it running Outlook 98 on NT. Another person reports reproducing the
problem on Outlook Express 5 on NT, but NOT on Outlook Express 5 on NT,
Outlook 97 on NT, or Outlook Express 4.5 on MacOS. I don't know of any
reason why OS version (NT vs. 95/98/00) would make a difference, but who
knows what evil lurks in the relevant DLLs? Since neither Bruce nor
Microsoft are paying me to debug, I'm disinclined to investigate further.

Laura Stinson <>

FW: Here's an update to the simulated Kangaroos story (RISKS-20.47)

"Green, Paul" <>
Fri, 17 Dec 1999 11:42:47 -0500
  [Many of you have sent in the Kangaroo story that was excerpted from
  rec.humor.funny in RISKS-20.47.  This item from Paul Mallory was
  forwarded to RISKS by Paul Green.  PGN]

> Date sent:         Thu, 16 Dec 1999 15:49:34 +0000 (GMT)
> From:     (Walter Mallory)
> Subject:           (Fwd) Re: Probably should be in .software_eng,
> To:      
> Organization:      GEC Marconi Dynamics, Inc.
> Adrian Frith wrote:

> This sounds like an urban legend and when I first heard of it (as reported
> on the Defence Systems Daily web site).  I thought that it was until I
> read the correction story shortly afterward.  I have attached the
> correction below.  It is even weirder than the original.

> What those Killer Kangaroos really fired, 29 November 1999

> On Friday DSD told the story of the killer kangaroos. Now we know the
> truth. And it is even weirder: the kangaroos threw beach balls!

> Dr Anne-Marie Grisogono, Head, Simulation Land Operations Division at the
> Australian DSTO has told us what actually happened and we are delighted to
> set the record straight.

> "I related this story as part of a talk on Simulation for Defence, at the
> Australian Science Festival on May 6th in Canberra. The Armed
> Reconnaissance Helicopter mission simulators built by the Synthetic
> Environments Research Facility in Land Operations Division of DSTO, do
> indeed fly in a fairly high fidelity environment which is a 4000 sq km
> piece of real outback Australia around Katherine, built from elevation
> data, overlaid with aerial photographs and with 2.5 million realistic 3d
> trees placed in the terrain in those areas where the photographs indicated
> real trees actually exist.

> "For a bit of extra fun (and not for any strategic reason like kangaroos
> betraying your cover!) our programmers decided to put in a bit of animated
> wildlife.  Since ModSAF is our simulation tool, these were modeled on
> ModSAF's Stinger detachments so that the associated detection model could
> be used to determine when a helo approached, and the behaviour invoked by
> such contact was set to 'retreat'. Replace the visual model of the Stinger
> detachment in your stealth viewer with a visual model of a kangaroo (or
> buffalo...) and you have wildlife that moves away when approached. It is
> true that the first time this was tried in the lab, we discovered that we
> had forgotten to remove the weapons and the 'fire' behaviour.

> "It is NOT true that this happened in front of a bunch of visitors
> (American or any other flavour). We don't normally try things for the
> first time in front of an audience! What I didn't relate in the talk is
> that since we were not at that stage interested in weapons, we had not set
> any weapon or projectile types, so what the kangaroos fired at us was in
> fact the default object for the simulation, which happened to be large
> multicoloured beachballs.

> "I usually conclude the story by reassuring the audience that we have now
> disarmed the kangaroos and it is again safe to fly in Australia."
> Andy

Computers, Freedom & Privacy 2000 Advance Program

Sun, 9 Jan 2000 15:58:11 -0800 (PST)
The Tenth Conference on Computers, Freedom and Privacy (CFP2000)
April 4-7, 2000, Westin Habour Castle, Toronto, Ontario, Canada

