The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 21 Issue 03

Monday 28 August 2000


New security vulnerability: 13-year-old 'r00ts' popular polynomial
Leonard Richardson
Pretty Good Bug found in Windows versions of PGP
Declan McCullagh
Two cables
Doneel Edelson
Four of the 13 root servers used by Network Solutions
Dave Farber
Court says FBI has been given too much wiretap power
"Free" e-mail accounts and passwords exposed for a month
Peter Kaiser
Hotmail blows it badly?
Jay R. Ashworth
Possible Y2K bug strikes UK Egg Bank
Ralph Corderoy
More risks of filtering software
David Goddard
Risks of Eurdora 4.x
David Sedlock
"Verify your age with a credit card": more than $188M fraud
Lenny Foner
Re: Airline E-tickets
Adam Shostack
Re: Hoaxes: when will they ever learn
Eric Murray
Re: SSL Server Security Survey
Sean Eric Fagan
Re: mechanical and human failures in Toronto
Mark Brader
Info on RISKS (comp.risks)

New security vulnerability: 13-year-old 'r00ts' popular polynomial

<Leonard Richardson <>>
Thu, 24 Aug 2000 13:59:24 -0500

  [With permission, at the request of PGN.]

13-Year-Old 'r00ts' Popular Polynomial

The well-known polynomial x^2+8x+6 was defaced today by a teenager who had
"r00ted" the beloved function of one variable through the use of a popular
script known as "QuAd 3QaZh0n".  The attack set off the usual sequence of
events: an initial panic setting off an orgy of media hype reaching a
crescendo with an article in the mainstream media, a string of copycat
successors, and a meaningless stream of empty promises from vendors who
immediately lapsed back into apathy as the incident left the public's
short-term memory.

Segfault spoke with the culprit, who goes by the name of "2o31js34g",
although his real name is Alvin Schumaker.  "I did it for the kicks," said
the eighth-grade desperado.  "Also, it was problem 12 on my algebra homework."

Schumaker's admission that he had learned the technique used to crack the
equation "in class" led to sweeping reforms at Nathan Hale Middle School,
his alma mater.  These range from a draconian school uniform policy to
periodic cavity searches to Internet filters on library computers so
restrictive that they ban the school's own home page.

"If these kids would just study their math, we wouldn't have anybody
learning these dangerous equation things," said Nathan Hale principal Fred
Fractal, previously known for shutting down the wood shop because "those
nail things look like weapons."

Numerous other tools are available for cracking polynomials exist, such as
Fac-t0R.  More worrying are tools for "solving" large groups of linear
equations at a time; one such program makes reference to a "matrix",
obviously an homage to the sci-fi classic.

Many such programs are distributed for the TI series of "calculators",
tools widely viewed as a security threat in many fields and rings.
Disturbingly, such devices are increasingly being made avaliable to high
school and college students.  Public policy must now answer the question:
where is the line to be drawn between useful tool and bloodthirsty weapon
of mathematical carnage? Who will answer for the countless linear equations
to have undergone Gaussian elimination?

Predictably, immediately following the defacement, thousands of polynomial
security companies came out of the woodwork to hawk their shoddy products.

"Our proprietary polynomials are one hundred percent safe because they have
no roots at all," said Len Eir of, a company offering sales
and consulting for polynomials such as x^2+4 and x^6+x^2+101.  Despite Eir's
claims, attacks on such polynomials are not uncommon, although Eir
dismissed all such reports as "imaginary".

Dave Errential of Integrated Systems stated: "Integration technology makes
it easy to add roots to your polynomial.  Take 60x^2+264x, for instance.  The
roots for that polynomial have been posted in a million places on the web.
But our proprietary integration technology can turn that into 5x^4+44x^3!
I'd like to see someone try and find the roots of that polynomial!" [Try
x=0. --Ed.] Research has shown that IS polynomials are vulnerable to several
types of attacks, but, again, the vendor has chosen to go after the
research, calling it "derivative", rather than investigate the

"Our polynomials are of a magnitude so high that it would be impossible to
find their roots even with the most sophisticated technology," said's Sean Gular.  "Our proprietary technology allows us to
offer x to the power of one billion, x to the power of one trillion, even x
to the power of ten gazillion! No one can crack these polynomials!" [Try
x=0. --Ed.]

