from *The Times* (London), 9 Sep 1999 Leave one field blank and.... AN INADVERTENT sell order for Vodafone AirTouch sent shares in the heavily weighted mobile telecoms group tumbling and wiped nearly 70 points from a FTSE 100 index that was already reeling from an unexpected UK base rate rise. A dealer at a US securities house, believed to be Lehman Brothers, entered a massive sell order for Vodafone at 1.40pm. The order is thought to have been set without limits, which meant it matched all bids on the order book and triggered a collapse in the shares from UKP12.29 to UKP10.13. That sale temporarily wiped UKP13.2 billion from the value of the telecoms giant, which, due to is 6.4 per cent weighting in the FTSE 100, pushed the blue chip index 66 points lower.
Retail outlet Argos ran an add that offered 21-inch Sony Nicam TV sets to Internet customers for 3 pounds instead of 300.pounds. A spokesman for Argos said: "The pricing of the TV sets at UKP3 was clearly an error caused by a computer. We rectified this mistake and we will be contacting our customers to apologise for any inconveniences and explain that their orders cannot be accepted." (One customer had ordered 1,700 sets.) [Source: Adam Fresco, *The Times* (London), 9 Sep 1999; PGN-ed] Today's (instant?) electronic communication system means you haven't got long to correct mistakes on your e-commerce web site before the word gets out. Also they can be at your door in seconds - even from the other side of the world. (I'm sure the neighbourhood store would cotton-on at the first transaction, and even the most dim-witted store keeper would realise something was wrong if the shop suddenly filled with people clamouring for the same stock item). David [Also noted by Russell Middleton. PGN]
Smile for the US Secret Service by Declan McCullagh, Wired News, 7 Sep 1999 A New Hampshire company began planning in 1997 to create a national identity database for the federal government, newly disclosed documents show. Image Data's US$1.5 million contract with the US Secret Service to begin digitizing existing driver's license and other personal data was widely reported early this year. But documents unearthed by the Electronic Privacy Information Center reveal the details and scope of the project. See http://www.wired.com/news/news/politics/story/21607.html
As I ate breakfast this morning I listened to the weather report on the local NOAA weather radio station. As I watched hummingbirds feed from our nectar feeders and squirrels scamper around the yard I was quite surprised to hear that the temperature was 61 degrees F and the wind chill was 64 degrees below zero. Time to break out the parkas! Sometime last year NOAA began to broadcast forecasts, current conditions reports, and other relatively "fixed" information via a computer generated voice system. Either someone entered bad data or whatever computes the wind chill was broken this morning. A person reading the current conditions would probably have caught the error and certainly would not have kept repeating the bad data. Bill Seurer, Bill_Seurer@us.ibm.com, Compiler Development, IBM, Rochester, MN http://w3.rchland.ibm.com/~seurer/ http://www.seurer.net Bill@seurer.net
*Aviation Week* points out on 26 Jul 1999 (p27) that the Centaur upper-stage failure was in fact caused by a programming error. Someone entered a roll-rate filter constant at one-tenth of its proper value (-0.1992476 rather than -1.992476). Not only that, but the USAF investigation determined that "officials overlooked information present during the launch process that a software flaw existed". Whether or not evidence was present during the launch process, how come such an error wasn't caught during debugging, inspection, component bench test, integration test, and all those other things software and system developers are supposed to do? [To my knowledge, this is only the second verified and public example of a simple programming error (equivalent to a typo) that I know of in aerospace. The first one was Mariner, and as far as I know that's the only one in the RISKS archives. There has been some discussion on certain mailing lists about examples of simple programming errors in critical systems. PBL] Prof. Peter Ladkin Ph.D. http://www.rvs.uni-bielefeld.de University of Bielefeld, Germany Mobile: +49 (0)171 755 8838
I received a notice recently that one of Verisign's root keys expires at the end of 1999, and users of Netscape browsers (version 4.05 and earlier) need to get an updated certificate to avoid warnings about expired keys. This in itself isn't a big problem--we expect certificates to expire, although it can be rather inconvenient. The problem comes from the timing: anyone seeing odd behavior (such as an extra dialog box) on or near 1/1/2000 is likely to blame it on a Y2K problem, whether that's appropriate or not. Apparently this fact has not been lost on Verisign's competitors, at least according to Verisign's FAQ on the matter, at: http://www.verisign.com/server/cus/rootcert/facts.html Moral of the story: schedule software dates when nothing else important is known to be happening. Win Treese, Open Market, Inc. firstname.lastname@example.org
