The RISKS Digest
Volume 20 Issue 94

Friday, 7th July 2000

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o Software upgrade cancels hundreds of train tickets
Ian Shorrocks
o Lottery coincidence reported by Infobeat caused by computer crash
Bob Heuman
o Total power outage at Sydney Airport leaves 20 planes circling
Mike Hogsett
o U.K. ATC System Failure
Andres Zellweger
o Re: Collapse of UK air-traffic control computer
Mark Richards
o Mix-up sends Spanish bank e-mail to Virginia BBoard
o 17,000 bank details plucked from GST Site
Keith A Rhodes
o One more Y2K glitch, on countdown
Floyd Johnson
o Australian DST rules changed for Olympics
Mark Lutton
o Cyber-extortion
Doneel Edelson
o Hacker did *NOT* endanger shuttle astronauts
Jay D. Dyson
o Norton Antivirus 2000 defect on Win2000 Content
Jeremy Epstein
o Re: Microsoft software *can* damage your hardware!
Peter Van Eynde
o REVIEW: "Firewalls: A Complete Guide", Marcus Goncalves
Rob Slade
o CERIAS symposium
Gene Spafford
o The Software Engineering Symposium
Carol Biesecker
o Call for registration ESORICS and RAID 2000
Frederic Cuppens
o Info on RISKS (comp.risks)

Software upgrade cancels hundreds of train tickets

Ian Shorrocks <>
Thu, 6 Jul 2000 14:49:40 -0400
Guildford Station in Surrey, UK is one of many stations fitted with much
hated automatic ticket barriers by the operators, South West Trains Ltd.
The barrier checks the magnetic stripe on the back of the ticket to
determine if the ticket is valid and admits you to the station platforms or
allows you to leave.

As far as anyone is aware, there was nothing wrong with the barriers other
than the annoyance they cause as queues form during the Rush hours, as the
gates open and close somewhat slowly.

Last week, CTS, the company that provided the barriers, decided to upgrade
the software. Long suffering Risks Digest readers will not be surprised to
learn that the operation of the barriers following the upgrade was not as
CTS; the Rail company or anyone else expected.  Instead of allowing the
holder of a valid ticket access to the platforms, the barrier instead
erased the information on the magnetic stripe, thus permanently
invalidating the ticket.  South West Trains then had the problem of
reissuing all the affected tickets (several hundred by all accounts) and
manually checking tickets until the problem was resolved.

There is no substitute for complete lack of proper testing or for
un-necessary software changes.

The risk is: does the same cavalier attitude to testing apply to the
software running the signalling system?

Lottery coincidence reported by Infobeat caused by computer crash

Tue, 04 Jul 2000 00:14:42 -0400
Oregon Lottery officials thought it was a joke when someone called to say
The Columbian had published the winning Pick 4 lotto numbers a few hours
before they were drawn.  When they learned the caller was right, they
dispatched Lloyd W. Beil, a detective with the Oregon State Police gaming
enforcement section.  "Game security is our most valuable commodity," said
David Hooper, an Oregon Lottery spokesman.  As it turned out, the
newspaper's computer system in this city across the Columbia River from
Portland, Ore., crashed Wednesday.  In the scramble to re-create a lost
page, a copy editor mistakenly pulled the winning Pick 4 numbers from
Virginia and billed them as the Tuesday night's winning pick in Oregon.
Those same winning numbers, 6-8-5-5, were also drawn later Wednesday evening
in Oregon.  [AP item, Lottery numbers published by fluke (*Infobeat*, Jul 3

R.S. (Bob) Heuman, Toronto, ON, Canada <>

Total power outage at Sydney Airport leaves 20 planes circling

Mike Hogsett <>
Fri, 07 Jul 2000 14:19:10 -0700
Another story of primary and secondary power system failure...

  [On the evening of 6 Jul 2000, the main power and the backup power
  for the Sydney air-traffic control system both failed at 6 p.m., a
  period of peak activity.  The power outage lasted for about two
  minutes, and it took another 10 minutes to reboot the computers.
  The fallback strategy involved "pilot-to-pilot communications and
  predetermined holding patterns."  The Community and Public Sector
  Union national organizer Alistair Waters was quoted: ``As you keep
  cutting back and cutting back, the chances of failure happening grow
  and grow.  And that does risk safety.''  PGN-ed]

U.K. ATC System Failure

Andres Zellweger <>
Thu, 6 Jul 2000 08:42:42 -0400
According to *Aviation Week*, 26 Jun 2000, the U.K. ATC computer failure
reported in RISKS-20.93 was due to Flight Processing Software at the West
Drayton ATC Center.  As a result of the failure, flight progress strips "had
to be produced manually, a labor-intensive practice that forced NATS to slow
down the amount of traffic in the U.K. airspace.  NATS eventually reinstated
the previous software program, which stabilized the system."  The new
software was developed internally by NATS and had been installed three weeks
prior to the failure.

