The RISKS Digest
Volume 20 Issue 54

Sunday, 15th August 1999

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o MCI WorldCom frame-relay network problems
o "Spy Who Messaged Me" — now playing at Microsoft!
o High-flying hijinks: canine passenger sinks teeth into plane
Paul Costalas
o Risks of the modern train
Ben Hutchings
o Car won't start if payments are delinquent
Daniel P. B. Smith
o Salary payment diskettes intercepted and manipulated
Peter Fokker
o Risks of Internet Explorer 5
Lloyd Wood
o Refrigerator gasket frozen out
Ted Lee
o Y2K upgrade went 'horribly wrong', admits utility giant
Doneel Edelson
o Government: Lessening risks through encryption
Alan DeKok
o Having private services such as voicemail on shared phones
David Crooke
o Re: NCIC 2000
Stephen Fairfax
o Computers, Freedom, and Privacy: CFP for CFP
Bruce R Koball
o Info on RISKS (comp.risks)

MCI WorldCom frame-relay network problems

"Peter G. Neumann" <>
Sat, 13 Aug 1999 10:12:17 PDT
Almost one-third of MCI WorldCom's long-distance frame-relay network
customers experienced difficulties, beginning on 5 Aug 1999, apparently as a
result of a Lucent software and hardware during a network upgrade.  (AT&T
had a similar outage in April 1999.)  The Chicago Board of Trade trading
system failed, and problems there persisted into the following week.  ATMs
(teller machines) were rendered inoperative.  [We await a more definitive
analysis than could be gleaned from the various media reports.]

"Spy Who Messaged Me" — now playing at Microsoft!

"NewsScan" <>
Fri, 13 Aug 1999 08:11:18 -0700
In the middle of the Microsoft-AOL battle over Microsoft's attempt to clone
AOL's Instant Messaging system (which allows users to chat over the
Internet), an unidentified "overpassionate" Microsoft employee has
embarrassed the company by getting caught in a little industrial espionage.
The rogue spy, whom Microsoft has acknowledged to be almost certainly one
of its employees, falsely alleged in a message sent under a bogus identity
that the AOL program contains an error responsible for creating a security
vulnerability. (*The New York Times*, 13 Aug 1999)
  [NewsScan Daily, 13 August 1999; reproduced with permission.
  To subscribe or unsubscribe to NewsScan Daily, send an e-mail message to with 'subscribe' or 'unsubscribe' in subject line.]

High-flying hijinks: canine passenger sinks teeth into plane

Fri, 6 Aug 1999 17:33:03 -0400
Read the full story at the address below: ["Spread
the news" is a service of Philadelphia Online]

This is a very interesting story about how a dog in the cargo bay was able
to free itself and almost bring down a 767.  The dog had managed to "gnaw
into wires" that affected the landing gear, flaps, and cockpit warning

They are trying to figure out how the dog got out of its cage.  I wonder if
anyone is focusing on why the wires were accessible to the animal.  I am not
an aviation expert, but could the wires be accidentally cut by a sharp edge,
etc.?  Why aren't the wires better protected?

Or is this the act of an angry animal striking out at the owners who
neutered him?

Paul J. Costalas <>

  [Perhaps the dog was tired of listening to all that electrical energy
  flowing, and was a wire-heard terrier?  PGN]

Risks of the modern train

Ben Hutchings <>
Fri, 6 Aug 1999 23:11:08 +0100
I was quite impressed by the apparent quality of the new rolling stock of
the Anglia train I caught from Ely last Friday evening.

This changed somewhat when I realised that although it was getting dark
outside there were no lights on in my carriage.  I turned on the back-light
of my palm computer and continued to use it.  Then, a few minutes later, I
felt the need to use the lavatory.  When I turned around to walk up the
train, I saw that the next carriage was properly lit.  In the lavatory there
was no light - and no flush, no water and no hand-drier.  This is because
they all relied on electronic sensors.  Furthermore, the doors to the next
carriage were also inoperative!  Thankfully, the announcement system and the
doors to the outside did work.

I moved up the train at the next station and found another lavatory.  This
one was designed for use by wheelchair users (as well as the able-bodied).
The door is operated by yet more electronic switches - an open/close button
and a lock button with a indicator.  There are no instructions explaining
what these do - just those labels.  The open/close button works as I
expected.  By observation I deduced that the indicator is unlit when the
door is open, flashing when it is closed but unlocked, and constantly lit
when it is locked.  The lock button takes the door from the closed state to
the locked state or from the locked state to the open state.  This behaviour
does not seem very intuitive to me, and I have dealt with some fairly arcane
interfaces!  It was not until I left the lavatory that I understood that I
had not successfully locked it.

