The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 21 Issue 08

Weds 11 October 2000


50 million adults at risk for 'net illiteracy'
China announces new rules for Internet content
Italian police stop digital bank robbery
Meine van der Meulen
Computer-related sewage release into Massachusetts Bay
Jonathan Drummey
ISP whacks game fan with $24,000 bandwidth fine
Doneel Edelson
I've been dropped from a life-time membership
Leonard X. Finegold
Carnivore review team information leaked
What Bloatware is Not
Rick Downes
EMI, TWA 800 and Swissair 111
Peter B. Ladkin
ABC newsradio network blocked during Olympics
Phillip Musumeci
The need for functioning IT environments
Thomas Roessler
Re: Why software fails
Jurek Kirakowski
Intel hasn't learned...
Steve Bellovin
Test Practitioner Syllabus: 17 Oct deadline for comments
Dorothy Graham
REVIEW: "Storming Heaven", Kyle Mills
Rob Slade
Info on RISKS (comp.risks)

50 million adults at risk for 'net illiteracy'

<"NewsScan" <>>
Mon, 02 Oct 2000 09:23:08 -0700

As many as 50 million U.S. adults are at risk for becoming functionally
illiterate in the coming years because they're technologically deprived,
according to a Gartner Group study. "The Internet will soon be so pervasive
that not having access to the technology or not knowing how to use it will
be the equivalent of not knowing how to read or write," says Gartner CEO
Michael Fleisher. The report confirms the existence of a "digital divide"
that denies 65% of "lower socioeconomic-status" Americans access to the
Internet, compared with only 17% in the top income bracket. But beyond
simple access, a second "experience gap" separates people knowledgeable
enough to tap the benefits of the Internet from those who are not.
Meanwhile, a third divide is developing between those with high-speed,
broadband access and those stuck with straight dialup accounts. "As
broadband access reaches higher penetration rates, we can expect to see a
gap in broadband adoption that mirrors today's gaps in (personal computer)
ownership. This will be the equivalent of having the moderate and upper
classes in IMAX theaters while the underprivileged are still watching silent
movies," says Fleisher. (Reuters/MSNBC 2 Oct 2000;; NewsScan Daily, 2 October 2000)

China announces new rules for Internet content

<"NewsScan" <>>
Tue, 03 Oct 2000 09:46:02 -0700

In its continuing effort to keep a lid on the impact of the Internet,
China's government has issued new regulations that hold companies
responsible for blocking illegal or subversive content, limit foreign
investment, and threaten to close down any unlicensed operations. Internet
content and service providers are directed to keep records of all content on
their Web sites and all the users who dial into the servers for 60 days, and
turn those records over to police on demand. "This creates a system that
would require such a scale of enforcement that it could potentially occupy
the whole efforts of ICPs," says a Beijing-based Internet consultant.
"Technology will respond. It will give rise to a whole new generation of
encryption techniques." (Reuters/*Los Angeles Times*, 3 Oct 2000,; NewsScan Daily, 3
October 2000)

Italian police stop digital bank robbery

<"Meine van der Meulen" <>>
Wed, 4 Oct 2000 15:08:35 +0200

The robbers had hacked the computer system of the Banco de Sicilia and had
almost started booking more than half a milliard dollars (2 trillion lira)
to other bank accounts. The Italian paper *La Repubblica* says the group
aimed at European money designated for the regional administration of
Sicily.  Apparently, the group also had plans to rob the Vatican bank, the
IOR. The police arrested 21 persons: Mafiosi, computer experts, and corrupt
bank employees. They are charged with money laundering, attempted burglary,
and connections with the Mafia.  Most of them come from Palermo (Sicily).
With the cooperation of employees of the bank, the group made a computer
system that looks exactly like the bank's and could connect to the bank's
network after closing time.  Bank employees provided the necessary
passwords.  The police caught the bank robbers with the help of telephone
taps.  (Source: ANP, 4 October 2000).

