The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 20 Issue 69

Thursday 16 December 1999


o Biryukov and Shamir cryptanalysis of A5/1 GSM privacy algorithm
Matt Blaze
o Debit-card fraud in Canada
Steven M. Bellovin
o Croydon Tramlink: those signalling problems in full
Clive D.W. Feather
o Computer technology at the end of the 20th century
David Sedlock
o On the Internet nobody knows your five identities
o More CERT Advisories on buffer overflows
o Re: No bounds checking in Microsoft RTF controls
R A Downes
Mark Brader
o Macros in RTF files
Tom Hill
o Y2K-related viruses
o Power-out in Y2K test
Debora Weber-Wulff
o Risks of Y2K overreaction
Steven Huang
o Top 10 Risks search queries
Lindsay Marshall
o Go to jail - go directly to jail ...
Martyn Thomas
o According to Alta Vista, everything is for sale...
Daniel P. B. Smith
o Quicken's no-undo interface design
Timothy Prodin
o Risks of webbed e-mail and cookies
Lloyd Wood
o Windows98 censoring word processing apps
Eric Wagoner
o Re: Crack in GSM cell-phone encryption scheme
Boyd Roberts
o Re: DVD encryption
Brad Ackerman
o Re: Why computers are insecure
Durwin Sharp
o *Absent* source code now available
Avi Rubin
o CFP, 23rd National Information Systems Security Conference
Ed Borodkin
o Info on RISKS (comp.risks)

Biryukov and Shamir cryptanalysis of A5/1 GSM privacy algorithm

Matt Blaze <>
Thu, 09 Dec 1999 15:02:57 -0500
As RISKS readers probably already know, Alex Biryukov and Adi Shamir
announced that they have a practical cryptanalytic attack against the A5/1
algorithm (which is the "strong" GSM privacy cipher).  (Actually, the attack
is against the version of A5/1 published at, which may differ
from the version deployed in various actual GSM systems).

I've gotten permission from Adi Shamir to distribute a draft of the
Biryukov/Shamir A5/1 attack paper, so it's now available (in PostScript
format) on my web site:


Assuming the Biryukov/Shamir attack against A5/1 works against the fielded
version of the algorithm, routine, over-the-air monitoring of GSM traffic by
even modestly-funded eavesdroppers should be considered a serious and
realistic threat.  This attack should represent another nail in the coffin
for security systems designed in secret and not subjected to the scrutiny of
the community.  Had the A5/1 designers published their scheme in the open
literature instead of trying to keep it secret, this weakness would likely
have been discovered much sooner, perhaps before the cipher had actually
been used to protect real traffic.  One of the first lessons we teach
cryptology students is that secret algorithms are a bad idea.
Unfortunately, there are still people designing important systems who don't
seem to grasp this basic principle.

Debit-card fraud in Canada

"Steven M. Bellovin" <>
Fri, 10 Dec 1999 22:12:27 -0500
According to the *Toronto Globe and Mail* (10 Dec 1999), a massive
debit-card fraud operation has been detected in Canada.  It involves
doctored swipe readers that record and transmit the mag stripe information;
they also record the PIN entered on the keypad.  The operation is allegedly
being run by organized crime.

The article noted that earlier schemes involved double-swiping (a recent news
story in New York had someone arrested who used a suitably-modified PalmPilot
for that), plus shoulder-surfing or concealed cameras to capture the PIN.

For details, see

        --Steve Bellovin

Croydon Tramlink: those signalling problems in full

"Clive D.W. Feather" <>
Mon, 13 Dec 1999 21:01:02 +0000
The opening of the new tram system in Croydon has been delayed due to a
signalling problem. A poster on a UK newsgroup reports that the problem was
a little unusual:

> When a tram was approaching traffic lights, the lights would automatically
> be set to red for other traffic flows: unfortunately, the lights were not
> reverting to green after the tram had passed, so a single tram passing
> once around the town centre would gridlock the roads for the rest of the
> day.

