The RISKS Digest
Volume 20 Issue 24

Thursday, 11th March 1999

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Risks of testing a nuclear power plant for Y2K compliance
Robert Brill
ATC Equipment test almost causes landing collision in Australia
Pat Dirks
win9x instability?
Norman Choe
Outlook Express Date: parsing
Kenneth C. Dyke
Fonte des neiges
Bertrand Meyer
Risks of voice-recognition software
Chris Leeson
Rogue spelling checker at work
Andrew Koenig
Glitch opens jail cell doors
David Kennedy
Super Hornet
Italian hospitalized for hallucinations after Net surfing spree
Lloyd Wood
Damning critique of WIPO Internet domain name proposal
Lance J. Hoffman
Bringing Y2K fears to a new high — or low
Michael P. Gerlek
Regular break-ins at the Pentagon?
Martin Ward
Re: Remote surgery
Declan O'Kane
More on-line trauma
Re: Lack of Anonymity in Microsoft Word
Yvo Desmedt
Re: Write-protectable hard-drives
Richard Schroeppel
Networking'99--NetAdmins & SysAdmins Share Solutions
Workshop on Countering Cyber-Terrorism
Clifford Neuman
PDPTA'99 on Fault Tolerance and Reconfiguration in Distributed Systems
Pradip Srimani
Diego Latella
Info on RISKS (comp.risks)

Risks of testing a nuclear power plant for Y2K compliance

Robert Brill <>
Mon, 08 Mar 1999 16:20:22 -0500
Pennsylvania's Peach Bottom Atomic Power Station was subjected to detailed
software analyses and simulations to check Y2K compliance, and concluded
that everything would be OK.  However, when the clock was moved ahead, the
primary and backup monitoring systems crashed, every computer screen blanked
out, and forced manual procedures.  The cause was attributed to a technician
improperly setting the test clock.  The systems remained down for seven
hours.  ``Although the cause was human error, technology specialists say the
glitch here illustrates an unanticipated peril of the Year 2000 problem: As
computer systems that have been repaired are now being tested in live
conditions, inadvertent mistakes and undiscovered bugs can bring the
machines — and the organizations that rely on them — to a grinding halt.''
[Source: Rajiv Chandrasekaran, Big Glitch at Nuclear Plant Shows Perils of
Y2K Tests, *The Washington Post* A03, 7 Mar 1999.  PGN-ed]

ATC Equipment test almost causes landing collision in Australia

Pat Dirks <>
Mon, 8 Mar 1999 14:51:55 -0800
I snipped this item (A Pull-Up Down-Under) from AvWeb's AVflash.  It's a
weekly mailing of aviation-related items from AvWeb (

Controllers in Sydney, Australia last week during a temporary communications
outage (due to testing of new equipment) could only watch as a Boeing
747-400 with 220 passengers on final approach headed for a 36-seat Dash 8 on
the runway.  Fortunately, the 747 pilot (whose final clearance had not been
received due to the outage) pulled up at the last moment, missing the Dash
by 200 feet.  [Full story at;

Note from PWD: ordinary, internationally accepted rules prohibit landing
without an explicit clearance.  The Boeing 747 should not have landed but,
of course, it's only too easy to assume that, having gotten this far without
a word from the tower to the contrary, landing clearance had been granted.

In the event of communications failure (or to communicate with planes not
equipped with a radio) light signals are used from the control tower: a
red light is a signal NOT to land, so the tower reacted appropriately to
the situation.  A 747 pilot whose radios are in fine working order won't
be LOOKING for light signals from the tower, of course.

This does, indeed, sound like a close call and highlights the dangers of
working on or around complex systems that are in active use.

win9x instability?

Norman Choe <>
Thu, 4 Mar 1999 16:28:30 -0500
Computer Hangs After 49.7 Days

   The information in this article applies to:

       Microsoft Windows 95
       Microsoft Windows 95 OEM Service Release versions 2, 2.1, 2.5
       Microsoft Windows 98


   After 49.7 days of continuous operation, your Windows 95-based computer
   may stop responding (hang).