Meine van der Meulen <>
SIMTECH ENGINEERING, Rotterdam, The Netherlands,

Computer-related sewage release into Massachusetts Bay

<jonathan drummey <>>
Mon, 09 Oct 2000 12:50:49 -0400

Approximately 4.3 million gallons of partially treated waste water was
released from the Deer Island Treatment Plant into the bay on 29 Sep 2000,
the Massachusetts Water Resources Authority reported on 8 Oct 2000. The
sewage had initially been treated, but had failed to receive a secondary
treatment before it was accidently sent through the outfall tunnel,
stretching 9.5 miles from Deer Island.  The incident is reportedly the
result of a computer problem.  The outfall tunnel, which is the longest in
the world, was opened on 6 Sep 2000.  [Source: *The Boston Globe*, 9 October
  [Another example of garbage in, garbage out?  - jonathan]

ISP whacks game fan with $24,000 bandwidth fine

<Doneel Edelson <>
Tue, 3 Oct 2000 12:31:21 -0400

An online gaming fan has been hit with a $6000 invoice from Earthlink and is
set to receive another, for $24,000 -- all for posting a movie of upcoming
Bungie X-box title Halo on his personal Web site.  The movie is a copy of an
Nvidia advertisement that features Halo in action, running on the 3D
graphics company's hardware. The ad appeared in July 2000, and was shown at
MacWorld Expo in New York. US-based Halo fan 'Cannibal Harry' picked up the
ad, digitized it, and posted it on his site, in two versions: 45MB and 32MB.
The bills resulted from 62GB traffic in downloads during July, and 4500GB
during September, when his monthly data limit is 500MB.  [Source: an article
by Tony Smith,]

I've been dropped from a life-time membership

<"Leonard X. Finegold" <>>
Tue, 03 Oct 2000 22:35:17 -0400

Twenty-five years ago, we took out a family life-time membership in a
Memorial Society (which will cremate me at dirt-cheap prices).  Called 'em
about something, and they said I was no longer on their list.  After a
moment of silent astonishment, I asked if it was because I was already dead.
They said, "Not quite, O disembodied spirit".  Alas, problem seemed to be a
computer switch-over, and they didn't do a comparison of old and new
versions.  When I said that (avoiding my usual paranoia) there are probably
lots of other people likewise dropped from the land of the living, the lady
sweetly said "I don't think so".

Yours in the land of the quasi-living,

Leonard X. Finegold, Physics, Drexel University (3141 Chestnut Street)
Philadelphia PA 19104 1-215-895-2740 (allow 5 rings) or (215) 895-2708

Carnivore review team information leaked

<"Peter G. Neumann" <>>
Mon, 2 Oct 2000 18:16:47 PDT

The Department of Justice apparently attempted to hide the identity of the
Carnivore review team members at IITRI; however, the censored information
was extracted from a pdf file with a little Adobe hacking, and the
unexpurgated version appeared on  [Source:,1283,39102,00.html]

  [Error in domain (.org, not .com) corrected in archive copy.  PGN]

What Bloatware is Not

Sun, 01 Oct 2000 07:17:17 +0000

Years of gawking at blubber and here comes a self-proclaimed auto mechanic
with a self-proclaimed no education (officially) and he says it better than
anyone ever has.

He calls himself "Kwanhaeng" and his first letter is here:

And here some excerpts from one of his follow-ups.

  I've met a few really good computer people over the years, don't get to
  talk with them much, they're too busy. They remind me of a few good auto
  mechanics, and a few good engineers, and maybe a few savants in that they
  have a holistic understanding of their subject, they really grasp how it
  works and what it's doing energetically and dynamically. They aren't
  painting by the numbers, they understand it.