"It's irresponsible to distribute these polynomial-cracking kits," says
security expert Bruce Schneier of Counterpane Internet Security.  "It's like
teaching a baby how to do surface integrals.  He doesn't understand the
socially responsible way to use this knowledge, so he wreaks havoc." For
improved security, Schneier urges all polynomials to be of fourth order or
higher, and to change roots at least once every two weeks.

Originally published on
Written by Leonard Richardson <>
Posted on Fri 14 Jul 09:24:53 2000 PDT

  [Bastille Day, eh?  Well, although it is a little late for the 1 April
  RISKS issue, this item seemed very timely in light of certain continuing
  efforts to control the underpinnings of cryptography.  PGN]

Pretty Good Bug found in Windows versions of PGP

<Declan McCullagh <>>
Fri, 25 Aug 2000 08:19:40 -0700


FC: Pretty Good Bug Found in PGP, by Declan McCullagh (
25 Aug 2000

A bug in newer versions of Network Associates' popular
PGP software exposes purportedly scrambled communications to prying eyes.

Network Associates (NETA) Thursday confirmed the vulnerability, discovered
by a German cryptanalyst, which allows malicious attackers to hoodwink
Windows versions of PGP into not encoding secret information properly.

The bug appeared in controversial features that the company included to
satisfy government and corporate demands for key recovery, a technology that
allows a third party to read encrypted communications.  [...]

In December 1996, the company that became Network Associates joined the Key
Recovery Alliance, a group of dozens of companies trying to promote the idea
of key recovery and key escrow technologies. Federal government regulations
at the time gave preferential treatment to such products.

Because of PGP's long history of institutional opposition to key recovery,
Network Associates dropped out after buying the smaller software
company. But in February 1998 they purchased Trusted Information Systems, a
founder of the Key Recovery Alliance.

"Trusted Information Systems has been a pioneer in key recovery and the Key
Recovery Alliance where over 60 companies and systems vendors like IBM,
Hewlett-Packard, Sun Microsystems, Boeing and Motorola are supporting their
key escrow capability that allows for the export of strong encryption under
U.S. Commerce laws," Network Associates CEO Bill Larson said in an interview
on CNNfn at the time.

Months later, Network Associates had quietly rejoined the Key Recovery
Alliance.  [...]

Two cables

<"Doneel Edelson" <>>
Mon, 28 Aug 2000 12:28:53 -0400

During the Verizon strike, two New York employees attempted to cut a
telephone cable with wire shears.  Two cables were running up the side of a
pole, one was for telephone service and the other was a high-voltage
electric line serving about 4000 homes.  They cut the wrong cable, showering
hot sparks that burned their clothes and skin.  The main part of the voltage
ran up the pole; however, the heat was enough to melt the blades of the wire
shears.  The two were caught by the police, arrested, and treated at a local

  [Treated to what?  Quite a trick.  (It's too early for Hallowe'en.)
  I guess in this context "Pride in your work" becomes
  "Fried in your shirk" (with multiple meanings and a pun).
  Strike while the irony is hot?  PGN]

Four of the 13 root servers used by Network Solutions (From IP)

<Dave Farber <>>
Fri, 25 Aug 2000 18:02:53 -0400

Four of the 13 root servers used by Network Solutions to manage global
Internet traffic partially failed for a brief period Wednesday night due to
technical difficulties. The computers -- one in Tokyo, one in California
and two in Virginia -- failed to serve requests for links to Web sites
ending in ".com" suffix for a little over an hour. Web addresses ending in
other suffixes were unaffected. While an e-mail distributed Wednesday by
Network Solutions VP Mark Rippe described the event as "a *MAJOR, MAJOR*
incident", an NSI spokesman later insisted the failure was simply "a minor
hiccup invisible to end users." Minor hiccup indeed. The last time
something like this happened, July of 1997, it was seven root servers that
failed, disrupting much of the traffic on the Net for a few hours.

