Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
According to an article in *The Washington Post*, the US lent Russia programs with a bug that loses track of nuclear materials over a period of time. The software has been in use for 10 years, and the latest patch did not create a fix for the issue. Apparently, the Russians initially thought the bug was a trojan horse authored by the US. Then, after applying several patches, they realized it was an inherent flaw in the program, and most likely exists in the Los Alamos version as well. [Source: *The Washington Post*, 11 Jul 2001, A19 http://www.washingtonpost.com/wp-dyn/opinion/A44053-2001Jul10.html]
[...] The article goes on to say that the U.S. was warned of the security risks but has made no public comment on the matter. The article also points out that the U.S. no longer maintains (and indeed has destroyed) backup paper copies of their inventory: "To reconstruct a reliably accurate accounting record, the Energy Department may need to inspect all of America's nuclear materials — a huge task that could cost more than $1 billion and still might not detect the diversion of some material, should it have occurred." Among other obvious risks is — always look gift horses in the mouth. Michael D. Levi, Project Manager, Data Dissemination Systems U.S. Bureau of Labor Statistics (202) 691-5100
[Re: http://www.washingtonpost.com/wp-dyn/opinion/A44053-2001Jul10.html] LANL supplies MS software to Russia for nuclear material accounting that develops data "black-holes" over time. DoE has apparently abandoned paper trails and so, aside from the ability to misappropriate nuclear material that has "disappeared" from the database, there is going to be substantial cost incurred to inventory everything - even assuming nothing is missing. What ever happened to assurance testing for critical software ? Where else is this software being used, and for what? John
A programming error resulted in the deletion of all Fiji Government accounts for the year 2000 and the postponement of official audits. There is reportedly some speculation about a cover-up of "mismanagement or abuse of taxpayer funds", although the simple solution of a screw-up seems likely. The information system dates from the mid-1970s. Presumably the various 52 government ministries and departments can retransmit the relevant data. [Source: Computer error deletes all Fiji Government accounts, Agence France-Presse, 11 Jul 2001, from the *Fiji Times*, 12 Jul 2001]
A computer whizzkid has been fined £2,000 ($2,600) for hacking into the United Arab Emirates' only Internet provider and causing the whole country's system to crash. Lee Ashurst, 22, originally from Oldham in Greater Manchester, was convicted of misusing equipment, services or facilities provided by Emirates Telecommunications Corp Etisalat. Ashurst, who works for a construction company in the Gulf, is now facing a compensation claim of more than £500,000 ($650,000) from Etisalat after the Dubai Court of First Instance transferred his case to the civil courts. He was working as a computer engineer at a Dubai construction firm in May last year (00) when he began hacking into Etisalat's systems. According to the Gulf News newspaper, the court was told the entire United Arab Emirates internet system crashed on several occasions over a month. http://63.108.181.201/2001/07/03/eng-wenn/eng-wenn_001056_76_4245186652988.html
Edward Rudzki (whose hobby shop in Edmonton, Alberta, Canada, opened in the mid-1960s) just received a bill from Canada Post for CA$480,000,000 (roughly US$310,000,000), for transactions supposedly having taken place from 1906 to 1928! The actual transactions were 9 parcels from a month ago, but the dates and dollar amounts were wrong. Canada Post says the problem occurred when they merged 60 databases into one. [Source: *Toronto Star*, 12 Jul 2001] Mark Brader, Toronto
I have a program called "clrspace" which clears the unused space on my hard disk. When I use it at work, I set it to fill the space with the company name and phone number. Recently I got a new copy of the Microsoft Visual C++ compiler, version 6, introductory edition. Today, after compiling a program of the "Hello World" level of complexity and finding that the resulting program was well over 100 kilobytes, I went to the DOS prompt and looked at the .EXE file with a hex editor to try to find out why it was so big. I was surprised to find "Property of Acme Widgets, 301-555-1212" in the .EXE file from 0x6000 to 0x14FFF. The compiler had obviously just grabbed a big chunk of disk space and stuffed it into the file, without bothering to clear it first. If that particular chunk of disk had been used for something confidential, and if this were the production version of the compiler that allows redistribution of executables (the intro version doesn't, although this restriction is somehow omitted from the outside of the package), then 60 kilobytes of company plans, source code, spreadsheets, customer lists, or whatever could have been burned onto CD and shipped to customers around the world. Anyone compiling programs with MSVC may want to examine the output closely for data that shouldn't be there.