  The oddest part is, I've made my living with my hands, and those are the
  only guys I can understand, unless they talk pure math, and if I have a
  concept to put with the symbol, I can understand that too, and wail with

* * * * *

  What's happening with computers is the same thing that's happened with
  every other aspect of the mental, technology and society. Nature has a
  "chaotic" order that an "organized" chaos can never understand. Real order
  is small, simple, elegant and beautiful. It works because that is what it
  is designed to do, rather than its design being dependent on a lot of
  other hidden motives.

* * * * *

  Unfortunately, I quit school for that reason. But I've never stopped
  studying. Thanks again. Your name has a revolutionary reputation, a
  computer revolution is a very good idea.

This is of course precariously close to establishing BWK's order of
things as a "natural" one, something we "savants" as Kwanhaeng would
call us of course suspected this all along. At any rate, BWK must be
proud - or at least hopefully pleased and amused.

And instead of railing at bloatware - it's still fun to do of course -
we finally have someone define what we are doing.

Which makes it easy to see, in contrast, what bloatware really is.

- It's six-year green cards where nobody really cares. About anything.

- It's doctorate programs which exist only for the corporate good.

- It's MCPs where the school guarantees you will pass sooner or later.

- It's a "naive trust in education".

Kwanhaeng has it all over the so-called "experts". In three downloads he
saw through the "showroom flash/bloatware" hoax.

I don't know where he came from, or where he's been hiding all these
years, but I sure hope he sticks around for a while. We all need him.

Rick Downes <>

EMI, TWA 800 and Swissair 111

<"Peter B. Ladkin" <>>
Tue, 10 Oct 2000 20:17:33 +0200

Elaine Scarry published an article in the New York Review of Books (NYRB) on
April 19, 1998, in which she suggested that electromagnetic interference
(EMI) from outside the aircraft might have contributed to the accident to
TWA 800 in July 1996. She suspected in particular various military vehicles
(ships and aircraft) in the area. The article was discussed in Risks 19.64
(Wood), 19.65 (Thompson) and 19.66 (Ladkin), with additional comments in
19.86 (Neumann) and 19.87 (Vistica).

Scarry's 1998 hypothesis has been refuted by research carried out by NASA
and included in the NTSB "docket" on TWA 800 at -> aviation ->
major investigations -> TWA 800 Although the ignition source for the center
fuel tank (CFT) eruption has not been definitively identified, faulty wiring
is the chief suspect.  External EMI is not one of the identified
possibilities (although bomb and missile remain in the list as "unlikely").

Ms. Scarry has published a further article in the NYRB of September 21, 2000
(noted in Risks 21.04 by Fred Ballard) in which she raises the possibility
of external EMI not only causing the TWA 800 catastrophe (again), but
suggests that it could have been the cause of a radio blackout in the early
part of Swissair 111's flight, and also the electrical fire which led to the
aircraft's crash into the ocean off Nova Scotia.

The facts are these. NASA determined that the maximum energy that could be
induced in the Fuel Quantity Indication System wiring in the Center Wing
Tank of TWA 800, the tank that exploded, from a dominant external emitter,
is between 1.44 x 10**(-10) Joules and 1.53 x 10**(-9) Joules, depending on
the FQIS wire length (NASA/TP-2000-209867, Table 3.6.4-2, p36).  However,
the minimum energy required to ignite the fuel-vapor mix is widely accepted
as 0.2 milliJoules, that is, 2.0 x 10**(-4), which is some 5 orders of
magnitude larger. Even considering the other three or four contributing
"dominant" emitters, one cannot get anywhere near the required amount of
energy. Thus has NASA refuted Ms. Scarry's 1998 suggestion. Ms. Scarry
reiterated her suggestion in the September 21, 2000 article. It is hard to
see why.

The refutation for the case of Swissair 111 is a little more involved.
First, the codes used for the calculation of the EM waves inside the hull of
an aircraft is dependent upon the geometry of the aircraft, the position of
the wire inside the aircraft, the frequency of the waves, the number and
shape of the windows, and the number of modes in the cavity, according to
the NASA report. So although NASA may be implored to do their calculations
again, recalculation is not just a matter of modifying the numbers already
obtained. This is for roughly the following reason.

