The RISKS Digest
Volume 21 Issue 49

Monday, 18th June 2001

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Passive radar? Removing the cloak of invisibility
What's New via Dave Farber
Therac Returns: Data-entry errors kill five patients in Panama
Allan Noordvyk real estate database
Nick Laflamme installs Java program on users computer
Bill Tolle
Risks of peer-to-peer in the office
Alpha Lau
PCs used as cash registers
Nick Brown
Software "worm" searches your computer for pornography
Conflicting sensors placed on different parts of the line
Robert Gordon
New world disorder?
Mike Coleman
Security vulnerability databases
Uwe Ohse
Yet another e-commerce error
Leonard Erickson
Re: PC parrot: telephone bird vs. real phone ring
Dan Jacobson
Re: Banning virtual forms of entertainment (
Gerard A. Joseph
Re: Formula 1's string of ... failures
Bob Dubery
Chris Kantarjiev
The magic, fast-food, wand
Rob Slade
QWE2001: Call for Papers and Presentations
Info on RISKS (comp.risks)

Passive radar? Removing the cloak of invisibility (What's New)

<David Farber <>>
Sat, 16 Jun 2001 10:39:31 -0400

So just how stealthy is the $3.6B stealth bomber?  Radar would need to look
straight up at the bomber's flat bottom surface.  Tracking would therefore
require a vast array of antennas.  But according to a story early this week
in the *London Daily Telegraph*, such arrays already exist: Roke Manor
Research in Britain claims that stealth aircraft can be tracked by their
effect on ordinary mobile phone traffic.  News media in the US did not
discover the story until last night.  The Pentagon is taking it seriously,
and other nations, including China, are now developing such a system.
[Source: What's New, 15 Jun 2001, from Dave Farber's IP distribution]

Therac Returns: Data-entry errors kill five patients in Panama

<"Allan Noordvyk" <>>
Sat, 16 Jun 2001 06:50:03 -0700

>From the *Seattle Times*:

  ... data entered incorrectly in a computer program used in radiation
  therapy for cancer patients has caused at least five deaths in Panama ...
  For 28 cancer patients, healthy tissue was inadvertently exposed to high
  levels of radiation, David Kyd, spokesman for the International Atomic
  Energy Agency, said yesterday. So far, five deaths have been linked to the
  radiation exposure, while two other deaths are from "ambiguous" causes, he
  said. One patient died from cancer.  Agency experts expect two-thirds of
  the surviving patients to develop serious complications.  Radiologists
  using the program assumed the computer software had a fail-safe mechanism
  that would prevent healthy tissue from being exposed to radiation, Kyd
  said.  But the five radiology experts from the International Atomic Energy
  Agency found health-care workers incorrectly entered the data,
  administering dangerous levels of radiation to healthy tissue.  Kyd said,
  "had the instruction manual been followed to the letter, this wouldn't
  have happened. But this wasn't done."

Full text of the article can be found at:

  [PGN Note: Therac background in RISKS-9.20, RISKS-14.04, RISKS-14.75, and]

Allan Noordvyk, Software Artisan

  [Added later: The company has issued a response, at:] real estate database

<Nick Laflamme <>>
Thu, 14 Jun 2001 10:20:26 -0400, in association with a local real estate agency, has put
up a database of home sale prices and property tax appraisal values.
They've merged together tax records and real estate deed updates from
several counties in the Washington, DC, metropolitan area, and some of the
records are as detailed as any Multiple Listing Service listing you'd find
while looking for a home to buy.

This data base will prove useful for people trying to compare the price of
a property they're considering with the values of the neighboring
properties. However, because you can search by owner as well as by zip code
or address, it has some nasty privacy implications. For instance, I can
find the listing on my former manager's home knowing only his last name and
the county in which he lives. Worse, I can find his street address,
something not available to me through conventional sources.

Trolling through deed listings and the like is an old risk. Consolidating
it and putting a too easy to use Web interface on it is a comparatively new

Inquiries to about the privacy implications of this were
referred to their Real Estate editor, who has not responded after more than
a week.

It's enough to make me even more glad that I rent, not own, my home.