  ["End user" is an interesting term in this context.  Users were left
  with ends that were not connected.  If the ends justify the means,
  then I suppose we need to have "mean" users as well.  As in the movie
  *Network*, we need to at least get mad, if not mean.  I mean it.  PGN]

Court says FBI has been given too much wiretap power

<"NewsScan" <>>
Wed, 16 Aug 2000 09:51:39 -0700

A three-judge panel of the U.S. Court of Appeals for the District of
Columbia has ruled that the Federal Communication Commission's attempts to
implement a 1994 electronic wiretap law have been too accommodating to law
enforcement agencies and not sufficiently protective of the right of
citizens to individual privacy or of the financial requirements of
companies. The wiretap law (the Communications Assistance for Law
Enforcement, or CALEA) was passed by Congress because the FBI had insisted
it was losing ground against criminals because wireless phone companies
were not designing wiretapping capabilities into their networks. An
executive of the Center for Democracy and Technology, which had opposed the
FBI's request to Congress, says the appellate court's decision means that
"government cannot get its hands on what it's not authorized to get just by
promising it won't read what it's not supposed to read."  [*The Washington
Post*, 16 Aug 2000; NewsScan Daily, 16 August 2000;]

"Free" e-mail accounts and passwords exposed for a month

<Peter Kaiser <>>
Thu, 03 Aug 2000 23:19:54 +0200

Zurich newspapers have just reported a horrible security lapse at one of
Switzerland's big Internet service providers, Sunrise.  Sunrise is the
second biggest telecommunications provider in Switzerland, and like the two
other big telephone providers -- Swisscom and diAx -- also offers Internet

From July 2 to August 1, following a hardware upgrade, a search page
supposed to be used only internally by Sunrise was exposed to external use,
allowing anyone to look up e-mail account names and passwords.  Sunrise
knows that these data were accessed from at least twenty different
locations to collect data on at least 700 (of about 300,000) accounts.
Sunrise has sent e-mail to all its ISP customers advising them to change
their passwords.  The national data protection officer, Odilo Guntern, is
reported as saying that the security lapse is a clear breach of the rules
concerning protection of such data, and that he will be discussing it with

Although it's not stated clearly, the tenor of the articles seems to be
that the passwords were stored unencrypted.  This reaches a too-familiar
depth of careless design, especially coupled to their not noticing the
situation for a month.  It appears that the ability to do these searches
was always there, protected only through the tiny obscurity of not making
the search page externally accessible; but actual searches required no
authentication.  Perhaps they still don't.

But that's not the only evidence of poor judgment; they've been clueless
from the beginning.  As a Sunrise phone customer I was among the first to
get their offer of "free" Internet service, and of course I took a look.
The signup page asked for an account name and password, but was unsecured.
Not only did I abandon immediately the idea of signing up with them, but I
called the next day and tried to get through to whomever was responsible
for that particular stupidity; and although I talked to a lot of people,
not one of them seemed to understand the risk of transmitting account
information unencrypted.  The least clueless of them told me that in any
event it was software bought from a third party, and they had no control
over it.  I eventually gave up.

Recently Sunrise began offering its phone customers another "free" service,
storage and forwarding for voice messages and faxes, with signup over the
web or via their call center.  I went to the signup page and damn if it
wasn't ANOTHER request for a password via an unsecured form page!  I want
to use the service, so I phoned the call center, which set it up at once
over the phone.  Once again I brought up the risk of doing it unsecured
over the net, and the young lady at the call center told me "We prefer
people to do it by telephone anyway, because it's easier for us."