Clive D.W. Feather, Demon Internet Ltd.  Tel: +44 20 8371 1138

Computer technology at the end of the 20th century

"David Sedlock" <>
Tue, 14 Dec 1999 14:14:27 +0100
I think this quote from Bill Bryson's "Notes from a Big Country" pretty much
sums up computer technology at the end of the 20th century. I believe that
Bill would allow us this "fair use" of his words.

  "For a long time it puzzled me how something so expensive, so leading
  edge, could be so useless, and then it occurred to me that a computer is a
  stupid machine with the ability to do incredibly smart things, while
  computer programmers are smart people with the ability to do incredibly
  stupid things. They are, in short, a perfect match."

David Sedlock

On the Internet nobody knows your five identities

"NewsScan" <>
Tue, 14 Dec 1999 08:43:55 -0700
Montreal software company Zero-Knowledge Systems ( is now
marketing software that will allow a person to use five different anonymous
and untraceable identities on the Internet, preventing companies or agencies
from using technology to track people's buying habits or other personal
information.  Of course, such software will also "make it a little more
difficult to trace wrongdoers," as the National Association of Chiefs of
Police makes clear.  But privacy advocate Jason Catlett counters: "Anonymous
speech is inconvenient and sometimes has bad consequences, but if you
removed it we would be living in a very dangerous world."  Zero-Knowledge
says that spammers would not be aided by their technology, because a user of
the software will be able to send only a small number of anonymous e-mail
messages.  [AP/*San Jose Mercury News*, 13 Dec 1999,; NewsScan
Daily, 14 Dec 1999, reprinted with permission]

  [Note that Canada's policies regarding crypto differ from those in
  U.S., so this product is generally freely exportable.  PGN]

More CERT Advisories on buffer overflows

"Peter G. Neumann" <>
Mon, 13 Dec 1999 15:59:13 -0800 (PST)
The spate of security problems related to buffer overflows seems to continue
unabated.  Two recent CERT Advisories may be of particular interest to RISKS

  CERT Advisory CA-99-15
    Buffer Overflows in SSH Daemon and RSAREF2 Library
  CERT Advisory CA-99.16
    Buffer Overflow in Sun Solstice AdminSuite Daemon sadmind

CERT publications and other security information are available from

          Phone: +1 412-268-7090 (24-hour hotline)
          Fax: +1 412-268-6989
          Postal address:
          CERT Coordination Center
          Software Engineering Institute
          Carnegie Mellon University
          Pittsburgh PA 15213-3890

Re: No bounds checking in Microsoft RTF controls

R A Downes <>
Wed, 08 Dec 1999 19:24:45 +0000
A number of people have written and asked about the RTF utility, when it
would be ready, if it ever would be ready, etc. Well now it is ready, and it
can be downloaded at:

It's only about 10KB, so it should go rather fast. The program acts as a
filter, but you have to "drop" your suspect files on it. All is revealed
within the HTML documentation in the ZIP file.

RA Downes, Radsoft Laboratories

Re: No bounds checking in Microsoft RTF controls (Meeroh, Risks-20.68)

Mark Brader <>
Wed, 15 Dec 1999 01:43:53 -0500 (EST)
<> ... I mean, this is very _basic_ programming, isn't it?
<>   for (cp = buf; cp < buf + BUFSIZE; cp++) ...

> [This] code fails in the subtle case when buf + BUFSIZE extends past the
> end of the address space.  Note that the ANSI C guarantee that you should
> be able to compute the address of the first element beyond the end of a
> named array doesn't apply if buf is dynamically allocated. ... yet almost
> every programmer I've seen uses the same idiom for both cases.
> ... (See Writing Solid Code by Steve Maguire, p 132.)

And so they should, because this claim is simply wrong.  The standard's
guarantee that buf + BUFSIZE provides a valid (though undereferenceable)
pointer "one past the last element" is independent of how the space is
allocated, and this has not changed as the standard has been updated.

