The RISKS Digest
Volume 22 Issue 34

Monday, 4th November 2002

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Prior Florida voting woes spawn pre-election frenzy
Charles P Schultz
Election counting conclusions
Paul D. Smith
Risks of dual-boot systems
Paul Schreiber
Windows daylight saving and file time-stamp
Chris Jakeman
Microsoft court ruling leaked early through security blunder
Keith Rhodes
Exam software — does it get a passing grade?
David Lesher
$3,200 tuition listed on bill as 'Taco Bell'
Fuzzy Gorilla
Turnpike commuters play "Where's the Fast Lane?"
Monty Solomon
BBC News: Fake bank website cons victims
Chris Leeson
GAO: Government Agencies Adhering To Privacy Laws
Monty Solomon
REVIEW: "Ethical Issues of Information Systems", Ali Salehnia
Rob Slade
REVIEW: "Computer Security Handbook", Seymour Bosworth/M. E. Kabay
Rob Slade
CARDIS '02: 5th Smart Card Research/Advanced Application Conference
Alex Walker
Formal Methods Europe 2003 cfp
Diego Latella
Info on RISKS (comp.risks)

Prior Florida voting woes spawn pre-election frenzy

<Schultz CharlesP-ECS013 <>>
Mon, 4 Nov 2002 17:45:26 -0500

Due to the problems we have had in recent history both with manual voting,
and the more recent electronic voting systems put into place, it became
possible to "pre-vote" here in South Florida - most notably in Miami-Dade
and Broward counties. Over the past few days the reported waiting times for
"early voters" has steadily risen to today's peak of 2-3 hours. In spite of
thousands of people waiting in lines and casting their votes, we apparently
have not yet begun the "election."

As it turns out, there seem to be no lessons learned, as the same issues
that caused problems with electronic voting in the primaries (lack of
training, poor facilities, lack of equipment to name a few) are still in
force during this early election period. I am wondering if SO many people
have already voted now that there will be short lines on election day, or if
the problems are going to be magnified by the even larger number of people
who still have not voted. The voting manufacture seems to already be
covering its tracks by explaining why voters should expect delays and voting
times of up to 25 minutes per

I certainly have some concerns regarding the integrity of the voting process
and the votes themselves, especially those that are cast during this early
voting period. During our primaries, we had episodes of votes tallied for a
precinct being greater than the registered voters in that precinct, lower
than expected votes (sometimes 0) were recorded for precincts with
traditionally good voter turnout and poor accounting of individual voting
machines [The Herald Saturday, September 14, 2002]. So now that this process
is spread over a period of days, some new risks have been introduced :

- retention of information by voting machines (e.g. does machine get
  accidentally reset from one day to the next)

- influence of "early voting" polls have on the voting taking place on the
  "official" election day

- duplicate voting (e.g. person votes on multiple days by registering with
  different workers)

- memory capacity of individual machines (e.g. can votes get overwritten if
  volume is too high for an individual machine?)

- the integrity of the counting votes from individual machines (I don't
  know whether this is taking place on a daily basis, or must be delayed
  until the end of election day)

- and maybe an even higher than usual number of recounts and finger
  pointing which can be based on this unusual early voting practice, which
  will then expose further problems when results are overturned, etc.

Charles P. Schultz, North Miami Beach, FL

Election counting conclusions

<"Paul D. Smith" <>>
Thu, 10 Oct 2002 09:07:09 +0100

Many contributors have pointed out the extremes of election counting
requirements, from the British "1 or 2 contests per ballot, count by hand"
from the US "Many contests per ballot, count electronically".  This is a
thread that could run and run but we can draw the various conclusions
together and define the simple requirements for a good voting system.

1. A hand count, with observers from the contesting parties present, is the
safest and fairest way to count ballots, especially close, or suspect

2. Where a simple, accurate, electronic system can be used, then it may be
but is MUST be possible to back this up with a hand count, using the
original ballot papers, in the event of any irregularities or concerns from
the candidates or voters.

3. The method of indicating a choice on a ballot should be simple and the
results immediately visible to, and correctable by, the voter.  The voter
indicating "OK", whether by depositing the ballot in a box or pressing a
leaver or whatever, should have NO affect on the voting slip - for example
this is NOT the time to punch out the holes indicating the selections
because the act of punching could fail leaving the voter with no indication
of their spoiled or incorrect vote.

Note that I have deliberately not commented on the risks of voting for many
contest (did somebody mention 45!) in one ballot.  This is a matter for the
residents of the ballot area to consider — do they want to vote at this
degree of choice or are they happy to delegate to a representative?
[The answers may well be No! and No! in many cases.  PGN]

I believe that pretty much covers the ideal voting system.  All flaws in
existing systems result because the system fails to address one or more of
the three criteria above.

Risks of dual-boot systems

<Paul Schreiber <>>
Sat, 2 Nov 2002 15:14:29 -0800

A friend of mine has a dual-boot PC running Windows 98 and Windows
2000. Last week, it was booted into Windows 98 when the daylight savings
time changeover occurred.

Windows 98 was smart enough to automatically adjust the clock back an
hour. However, when he rebooted into Windows 2000, it adjusted the
clock back a second hour.