It is interesting to note that, while the system recovered after four hours,
the effects of the failure was felt for the entire weekend and as far away
as Paris and Frankfurt.  (I sat on the ground at Malpensa on a flight bound
to IAD for at least two hours waiting to be rerouted to avoid the
U.K. airspace.)

The other problem with the U.K. ATC system reported in RISKS-20.93 occurred
on 9 Jun 2000.  It was also a problem with the flight data processing
software.  That 20-minute failure was due to human error — repeated "bad"
flight data input from another ATC Center.  The problem was fixed through
procedural means.

Re: Collapse of UK air-traffic control computer

"Mark Richards" <>
Thu, 6 Jul 2000 09:45:19 -0400
PGN noted that huge delays in US Domestic air service were "blamed
alternatively on thunderstorms and on air-traffic control congestion",
noting Boston's ugly, congested, dirty, confusing, unfriendly Logan airport
among them (sorry, couldn't help myself).

Add another reason: it's reported locally that pilots from many airlines are
refusing landing clearances that involve the simultaneous use of a crossing
active runway for departure.  A recent incident where takeoff clearance was
given to one flight while another was landing is used as case-in-point: they
nearly collided (reports were from 100-300 feet vertical separation) at the
intersection!  The old saying "Arrive Alive" certainly fits.

Mark Richards <>

Mix-up sends Spanish bank e-mail to Virginia BBoard

"NewsScan" <>
Fri, 07 Jul 2000 07:09:51 -0700
One of Spain's largest banks — and its most aggressive in terms of moving
operations onto the Internet — is suffering from an identity crisis that
has resulted in thousands of messages being routed to Bulletin Board VA, run
by a rural Virginia man who publishes a weekly shopper with a circulation of
10,000. Banco Bilboa Vizcaya Argentaria, which goes by the acronym BBVA
after Banco Bilbao Vizcaya merged with Argentaria SA last fall, is the owner
of the "" domain name, but many employees, customers and
outside vendors mistakenly send their sometimes-sensitive e-mail to
"," a domain name owned by Bulletin Board VA. "When all this e-mail
started coming in, I didn't know who to contact. I didn't know who to talk
to," says Bulletin Board VA owner Jim Caldwell. "To me it is beyond the
stage of funny." Some of the messages contain bank account numbers and
balances, and at least one contained confidential information about a
possible bank acquisition. BBVA says it's in the process of changing its
domain name to "," and hopes that will solve the problem. Caldwell
certainly hopes so — he says he spends up to two hours a day clearing his
server of the mislabeled messages.  [*Wall Street Journal*, 7 Jul 2000; NewsScan
Daily, 7 Jul 2000]

17,000 bank details plucked from GST Site

"Keith A Rhodes" <>
Thu, 29 Jun 2000 10:35:15 -0400
In Australia, someone claimed to have accessed a Treasury Department Web
site that had essentially no security.  By indexing
from 1 to 17,000, he was able to obtain the bank records of that many
registered GST Startup certificate suppliers.  (There were apparently 27,000
records in all, but access stopped when the site was disabled.)  He then
sent e-mail to each these companies (which can honour a $200 GST-related
rebate on computers, software, services and other items required for small
and medium companies to prepare for Australia's new taxation system) with
its own relevant details.  [Source: Bank details plucked from GST Site, By
Nicole Manktelow, ZDNet Australia, and Paul Zucker, PC Week Australia;

One more Y2K glitch, on countdown

Floyd Johnson <>
Fri, 07 Jul 2000 12:43:50 -0400
The U.S. Naval Observatory in Washington, DC, has a web site that lists
a count down timer to "Countdown to the Year 2000 !":

and when the link is followed we do find the "USNO Millennium Program".
However, and here is the kicker, the millennium counter is not counting down
to 2000, but to 2001.  The pages cite 1 Jan 2001 as the beginning of the new

Golleeeee ... if the US Navy can't get it right, how can the rest of us
expect to get there on time [:)].  [Both pages are written by the USNO.]