The limitations on addition involving pointers are specified in section
3.3.6 of the original ANSI C standard, 6.3.6 of the first ISO version,
and 6.5.6 of the new standard; in all cases the wording refers to an
"array object".  "Object" essentially just means a region of data storage
(defined in section 1.6/3.14/3.14), and dynamically allocated space can
certainly be accessed as an array (see section 4.10.3/7.10.3/7.20.3).

I suspect that Maguire misunderstood the standard's phrase "array object"
and thought it meant what Meeroh calls a "named array".

Mark Brader, Toronto,

Macros in RTF files (re: Stewart, RISKS-20.68)

Tom Hill <>
Wed, 15 Dec 1999 11:07:05 -0800
> >We'll pass CVs internally across to other "more sensitive" machines in .rtf
> >format (using rtf avoids Word-type macro viruses).

Be careful about your assumptions. If you save a Microsoft Word document as
a .doc file, and then change the extension to .rtf, word will still open it,
macros and all. Word is apparently smart enough to figure out the actual
format of the file, and react accordingly.

The risk is that your users may assume that it is ok to open any attachment
with an extension of ".rtf", since RTF files are 'safe'. Or your firewall
may not filter out pseudo-rtf files for the same reason.

I'm using word 97, on Windows. I didn't test this with an auto-run macro,
just verified that the macro warning message came up when I opened the file
with the ".rtf" extension which contained the macro. (Note: You might want
to turn on macro warnings from the tools menu/options/general/macro virus
protection, if you haven't already.)


P.S. I did understand that apparently Ross was discussing the case where
they do the conversion to RTF themselves, and so won't have this problem,
but I still thought the risk worth noting.

  [Lots of folks noted this one as well.  PGN]

Y2K-related viruses

"Peter G. Neumann" <>
Wed, 8 Dec 1999 14:36:03 -0500 (EST)
Y2K seems to be a spawning ground for security attacks.  W95.Babylonia
is a virus masked as a Y2K fix.  It has the ability to update itself
remotely, and spreads through autodownloads in Microsoft chat-room software
or e-mail.  Other viruses posing as Y2K upgrades have also been reported.
[Source: Self-updating virus spreads on Internet, AP item, 8 Dec 1999;
Courtesy of Sam Kasseman]

Power-out in Y2K test

Debora Weber-Wulff <>
Tue, 14 Dec 1999 13:07:36 +0100
The Berlin newspaper "tageszeitung" from Dec. 11, 1999 reports on a Y2K test
conducted at the federal Department of Justice. The workers had been asked
to not use their computers from 14.00 on Friday. Good thing, since the tests
managed to shut down the power in the building. No one wants to make an
official statement on the subject, since the official German policy is that
"Everything is going to be all right". for those who read
German "Millennium-Bug im Justizministerium"

Prof. Dr. Debora Weber-Wulff, Technische Fachhochschule Berlin,

Risks of Y2K overreaction

"Steven Huang" <>
Wed, 8 Dec 1999 14:59:17 -0500
The human element of widely published risks like the Y2K problem has seen
some coverage in RISKS, but seems to have been limited to predictions.

The *Philippine Daily Inquirer* and Associated Press report that a 61-year
old retired government engineer, fearing the Y2K bug, withdrew his life
savings of PHP2.8 million (about US$69,000).  Ten days later, four men
slipped into his house and robbed him of his savings, plus some PHP300,000
(about US$7,400) worth of jewelry.  This is a large amount of money in the
Philippines, worth about a decent-sized new house outside the city.

First of all, it appears that the banking industry's assurances were
insufficient to calm this educated man's fears.  Secondly, even if you
don't trust the banks, it's probably sufficient to convert the savings
to cash (or better yet, cashier's check or manager's check) and put it
away in a safe deposit box at your bank.  Was information about the Y2K
bug spread so poorly that an educated grown man was so scared he ignored
a much more conventional Risk?