[This topic is raised in news:uk.tech.y2k.] There is a little more in my Web page <URL: http://www.merlyn.demon.co.uk/date2k-3.htm#Food>. Subject : Y2K - User Misinterpretation of Food Expiry Dates Confusion between two digits meaning Year 20## and meaning Year 19## is well understood; misidentification of ## fields in dates between Y, M, D has been discussed in Y2K newsgroups; the food trade will understand the date formats on their products. However, one problem is perhaps not well-realised : the use of ## fields in expiry dates on the packaging of foods, together with the circumstances of domestic food storage, leads to the probability that many of those who finally use these packaged foods may misunderstand the dating formats. For example, an item sold in March 2000 may be marked for use by "OCT 01" - does it have a six- or an eighteen- month life? If it is discovered in the back of the cupboard on 2000-09-20, should it be eaten soon, or is there a safe year left? Many errors can be expected. Remember that some food travels, some amateur cooks travel, date formats vary, ... If the famed cook, Great-Aunt Philomena o'Kerry, on her first trip ever out of Erin, visits the kitchen of her Great-Niece in Troy, AL, USA, will she be safe? John Stockton, Surrey, UK. email@example.com <URL: http://www.merlyn.demon.co.uk/>
<http://slashdot.org/article.pl?sid=99/09/10/1034202&mode=flat> Slashdot reports that the Army got bit once too often by script kiddies and moved their web servers to Macs running WebStar. The Army press-release is at: <http://www.dtic.mil/armylink/news/Sep1999/a19990901hacker.html> Martin Minow, firstname.lastname@example.org [See also Army Bombs NT, Buys Mac, by James Glave, 13 Sep 1999, http://www.wired.com/news/news/politics/story/21725.html, which notes that, subsequent to a wave of breakins to their Website, the Army is now using a WebSTAR server and an Apple computer for the Army's homepage. Diversity is of course highly desirable in attempting to attain security. Having nothing but a single system that is flawed is clearly a bad idea. Having different systems that are flawed is also a bad idea, so ultimately we need some meaningfully secure servers! PGN]
>From: CJNN <CJNN@unity.lincmedia.co.jp> >Subject: CJNN51 — Japan e-biz news >Date: Mon, 13 Sep 1999 11:25:52 +0900 > >* * * * C O M P U T I N G J A P A N --- N E W S N E T * * * * >A weekly roundup of news and information from Computing Japan > (http://www.cjnn.com) > >SIGN UP: Send e-mail to: email@example.com > (no subject or body text is needed) >LETTERS: Send e-mail to: firstname.lastname@example.org > (use also for making inquiries) > [...] >+++ BUG WATCH > >-> New ICQ Trojan > >A new Trojan horse circulating the Internet disguised as a >JPEG image is stealing ICQ passwords from users hard drives >and take control of the ICQ accounts. There are more than >42m ICQ accounts, but apparently only those with early- >registered shorter ID lengths are vulnerable. If this has >happened to you, you can get your registration >re-authenticated at ICQ.com. (Source: CJNN extract from >CNET, news.com, Sep 9, 1999) > >http://news.cnet.com/news/0-1005-200-114889.html?tag=st > >-> Backup Exec fix > >Running Seagate's Backup Exec program may cause errors on >Microsoft Windows 95, giving the error message: "Bewin32 >reported the start catalog failed - unknown error 0x1." > >You can fix the problem by deleting the catalog files. > 1) Close Backup Exec. > 2) Open Windows Explorer. > 3) Browse to [path]\Seagate\Backup Exec\system\catalogs > directory. > 4) Delete all the files in that directory. > 5) Attempt to open Backup Exec. > >(Source: CJNN extract from BugNet, Sep 8, 1999) >http://www.msnbc.com/news/309570.asp Patrick O'Beirne B.Sc. M.A. FICS. Systems Modelling Ltd, Tara Hill, Gorey, Co. Wexford, IRELAND http://www.sysmod.com +353 (0)55 22294
Some recent virus profiles has described Word macro viruses that — it is claimed — will turn off the macro warning/disabling feature of Word 97. For example, see the following descriptions of W97M/Cont.A: http://vil.nai.com/vil/vm10259.asp http://www.Datafellows.com/v-descs/cont.htm http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=W97M_CONT.A and the following, of a (different?) strand called W97M/Thus.A: http://www.norman.no/corporate/documents/w97m_thus.htm If these alerts say what I believe they say, there is great cause for concern. IMHO. virus protection software can not be relied on as the _only_ measure to prevent macro virus activation. There is a number of reasons for this, but the main reason is that there always