Floyd H. Johnson,  87 Parkway Drive, North Chili, NY  14514

  [On the other hand, there is an explanation on the latter site
  that the next millennium begins on 1 Jan 2001.  Go figure.
  I presume it is last year's program recycled.  PGN]

Australian DST rules changed for Olympics

"Mark Lutton" <>
Thu, 6 Jul 2000 17:48:23 -0400
Several Australian states have changed the Daylight Savings Time rules so
that DST will be in effect for the year 2000 Olympic Games in Sydney in
September.  (late winter for them).  Normally DST begins in October.

I suppose the benefits are substantial.  Quite a bit of electricity for
stadium lighting will be saved.

I wonder if anyone considered the costs and the risks.  This affects just
about every computer in Australia, and many automated installations like
radio stations, time-lock bank vaults and security systems.  Microsoft is
taking it calmly and has issued a notice at

I guess there was some reason they couldn't just schedule every event to
start an hour earlier.


"Edelson, Doneel" <>
Thu, 6 Jul 2000 10:31:29 -0400
Instances of "cyber-extortion" are increasing dramatically, according to
Dave Marziliano, an FBI agent in New York who specializes in computer crime
and security.  Cyber-extortion involves hackers blackmailing companies by
threatening to turn over purloined strategic data to their competitors.
Marziliano says these cases are growing due to an increase in the number of
hackers, particularly in underdeveloped countries.  Most incidents involve
relatively small amounts of money, $50,000 to $100,000, which many companies
would rather pay than take the chance of losing competitive advantage.
[Source: InformationWeek Online, columnist John Soat, and InformationWeek
magazine, July 3, 2000, page 150.]

Hacker did *NOT* endanger shuttle astronauts (Re: Rubin, RISKS-20.93)

"Jay D. Dyson" <>
Wed, 5 Jul 2000 13:56:26 -0700 (PDT)
Bob Jacobs/Dwayne Brown
Headquarters, Washington, DC                    July 3, 2000
(Phone:  202/358-1600)

Ed Campion/Eileen Hawley
Johnson Space Center, Houston, TX
(Phone:  281/483-5111)


News reports that a computer hacker endangered the lives of Space Shuttle
astronauts during a 1997 mission are wrong.  A report from the British
Broadcasting Corporation (BBC) said a hacker compromised NASA computers,
endangering the lives of American astronauts.

NASA's Inspector General's office found that during the STS-86 mission in
September of 1997, the transmission of routine medical information was
slightly delayed due to a computer hacker.  However, the transmission was
successfully completed.

At no time was communication between NASA and the astronauts compromised.
The communication interruption occurred between internal ground-based
computer systems.

There has never been an interruption of communication service with the
Shuttle due to computer hacker attacks.  The command and control
communications links between Mission Control and a Space Shuttle in orbit
are extremely well insulated.

The 1997 incident is currently under investigation by NASA Inspector
General's office.

Courtesy of NASA HQ.  Send questions to them, not me.

Side note: Knowing what I know about how the mission-critical systems are
*not* on the Net, the BBC story rings utterly false.  JDD
  [Jay, I guess you might be SURPRISED on your supposition!  PGN]

Norton Antivirus 2000 defect on Win2000 Content

"Jeremy Epstein" <>
Thu, 6 Jul 2000 16:53:27 -0400
Seems that if you're one of those vigilant people who always download the
latest virus definitions, you could be in trouble.  If you downloaded Norton
Antivirus 2000's virus definitions between June 16 and 19 and then used them
on Windows 2000, you would hang the system.

The problem stems (in part) from the fact that they appear to be downloading
some sort of active content ("new script file scanning techniques" is the
way they described it), and those got confused by certain device files.

Security software shouldn't (a) dynamically load updates to itself or (b)
reduce reliability!

Re: Microsoft software *can* damage your hardware! (Slade RISKS-20.93)

Peter Van Eynde <>
Wed, 5 Jul 2000 23:31:56 +0200
> Are we reaching the limits of safe operation with plastic disks?  Or is it
> only defects in manufacture that cause this type of problem?

The German magazine C'T did a report on a similar case a few months ago.
Their conclusion was that a hairline fracture in the plastic ring that
surrounds the center hole can cause the CD to break-up under the stress
of a X-speed CD-ROM drive.

They advised to check your CD's for hairline fractures or/and to use
software to artificially slow down the CD drive to a more reasonable
speed. This also has the nice side-effect of reducing the whine...