Many RISKS and obvious errors here, none of them new.

  [I have probably said it before here: ALWAYS look a Trojan horse in the
  mouth, whether it is free or not.  PGN]

Hotmail blows it badly?

<"Jay R. Ashworth" <>>
Fri, 25 Aug 2000 13:31:44 -0400

Members of the RISKS community are well aware of the problems that can
happen when one user impersonates another on purpose.  We've also seen porn
purveyors cruise in behind the producers of less... exciting movies, and
grab their expired top level domain names -- names which should never have
been registered at the top level in the first place, because they were, by
design, disposable.

Well, there's a new contender in that category.


According to this story
Hotmail is having a problem with buddy lists:

> Microsoft is investigating a complaint that expired Hotmail accounts
> retain the linked MS Instant Messenger buddy lists, and those lists
> are available to the next person who registers the same e-mail address
> on a Hotmail account.

That's all fine and dandy, but it was the last clause that worried
*me*: "registers the same e-mail address".

What?  You *can* do that?  They *allow* the reuse of names?

There are so many possible risks there that I don't think I *can* enumerate
them.  Even *AOL* has this right: once a screen name has been dropped, it's
no longer reusable.

Not that I ever thought Hotmail was a great idea in the first place, now I
have even more reason to tell people not to use it.  I wonder if they've
finally gotten it to run on NT?  :-)

Jay R. Ashworth <>, The Suncoast Freenet, Tampa Bay, Florida +1 727 804 5015

Possible Y2K bug strikes UK Egg Bank

<Ralph Corderoy <>>
Wed, 23 Aug 2000 22:52:08 +0100

I've just received my first statement for an account with the UK's Egg
Bank;  It was triggered by the annual interest payment on
the 19th August 2000.  The account has been opened for just under a
year.  The statement goes something like this.

    Opening balance.                 0.00
    19 Aug 1999   Interest gross    xx.xx
    19 Aug 1999   Tax deduction    -xx.xx
    23 Aug 1999   Deposit           xx.xx
    15 Oct 1999   Deposit           xx.xx

According to the above statement, the interest was paid before any money was
in the account.  If I inspect the account online the two interest entries
are at the bottom of the statement dated correctly 19 Aug 2000.  When
telephoning Egg's service staff they also viewed the account on their
computers with the correct year 2000 date.  They seemed unconcerned that the
printed statements they were sending people had the wrong year since the
amount of interest was correct anyway.  I doubt my report has been passed on
internally by them.

It's interesting to see what might be a Y2K bug popping up eight months
after 1st Jan 2000 in an `Internet' bank that has only been running a year
or two.

Since information regarding interest received and tax paid has to be passed
onto the Inland Revenue (the UK's IRS) as part of an individual tax return
for the year this could cause problems for individuals when they fail to
produce supporting material with the dates they are claiming.

  [Egg on the face of it?  PGN]

More risks of filtering software

<"David Goddard" <>>
Mon, 28 Aug 2000 12:08:47 -0400

The subject of usernames containing "offensive" words being automatically
banned from has recently received some publicity on Declan
McCullagh's Politech list, with the filtering software getting upset about
the name 'Babco*k'.  Interestingly, the filtering software at could be criticised not for what it doesn't let through but
what it _does_ -- it appears to accept usernames based around the British
swear words 'ar*e' and 'wa*k', for example.  [PGN-ed asterisks just to avoid
blocking of this issue?]  It's a sure bet that many obscenities in other
languages can also be used.  Given that appears to be aimed
at a partly international audience, this is pretty poor.

The RISK, yet again, is the blind faith in a software solution that a)
operates only with a limited scope and b) returns false positives which
irritate users and ultimately generate bad publicity.  Given the many
creative ways of coming up with offensive usernames and the obvious problems
with being too restrictive, maybe they would be better off just relying on
robust Terms Of Service and maybe a little grepping of the user lists.