elapses some time between emergence of a new computer virus and when new virus signature files covering the new virus becomes available to end users such as myself. Therefore, I have always relied om the built-in macro warning/disabling feature of Word'97 as additional protection. If an (unknown) document is reported by Word to contain macros when opened, I use this built-in feature to disable all macros before proceeding. So far, I have believed that this practice has provided me with full protection against macro virus infection. If this built-in detection can be circumvented or disabled, then this belief is clearly false. Instead, it seems that opening Word documents created by third parties should be avoided, and one should instead inform all parties one exchange documents with that one will only accept documents in a macro-less format (such as plain text or RTF). While this may be the sensible approach anyway, it will be a huge task (at least in my environment) to convince all my colleagues and collaborators that they should stop using Word's .doc format as a document interchange format. Therefore: - How paranoid should I be :-) ? - How technically feasible is it for a macro virus to disable the built-in macro detector? - Has the claim about Word'97's built-in macro detection/disabling being flawed in this way been confirmed by other sources than by the specific companies(*) that are my sources. (*)They are all fine companies, but they are _also_ in the business of selling virus protection and therefore they also have a clear interest in making the public distrust Word'97's built-in measures against the macro virus problem.) - gisle hannemyr ( email@example.com - http://home.sol.no/home/gisle/ )
Research Triangle Park, NC - 31 August 1999 - Between Hotmail hacks and browser bugs, Microsoft has a dismal track record in computer security. Most of us accept these minor security flaws and go on with life. But how is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft may have installed a 'back door' for the National Security Agency (NSA - the USA's spy agency) making it orders of magnitude easier for the US government to access their computers? While investigating the security subsystems of WindowsNT4, Cryptonym's Chief Scientist Andrew Fernandes discovered exactly that - a back door for the NSA in every copy of Win95/98/NT4 and Windows2000. Building on the work of Nicko van Someren (NCipher), and Adi Shamir (the 'S' in 'RSA'), Andrew was investigating Microsoft's CryptoAPI architecture for security flaws. Since the CryptoAPI is the fundamental building block of cryptographic security in Windows, any flaw in it would open Windows to electronic attack. Normally, Windows components are stripped of identifying information. If the computer is calculating number_of_hours = 24 * number_of_days , the only thing a human can understand is that the computer is multiplying a = 24*b. Without the symbols "number_of_hours" and "number_of_days", we may have no idea what 'a' and 'b' stand for, or even that they calculate units of time. In the CryptoAPI system, it was well known that Windows used special numbers called cryptographic public keys to verify the integrity of a CryptoAPI component before using that component's services. In other words, programmers already knew that windows performed the calculation component_validity = crypto_verify(23479237498234...,crypto_component) , but no-one knew exactly what the cryptographic key "23479237498234..." meant semantically. Then came WindowsNT4's Service Pack 5. In this service release of software from Microsoft, the company crucially forgot to remove the symbolic information identifying the security components. It turns out that there are really two keys used by Windows; the first belongs to Microsoft, and it allows them to securely load CryptoAPI services; the second belongs to the NSA. That means that the NSA can also securely load CryptoAPI services... on your machine, and without your authorization. The result is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system. For non-American IT managers relying on WinNT to operate highly secure data centers, this find is worrying. The US government is currently making it as difficult as possible for "strong" crypto to be used outside of the US; that they have also installed a cryptographic back-door in the world's most abundant operating system should send a strong message to foreign IT managers. There is good news among the bad, however. It turns out that there is a flaw in the way the "crypto_verify" function is implemented. Because of the way the crypto verification occurs, users can easily eliminate or replace the NSA key from the operating system without modifying any of Microsoft's original components. Since the NSA key is easily replaced, it means that non-US companies are free to install "strong" crypto services into Windows, without Microsoft's or the NSA's approval. Thus the NSA has effectively removed export control of "strong" crypto from Windows. A demonstration program that replaces the NSA key can be found on Cryptonym's website. Cryptonym: Bringing you the Next Generation of Internet Security, using cryptography, risk management, and public key infrastructure. Interview Contact: Andrew Fernandes <firstname.lastname@example.org> Telephone: +1 919 469 4714 Fax: +1 919 469 8708 Cryptonym Corporation, 1695 Lincolnshire Boulevard, Mississauga, Ontario Canada L5E 2T2 http://www.cryptonym.com