REVIEW: "Firewalls: A Complete Guide", Marcus Goncalves

Rob Slade <>
Wed, 5 Jul 2000 08:00:32 -0800
BKFWCMGD.RVW   20000517

"Firewalls: A Complete Guide", Marcus Goncalves, 2000, 0-07-135639-8,
%A   Marcus Goncalves
%C   300 Water Street, Whitby, Ontario   L1N 9B6
%D   2000
%G   0-07-135639-8
%I   McGraw-Hill Ryerson/Osborne
%O   U$54.95 800-565-5758 fax: 905-430-5020
%P   678 p. + CD-ROM
%T   "Firewalls: A Complete Guide"

Despite the change of name, this is not just essentially the second edition
of "Firewalls Complete" (cf. BKFWCMPL.RVW), it is identical, right down to
the price.  While there is a large amount of information in this book, and a
particularly valuable compilation of vendor data, I am not sure that I can
agree with the claim to be complete, even though the preface says it has
been expanded.  (The only specific expansion mentioned involves protocols.)
It is difficult to point out particular gaps in the work, since the whole
volume could still use a thorough reorganization.

Part one has been renamed to reflect the emphasis on TCP/IP.  Chapter one
deals with the TCP/IP suite of protocols.  It does address protocol related
weaknesses, but the protocols and attacks are not related, appearing in
disorganized and even random material.  Some attacks are described
incorrectly, and sections even seem to contradict each other, such as the
text emphasizing login controls and then discussing IP spoofing, which takes
over legitimate logins.  This appears to set the stage for a technical
treatment of the subject.  Networking details continue in chapter two with
an overview of the various connection methods over the net.  I am always
delighted to get more information about new Kermit products, but I would
sympathize with any reader who was confused about what this material may
have to do with firewalls.  Encryption gets a brief review in chapter three.
The content gets the basics across, but is of uneven depth between topics.
Chapter four does start to provide security, and specifically firewall,
related information in regard to the Web, but also includes a ten page CGI
script that might be less useful.  The data is good, but seems to be
somewhat random and unstructured.  Advanced Web security areas (including a
more detailed examination of ActiveX vulnerabilities) is found in chapter
five.  Chapter six looks at much the same material.

Firewall technologies, implementations, and limitations are discussed in
part two.  Chapter seven attempts to define firewalls and describe firewall
technologies.  The discussion of firewall types has been expanded, but is
still confused.  The chapter also suffers from duplicate sentences and even
paragraphs, and obviously could have used another copy edit.
Vulnerabilities of individual Internet applications are the subject of
chapter eight, but many concerns mentioned are more potential than actual
(and thus difficult to defend against) while a good deal of the content
(including yet another complete, ten page Perl script, this one a version
from three years before the first) is repeated from earlier chapters.
"Setting Up a Firewall Security Policy," in chapter nine, is much broader,
touching on many security topics that may have little or nothing to do with
firewalls.  An example is the information on viruses, which is generally
trite.  The overview of antiviral software betrays no knowledge of activity
monitoring or change detection classes of programs.  The recommended
protection procedure suggests copying downloaded programs to a floppy disk
rather than the hard disk, which is both useless (malicious software invoked
from floppy will generally happily destroy data on your hard drive) as well
as being impractical in these days of enormous packages.  The more effective
approach would involve a type of firewall: an isolated machine that could
download software and test it before the programs were used on production
machines.  Chapter ten is supposed to address issues of design and
implementation, but deals primarily with considerations for evaluation of
specific products, as well as some suggestions for what to do once you've
been hit.  The question of design is made more problematic by the fact that
the second major type of firewall Goncalves proposes, an application
gateway, while first mentioned in chapter seven, is not defined until
chapter eleven as a more generic form of a proxy server, which is itself
first mentioned in chapter five but not described until this point.  Chapter
twelve covers basic auditing of the firewall, while chapter thirteen
mentions a few firewall products.

Part three is chapter fourteen, which lists firewall vendors and products.
Descriptions of the products are extensive, and sometimes technically
detailed, but it is difficult to call them evaluations, since there is
little analysis of strengths and weaknesses.  It is also hard to make
comparisons, since there is little similarity of format in the entries.
Appendix A is a collection of vendor contact information.

Goncalves' writing on any given section is quite readable.  Explanations are
clear and illustrations can even be amusing.  At times it seemed that the
material was moving into common traps and misconceptions, but ultimately the
analysis is generally balanced and realistic.  However, in some cases there
is an apparent contradiction between one paragraph and the next.  The
incongruity disappears on more rigorous scrutiny, but the text can be
startling.  In addition, the structure of the book, both overall and within
individual chapters, leaves something to be desired.  It can be difficult to
follow developing concepts, and also to use the book as a reference by going
back to specific topics to pick up particular points.