   There is a problem with the timing algorithm in the Vtdapi.vxd file.

(taken from

However, i would like to point out that Microsoft already has a good fix for
this... there's no way in hell any win 9x machine could possibly run for
that long without crashing ANYway, so this instability is purely

  [Intriguingly, there may be some evidence to the contrary!
  In December 1998, Ed Felten's testimony for the Justice Department
  indicated that during the previous seven months he had been running
  Windows 98 more or less uninterruptedly at Princeton, *after* removing
  Internet Explorer (using the program that he demonstrated to DoJ).
  He testified that there had been no unexplained crashes during that
  period.  Meanwhile, many other folks report that various windows versions
  typically require a reboot as often as every week or two.  Incidentally,
  the actual "hang-time" is roughly 49.710269 days, which corresponds to
  2^32 milliseconds.  This was noted by several correspondents, including
    Andrew Koenig <>, who asks,
      ``Isn't a 32-bit millisecond counter even sillier than a
      2-digit year counter?''
  Ah, yes.  I don't think I have mentioned Multics' 1965 choice of a 71-bit
  microsecond clock recently enough, so let me do it again.  A little bit
  of foresight (well, actually, quite a few bits) deserves some Y2Kudos.

Outlook Express Date: parsing

"Kenneth C. Dyke" <>
Sat, 6 Mar 99 00:12:23 -0800
Given that I typically sort my inbox based on Date Sent, with newer e-mail
at the top, it seemed odd to see messages showing up at the top of my list
with dates such as this:

Fri, Aug 1, 1919, 12:28 PM

Being curious, I took a look at the actual Date: line in the header:

Date: Sun, 4 Jan 2099 18:28:02 -0200

So, one obviously bogus date is somehow parsed to be in the future
(according to how it was sorted in the list), but is then displayed as
being 80 years old.

Sadly, this wasn't the only case I found.  I also had a piece of e-mail
with the following date header:

Date: 6/30/98 11:14:34 PM Pacific Daylight Time

Outlook Express displayed it as:

Mon, Jul 30, 2018, 3:14 AM

Interestingly, it displayed it *above* most of my other mail (which is dated
correctly from 1999), but *below* the bogus mail shown up above.

I suddenly have renewed faith in Microsoft's Y2K efforts.


Fonte des neiges

Sat, 6 Mar 1999 11:39:48 -0800
Here is a new, although perhaps unconscious, addition to the growing
practice of applying computer terminology to other walks (or in this case
runs) of life, as in "the economy needs rebooting".

If you go skiing at Mountain High in San Bernardino county, California, you
will see at the top of the main lift in the West Resort a sign stating
various regulations, ending (I swear I am not making this up) with the
following injunction in upper case:


As someone who frequently needs Unix fonts to match Windows ones, I knew
exactly what the rule would have been if this had been Zermatt: NO INVERTED

The possibilities for more such rules, in the PGN* style, appear almost
endless. I don't know if it was a result of the eth-Arial atmosphere up
there, but when running down the slopes I could think of quite a few, a
couple of which I am including here for fear of being PGNed**:

  - On the way down, don't be too Bold!

  - NEVER fall on your TypeFace. The Impact might make you
    look Comic (especially if it leaves you Sans your skis).

These are all Modern but, ever the Bookman, I had a few more literate ones,
from some older Century Schoolbook, such as:

  - When in Rome, ignore the rest of Italics: do as the Roman does.
    (Although at Times you should do as the New Roman.)

I hope this (delivered by Courier to the comp.risks Bookshelf) is a welcome
diversion from the usually more Aerial topics of comp.risks.

Oh, and for anyone who missed the profoundly subtle cross-linguistic Subject
header: Fonte is a translation of the English word "font" into French
computerese (replacing the proper French term), but also means, among other
things, melting, so that "fonte des neiges" is melting of the snows (thaw)
as well as font of the snows.