Back Orifice 2000  Back Orifice is a free remote administration tool for Microsoft Windows. It's also one of the coolest hacking tools ever developed. Originally released last July, Back Orifice 2000 (BO2K) is the current release of the software. It works on Windows 95, Windows 98, and Windows NT. It is much better written than the original Back Orifice. And it's free, and open source. There are two parts: a client and a server. The server is installed on the target machine. The client, residing on another machine anywhere on the Internet, can now take control of the server. This is actually a legitimate requirement. Perfectly respectable programs, like pcAnywhere or Microsoft's own Systems Management Server (SMS), do the same thing. They allow a network administrator to remotely troubleshoot a computer. They allow a remote tech support person to diagnose problems. They are mandatory in many corporate computing environments. Remote administration tools also have a dark side. If the server is installed on a computer without the knowledge or consent of its owner, the client can effectively "own" the victim's PC. Back Orifice's difference is primarily marketing spin. Since it is not distributed by a respectable company, it cannot be trusted. Since it was written by hackers, it is evil. Since its malicious uses are talked about more, its benevolent uses are ignored. That's wrong; pcAnywhere is just as much an evil hacking tool as Back Orifice. Well, not exactly. Back Orifice was designed by a bunch of hackers with fun in mind. Not only can the client perform normal administration functions on the server's computer — upload and download files, delete files, run programs, change configurations, take control of the keyboard and mouse, see whatever is on the server's screen — but it can also do more subversive things: reboot the computer, display arbitrary dialog boxes, turn the microphone or camera on and off, capture keystrokes (and passwords). And there is an extensible plug-in language for others to write modules. (I'm waiting for someone to write a module that automatically sniffs for, and records, PGP private keys.) Back Orifice is also designed to hide itself from the server's owner. Unless the server's owner is knowledgeable (and suspicious), he will never know that Back Orifice is running on his computer. (Other remote administration tools, even SMS, also have stealth modes; Back Orifice is just better at it.) Anti-virus software has been updated to detect default Back Orifice configurations, but that will only solve most of the problem. Because Back Orifice is configurable, because it can be downloaded in source form and then recompiled to look different...I doubt that all variants will ever be discovered. Okay, so who's to blame here? The Cult of the Dead Cow wrote and released Back Orifice. Surely the world is not a safer place because, as CDC's Sir Dystic put it: "every 14-year-old who wants to be a hacker will try it." BO2K's slogan is "show some control," and many will take that imperative seriously. Back Orifice will be used by lots of unethical people to do all sorts of unethical things. And that's not good. On the other hand, Back Orifice can't do anything until the server portion is installed on some victim's computer. This means that the victim has to commit a security faux pas before anything else can happen. Not that this is very hard: lots of people network their computers to the Internet without adequate protection. An attacker can even ask the victim to install Back Orifice (social engineering might help); the Worm.ExploreZip worm of this spring did exactly that. Still, if the victim is sufficiently vigilant, he can never be attacked by Back Orifice. But what about Microsoft's computing environment? One of the reasons Back Orifice is so nasty is that Microsoft doesn't design its operating systems to be secure. It never has. Any program that runs in Microsoft Windows 95 and 98 can do anything. In Unix, an attacker would first have to get root privileges. Not in Windows. There's no such thing as limited privileges, or administrator privileges, or root privileges. Microsoft assumes that anyone who can run a program can reformat the hard drive. This might have made some sense in the age of isolated desktop computers; after all, if