Nick Laflamme, Vienna, VA installs Java program on users computer

<Bill Tolle <>>
Fri, 15 Jun 2001 09:51:20 -0500

Being a frequent shopper on the Internet I "bit" on an offer from
http:/ They offer a rebated from merchants if you go through to get to the merchants site. I made the mistake of assuming that and would not associate themselves with anything
illegitimate. That was a mistake.

I read's privacy policy and the only thing it mentions is
"cookies", not a word about any other type of tracking software.

My second mistake was that I had enable Java in Internet Explorer while
trying to solve some problems and had failed to disable it later.

I signed up for their service. Later that same day, after I had rebooted my
computer I found that a program named "Javarun.exe" was trying to access the
Internet and was also trying to act as a server for the Internet.
Fortunately, the firewall caught it and stopped it.

Upon investigation, I found that ebates had installed a new folder named
"C:\Program Files\topmoxie" that included the Javarun.exe program. There was
also a file named "einstall.txt" in the C:\ directory that shows the
installation of 134 ".class", ",dll", etc. files.

Fortunately I had backed up my registry earlier in the day and was able to
restore it to a point before I signed up with ebates. I am waiting for a
reply from and regarding my complaints to them
for being associated with such an illegitimate operation as this.

Bill Tolle, 245 S. Peachtree St., Jasper, Texas 75951
1-866-378-8525 - (409) 384-9094

Risks of peer-to-peer in the office

<Alpha Lau <>>
Wed, 13 Jun 2001 17:17:31 +0100 (BST)

  A new line of business software introduced [12 Jun 2001] by AltaVista will
  let workers scour corporate networks, e-mail accounts and personal
  computers by stitching together valuable and sometimes embarrassing
  information scattered on far-flung office systems. ...

  By making it easy to retrieve information from a hodgepodge of computer
  servers, e-mail accounts and PC hard drives, the search software
  effectively creates a peer-to-peer network similar to the one popularized
  by the online music-sharing Web site Napster, which is battling to stay
  afloat after running afoul of copyright laws.

  The AltaVista software is based on the premise that businesses operating
  in an information-driven era will be better off if more employees can sift
  through a community storehouse of data gathered from corporate intranets,
  workers' e-mail boxes and PC hard drives.,1367,44461,00.html

The premise only holds if the network is trustable.  I'm sure most of us
treat Web pages with an appropriate degree of mistrust.

As for Napster, How many MP3s downloaded are actually of good quality?!

I wonder how many pointy haired bosses would fall for a document posted on a
server with no links to it, but submitted to the master index...

Not to mention the privacy risks stated in the article...

PCs used as cash registers

<BROWN Nick <>>
Fri, 15 Jun 2001 15:40:24 +0200

I had an illuminating experience today while waiting in line to pay at a
sports shop.  The clerk/cashier at the register next to where I was waiting
finished her shift and was replaced by a colleague, so I got to see how the
changeover worked.  And for once, although it involves Microsoft products,
this is not really an MS-bashing story, but just another tale of complacency
and idiocy from corporate IT.

I had already noticed the small (and very cute) LCD display (10 inch TFT,
perhaps), but the first indication I had of the fun to come was when the
first cashier stood up and the Windows NT logon prompt appeared as her
logoff completed.  The second cashier then sat down and typed her username
and her password (which appeared to consist of two letters...).

I was then surprised to see four "DOS windows" (Microsoft has another name
for these, but you know what I mean) pop open and display various messages,
as a whole series of programs started up.  Most notable among these was a
virus checker.  It seemed to be taking some time to complete, and although
NT had not been setup to prevent the desktop loading until the check was
complete, the user decided to clear it from her screen anyway.  Instead of
minimising it, she killed it (and the three other DOS windows) with the "X"

Some preliminary conclusions (that old oxymoron again):

- The register is using basic NT logon procedures (with a trivial password)
as some form of "security".

- They have installed some el-cheapo anti-virus software which *doesn't run
in the background*.

- The users are killing the anti-virus software, either because it slows
down their work, or because they haven't had the minimum training required
to know how to minimise a window.  (Of course, the window could have been
started minimised anyway.)

- Since the PC has no diskette drive or Internet connection (I asked), it's
not even clear exactly what virus threat is being protected against.  Or
when the A-V software was last updated...

Overall summary: this company's IT department is staffed by people who have
no understanding of the issues, just a boss who demands buzzword-based
"results".  I'd hazard a guess that they are patting themselves on the back
because their anti-virus software has successfully kept out (as in, not
detected any) viruses !