On 2 Jul 2001, a reporter for a local newspaper wanted to check his on-line account with the Berliner Sparkasse. Imagine his surprise to find lots of interesting data about an account and loans - except that they were not his. About 50 persons could not access their own accounts, they were presented with data from other people. The bank assures us, that no funds could be transferred, it was "just" possible to see how much money was in the accounts and to see the last transactions. They immediately removed the on-line banking from the net. The official problem source, according to a spokesperson from the bank, was "strain" (Ueberlastung) on the systems. The company DefCom Security worked feverishly to get it back on line by Tuesday, but forgot that they had fooled with the certificates. Users were presented with a screen warning them that the certificate was issued by a company that was classified as not trustworthy.... Maybe it's time to change banks? If you read German, you can find more information at http://www2.tagesspiegel.de/archiv/2001/07/03/ak-in-6611353.html http://www2.tagesspiegel.de/archiv/2001/07/03/ak-be-447917.html Prof. Dr. Debora Weber-Wulff FHTW Berlin, FB 4, Internationale Medieninformatik Treskowallee 8, 10313 Berlin Tel: +49-30-5019-2320 Fax: +49-30-5019-2300 weberwu@fhtw-berlin.de http://www.f4.fhtw-berlin.de/people/weberwu/
I witnessed an interesting failure mode during a recent shopping trip. This store had some of the motorized-chair shopping-cart setups for customers who need them. They are all lined up against one wall facing out and plugged into the wall charging. All was well until the power failed. When the power failed, all of these units took off and most ran into things before the staff could stop them, trailing their cords behind them. I asked about this. It seems that there are several what appear to be glaring design flaws in these units. 1. The stopped position on the handle is not the default position. Instead, the control is all the way down for forward, all the way up for reverse and half way in between for neither. Meaning that the nature position is forward. 2. There is also a foot brake, but it must be pushed to stop. 3. Of course there is a power switch. But it must be turned on to charge the unit. What you do to charge is plug the unit in, and then turn on the power. The fact it is receiving outside power switches it to charge mode and the unit will not go anywhere. Now here comes the power failure. All of these units (about 7) are turned on, brake off, and in forward. They seem to assume that no electricity means that they are now to take off and do so driverless. Interesting failure mode, and in this time of more and more backup power for computers, one we should remember. Ray Todd Stevens, Senior Consultant, Stevens Services (812) 279-9394 R.R. # 14 Box 1400 Apt 21, Bedford, IN 47421 Raytodd@kiva.net
Following the question "Does the UK have significantly less electoral fraud than countries which use untraceable ballot papers?" I wrote this, which (although it is a bit late to be a followup to the discussion around last year's USA presidential election) might be interesting. One of the interesting things about the recent general election is that fraud has been much easier to perpetrate than usual, but without any kind of extra auditing. The reason that fraud has been worse is because they have increased the availability of postal votes. Now, this doesn't inherently imply fraud, so I will tell you a tale to explain why I think this is the case. The usual arrangement for an election in the UK is as follows: You have (at some point in the past) put yourself on the electoral register by filling in a form that says "I live here and this is my name and I am entitled to vote", and this means that (amongst the dead tree spam) you receive a piece of card through the letterbox shortly before an election which explains where you have to go to vote and what your voter number is. Now, you might expect (being good RISKS readers and all that) that this piece of paper is a physical token that entitles you to vote (and the process of registering entails some kind of behind-the-scenes checking that this is true), but no. You do not have to take the card to the polling station: you merely have to turn up and state your name, the only checking being that you have already put your name on the