I overheard two members of the train staff talking about the problems of the
train.  One described a potential denial-of-service in this toilet.  It is
apparently possible to put the door in the locked state by pressing the lock
button while it is closing; this means that an attacker can press both
buttons and leave before the door has completely closed.  However, the door
closes shortly after an occupant leaves, and this leads me to suspect that
there is an IR presence detector within the lavatory that affects the door

Car won't start if payments are delinquent

"Daniel P. B. Smith" <>
Sat, 14 Aug 1999 12:01:29 -0400 (EDT)
*The Boston Globe*, 14 Aug 1999, p.3, carries an AP story.  A Detroit auto
dealer sold cars to people with bad credit containing "a high-tech dashboard
device that prevents cars from starting if the customer is delinquent on
payments."  The story says that "customers get a six-digit code when they
pay their bills every week.  If they punch the proper code into the device,
the car can be started.  If more than a week passes without a new code, the
car will not start."

Two customers contend that the "On-Time Device" shut off their cars _while
driving_ and are suing.

The RISK here is that computer technology is enabling the invention and
_rapid_ proliferation of _new_ machinery which is intended to directly and
physically enforce policy.  From a technical standpoint, the device is not
very different from the aftermarket antitheft device I installed on my own
car, which similarly a) uses digital technology, and b) interferes with
the starting circuits.  I worry about its reliability, of course.  The big
difference is that an ignition lock malfunction puts the _purchaser_ at
risk, so presumably market forces would work to insure reliability.  The
"On-Time Device" puts someone _other_ than the device's purchaser at risk.

Daniel P. B. Smith <>

Salary payment diskettes intercepted and manipulated

Peter Fokker <>
Fri, 06 Aug 1999 06:32:34 +0100 (CET)
My local newspaper (NRC/Handelsblad, 5 August 1999) reports about a
successful way to steal money by intercepting diskettes with payment
information that are sent - by mail or via a courier service - to the bank
subsidiary (Interpay) that handles this kind of payments for all banks here
in The Netherlands.

The intercepted diskettes were "cracked" and the swindlers changed one or
more destination bank account numbers and amounts, "repaired" the diskettes
and sent them to Interpay as if nothing happened.

Some twenty people have been arrested. The damages, "a few million NLG" (1
USD = 2 NLG), for the bank's customers have been compensated by the bank. It
is unclear where the diskettes were intercepted (NL Postal services, the
courier or within Interpay). Interpay and the combined banks have announced
measures for better protection of these diskettes and the transportation

The RISKS are obvious. I would say: be very concerned when someone tells you
that "the cheque is in the mail".

--Peter Fokker

Risks of Internet Explorer 5

Lloyd Wood <>
Fri, 6 Aug 1999 16:09:51 +0100 (BST)

To pick one example from that page:

  AutoComplete speeds the collection of demographic information by
  making it easier to fill out online forms. AutoComplete provides a
  drop-down list of items that the user has previously entered in a
  particular text box on a Web page. When the user selects the item,
  it is automatically put into the field (except for password fields).

  The feature is very useful on its own, but its real power shines
  through when the benefit is transferred between Web sites. Once you
  mark your input tags with AutoComplete attributes, your users won't
  have to retype common elements — such as names, telephone numbers,
  and e-mail addresses — because they will have already filled in
  this information on someone else's site. Internet Explorer stores
  the form field entries in a secure, client-side store.

1. Don't let anyone else use Internet Explorer 5 on your machine.
   They might get ideas when filling in forms, and use your personal
   information instead of typing in their own.

2. client-side is not necessarily secure, as has been previously
   demonstrated many times.

3. This assumes that password fields are indicated as such; a
   risk in itself.


Refrigerator gasket frozen out

Wed, 11 Aug 1999 08:32:00 -0500
Seeing the item in RISKS-20.53 about a cellphone endangering a plane
reminded me of a recent incident that gave me pause to realize that
sometimes people may take reasonable precautions.  The magnetic gasket on
our refrigerator is wearing out so I called around the local appliance parts
shops to find one.  It turns out that even though (or perhaps because) it is
a major brand, there are so many variations they aren't stocked locally
(Minneapolis) and it had to be shipped from a Chicago warehouse. I was told
I did *not* have the option of air freight or express: it had to go surface
because it was regarded as hazardous cargo.  I assume that is because it is
essentially one big magnet that there is concern it might interfere with
navigation — but does anyone actually know of an incident or two that might
have given rise to that concern?  After all, modern planes don't use
magnetic compasses anymore, it ain't *that* strong a magnet, and I can't
think that its motion in the belly of the plane would generate strong enough
radio waves to be of concern.