  [I wonder in what language "grep" is a bad word!  Grep Suzette?  PGN]

Risks of Eurdora 4.x

<"David Sedlock" <>>
Mon, 28 Aug 2000 09:04:34 +0200

I have used the "lite" version of Eudora for some time. It was good enough
for my undemanding needs I recently upgraded to the latest Eudora, which
doesn't provide a separate lite version, but instead offers three modes:
full-featured paid, full-featured free paid by ads, and limited-feature free
with no ads. The second mode fetches ads from the Eurdora site via HTTP.

The differences in the modes were clearly explained and after firing up the
program I soon decided the limited-feature free mode with no ads was good
enough for me. After choosing that and restarting the program the entries in
my proxy log for the Eurdora site appeared to stop and I thought that was
the end of the matter.

However, looking in the proxy log a few days later to solve an unrelated
problem, I was perplexed to find new connections to the Eudora site. In
fact, the mail tool was connecting to a Java servlet in a directory called
"adserver" about twice a day.

I wrote to both the webmaster and customer service (as a nonpaying user you
don't even get a support e-mail address) and heard nothing for a few days. I
wrote back and threatened to go public and then got two answers. One came
from a technical person who said Eudora is checking for upgrades and I can
turn this off by adding a few lines in its ini file. I did and the
connections didn't stop. The other came from a non-technical person who said
the connections where there to support "co-branding" (whatever that is) and
not to worry since they happen "really really fast" and don't divulge "any
private data". This reply failed to comfort me, since after all I pay for
the price of a phone call to my provider if I'm not hooked up when Eudora
decides to co-brand and my dialing daemon fires up. I wrote again for
clarification and have yet to receive a reply.

The risks? Many come to mind, but the one that stands out is software that
silently carries out unexpected actions. One day our PCs may be so bound up
with the Internet that we expect a software program to make unannounced
connections to external servers, but today I don't expect that a mail client
has any need to connect to external servers except when it is sending or
receiving mail. Today such connections need to be documented and
announced. Eudora was clear about its fetching ads in the "full-featured
free paid by ads" mode, and I have no problem with that. But the fact that
after choosing the limited-feature mode the program continued connecting was
totally unexplained and probably goes on undetected by the majority of

Eudora, you're in the dog house!

David Sedlock

"Verify your age with a credit card": more than $188M fraud

<Lenny Foner <>>
Fri, 25 Aug 2000 14:29:33 -0400 (EDT)

Back when the CDA was hot news, lots of people were claiming that "asking
for credit card numbers" was a reasonable way to prove that someone was "old
enough" to view certain web sites.  Below is a great example---one which
people have been warning about for years---of why this is a horrendous idea,
even if you don't care about the civil liberties implications [see [*]
below] of using a credit card as an age check, or of having an age check at

    The Federal Trade Commission has filed a lawsuit against Crescent
    Publishing Group and 64 affiliated companies that operate adult Web sites,
    accusing them of charging customers for services advertised as "Free Tour
    Web Sites." Like many adult sites, the Crescent sites requested that users
    supply credit card information to verify they were of legal age to view
    pornographic material. Customers who'd been promised a free online peep
    show say they were then billed for recurring monthly membership fees
    ranging from $20 to $90. Included among the complainants were some people
    who said they'd never visited the sites at all -- in fact, one woman who'd
    been charged a recurring fee for several months didn't even own a computer.
    To add to the confusion, the charges were made under different company
    names. Instead of finding a charge from on their
    statements, consumers would find charges from "Online Forum," or "Hoot
    Owl," or "Knock Knee." The FTC has classified the scam as one of the
    largest it's ever seen on the Internet, generating $141 [million]
    in the first 10 months of 1999 alone. (E-Commerce Times 24 Aug 2000)

(The above was from NewsScan; the full story is at the cited URL, including
how the company moved to Guatemala to continue the scam.)