PS: I suppose it's superfluous to mention that the large monitor above the
entrance to the store, which is meant to display the store's Web page, has,
on the last three occasions I've visited, displayed a blue screen of
death... from Windows 9x, not even NT.

Software "worm" searches your computer for pornography

<"NewsScan" <>>
Mon, 11 Jun 2001 08:47:20 -0700

A new computer virus called VBS.Noped.a now circulating invades computer
memories in a hunt for picture files with pornographic-sounding names and
reports them to the police. The virus (a "worm") arrives from an unknown
source as an e-mail attachment with the subject line: "FWD: Help us ALL to
END ILLEGAL child porn NOW." If it finds suspected pornography, it sends a
message to the police saying: "This is Antipedo2001. I have found a PC with
known child pornography files on the hard drive. I have included a listing
below and included a sample for your convenience." An executive of the
National Center for Missing and Exploited Children has repudiated the rogue
effort and says his group "does not support unlawful means even to achieve
meritorious ends."  [*The New York Times*, 11 Jun 2001; NewsScan Daily, 11
Jun 2001;]

Conflicting sensors placed on different parts of the line

<Robert Gordon <>>
Wed, 13 Jun 2001 11:05:36 +0100

Conflicting sensors could cause power failure.  In our new building, a
potential design fault has came to our notice.  The details are that the
sensor for the load-shedding system and the sensor for starting the UPS
generators are at different places upon the inward power cable.  As such if
the inward power feed is broken between the two sensors, the UPS will
attempt to start, but the load shedding system will see no loss of power and
so will not shed any noncritical systems.  This could potentially cause an
overload of the UPS generators whilst it is staring up and a complete
failure of power to the building.

If anybody has any other new premises and datacentre risks, I would be most
interested to hear what they are. I can be contacted a  Many Thanks in advance

Robert Gordon

New world disorder?

<Mike Coleman <>>
Fri, 15 Jun 2001 16:57:07 -0500 (CDT)

In a recent gnu.misc.discuss thread, Florian Weimer points out that with the
new locale (i18n) stuff, the pattern '[A-Z]' might also match the lowercase
letters 'a' through 'y' (and not 'z', yes), depending on the setting of the
LC_COLLATE environment variable.

(It turns out that on a current Debian Linux system, at least, it also depends
on whether or not the 'locale-gen' program has ever been run.)

It's not hard to imagine a slew of bugs and root exploits based on this

Mike Coleman,

Security vulnerability databases

<Uwe Ohse <>>
Wed, 13 Jun 2001 15:29:13 +0000

I recently posted to a software security mailing list about a vulnerability
in some software package.

Now I got e-mail stating someone saw an article in "'s
Vulnerability Database" claiming I posted it to another security mailing
list. I had a look ... and found a number of errors in the database entry.
The vulnerability in question is a local one, not a remotely exploitable
bug. The bug database got it exactly the other way round. The database entry
states the bug exists in version 1.0, but not in 1.0.1 to .3. This is wrong
- the bug exists in version 1.1.0 (i don't know about older versions). There
are other minor incorrect informations.

The risk is obvious.

See for more information.

Yet another e-commerce error

< (Leonard Erickson)>
Fri, 8 Jun 2001 22:17:49 PST

I'd just found a Web site offering a part I needed for an obsolete computer
I'm working on.

I clicked the "check out" icon. I was then presented with field to enter a
customer name and account number, and a button to click if I wanted to
purchase without establishing an account.

I clicked the button and was presented with a screen to enter shipping
address and billing address. Complete with phone number, email address, the

Which would have been perfectly fine, except the data for the *last*
customer was still there.

The risks are obvious.

I assume a script error of some sort failed to clear a temporary file
or buffer.

This wasn't the only error. The billing address half of the page was
headed "Billing address (if different from shipping address)". But when
I tried to clear out the fields, upon clicking to continue it made me
go back and fill them out anyway...

And then the final insult. The item was on sale, and the price displayed was
the regular price. <sigh>

I've notified the site owner and they've said they'll fix it.