Steven Huang Hughes Network Systems, 11717 Exploration Lane,
Germantown, MD 20876  MobileSat (240) 453-2357

Top 10 Risks search queries

Thu, 16 Dec 1999 14:12:40 +0000 (GMT)
     10 hacking
      9 ariane
      8 virus
      7 airbus
      6 GPS
      5 ATM
      4 software failure
      3 year 2000
      2 Y2K
      1 y2k

Aren't we all so predictable!

Go to jail - go directly to jail ...

"Martyn Thomas" <>
Sun, 12 Dec 1999 23:41:25 -0000
A recent Spam e-mail called "free world site" gave me a shock. In Outlook
98, simply selecting the message (to delete it) executed the HTML it
contained, which used the OpenWindow function to connect to a remote Web

The risk? In the UK, according to the BBC radio news, several people have
recently been arrested "in co-ordinated raids across the country" for
downloading child pornography from the Internet. They were apparently found
by monitoring Net traffic, and part of the evidence against them is the
record of web-sites visited "automatically stored on their computer's hard

Then again, there's all the other things you can do with HTML.

Martyn Thomas, Holly Lawn, Prospect Place, Bath BA2 4QP UK  01225 335649

According to Alta Vista, everything is for sale...

"Daniel P. B. Smith" <>
Mon, 13 Dec 1999 21:00:34 -0500
I did an Alta Vista search on the phrase "priesthood of all believers"
and was somewhat surprised when Alta Vista invited me to:

  "Comparison Shop! - Find products and compare
   prices for 'Priesthood of all believers'"

I tried "members of Congress" and, sure enough...

  "Comparison Shop! - Find products and compare
   prices for members of Congress"

A search on "Love," as expected, invited me to

  "Comparison Shop! - Find products and compare
   prices for love"

but it also said:

   AltaVista knows the answers to these questions:
   Am I in love?

"Daniel P. B. Smith" <>
Lifetime address

Quicken's no-undo interface design (Re: Welsh, RISKS-20.67)

"Prodin, Timothy (T.R.)" <>
Tue, 7 Dec 1999 16:55:43 -0500
> It does not even have the "Undo" feature which, starting in word
> processors and text editors, has come to be expected in all well-written
> Windows applications.

As it shouldn't.  Consider that Quicken has designed their register to
behave exactly like a real pen and ink ledger.

When entries are made in an old-fashioned ledger; they are immediately
committed, by the virtue of writing the the registry entry.  If a mistake is
made, you must void the transaction - you can't undo it.

In this case, Quicken has done the right thing.  A bank ledger is not a word
processing document; and therefore it should not have the same interactions
that word processors have.

  [We received a slew of messages on this topic, plus a few snide remarks
  on the oxymoronicism of "well-written Windows applications".  PGN]

Risks of webbed e-mail and cookies

Lloyd Wood <>
Thu, 9 Dec 1999 00:55:25 +0000 (GMT)
A while back, I received a couple of free e-mail accounts on ZDNet Mail,
which has previously been mentioned in RISKS [McGlothlen, R-19.74].

A while after that, ZDNet Mail become ZDNetOnebox, with a completely new
database system and a new interface, requiring javascript enabled to do
something as get help to find out why something as simple as deleting mail
doesn't work (because you haven't got javascript on, of course - a risk in
itself). I now have some US phone, fax and voicemail facility I'll never use
either too.

Both accounts were migrated to this new interface. A redirect from to was implemented, but I'd never
gotten around to updating my bookmarks.

ZDNet Onebox uses session management with cookies. Imagine my surprise,
after accessing one account, selecting the menu entry corresponding to from my browser's bookmarks menu, and logging in with name
and password for the second account, on being presented with the contents of
the mailbox of the _first_ account.

Risks lie in assuming that only one person uses a browser session, that that
person will be able to sign off to force the end of the session, and that
session information is more important than any user-supplied information
that overrides and cancels it.