list. Now, regardless of how bad that is, it gets worse. In the past, postal votes were quite hard to get, i.e. (unlike usual votes) some checking happened. This was because most postal voters were disabled or expatriates or had some other unusual difficulty that prevented them from getting to the polling station on the day, so there were few enough of them that checking their applications was feasible. The unique thing about this year is that large numbers of farmers and other members of the rural community have not been able to leave their homes because of the travel restrictions caused by the Foot And Mouth epidemic. The procedure for postal votes this year has been: (1) find out the phone number you need to call to get a postal vote; (2) say to the person on the other end of the line how many votes you need; (3) receive the forms through the post; (4) fill them in; (5) sit back and enjoy an extra-large swing in your constituency. If you think that you might not have enough votes, feel free to call back again later and ask for more. [I know someone who tried this out to see if it worked, and it did, but I don't think he actually used the extra votes.] The general election this year has been characterised by an unusually large degree of apathy (59% turn-out, compared to usually 75% or so) but the aggregate result has been just as conclusive as the 1997 result (71% turnout): a landslide victory for the Labour party. The per-constituency change in opinion has made almost no difference to the membership of the House of Commons. This means that there has been absolutely no worry about electoral fraud, since it couldn't have made a significant difference to the overall result. The interesting thing is that the small turnout is likely to have a greater long-term effect than any murmurs of procedural irregularities: the proportional-representation faction have made great mileage from saying that people are apathetic because they have no control over politics, and they have no control because they live in a safe constituency, so their third-party Lib-Dem vote counts for nothing. They have made further headway because of the Gothenburg summit riots which were perceived to be a complaint against the unrepresentative ivory towers of the EU politicians. So, even though the Brits don't want to look like pillocks for criticising the Americans for their banana republic election, we changed none of the procedures, had another shambolic election, and breathed a sigh of relief because it was a cock-up that didn't matter. It remains to be seen whether those in favour of electoral reform will be able to maintain their momentum and get a better system working before the next time.
Several news outlets are reporting on the recent "No Contest" plea on June 14th by Christine Gunhus, wife of former U.S. Senator Rod Gram (Republican, Minnesota) on criminal violations of Minnesota election code. Here is the posting from Cluebot.com, which reads suspiciously like a RISKS posting ;) The wife of a U.S. senator who unsuccessfully ran for re-election in 2000 plead "no contest" on Thursday to charges of using a pseudonym to send email messages that disparaged her husband's Democratic rival. Minnesota prosecutors charged Christine Gunhus, who married former Republican senator Rod Grams after working on his campaign, with violating state criminal laws. Grams' rival, Democratic-Farmer-Labor candidate Mike Ciresi, had filed a complaint under the Minnesota Fair Campaign Practices Act. The risks of using technology you don't completely understand and that could leak your identity are worth noting: * Gunhus is accused of using a Hotmail account (Katie Stevens -- kylomb@hotmail.com) to send the disparaging email messages, which talked about how Ciresi had represented corporate polluters and anti-union companies. But Hotmail includes an X-Originating-IP: header that shows the IP address of the sender — a problem if you're typing it from the opposing campaign's computer! * Prosecutors say they traced the IP address back to an AT&T WorldNet user who repeatedly used the "Katie Stevens" Hotmail account by connecting from Gunhus' home number. (Guess they keep Caller ID logs.) Apparently the person using the "Katie Stevens" pseudonym was smart at first, sending the mail from a Kinko's store, but then got sloppy. * The email attacks included Microsoft Word attachments, which