There are nodes in the resonant waveforms inside an aircraft hull that could
contain high-intensity radiation (over tiny distances of course) and maybe
such a node could lie over a damaged part of a wiring bundle with two
exposed conductors and cause a spark. Whether a spark is caused depends on
the field intensity in the area, which is dependent mainly on the air
pressure. The required intensity is about 30 kilovolts per centimeter
(kV/cm) at sea level and varies roughly linearly with air pressure at lower
altitudes, which means roughly 15 kV/cm at 15,000 ft, where the atmospheric
pressure is about half that at sea level. This is 1.5 million volts per
meter (V/m), to be compared with the field intensities of between 3.773 V/m
and 32.713 V/m available to the outside of the hull of TWA 800. Although
these orders of magnitude are radically different, we can't rule out arcing
without running the codes.  However, we can ask whether such a spark could
contain enough energy for long enough time to start the insulation burning.

Patricia Cahill of the FAA performed arcing tests on aircraft wiring in
1988, 1989 and 1995. In the 1995 tests, she ran current into wiring,
specially prepared to form a short circuit at the ends, from an 18.75kVA
generator through standard 7.5A circuit breakers, until the insulation
degraded sufficiently to catch fire. In the worst case, with aromatic
polyimide insulation (Kapton(TM)), the insulation caught fire very quickly
under the load; but even in this case, most circuit breakers tripped at
least once and were reset before the fire was observed to take hold.
Ms. Cahill did not attempt to measure the total energy required for the fire
event, but we can estimate a lower bound from this information, knowing how
much energy is required at a minimum to trip a circuit breaker (which is
based on a bimetallic strip which bends with heat and trips a switch).  So
we obtain some figure for the minimal energy required, although by general
reckoning it is too low. Never mind, it plays the required role.

This much energy must be available from EM fields outside the aircraft in
order for it to be available inside the aircraft. It turns out to be a
factor of 6.8 million times higher than that available on the outside of TWA
800 from the most significant emitter. And none of the emitters in the
region of TWA 800 were known to be anywhere within the region of Swissair
111. A land-based emitter capable of creating this kind of field in the
region of the route of flight of Swissair 111 is out of the
question. Moreover, if the code results for TWA 800 are anything to go by,
this energy estimate could well be orders of magnitude too low. We consider
this result to refute the proposal of Ms. Scarry that external EMI could
have caused the wiring fire in Swissair 111.

Connecting total energy available with a wiring fire assumes that the energy
is provided to the aircraft and wiring over a specific short time frame
(noted by Hal Lewis). Energy per time unit is power, and thus not only a
required total amount of energy but a required minimum power must also be
present. We made no attempt to obtain a lower bound for the power.

A paper laying out this argument in more detail with references, and
summarising the NASA results relevant to the refutation, is available in PDF
or Postscript format at -> Publications -> What's New ->
  "EMI, TWA 800 and Swissair 111"

Partly as a result of these two accidents, defective wiring has become a
major theme in aircraft safety investigations over the last few years.
Older aircraft such as the B747-100 involved in the TWA 800 accident have
about 150 miles or so of the stuff. More modern aircraft have more
electronics and more wiring, and sometime they will be getting old too.  The
possibility of arcing is a major area of concern.  Various companies have
developed so-called arc fault detection techology, which consists of a set
of algorithms to recognise the electrical characteristics in the wire of an
arcing event somewhere in the circuit. The major problem is to distinguish
arcing from other events such as the waveform profile when motors or other
loads are turned on. Such arc fault detection technology has been developed
by companies such as Eaton Corp in the US, Square D/Groupe Schneider
(primarily for domestic use, I understand), and ETA Technologies in
Germany. ETA has recently given evidence before Congress on these
matters. They hope to develop arc fault breakers with which commercial
aircraft may be retrofitted. Let us all hope that they succeed.