I still fear that the Moderator will have a few additions of his own, at
least if he remains True to Type — or is this just TrueType?.

* Puns Grossly Noxious
** Preempted Gracefully by Neumann

-- Bertrand Meyer
Interactive Software Engineering, Santa Barbara, <>
Melting *Ice* expert, see

  [I'm thawed of as very font of contributions such as Bertand's.
  'Snow joke.  (Are we playing Al-fonts and Gaston with E-le-fonts?)
  Merci!  Pierre/PGN]

Risks of voice-recognition software

"LEESON, Chris" <>
Thu, 11 Mar 1999 10:52:13 -0000
Quoted from an article appearing in the "Backbytes" section of Computing (11
March 1999); The article describes a demonstration of some voice-recognition

> A representative from the company was just about to start the
> demonstration and asked everyone in the room to be quiet.

> Just then someone in the back of the room yelled: 'Format c: Return".

> Someone else chimed in: "Yes, Return"

> Unfortunately the software worked!

I seem to remember someone in an earlier RISKS posting suggesting a similar
scenario using words (maliciously) planted into a music CD ("Delete my
files"/"Yes, I'm sure"). Unfortunately I cannot find the original posting.

  [RISKS-19.25 and 20.10 were recent item on this topic,
  although it has certainly been an ongoing theme...  PGN]

Rogue spelling checker at work

Andrew Koenig <>
Sun, 7 Mar 1999 13:01:31 -0500 (EST)
Headline from AP wire today:  ``Pope Beautifies 10 more''

Andrew Koenig,,

  [Papal ben-E-diction?  Vaticanonesses?  Vaticancan ladies?  PGN]

Glitch opens jail cell doors

David Kennedy CISSP <>
Wed, 03 Mar 1999 23:50:20 -0500
RISKS has reported numerous cases of prison doors opening or not opening
because of computer malfunctions.  In the latest episode, cell doors on the
ninth floor of the Kenton County Detention Center in Covington KY opened
spuriously and remained open for 9.5 hours, although the convicts were still
confined within a larger area.  [Source: The Cincinnati Enquirer, 3 Mar
PGN-ed.  Good case for layered security, domains of protection, etc.]

David Kennedy CISSP Director of Research Services ICSA Inc.

Super Hornet

"Peter G. Neumann" <>
Wed, 10 Mar 99 10:50:53 PST
*Defense Daily* (vol 201, no 43, page 1) reports that in a Senate hearing
Senator Chuck Robb (D-Virginia) raised the issue of obtaining an
unclassified version of a report on the Navy's Operational Test IIB of the
F/A-18E/F Super Hornet aircraft.  [In the absence of information (the Navy
has denied a FOIA request), it is not clear who may be getting stung by the
Hornet's performance (or lack thereof?).  PGN-ed]

Italian hospitalized for hallucinations after Net surfing spree

Lloyd Wood <>
Wed, 3 Mar 1999 13:22:14 +0000 (GMT)
An Italian man was diagnosed with ``acute Internet intoxication'' (including
delirium and mental confusion) attributed to his spending three straight
days surfing the Internet.  A psychiatrist in Rome suggested that this was
not unusual, believing that several hundred Romans were suffering as well.
He claimed most of those were around 30, single, educated, and with no prior
history of mental problems, all spending at least 10 hours a day on-line,
and he recommended keeping use under 5 to 6 hours a day.  That would seem to
put a lot of us at risk.