a Ciresi aide investigated. The aide found that Word listed the document authors as Grams staffers including — you guessed it — Christine Gunhus. * Democratic researchers reported that they found Globally Unique Identifiers (GUIDs) in the Word documents. The GUID includes the Ethernet MAC address. Prosecutors last August obtained a search warrant to seize Gunhus' computer, from which they could extract the MAC address if the Ethernet card was still the same. * Let's not forget the political risk. In an article in the Minneapolis Star-Tribune on the pseudonymous mail campaign last year, the Grams campaign offered a remarkably narrow denial. A spokesman hedged: "We didn't put this together and send it out of the Grams campaign office," leaving open the question of whether it was sent by a campaign worker from another location. * And what about the legal risk to free speech? The Minnesota Civil Liberties Union reasonably argues that a criminal law that bans sending pseudonymous messages is unconstitutional. A Supreme Court decision, McIntyre v. Ohio Elections Commission (http://www.epic.org/free_speech/mcintyre.html), says that a prohibition on the distribution of anonymous campaign literature violates the First Amendment. The state law seems to be ecumenical in its application: A Republican has used it to attack the Sierra Club (http://www.fcregister.com/ziegler11_6_00.htm). Epilogue: Grams managed to derail his Democratic rival's primary bid, and Ciresi did not win his party's nomination. Even though Grams lost the general election in the fall, that hasn't halted his political ambitions. The Washington Times reported on April 13 that Grams is reportedly considering a challenge in 2002 to U.S. Senator Paul Wellstone, a liberal Democrat. " Cluebot story (with links): http://www.cluebot.com/article.pl?sid=01/06/15/0135212&mode=nocomment Minnesota Public Radio story on original affidavit: http://news.mpr.org/features/200009/08_radila_grams/index.shtml
The IACR (International organisation of Cryptology Research) has someone on its Board of Directors named Don Beaver. The direct result of this is that the recent IACR newsletter (a 34K document full of relevant news on the cryptologic community) was rejected by our company firewall, because his name was in there too many times. It also contained other "dirty" words, such as LaTeX, hardcore, and so on. Our IT department told me that the message would *not* have been rejected if it was split in two, since the number of dirty words would have been halved. X-| Sigh. I though cryptology was to prevent us from this kind of misery. Jurjen N.E. Bos, Risk Management / Information Security Services Interpay Nederland BV, Postbus 30500, 3503 AH Utrecht tel. +31 30 283 6815
> I was driving on I-405 northbound in southern Los Angeles County when I saw > a bitmapped billboard on the east side of the road that was displaying a > Windows error message. Recently I was on a carnival ride called "The Drop Zone" with my nephews when I saw a similar Windows error message. The Drop Zone is rather fun. They strap you in the ride, you are lifted to the top of a tower, about 100m from the ground. There are computer screens at the top which give you a narrative about how some spacecraft is going down and the whole crew are going to have to bail out, and then they drop you. You experience free fall for a few seconds. The kids scream. You land safely. The second time we did the ride, we got to the top and Windows had crashed. This time it was my turn to scream. "I *really* hope my life is not depending on Windows right now! It's crashed!" Ben Morphett, Bell Labs Research & Development
> signs that was declaring in foot-high letters "BATTERIES NEED RECHARGING".
That may be all that stupid if the system has no other way indicating
problems (some better formulation like "Malfunction: .." could help).
But, if it has some other means to inform operator, then it is stupid.
> The general risk, of course, is in piping STDERR to STDOUT. Web
> sites that send complex error dumps to visitors' browsers are doing
There is a more risk than just user just being stumped by obscure
messages. In many cases I've seen the error message has revealed
quite much of internal workings of web service. I remember even
seeing something like
db_connect(user=db, passwd=pass): failed no connection
The security risks are obvious.