  (If I update my bookmarks, I'll see the mailbox contents immediately,
  without the chance to login. some risks of assumption and complexity

The other associated risk with ZDNet Onebox is the constant stream of
Jesse Berst e-mails that I'd swear blind I never signed up for.

... but hey, at least it's not Hotmail, right?


Windows98 censoring word processing apps

"EricWagoner" <>
Wed, 8 Dec 1999 11:40:36 -0500
A friend of mine recently bought a new Gateway computer for his family. He's
a playwright and an English professor, and so does plenty of writing. The
computer came pre-installed with Microsoft Word 97, which he was beginning
to get comfortable with. He told me the other day that he was having a
problem he needed help with -- he was writing a script that contained a
character with a mild potty mouth, but every time he wrote the "S-word", it
got instantly replaced with XXXX. What's worse, in another script, a period
piece with archaic English, MS Word would replace those four letters with
XXXX even if they were parts of two different words, such as "'Tis hit!".
These four letters show up surprisingly often in English of a few hundred
years ago, and this was driving him crazy.

I thought it was a simple matter of setting the auto-correct feature in MS
Word, that maybe cuss words were now censored by default. I told him how to
disable the feature, or at least how to remove those letter combinations
from the lists. He told me a few days later that it didn't help, that even
with auto-correct completely shut off he was still plagued with XXXXs in his
scripts. I told him I'd gladly come over and take a look.

When I did, I found he was correct, that I had told him wrong. I scoured
Word for some kind of "child protection" feature, but could find nothing
anywhere. Out of curiosity more than anything, I opened WordPad and tried to
type the word, and it was instantly replaced with XXXX. I opened NotePad,
and again XXXX. I realized then that it was a global Windows 98 setting and
had nothing at all to do with Word. In the control panel, I looked in Users,
Accessibility Options, and anywhere else I could think to look for child
protection features, and came up blank. Finally, I noticed that in the Start
menu was the item "Log Off DEFAULT". It struck me that in all the many times
he and his family had booted up the computer since he bought it, no one had
logged into Windows under their own name, that everyone was using the

I restarted Windows and logged in as "eric". All of the XXXXing was gone,
and I was free to type what I wished. I logged on again as DEFAULT, and
censoring began anew. I gave him the solution, and he was happy.

I've now scoured the web for some mention of this "feature" but have found
nothing. I tried logging on as DEFAULT on my own computer, and when Windows
started I got an error (advpack not started -- missing dll -- something like
that), so it seems that this may be something built in by Microsoft for some
reason. The only thing I can guess is maybe it's for store floor models so
some kid can't go leaving dirty graffiti on the screens. Of course, Gateway
sells direct by mail-order, so that's not an issue here.

Anyone ever heard of this before? Certainly, real professional work was
being prevented by this seemingly undocumented feature. Interestingly, very
few words were censored in this way. I could be plenty raunchy with nary an
interference, but say the "S-word" or what CAP calls the "most foul of foul"
words, and I was silenced.

Eric Wagoner <>
Partner Software;  Kestrel's Nest Weblog

  [And all that XXXXing is likely to get THIS issue censored!  PGN]

Re: Crack in GSM cell-phone encryption scheme

Thu, 9 Dec 1999 13:00:39 +0100
    an Omnipoint executive says, "What they're describing is an academic
    exercise that would never work in the real world. What's more, it
    doesn't take into account the fact that GSM. calls shift frequency
    continually, so even if they broke into a call, a second later it would
    shift to another frequency, and they'd lose it."

Yes, there is frequency hopping, but it is slow -- and that it is not
significant with respect to the modulation (i.e., the 600us bursts every
1.2ms).  The 'executive' admits just that; 1 second is insignificant when
compared to the 600us bursts.

The frequency hopping may not be turned on.