[*] What civil liberties problems?  How about:
 (a) It discriminates against people who are too poor or have too bad
     a credit history to own a card (including those who've gone bankrupt)
 (b) It identifies people to sites in a very accurate and intrusive
     way, by name, rather than simply making it clear that they are
     "old enough".  Remember, it's age, not identity, that such sites
     are supposed to be caring about.
 (c) "Old enough" varies based on where you are, even in the US and
     especially in the world, but this system makes no provisions for
 (d) How old you have to be to get a credit card varies by country,
     and many countries don't have the sort of credit-card presence
     that the US does, which might make it impossible to get one at
 (e) It assumes that differentiating content by age is a reasonable
     idea in the first place.

These are just the most obvious ones off the top of my head.  I'm sure
these, and more, were all mentioned prominently at the time.  But, of
course, the bad system of credit-card verification took hold anyway, and we
seem to be stuck with it.

[Also, from a purely security standpoint and not a civil-liberties
standpoint, this also assumes that no kid is going to be bright enough to
copy down a parent's CC info while they're not looking.  Surely all parents
ensure that all their credit cards are secured 24x7.  Of course, they can't
use a -key-, unless that key is also secured and/or on their person 24x7...
Wait---parents don't tend do this?]

Re: Airline E-tickets (Wallich, RISKS-21.02)

<Adam Shostack <>>
Sun, 27 Aug 2000 13:03:03 -0400

> swipe a credit card or other means of ID [...]

I have two comments here.  The first, as the credit card companies will tell
you, their cards are not meant to be used as identification (just like the
social security card.)  [And yet, they are!  PGN]

The second is it seems likely [...] that someone willing to go to the
trouble of blowing up an airplane can't be bothered to engage in a little
identity theft or ID-card forgery.


  [Similar comments from Ian Lance Taylor, Marc Auslander, Jim Rees...  PGN]

Re: Hoaxes: when will they ever learn

<Eric Murray <>>
Sun, 27 Aug 2000 09:46:13 -0700

A digital signature on the press release would not have prevented this -- it
was a real press release sent out by Internet Wire, a business press-release

The hoaxers got the release sent by social-engineering IW- they convinced a
"day staff" that the "night staff" had approved the story.  [Source: (San
Jose) *Mercury News*, 26 Aug 2000].  Thus the story was accepted without
checking the facts.

The real problem here is shoddy "journalism".  Digital signatures would have
prevented this only if IW accepted only e-mailed releases that were
digitally signed, and they actually verified the signatures.  If they
accepted phoned-in releases, hoaxers could still send in fakes ones.  Fixing
the verification procedure is the way to prevent this sort of problem from
occurring again.

Eric Murray  ericm at
Consulting Security Architect

Re: SSL Server Security Survey (Solomon, RISKS-21.02)

< (Sean Eric Fagan)>
Sun, 27 Aug 2000 03:46:04 GMT

Self-signed certificates are *not* any weaker than those signed by
third-party certificates.  This is a popular myth I keep running into -- all
a third-party-signed certificate means is that someone else has agreed that
you are who you say you are.  And in the case of Web browsers, it also means
that this someone forked out a load of cash to Microsoft and/or Netscape to
be included in the default set of known certificates.

Re: mechanical and human failures in Toronto (van Egmond, Risks-21.02)

< (Mark Brader)>
27 Aug 2000 04:06:46 GMT

> Each car has an operator's cab where motion and doors can be controlled,
> and a window which, when opened, reveals door control buttons.

I think the last sentence is misleading enough to merit correction.  There
are indeed door control buttons outside of the cabs: as the cab is only on
one side of the train, this allow the doors on the other side to be opened
without the guard having to cross to the next car.  But exposing these
buttons requires a key, presumably the same one that opens the cab.

Please report problems with the web pages to the maintainer