The real irony is that they have a *prominent* notice about their privacy

Leonard Erickson (aka shadow{G})

Re: PC parrot: telephone bird vs. real phone ring (RISKS-21.47)

<Dan Jacobson>
15 Jun 2001 12:21:05 +0800

Several times a day the Telephone Bird fools me into almost
answering my cordless phone that I carry around my semi-tropical
hilltop, as they sound the same.  I have not identified exactly which
of the many birds here makes the same sound as the phone yet.

Obviously the designers never thought that using those "neat sounds
from nature" might cause problems when taken out of the expected
office environment and put back into the environment they came from.

Good thing I have not installed the chirpy doorbell. Tel886-4-25854780 e-mail:restore .com.

  [Wait until you get a voice activated computer!  PGN]

Re: Banning virtual forms of entertainment (Dinwiddie, RISKS-21.47)

<"Gerard A. Joseph" <>>
Sat, 16 Jun 2001 14:36:20 +1000

Perhaps more significantly, how do you ascertain the virtuality of
something?  Is the Dutch government awake to the potential difficulty of
proving something is real rather than virtual?

Gerard A. Joseph

Re: Formula 1's string of ... failures (Keskinidis, RISKS-21.48)

<"Bob Dubery" <>>
Mon, 18 Jun 2001 22:01:02 +0200

Things are only going to get worse.

The systems that Stellios reports on are all tied into the engine's control
module and all seek to curb a limit on wheel spin, to perfectly synchronise
gear changes (the gearshift also being computerised - though usually the
driver can override this feature) and to generally provide optimum traction
in any circumstances - usually by modulating or momentarily cutting the
engine output.

These systems were banned at the end of the 1993 season, but in reality it
is impossible for the stewards to figure out who has got what in their
control system and whether or not it is legal. Last year FIA (who run F1 in
terms of drafting the rules and regulations) stated that a team had cheated
in 1999 and would be exposed. We're still waiting, because FIA could not
make their charge stick and so declined to name the offending party - even
though an ex-driver had tipped them off that there was something illegal
about the un-named team's cars.

So the systems are once again allowed. And they have not proven reliable
(remember that each team must contrive it's own solution and so each team
must write it's own software - there is no public domain code here).

As a quid pro quo for the re-admittance of systems they don't really approve
of (because they take over functions that should be left to the driver), FIA
have got a promise from the teams that starting 2002 the cars will be
equipped with a system that will allow the stewards to impose a speed limit,
apply this limit to part or all of the circuit, and force the cars to travel
at this limit. Another feature to be added is a proximity detector that will
(in theory) reduce the chance of collisions in wet conditions (when the cars
generate huge amounts of spray).

Monaco is the narrowest circuit that F1 visits. At the start this year 4
cars were left standing on the grid because of software bugs. This left the
marshalls less than a minute and a half to clear these cars out of the way
before 18 racing vehicles came accelerating back along the main straight,
heading straight for the stationary vehicles and the marshalls.

Software that was supposed to make it easier for the drivers to make a good
start has had the reverse effect. Things are now worse than when the driver
had to control 850 horse power with the accelerator pedal.

At this rate of progess, and at this level of reliability, the so-called
safety features could result in carnage. Picture the scene at a fast track
like Spa (Belgium), Monza (Italy) or Silverstone (England) when the stewarts
try to reduce the cars to 80 or 90 mph because of an accident, and some
car's software doesn't react, and the driver comes round a corner at 150 mph
and finds slow moving vehicles, possibly an ambulance, in his way.

Double Risk here...

(1) These smart systems become impossible to police (in Champ Cars they have
a similar problem this year, several teams are "known" to be cheating but
nobody can actually prove anything)

(2) These systems could actually make things more dangerous when they fail.

Re: Formula 1's string of ... failures (Keskinidis, RISKS-21.48)

<Chris Kantarjiev <>>
Mon, 18 Jun 2001 13:20:36 -0700

> One thing is for sure, this is soon to be race against technology and not
> who was the better driver on the day and as if it wasn't already a 2-man
> race anyway (McLaren and Ferrari).

It's been a technology race for some time. The recent ruling to allow
traction control and launch control are unfortunate but deemed necessary
because some companies were pretty clearly already using them, despite
efforts to police them. This is an attempt to level the playing field.

I find it somehow ironically satisfying that it's backfiring on a few of
the players who seemed most likely to benefit from it!