Markus Peuhkuri ! http://www.iki.fi/puhuri/
BKFNNTSC.RVW 20010512 "Fundamentals of Network Security", John E. Canavan, 2001, 1-58053-176-8, U$69.00 %A John E. Canavan canavan@well.com jcnv@chevron.com %C 685 Canton St., Norwood, MA 02062 %D 2001 %G 1-58053-176-8 %I Artech House/Horizon %O U$69.00 617-769-9750 fax: 617-769-6334 artech@artech-house.com %P 319 p. %T "Fundamentals of Network Security" This commonplace guide to security can provide the newcomer with some basic information. However, it also contains some rather large gaps, and not a little misinformation. Chapter one outlines the usual reasons why we need security, and it also provides some basic security terms and concepts. Most of the material is reasonable, but some is not quite standard. A number of different threats are outlined in chapter two. However, errors are rife in this material, although most are fairly minor. Of the fourteen mailing lists it is suggested readers might find useful, at least three have been dead for over a year; at least two of those for more than three. The overview of cryptology, in chapter three, is at a very high level, with limited discussion of key management, and almost none dealing with strength and key length. Chapter four starts out very badly, by stating that Kerberos uses both symmetric and asymmetric cryptography. (It doesn't: despite proposals for public key extensions, Kerberos itself uses a very elegant system of purely private key encryption to avoid sending passwords and keys in clear text at any time. Such a basic misunderstanding taints everything else in the chapter.) World Wide Web encryption is supposed to be the topic of chapter five. However, after a very terse outline of SSL (Secure Sockets Layer) and SHTTP (Secure HyperText Transfer Protocol), and a tiny bit of the missing discussion of key length, we get pages of screen shots of browser certificates, which are almost meaningless without the background review. There is also a tiny overview of Authenticode, with no mention of its flaws. Chapter six presents something of a grab bag of email related topics, mentioning encryption systems, spam, identity problems, privacy of employee email, and even auto-responders. With the addition of more screen shots a number of pages are taken up with little information imparted. Most of chapter seven concentrates on access control and passwords. The material is reasonable, if not deep, but could be better organized. So too with the suggested policies for network management in chapter eight, although the author does seem to think that one set of recommendations can fit all LANs. Chapter nine's look at network media does not really deal with security at all, unless you count the somewhat problematic opinions regarding the relative difficulty of tapping. There really isn't much discussion of routers and SNMP (Simple Network Management Protocol) in chapter ten: it concentrates on a few proprietary products. Chapter eleven mentions a number of VPN (Virtual Private Network) related protocols, but gives neither details for assessment nor conceptual discussions for determining relative usage. There is a decent overview of basic firewall terms, with some areas of confusion, in chapter twelve. Chapter thirteen has a basic outline of biometric concerns, but no details of the technologies. The review of security policy development in chapter fourteen is pedestrian. Chapter fifteen, entitled "Auditing, Monitoring, and Intrusion Detection," is oddly confused since the author makes no distinction between outside audits, and the ongoing auditing of materials that result from regular monitoring. There is unimaginative advice on disaster recovery in chapter sixteen. "Cookies, Cache, and AutoComplete" is a strange add- on: yes, there are security risks associated with these functions, but they are hardly fundamental to network security. In the introduction, while stating that this book is intended for beginners to computer security, the author disclaims the title of computer security expert, and, in fact, asserts that many who do profess ace status may not have as much right as they maintain. I can greatly sympathize with this sentiment. However, simply by writing a book, Canavan implicitly professes some mastery of the subject, and the mere abdication of the rank does not relieve him of the responsibility for his mistakes. There are a number of other texts with better coverage, greater readability, superior accuracy, and less wasted space. copyright Robert M. Slade, 2001 BKFNNTSC.RVW 20010512 rslade@vcn.bc.ca rslade@sprint.ca slade@victoria.tc.ca p1@canada.com http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
SEI 16th Annual Software Engineering Symposium 2001 Theme: Acquiring the Strategic Edge October 15 - 18, 2001 Grand Hyatt at Washington Center Washington, D.C. http://www.sei.cmu.edu/symposium/ Contact: Symposium 2001 Conference Coordinator Phone: 412 / 268-3007 FAX: 412 / 268-5556 E-mail: symposium@sei.cmu.edu
Please report problems with the web pages to the maintainer