  [Lloyd forwarded a message to me from glen mccready <>
  to with the above Subject,
  reforwarding a copyrighted article from, 2 Mar 1999, that
  came via William Knowles <>.  As we approach April
  Fool's Day, it seems to be more difficult to separate the wheat from
  the chaff, as in the case of "Mobile phones cause memory loss" in
  RISKS-20.23, which is speculative at best.  I have adapted the nandotimes
  item for RISKS, although it falls in a similar category.  PGN-ed]

Damning critique of WIPO Internet domain name proposal

"Lance J. Hoffman" <hoffman@SEAS.GWU.EDU>
Sun, 07 Mar 1999 23:32:22 -0500
Just in time for the last public hearing this coming Wednesday (10 Mar 1999)
in Washington, law professor Michael Froomkin of the University of Miami has
issued on his web page a damning critique of the current domain name
proposal of the World Intellectual Property Organization.  I'll let his
paper speak for itself, but this issue is so important to the future of an
Internet-enhanced society that I urge wide circulation and reading of the
Froomkin critique before a grand disaster is set up by an organization with
tenuous legitimacy and experience in Internet-related matters, but with
plenty of baggage from the existing powers-that-be.  I've reproduced just
the opening part below, but URLs to more detailed arguments are given there.

From Froomkin's Web page (

  Major Flaws in the WIPO Domain Name Proposal — A Quick Guide
  A. Michael Froomkin, Professor of Law

Executive Summary

The World Intellectual Property Organization's plan to restructure the way
Internet domain names in .com, .net, and .org are assigned and adjudicated
is deeply flawed. The plan, contained in WIPO's "Interim Report" is designed
to solve problems caused when Internet domain names collide with trademarked
words. WIPO was asked to make suggestions for better dispute resolution, and
it claims to have produced a plan that creates no new rights for
intellectual property holders. In fact, however, the plan would impose
extensive Alternate Dispute Resolution on all domain name registrants
accused of infringing of any type of intellectual property with their

The WIPO plan's flaws include:

* Bias. The plan is biased in favor of trademark holders
* Enabling censorship. The WIPO plan fails to protect fundamental
  free-speech interests including parody, and criticism of corporations;
* Zero Privacy. The WIPO plan provides zero privacy protections for the
  name, address and phone number of individual registrants
* Intimidation. The WIPO plan creates an expensive loser-pays arbitration
  process with uncertain rules that will intimidate persons who have
  registered into surrendering valid registrations
* Tilts the playing field. The WIPO plan would always allow challengers
  to domain names registrations to appeal to a court, but would often deny
  this privilege to the original registrant
* Smorgasbord approach to law. Instead of directing arbitrators to apply
  applicable law, WIPO proposes using additional, different, rules it
  selected-rules that will often disadvantage registrants.

A brief memo explaining these points follows. A more detailed, 50-page
version, is also available in various file formats from .  This paper also proposes an alternate,
fairer, reform plan.

The key elements of the simpler reform plan are:

* Reduce speculative registration: Require advance payment before
* Penalize false contact details: De-register domains with fake contact
* Consider creating special rules to penalize large-scale domain speculation
* Trust courts to continue to clarify relevant law
* Understand that rapid changes in technology may make domain names less
* Create differentiated commercial and non-commercial top-level domains

Lance J. Hoffman, Director, Cyberspace Policy Institute, Professor EECS
The George Washington University, Washington DC 20052.  Phone (202) 994-5513

Bringing Y2K fears to a new high — or low

"Michael P. Gerlek" <>
Tue, 09 Mar 1999 08:18:00 -0800
From this week's *Infoworld*, in an article entitled 'Planning Beyond
Y2K Disruptions':

  "People act on fear a lot, and in fear there may be a
  financial impact.  We don't want people going and buying
  generators when they should be out buying jeans."
     — Director of the Year-2000 project for Levi Strauss

While this does make some sense from a purely business perspective, that it
nonetheless is reaching anyone's radar screen makes me a lot more nervous
about people reacting to Y2K fears than I am about Y2K itself.

Michael P. Gerlek /

Regular break-ins at the Pentagon?