As an adjunct to Cheswick and Bellovin's "Firewalls and Internet Security"
(cf. BKFRINSC.RVW) or Chapman and Zwicky's more practical "Building Internet
Firewalls" (cf. BKBUINFI.RVW), this work does have useful information.  As a
reference or introduction it falls short.

copyright Robert M. Slade, 1998, 2000   BKFWCMGD.RVW   20000517    or

CERIAS symposium

Gene Spafford <>
Sat, 24 Jun 2000 20:42:15 -0500
CERIAS (Center for Education and Research in Information Assurance and
Security) will be co-sponsoring a symposium on requirements engineering for
information security and privacy.  From the announcement: Security
requirements for new electronic commerce and Internet applications exceed
the traditional requirements for network security and traditional software
systems. Security requirements are more complex and increasingly
critical. Informally stated and de facto requirements are often of critical
importance in the design and operation of these systems, but they are
frequently not taken into account.

The symposium is intended to provide researchers and practitioners from
various disciplines with a highly interactive forum to discuss security and
privacy-related requirements. Specifically, we encourage those in the fields
of requirements engineering, software engineering, information systems,
information and network security as well as trusted systems to present their
approaches to analyzing, specifying and testing requirements to increase the
level of security provided to users interacting with pervasive commerce,
research and government systems.

We intend this to be a significant event in developing new approaches to
better security design and operation.  We would like to ask your help to
ensure that this happens.

Please let colleagues and other likely-interested parties know about
this symposium.  You can print off copies of the CFP
<> and circulate
them.  You can also point people to the symposium WWW page:

You can also think about submitting something to be considered!

The Software Engineering Symposium

Carol Biesecker <>
6 Jul 2000 15:58:18 GMT
impacts 2000 - The Software Engineering Symposium
18-21 September 2000
Grand Hyatt at Washington Center, Washington D.C.

The most up-to-date information, including the Preliminary Program,
Housing, Local, and Registration details, can be found on our Web site at

The Software Engineering Institute (SEI) Software Engineering Symposium
provides a forum for discussing high-payoff emerging practices that software
organizations can use today.  Symposium sessions will describe current
activities and research in the SEI technical program of work.  These SEI
efforts produce results that enable members of the software community to
deliver software-intensive systems predictably better, faster, and cheaper.

By July 19, 200, to express your interest, contact
  Software Engineering Institute
  Symposium Conference Coordinator
  Carnegie Mellon University
  Pittsburgh, PA 15213-3890
  Phone: 412 / 268-3007
  FAX: 412 / 268-5556

For more information about the Symposium, contact
  Symposium 2000 Conference Coordinator
  Phone: 412 / 268-3007
  FAX: 412 / 268-5556

For general information about the SEI or to be added to our mailing list,
  SEI Customer Relations
  Software Engineering Institute
  Carnegie Mellon University
  Pittsburgh, PA 15213-3890
  Phone:  412 / 268-5800
  FAX:  412 / 268-5758

Call for registration ESORICS and RAID 2000

Frederic Cuppens <>
Tue, 27 Jun 2000 19:25:09 +0200 (MET DST)
   ESORICS 2000  Preliminary programme and call for Posters
    6th European Symposium on Research in Computer Security
              October 4-6, 2000, Toulouse, France

       Organised by ONERA Centre de Toulouse
       with CNAMTS-CESSI and LAAS-CNRS.

   Registration form is available at

   ESORICS 2000 is jointly organized with RAID 2000:
   3rd International Workshop on the Recent Advances in Intrusion Detection
             October 2-4, 2000, Toulouse, France

Safecomp 2000 - Programme + Registration

safecomp2000 <>
Tue, 4 Jul 2000 08:33:52 +0200
Sender: "Koornneef, Floor" <>

      SAFECOMP 2000 - Programme & Registration

           19th International Conference on
      Computer Safety, Reliability and Security

   October 24-27, 2000       ROTTERDAM, The Netherlands

The provisional programme of the Safecomp 2000 event and registration
information are now available:

Safecomp 25-26 Oct will review the state of the art, experiences and new
trends in the areas of computer safety, reliability and security regarding
dependable applications of computer systems.  There are also five half-day
tutorials 24 Oct and 27 Oct.  MORE INFORMATION:

Please report problems with the web pages to the maintainer