For additional details and registration forms see

Featured speakers:
- Tim O'Reilly, founder and CEO of O'Reilly & Associates, Inc.,
  open source champion
- Neal Stephenson, author of Cryptonomicon, Snow Crash, The Diamond
  Age, and Zodiac: The Eco Thriller
- Austin Hill, co-founder and president of Zero-Knowledge Systems
- Duncan Campbell, freelance investigative journalist abd TV producer,
  discovered the existence of the ECHELON system
- Jessica Litman, Professor of Law at Wayne State University
- Whitfield Diffie, Distinguished Engineer at Sun Microsystems,
  co-inventor of public-key cryptography
- Steve Talbott, editor of the "NetFuture - Technology and Human
  Responsibility" online newsletter

Scholarships are available for students as well as law enforcement
officials, prosecutors, and criminal defense attorneys. Scholarships
cover conference registration, travel, and hotel expenses. Application
deadline: January 31. See


9 AM - 12:30 PM - Tutorials, Workshop on Freedom and Privacy by Design
- Constitutional Law in Cyberspace
- How Did We Get Where We Are: A Brief History of Privacy and
  Surveillance in the U.S.
- Intellectual Property

2 - 5:30 PM - Tutorials, Workshop on Freedom and Privacy by Design
- The Electronic Communications Privacy Act
- Everything You Need to Know to Argue About Cryptography
- Privacy Policies: Public Protection or Trojan Horse?

8 PM - Welcome Reception


8:45-9:30 AM - Opening Session - Keynote speaker: Austin Hill

9:30-10:45 AM - Domain Names Under ICANN: Technical Management or
  Policy Chokepoint

11:15 AM - 12:30 PM - New Justice Information Technologies: Does
  Existing Privacy Law Contemplate Their Capabilities?

12:30-2pm - Lunch - Luncheon speaker: Steve Talbott

2:15-3:30 PM - Security and Privacy in Broadband Internet Services

4-5:15 PM - Privacy Commissioners: Powermongers, Pragmatists or Patsies?

5:15-7:15 PM - The 2000 Orwell Awards and Reception

7:30-9:30 PM - Dinner - Dinner Speaker: Neal Stephenson

9:30 PM - midnight - BOFS


8:45-9:30 AM - Keynote speaker: Duncan Campbell

9:30-10:45 AM - Intellectual Property and the Digital Economy

11:15 AM - 12:30 PM - CFP2000 Hot Topics - TBA

12:30-2pm - Lunch - Luncheon speaker: Jessica Litman

2:15-3:30 PM - Parallel Sessions
- Free Expression v. Privacy
- Infomediaries and Negotiated Privacy
- Human Subjects Research in Cyberspace
- Network Society as Seen by Two European Underdogs
- The Media and Privacy

4-5:15 PM - "Who Am I and Who Says So?": Privacy and Consumer Issues
in Authentication

5:15-6 PM - Keynote Speaker: Tim O'Reilly

7:00 - EFF Pioneer Awards Reception

9:30 PM - midnight - BOFS


8:45-9:30 AM - Keynote speaker: TBA

9:30-10:45 AM - Internet Voting: Spurring or Corrupting Democracy

11:15 AM - 12:30 PM - Negotiating the Global Rating and Filtering
System: Views of the Bertelsmann Foundation's Self-regulation of
Internet Content Proposal

12:30-2pm - Lunch - Luncheon speaker: Whitfield Diffie

2:15-3:30 PM - Parallel Sessions
- Broadband and Speech
- Is Technology Neutral? Space, Time and the Biases of Communication
- Governance of the Internet
- Personal Data Privacy in the Pacific Rim
- Campaign Finance Law and Free Expression

4-5:15 PM - 10 Years of CFP: Looking Back, Looking Forward

2000 IEEE Symposium on Security and Privacy

"Peter G. Neumann" <>
Sat, 22 Jan 2000 11:54:26 PST
May 14-17, 2000, The Claremont Resort, Oakland, California

Sponsored by the IEEE Technical Committee on Security and Privacy
In cooperation with the International Association of Cryptologic Research