Martin Ward <Martin.Ward@SMLtd.Com>
Mon, 8 Mar 1999 10:33:08 GMT
A report from Edupage:
> The Pentagon says that defense analysts have successfully thwarted new and
> recent attempts to break into open Pentagon networks on the Internet.  A
> Pentagon spokesman admits, "There are literally hundreds of attempts weekly
> to break into the computers.  It's a constant because there's a certain
> cachet to getting into the Pentagon system."  The Department of Defense
> insists that 99.95% of hacking attempts fail to penetrate beyond the open
> networks and pose no national security threat.  (*The New York Times*,
> 5 Mar 1999)

So there are hundreds of attempts per week and 99.95% of them fail.  Let's
assume about 200 attempts per week.  That means, by my calculations, there
are about five *successful* attempts to break in to Pentagon systems every

Sometimes, 99.95% success just isn't good enough.  Erdos number: 4
Maintainer of the G.K.Chesterton web site:

  [Amazingly, Prentiss Riddle <> came up with EXACTLY
  the same numbers and the same conclusion.  Unfortunately, the standard
  response seems to be to "blame the hackers" (e.g., Cloverdale) rather than
  to strive for systems that are significantly more secure!  PGN]

Re: Remote surgery (Rhodes, RISKS-20.23)

"Dr Declan O'Kane" <>
Wed, 3 Mar 1999 17:57:54 -0000
One issue with surgery-by-wire is that who is legally accountable if a
viscus is accidentally perforated or an artery accidentally cut ? Will
surgeons blame their  network connections ? Will we see Dr X and a Network
company being sued for medical malpractice ?

I would feel far more comfortable with an average surgeon with his/her hands
inside me than an expert at the end of a long wire ! Another example of
technology looking for an application.

Declan O'Kane MRCP(UK)

More on-line trauma

Thu, 4 Mar 1999 19:28:20 EST
I had an interesting experience happen to me that shook the foundations of
my trust in my online experience.

I'm an AOL user. (Now before my elitist compatriots cry out - I have been on
the internet from the days of FTP and gopher - local access #s make AOL
convenient).  I recently logged on to find a message in my in-box titled
"requested info"; expecting another spam, I was surprised to find one word
in its contents - my password.  Yes - access to online banking, funds,
accounts, e-zines, and so on.  The return address was an AOL domain.  Less
than a minute after opening the message, I was "Instant Messaged" by someone
("Bob SiteOp") claiming to be an AOL employee, asking whether I received the
"requested info" message, and asking me to repeat its contents.  Of course,
I didn't bite (or should that be byte?).

After a few phone calls and messages to AOL to report the matter, most of
the front line phone attendants would either chalk it up to a virus/trojan
horse, or claim that the situation I described was impossible — "AOL
doesn't keep passwords on a file".  yeah.  I finally clamored enough to get
a supervisor that recognized the seriousness of the situation.  Haven't
heard a thing since she took the info and promised to followup.

A couple of points here; clearly - a serious breach of AOL security took
place; I've narrowed it down to their Instant Messaging 3rd party software,
and an auto attendant mail feature.  The person who instant messaged me was
clearly in on this scam, and operates on the net out of small business in
New Jersey (either legitimately or illegitimately).  Unfortunately, since
AOL doesn't have "standardized" id (or screen) names (or a way of
authenticating who is at the other end), from that point on I was very
uncomfortable messaging ANYONE - AOL or not --- who do you really know who
you are talking to?  Switching to the phone, I thought, would alleviate that
fear.  But after a few calls, subsequent AOL employees would tell me that
the prior employees I spoke to couldn't have been employees (based on the
name I was given), or were at least not giving me correct information.  A
slippery slope of trust — who DO YOU believe?