Ted Lee

Y2K upgrade went 'horribly wrong', admits utility giant

"Edelson, Doneel" <>
Thu, 12 Aug 1999 16:55:51 -0400
London Electricity has admitted its Y2K upgrade for 400,000 prepayment
customers (costing 2 million pounds) went ``horribly wrong'', leaving 2000
customers without power and light for days, and another 2000 having
``difficulties''.  The process of providing new Rechargeable Powerkeys to
customers was in progress, but for a fourth of the clients the payment
credit did not get transferred or their meters were corrupted.  A similar
upgrade in Sussex was done at the same time, which compounded the problems.
[Source: Mike Simons, *Computer Weekly News*, 12 August 1999; PGN-ed]

Government: Lessening risks through encryption

Alan DeKok <>
Tue, 10 Aug 1999 08:50:50 -0400
  This is one of the happier risks related items I've seen in a while.  The
local provincial government has actually *recommended* the use of encryption
to secure e-mail.

   While the US Congress recoils in horror at the prospect of a
   population armed with cryptographic tools, a government department in
   Ontario wants to make it clear that encryption is good.

   More than that, in a paper released Thursday, the Ontario Information
   and Privacy Commission said it wants everyone to learn to use encryption.

The paper is available at:
Some good quotes from the Introduction:

   Does it really matter who reads your e-mails? If the answer is no,
   then e-mail encryption could be a potentially cumbersome
   luxury. However, if you e-mail sensitive, personal, or business
   information, then encryption is likely a necessity.  [...]

   Those people who use some form of encryption system relax comfortably
   at their keyboards.  Nonetheless, they feel a cold chill each time
   someone reports a new security hole. Some holes are found in the
   encryption tools. More often though, the application that uses the
   encryption tool has bugs.  Internet browser applications are prone to
   this due to their large size and complexity. While the cryptographic
   component might remain secure, back door bugs to the application can
   nullify the value of the e-mail encryption.

Having private services such as voicemail on shared phones

David Crooke <>
Sat, 07 Aug 1999 00:03:09 -0500
Many hotels now offer phones in rooms with services such as voicemail. I
checked into one such establishment recently, and was surprised to find a
message already waiting as I always use a mobile phone when travelling.

Needless to say, the message turned out to be for someone else, presumably
the previous occupant, and was somewhat (ahem) personal in content, and I
hastily deleted it.

When I returned the following evening the message light was on again, the
voicemail software having seemingly requeued the message. This went on all
week, and I presume will be causing blushes for some time.

David Crooke, Austin TX, USA. +1 (512) 656 6102
"Open source software - with no walls and fences, who needs Windows and Gates?"

Re: NCIC 2000 (Fenner, RISKS-20.53)

Stephen Fairfax <>
Thu, 12 Aug 1999 19:39:12 -0400
>5) One wonders how long it will be until this system will be used as a
>method of collecting and storing fingerprints on citizens not convicted--or
>even charged with--any crime.

That particular RISK predates the NCIC 2000 system.
A Massachusetts law effective October, 1998 requires all owners of firearms
to report to their local police stations for full 10-print fingerprints and
digital mug shots.  The fingerprints and mug shots are forwarded (by law)
to the Criminal History Systems Board.  This agency "serves as the hub for
information services for the law enforcement and criminal justice
communities."  (see  The same
agency provides access to the FBI NCIC and to all 49 state criminal justice
databases.  While the web page does not go into details, does any long time
RISKS reader doubt that the access is reciprocal?  What are the RISKS
associated with having the de facto equivalent of a criminal record?

What is particularly ironic about the new licensing requirement is that
(legal) firearms ownership has long been limited to those persons who have
no criminal record.  Thus, the statute mandates the collection and
dissemination of fingerprints from people who are known to have committed no

Stephen Fairfax <>

Computers, Freedom, and Privacy: CFP for CFP

Bruce R Koball <>
Thu, 12 Aug 1999 13:48:26 -0700 (PDT)
The Tenth Conference on Computers Freedom and Privacy
The Westin Harbour Castle Hotel
Toronto, Ontario, Canada
April 4-7, 2000

The Program Committee of the Tenth Conference on Computers, Freedom,
and Privacy (CFP2000) is seeking proposals for conference sessions and

We are seeking proposals for tutorials, plenary sessions, workshops,
and birds-of-a-feather sessions. We are also seeking suggestions for
speakers and topics. Sessions should present a wide range of thinking
on a topic by including speakers from different viewpoints.  Complete
submission instructions appear on the CFP2000 web site at  All submissions must be received
by October 15, 1999.  The CFP2000 Program Committee will notify
submitters of the status of their proposals by December 3.

Workshop on Freedom and Privacy by Design (first day of CFP 2000)
Complete submission instructions are available at

Program Chair: Lorrie Cranor, AT&T Labs-Research

Please report problems with the web pages to the maintainer