Jonathan Millen, General Chair; Li Gong, Vice Chair
Michael Reiter, Program Co-Chair; Roger Needham, Program Co-Chair

PRELIMINARY PROGRAM (Subject to Change) [Abridged for RISKS]

** Monday, 15 May 2000

 9:00-10:30 Access Control I

  Access Control Meets Public Key Infrastructure,
  Or: Assigning Roles to Strangers
  Amir Herzberg, Joris Mihaeli, Yosi Mass, Dalit Naor,
  Yiftach Ravid (IBM, Israel)

  A Security Infrastructure for Distributed Java Applications
  Dirk Balfanz (Princeton University, USA) and Drew Dean (Xerox PARC, USA)

  A Practically Implementable and Tractable Delegation Logic
  Ninghui Li, Benjamin Grosof (IBM T.J. Watson Research Center,
  USA), Joan Feigenbaum (AT&T Research, USA)

11:00-12:00 Applications of Cryptography

  Practical Techniques for Searches on Encrypted Data
  Dawn Song, David Wagner, Adrian Perrig (University of
  California, Berkeley, USA)

  Efficient Authentication and Signature of Multicast Streams
  over Lossy Channels
  Adrian Perrig, Dawn Song, Doug Tygar (University of California,
  Berkeley, USA), Ran Canetti (IBM T.J. Watson Research Center, USA)

 1:30- 3:00 Panel: Is privacy too costly to implement?
  Moderator: Cynthia Irvine, Tim Levin

 3:30- 5:00 Protocol Analysis and Design

  Searching for a Solution: Engineering Tradeoffs and the
  Evolution of Provably Secure Protocols
  John A Clark, Jeremy L Jacob (University of York, UK)

  Authentication Tests
  Joshua D. Guttman, F. Javier Thayer (MITRE, USA)

  Protocol-Independent Secrecy
  Jonathan Millen, Harald Ruess (SRI International, USA)

** Tuesday, 16 May 2000

 9:00-10:30 Panel: Does open source really improve system security?
  Moderator: Lee Badger

11:00-12:00 Intrusion Detection

  Using Conservation of Flow As a Security Mechanism in Network Protocols
  John R. Hughes, Tuomas Aura, Matt Bishop (University of
  California, Davis, USA)

  Logic Induction of Valid Behavior Specifications for Intrusion Detection
  Calvin Ko (NAI Labs)

 1:30- 3:00 Assurance

  Using Model Checking to Analyze Network Vulnerabilities
  Ronald W. Ritchey (Booz Allen & Hamilton, USA), Paul Ammann
  (George Mason University, USA)

  Verifying the EROS Confinement Mechanism
  Jonathan S. Shapiro, Samuel Weber (IBM T.J. Watson Research Center)

  Fang: A Firewall Analysis Engine
  Alain Mayer, Avishai Wool, Elisha Ziskind (Bell Labs, Lucent, USA)

 3:30- 5:00 5-minute presentations on developing research
    [Contact to propose a 5-minute talk.]

** Wednesday, 17 May 2000

 9:00-10:30 Key Management

  A More Efficient Use of Delta-CRLs
  David A. Cooper (National Institute of Standards and Technology, USA)

  An Efficient, Dynamic and Trust Preserving Public Key Infrastructure
  Albert Levi, M. Ufuk Caglayan (Oregon State University, USA)

  Kronos: A Scalable Group Re-keying approach for Secure Multicast
  Sanjeev Setia, Samir Koussih, Sushil Jajodia, Eric Harder
 (George Mason University, USA)

11:00-12:00 Access Control II

  LOMAC: Low Water-Mark Integrity Protection for COTS Environments
  Timothy Fraser (NAI Labs)

  IRM Enforcement of Java Stack Inspection
  Ulfar Erlingsson, Fred B. Schneider (Cornell University, USA)

Please report problems with the web pages to the maintainer