In the meantime, I've changed my  passwords (regularly),  "Bob Siteop"
continues to prowl the electronic alleys for prey,  and I've become one
computer professional that is beginning to ask himself "what have we

Re: Lack of Anonymity in Microsoft Word

Yvo Desmedt <>
Thu, 11 Mar 1999 18:48:41 +0900 (JST)
You probably heard that Microsoft Word adds information in the document that
can uniquely identify the author, see e.g.:

At the 1996 Information Hiding workshop, I predicted such a danger.  See the
second paragraph of Section 3 "Covert identification" starting with "First,
any technique using covert channels ..." in the paper


which is available from

I welcome any comments.  Yvo

Re: Write-protectable hard-drives (Cargill, RISKS-20.21)

Richard Schroeppel <>
Wed, 3 Mar 1999 08:52:36 -0700 (MST)
A write protect button-toggle-switch was standard on disk drives for the
(c. 1975) Digital PDP10 systems.  The switch prevented the disk write-head
from carrying current.  The TOPS-10 operating system supported the feature,
allowing the operator to declare drives read-only, or change the software
setting.  The OS couldn't read the physical switch, and could be confused by
operator error: if a drive was physically read-only, but the OS thought it
was writable, reading a file would cause the OS to try to update the
most-recent-access time in the directory.

None of the hard disks I presently use has a write-protect switch.

Rich Schroeppel

Networking'99--NetAdmins & SysAdmins Share Solutions

Wed, 10 Mar 1999 03:58:43 -0800 (PST)
Wednesday and Thursday, April 7-8, 1999

Friday and Saturday, April 9-10, 1999

Sunday and Monday, April 11-12, 1999

For the full tutorial and technical program, and online

Sponsored by USENIX, the Advanced Computing Systems Association
Co-Sponsored by SAGE, the System Administrators Guild
Co-located at Santa Clara Marriott Hotel, Santa Clara, California, USA

Workshop on Countering Cyber-Terrorism

Clifford Neuman <bcn@ISI.EDU>
Wed, 10 Mar 1999 20:18:55 -0800 (PST)
              Countering Cyber-Terrorism
                  June 22-23
              Marina del Rey, California
      A workshop sponsored by the Information Sciences Institute
           of the University of Southern California

Please check the web page for more
information, including a position paper from the organizers which will
be available two weeks prior to the submission deadline.

  Organizer's Paper Available              April  5, 1999
  Position Papers Due                      April 19, 1999

Organizing Committee:
   Bob Balzer, Information Sciences Institute,
   Thomas Longstaff, CERT Coordination Center,
   Don Faatz, the MITRE Corporation,
   Clifford Neuman, Information Sciences Institute,

PDPTA'99 on Fault Tolerance and Reconfiguration in Distributed Systems

pradip srimani <srimani@CS.ColoState.EDU>
Sat, 27 Feb 1999 09:01:37 -0700 (MST)
                  Call for Papers for a Special Session on
         Fault Tolerance and Reconfiguration in Distributed Systems
               Las Vegas, Nevada, USA, June 30 - July 2, 1999
        International Conference on Parallel and Distributed Processing
          Techniques and Applications (PDPTA'99, 28 Jun — 1 Jul 1999)

The focus of this special session will be on fault-tolerance issues of
distributed enterprise systems for time-critical and computation-intensive
applications.  Send extended abstracts by 15 Mar 1999 to

       Shahram Latifi                       Pradip K Srimani
       Department of Electrical and         Department of Computer Science
       Computer Engineering                 Colorado State University
       University of Nevada, Las Vegas      Ft. Collins
       Las Vegas, NV 89154-4026             CO 80523 USA
       E-mail:           srimani@CS.ColoState.EDU
       Voice: (702) 895-4016                Voice: (970) 491-7097
       Fax: (702) 895-4075                  Fax: (970) 491-2466


Diego Latella <>
Sun, 7 Mar 1999 18:10:47 +0100 (MET)
       Working Group on Formal Methods for Industrial Critical Systems
                        Fourth International Workshop
                 Formal Methods for Industrial Critical Systems
                               July 11-12 1999

Deadline for submission: March 30th, 1999

The Fourth International Workshop on Formal Methods for Industrial Critical
Systems will take place in Trento on July 11-12, 1999, as a satellite
meeting of FLoC'99 (

Authors are invited to send their papers to:
S. Gnesi, CNR-IEI, Via S. Maria 46, I56126 Pisa - ITALY phone: +39 050 593489

Please report problems with the web pages to the maintainer