you could run a program, you were standing in front of the machine. But on the Internet, this is absurd. Windows NT was designed as a secure operating system, more or less. There are provisions to make Windows NT a very secure operating system, such as privilege levels in separate user accounts, file permissions, and kernel object access control lists. However, the configuration that makes Windows NT secure is very very far and distant from the default installed configuration. Microsoft admits this. You have to make 300+ security checks and modifications to Windows NT to make it secure in its default configuration . And on top of this, Microsoft assumes that most users have Administrator access to their desktop machines anyway. They only really worry about network security, not host-end security, which is where they are seriously vulnerable to attacks like Back Orifice 2000. Windows NT could be secure, but Microsoft refuses to ship the OS in that condition (presumably they worry that their spiffy animated fading menu bars may be overlooked). Malicious remote administration tools are a major security risk. What Back Orifice has done is made mainstream computer users aware of the danger. Maybe the world would have been safer had they not demonstrated the danger so graphically, but I am not sure. There are certainly other similar tools in the hacker world — one, called BackDoor-G, has recently been discovered -- some developed with much more sinister purposes in mind. And Microsoft only responds to security threats if they are demonstrated. Explain the threat in an academic paper and Microsoft denies it; release a hacking tool like Back Orifice, and suddenly they take the vulnerability seriously. Back Orifice Home Page: http://www.bo2k.com/ Commentary: http://www.zdnet.com/zdnn/stories/news/0,4586,2127049,00.html http://www.infoworld.com/cgi-bin/displayArchive.pl?/99/30/o03-30.36.htm Microsoft's Systems Management Server: http://www.microsoft.com/smsmgmt/techdetails/remote.asp http://www.cultdeadcow.com/news/pr19990719.html BackDoor-G: http://www.zdnet.com/zdnn/stories/news/0,4586,2267379,00.html  This essay originally appeared in Crypto-Gram, my monthly newsletter on computer security and cryptography. You can subscribe or read back issues at http://www.counterpane.com/crypto-gram.html.  Since writing this, I have been asked about the 300+ figure. I heard it second hand, so I queried the Usenet newsgroup comp.os.ms-windows.nt.admin.security asking if it was folklore or truth. The consensus seemed to be that the number was somewhere between 50 and 3000, and 300 wasn't an unreasonable estimate. A good checklist is available at http://people.hp.se/stnor/.
Now you can register online at https://swww.igc.apc.org/cpsr/registrationForm99.html. Early Registration rates end Friday, September 17th. Computer Professionals for Social Responsibility annual conference THE INTERNET GOLD RUSH OF '99: CAN WE PAN FOR GOLD WHILE SERVING THE GOOD? THE PURSUIT OF WEALTH AND EQUITY IN CYBERSPACE 2-3 October 1999 (9:00 am to 5:30 pm) Building 420 (Jordan Hall), Room 40, Stanford University, Stanford, CA NORBERT WIENER AWARD RECEPTION honoring THE OPEN SOURCE/FREE SOFTWARE MOVEMENT 2 October 1999 (6:00 - 8:00 pm) AT&T Patio (outside of Gates Hall), Stanford University, Stanford, CA FEATURED SPEAKERS include Gray Brechin (Keynote talk on Historical Amnesia in the Silicon Gold Rush) Eric Raymond, Larry Wall, Brian Behlendorf, Craig Newmark, Cem Kaner, Barbara Simons, Peter Neumann, Madeline Stanionis, Seth Fearey, Ben Politzer, Eric Sklar, Pavel Curtis, Scott Hassan, Laura Breedan. Saturday sessions include * SOCIAL RESPONSIBILITY AND FINANCIAL SUCCESS - OXYMORON? * THE DIGITAL DIVIDE: IS THE INTERNET AS GREAT EQUALIZER LOSING GROUND? * SOFTWARE AT THE CROSSROADS: OPEN-SOURCE SOFTWARE AND THE UNIFORM COMPUTER INFORMATION TRANSACTIONS ACT (UCITA) CPSR's prestigious Norbert Wiener Award for Social Responsibility in Computing Technology is being awarded to the Open Source/Free Software Movement. This movement profoundly challenges the belief that market mechanisms are always best-suited for unleashing technological innovation. This voluntary and collaborative model for software development is providing a true alternative to proprietary, closed software. CPSR ANNUAL MEETING, SUNDAY, 3 OCTOBER 1999, 9:30am - 2:30pm Building 420 (Jordan Hall), Room 40, Stanford University, Stanford, CA Conference Committee Karen Coyle, Paul Czyzewski, Jeff Johnson, Coralee Whitcomb, Susan Evoy Complete information at HTTP://WWW.CPSR.ORG/, registration via https://swww.igc.apc.org/cpsr/registrationForm99.html Susan Evoy, Deputy Director <email@example.com> <http://www.cpsr.org/home.html> Computer Professionals for Social Responsibility, P.O. Box 717, Palo Alto CA 94302, Phone: (650) 322-3778, Fax: (650) 322-4748
Please report problems with the web pages to the maintainer