> Cars can only go so fast around any track,

And how fast would that be? Tire technology (there's that word again) is
constantly improving. Do you remember the active suspensions of 8 or so
years ago, where the in-car from Mansell's car, so equipped, was rock
solid through the corners, while everyone else was skittering about? Did
you miss the recent episode where CART halted a race because the cars
were travelling around the Texas racetrack fast enough that drivers were
starting to black out?

The teams seem to be doing live testing, all right. I can't find the URL
at the moment, but Coulthard (who arguably lost the race at Monaco when
his launch control failed on the formation lap, so he had to start from
the back) was quoted as being pleased that the organizers had allowed
them to do many practice starts ... and they'd all been flawless.

I think the teams just don't know what and how to test, yet. Or, at
least, McLaren don't.

The magic, fast-food, wand (Re: McDonald's, RISKS-21.43, 21.46)

<Rob Slade <>>
Fri, 15 Jun 2001 07:29:27 -0800

Both RISKS readers and Bruce Schneier's June 15th CRYPTO-GRAM have noted some
potential problems with McDonald's proposal to use the FreedomPay and FasTrak
payment systems.

As I read
I was mentally ticking off all the reasons I couldn't see much advantage to
using this type of procedure in a fast food restaurant.  I don't use
drive-through venues all that much, so I'm not used to paying for my food
with my keys.  (And consider the drive-thru: at the second window, are you
really going to turn off the engine, take out your keys, swipe the wand, put
the keys back in the ignition, and stall out repeatedly while the guy in the
monster truck behind you leans on his horn?)  I've already got enough keys
that my key case is awkward.  Anything smaller than a pocket knife is going
to be hard to find in my "change" pocket.  The possibility of losing a tiny
item that is keyed to my credit card, and possibly not finding out until the
next statement comes is disturbing.  And, yes, the assertion that
"participants can `load' their FreedomPay account via the Internet or over
the phone" would seem to allow the possibility of being defrauded even if
you don't participate in the trial.

But as I was considering the actual transaction in the store, I started to
wonder about the stated reasons *for* using the system.  It isn't going to
make the purchase any faster for the customer.  Consider the usual situation
at the moment.  You order.  The cashier starts to put together your meal,
but if you want anything more than a standard dark, carbonated beverage,
there generally comes a point at which the hunting-and-gathering process is
stymied: there aren't enough "fries," or you've ordered a salad "wrap" (you
health food freak, you), or you don't want *that* much mayonnaise (I'm
sorry, "chicken sauce") and so something needs to be made before your order
can complete.  At this point the cashier returns to the till (leaving your
"shake" under the hot lamp and your nuggets beside the "soft serve"
freezer), takes your money and gives you your change.  Then you wait some
more, and finally get your food units.

So, does the possession of a wand save you, the customer, any time?
Generally speaking, the answer will be "no."  Does the fast food chain gain
many sales because you have a McDonald's wand, and not one for Burger King?
The respective chains will have their own religious marketing beliefs in
that regard, but, again, the answer is much more likely to be, "no."  The
three factors in the success of a restaurant have always been, in order of
priority, location, location, and location.  McDonald's and its ilk aren't
keen on participating in "food court" situations where you have a choice,
and where the possesion of a wand might have tipped the scales in their
favour.  So why are they keen on the idea?

The most likely reason would seem to involve that cashier.  Even at minimum
wage, the cost of processing an order and dealing with cash has to run about
thirty to seventy cents per order in wages, plus additional costs.  Once the
capital costs of a wand system are covered, the cost of the billing part of
the order can be reduced to an almost arbitrarily low figure.  And, was it
not McDonald's who recently did a trial with a terminal where patrons could
compose their orders, and then pick them up at the counter?  With both
systems in place, the joint moves one step closer to becoming a giant
vending machine (albeit with much less choice than an Automat), where you
punch buttons, wave your wand, and wait for the bag to thump into the slot.
(And wait.  And wait ...)  Eliminate those pesky employees, and you
eliminate costs.    or

QWE2001: Call for Papers and Presentations (PGN-ed)

Sat, 16 Jun 2001 12:16:04 -0700

                       12-16 November 2001
                       Brussels, Belgium EU
      Phone: [+1] (415) 550-3020    FAX: [+1] (415) 550-3030
           WebSite: <>

Please report problems with the web pages to the maintainer