The hopping sequence can be learned over the radio link from the BTS.  I
forget if this is in the clear or encrypted with A5 during an exchange with
the BTS.  I don't think it really matters whether it's in the clear on the
BCCH or encrypted with A5; once A5 is cracked all bets are off, provided you
can do it in real time.  It appears they can.

I've had this discussion before with people that you can't build a GSM
scanner.  Each time I've picked up my mobile and said 'What's this?
It's a GSM scanner'.  It has a few clues about where to look, but now
it would appear that everybody can get them.

Boyd Roberts             

Re: DVD encryption (Graifer, RISKS-20.67)

Brad Ackerman <>
11 Dec 1999 23:13:44 -0500
> ... They have failed at this by opting for security by obscurity and not
> employing the publicly reviewed techniques.

This isn't quite the issue.  No matter what protocols or algorithms are
used, fully working copy protection (barring armed guards stationed at the
playback device) is impossible.  Every DVD player must be able to decrypt
and play the DVD with no additional information, which means that no matter
how strong the actual encryption is, the key must always be available to
anyone who cares to look.  Unless the decryption is implemented in
tamper-proof hardware, the resources required for key extraction are well
within the range of "casual pirate[s]."  Of course, since such hardware is
not known to exist, and would be far too expensive for consumer devices if
it did, the studios will just have to live with easily copyable media, as
the software industry has been doing for some time.

Brad Ackerman N1MNB

Re: Why computers are insecure (Schneier, RISKS-20.67)

Thu, 9 Dec 1999 07:54:51 -0600
Much worse, it applies to physical sciences as well.  I first ran across
this idea many years ago reading Karl Popper, The Logic of Scientific
Discovery.  His basic premises are:

- Physical "laws" are actually hypotheses stated in a manner that allows
independent testing of specific physical (observable) phenomena.

- No matter how often a hypothesis is tested, it can never be proven.  It
only takes one contrary observation to invalidate a hypothesis that had
previously been accepted.  A useful anecdote relates to the amount of
"proof" provided for Newtonian physics over many years -- until Einstein
said, "wait a minute, this doesn't work and I have a different hypothesis".

In order to conduct our daily lives, we have to accept many hypotheses that
have been corroborated, but not proven -- as Newtonian physics, they are
good enough for our normal use.  As our knowledge and understanding grows,
some "laws" may fall to new understanding (read: hacks) while others survive
to fall another day.  The set of hypotheses we choose to accept as "laws" is
determined by the level of risk we are willing to assume, in the world and
in security.

DURWIN SHARP, Exxon Mobil Corporation, P. O. Box 4276,
Houston, TX 77210-4276 USA  1-713.656.6969

*Absent* source code now available

Avi Rubin <>
Fri, 10 Dec 1999 00:35:57 GMT
We are pleased to announce the public release of the Absent, secure remote
access system.  A description, the paper, and the code are available at

Absent is a system for secure remote access to the internal web from
outside. It addresses the problem of secure remote access to a site's
internal web server from outside the firewall. The goal is to give
authorized users access to sensitive information, while protecting the
information from others.  We implemented our solution using a one-time
password scheme for client authentication and SSL for confidentiality. Our
main design considerations were security, performance, ease of use,
availability, and scale. We were further constrained by the desire to leave
our firewall and local infrastructure unchanged.

Christian Gilmore, Dave Kormann, Avi Rubin
AT&T Labs - Research

CFP, 23rd National Information Systems Security Conference

"Ed Borodkin" <>
Tue, 14 Dec 1999 14:55:26 -0500

Co-sponsored by the National Computer Security Center and
National Institute of Standards and Technology

Week of 16-20 Oct 2000, Baltimore Convention Center, Baltimore, MD

The National Information Systems Security Conference welcomes papers,
panels, tutorials, and workshops on all topics related to information
systems security. Our audience represents a broad range of information
security interests spanning government, industry, commercial, and academic

See for instructions on sending your

Ed Borodkin, Program Director, NISS Conference

Please report problems with the web pages to the maintainer