The first author wishes to acknowledge the contributions to this inquiry of
William Sells and Peter Meckler of ETA Technologies, Pat Cahill of the FAA,
and Hal Lewis, emeritus of UC Santa Barbara, as well as other colleagues
obliged to remain anonymous for professional reasons.

Peter Ladkin, Faculty of Technology
Willi Schepper, Faculty of Physics
University of Bielefeld, Germany

ABC newsradio network blocked during Olympics

<Phillip Musumeci <>>
Sun, 1 Oct 2000 14:26:21 +1100 (EST)

The Australian Broadcasting Corporation is the national broadcaster of
Australia.  It uses innovative digital audio systems in-house and supplies
streaming audio feeds of its major networks' programs.  During the Olympics,
its newsradio network has had its streaming audio broadcast cut in order to
comply with the Olympic organisers' arrangements for the sale of coverage.

So, in addition to the Olympics organisation scanning Internet sites for
diaries and chats (RISKS-21.07), Australians have had a 16-day black out on
one of their ABC networks streaming audio feeds.

The need for functioning IT environments

<Thomas Roessler <>>
Tue, 3 Oct 2000 14:39:52 +0200

Frequently, you read about the importance of policies, version control, and
so on for corporate IT security and management.

But you also regularly read about corporations finding huge amounts of
pirated software on employees' PCs, and about employees not adhering to
policies, eventually endangering a corporation's IT security as a whole.

One of the reasons for this kind of misbehaviour may lie in the lack of ease
of use and functionality with "official" IT environments, combined with the
ease of "administration" with PCs running single-user operating systems.

When users have easy access to Web mail systems, but the internal mail
system happens to work flawlessly only on an occasional basis, don't be too
astonished if your employees start to discuss confidential internal issues
through Yahoo! and Hotmail.

When the official e-mail system doesn't work reliably and timely for
external messages (or has an interface which is worse than Hotmail), don't
be astonished if your employees give out private e-mail addresses to
customers. "If you want to get through quickly and reliably, use  It's not official, but it works."

When customers send messages in the Office format of the day, and employees
can't read them, don't be astonished if you happen to find pirated copies of
the latest releases of the software in question on their computers.

So, when thinking about security, always keep in mind that you need an
environment that works well enough to be accepted by your users.  If it
isn't accepted, they'll sooner or later find ways to work around it, and
around all your nicely-established policies and procedures.  (And you don't
want to spend your time on securing an environment which isn't really used,

I'd hope that I've spent some 40 lines stating the obvious. However, in
reality, all of what I'm describing happens on a daily basis.  Just look.

Re: Why software fails (Lewis, RISKS-21.06)

<jk <>>
Thu, 05 Oct 2000 11:28:18 +0100

Mike Lewis' piece on entropy in computer systems is a good start but he
fails to take into account the human factor in designing these systems.  I
believe it was Fred Brooks who first pointed out that the more people fiddle
with a computer program, the more likely it is to disintegrate.

The real entropy risk is computer programs which undergo development over
many years by different hands and under different managers.  Remember all
those legacy systems we used to know and love?  That's how they got to that

When some body retains overall control of the revision process as for
instance with Linux, or open-source encryption systems, the opposite effect
seems to occur:  perhaps an equivalent to Maxwell's daemon, who actually
reverses entropy by an act of intelligence?

In the Human-Computer Interaction field, the biggest entropy risk is when a
system is endlessly tweaked to make it more 'usable'/'suitable to users
needs.'  Unless there is exceptionally strong project management (which
there rarely is) the result is the usual bloatware verging on chaos which
serves nobody at all.

Jurek Kirakowski, HFRG, Ireland

Intel hasn't learned...

<Steve Bellovin <>>
Mon, 02 Oct 2000 23:16:09 -0400

An AP review describes a new Intel product aimed at children: the "Play
Computer Sound Morpher".  It's a microphone plus software to change the
recorded voices.  It also lets you "save the soun creations and to e-mail
them to someone as an executable file with both the message and a player."

The next sentence of the review started with "A word of caution", but
it was warning of the file size, rather than the habit (and
consequences) of e-mailing executables.

-Steve Bellovin

Test Practitioner Syllabus: 17 Oct deadline for comments

<Dorothy Graham <>>
Wed, 4 Oct 2000 22:39:30 +0100

Risk: teaching testers the wrong things, not teaching the right things?

You may be aware of the new qualifications for software testers that are
being developed in the UK. The Foundation Certificate, based on a 1-hour
multiple-choice exam has been very successful in its first 2 years.

The next level proposed is the Practitioner Certificate, based on a 3-hour
essay exam.

The committee developing this syllabus is eager to have comments about
the syllabus from test experts and practitioners, before it is
"officially" published as the basis for the qualification.

They would be very grateful if you could take time to look through the
syllabus and feed back your reactions and comments.

As you will see from the first page, comments need to be with Sarah Dyer by
the 17th of October, less than two weeks from today. If you could choose
perhaps one section of the syllabus that you are particularly interested in,
that would be very helpful (and more would be even more helpful!) (For
random selection, choose the one corresponding to the current last digit of
your nearest digital clock.) Section 4 is on risk and testing.

Download the pdf file from:

(Note that ISEB seem to be having trouble putting the right file on the
web site - it is NOT the August 1999 version, but a pdf file dated 19
Sept 2000.)

If you can help, thank you very much! If not, perhaps you could ask someone
else in your organisation to comment? Please forward this to anyone you know
who would be interested in commenting - since time is so short, please do it

Dorothy Graham, Grove Consultants, Grove House, 40 Ryles Park Road,
Macclesfield, Cheshire  SK11 8AH  UK Tel: 01625 616279

REVIEW: "Storming Heaven", Kyle Mills

<Rob Slade <>>
Tue, 10 Oct 2000 12:49:25 -0800

BKSTMHVN.RVW   20000630

"Storming Heaven", Kyle Mills, 1998, 0-06-101251-3
%A   Kyle Mills
%C   10 East 53rd Street, New York, NY  10022-5299
%D   1998
%G   0-06-101251-3
%I   HarperCollins/Basic Books
%O   800-242-7737 fax: 212-207-7433
%P   499 p.
%T   "Storming Heaven"

Mills can stand with the front ranks of thriller authors.  His plotting is
nicely developed, and realistic.  (You've got to admire his bravery in
taking on a very thinly disguised Scientology.)  The characters are
sympathetic, and quirky enough to be interesting.

What gets him into this series is a very nice use of telecommunications and
security.  First off, we have a great idea for eavesdropping, a long
distance company that taps into all the calls made on its cards.  The use of
voice over IP allows you to route all calls into your processing centre,
although the use of an 800 number would probably have worked just as well.
(On the other hand, the use of voice over IP also allows you to justify, and
hide, masses of voice processing equipment.)  Offering special rates to law
enforcement agencies, government offices, and legislators selects a fairly
influential group to blackmail or keep track of.

Then we have identity theft and manipulation.  The details of this section
are not as prolific as those in the long distance plot, but, assuming the
personnel placement suggested in the book, it is all too plausible.  Fairly
realistically, the standard attacks on the bank accounts of the protagonist,
and the production of a criminal record, are not serious threats, but are
used as annoyances to add to the other assaults being used.  It is also nice
to see the use of social engineering, which is simpler and generally just as
effective, instead of some impossible dominance over all computer systems.

The good guys use social engineering to good effect as well, although I
suspect that the steps taken were really surplus to requirements.  Still the
penetration of the bad guys' systems is accomplished in a practical manner.

There is even a nice use of private phone exchanges, and a good way to get
around the security there.

copyright Robert M. Slade, 2000   BKSTMHVN.RVW   20000630    or

Please report problems with the web pages to the maintainer