This could lead to many problems if not caught, including alarms going off
at the wrong time, scheduled tasks running at inconvenient hours, incorrect
email headers and much more destructive behaviour if used in a
mission-critical situation.

Windows daylight saving and file time-stamp

<"Chris Jakeman (Bigfoot)" <>>
Sun, 3 Nov 2002 21:48:22 -0000

Discovered today that a misbehaving program was due to a strange behaviour
in Windows. (Can't find any reference to this on comp.risks.)

When the computer clock changes due to Daylight Saving Time (we gained an
hour a week ago in the UK), Windows also changes the time stamp of all its
files by an hour.

This came to light when synchronising files between a Unix webserver and a
Windows copy of the website, using Dreamweaver.

Microsoft discusses this behaviour in its Knowledge Base at;EN-US;Q129574&
but apparently sees nothing wrong in providing a time stamp that changes.

One query: When Samba is used to make Unix files look like Windows ones,
does it fiddle the time stamp to emulate this bizarre behaviour?

Risks: On networks that mix Unix and Windows, this problem might screw up
any utility that relies on timestamps such as incremental backups and source
code control systems.

Microsoft court ruling leaked early through security blunder

<Keith Rhodes <>>
Mon, 4 Nov 2002 09:24:17 -0800 (PST)

Court staffers didn't realize that the ruling placed on their servers became
public knowledge two hours early — even though it wasn't posted on their
Web site.  [Source: Patick Gray, *ZDNet Australia*, 4 Nov 2002; PGN-ed]

  [Interesting competition of ideas: They want to put the file on the Web so
  that people will find it, but they think it will be safe until they
  release it if they put it on the Web because no one will be able to find
  it.  Keith]

    [The judgment went up at 2:40pm EST Friday, prior to its intended
    release time of 4:30pm EST.  The URL was fairly obvious, and the
    directory was freely browsable.  PGN]

Exam software — does it get a passing grade?

<David Lesher <>>
Wed, 30 Oct 2002 21:04:43 -0500 (EST)

Georgetown Law Center lets students use their laptops on exams, IFF they
have installed a package called "SofTest" from ExamSoft.  It blocks other
uses of the laptop, but allows the exam to be taken on it. Or so it sez..

Known problems include:

* Only works on WinDoze systems; forget that Ti OSX PB, or any Linux laptop.
* Requires the laptop have a floppy drive
* Sometimes fails during exams.

But with so many unemployed nerds headed back to grad schools, it's easy to
imagine OTHER problems. What about VMware? What about a determined
programmer who decides hacking code is easier than grok-ing Feist vs. Rural
Telephone? Suppose she writes a Examsoft-specific virus that stay dormant
until the middle of the exam....then bombs all the OTHER machines in the

And most of all, who watches the watcher?

Is this an indirect way to get more attorneys who can code?

$3,200 tuition listed on bill as 'Taco Bell'

<"Fuzzy Gorilla" <>>
Thu, 10 Oct 2002 15:24:43 -0400

A glitch in vendor software erroneously caused some University of
Wisconsin-La Crosse room/board/tuition payments to be listed as charges from
Taco Bell on credit-card statements.  [Source: AP item, 10 Oct 2002; PGN-ed]

Turnpike commuters play "Where's the Fast Lane?"

<Monty Solomon <>>
Mon, 4 Nov 2002 15:04:00 -0500

The Fast Lanes (like EZPass lanes) are not always in the same configuration
in Massachusetts, sometimes on one side, sometimes in the middle, sometimes
combined with exact-change lanes, sometimes right between two exact-change
lanes.  This seems to be resulting in long lines where they could be avoided
by a more sensible layouts.  "This results in vehicles switching lanes via
the Fast Lane/exact change lane like crazed motorized salmon running
upstream."  [Source: Mac Daniel, *The Boston Globe*, 3 Nov 2002; PGN-ed]

BBC News: Fake bank website cons victims

<"LEESON, Chris" <>>
Tue, 8 Oct 2002 15:44:10 +0100

  [It seems that the old Nigerian scam is becoming more hi-tech (although Web
  site spoofing and e-mail scams are hardly news in RISKS).  CL]

As revealed by BBC Radio5Live, West African spam scammers used an unclaimed
Web domain of a British bank's online service that looked genuine. and found
still more gullible people.  The UK National Criminal Intelligence Service
notes that at least two Canadians had lost more than $100,000 after being
gulled by the fake Web site.  In response to letters, e-mail, and now Web
sites (one has been shut down), this type of scam somehow continues to be
profitable for the scammers.  [Greed?  Stupidity?  ...]

"One of the first companies to fall victim to website spoofing was net
payment service Paypal.  Con-men set up a fake site and asked people to
visit and re-enter their account and credit-card details because Paypal had
lost the information.  The Web site link included in the e-mail looked
legitimate but in fact directed people to a fake domain that gathered
details for the con-men's personal use."  [Source: BBC News Website; PGN-ed]

GAO: Government Agencies Adhering To Privacy Laws

<Monty Solomon <>>
Thu, 31 Oct 2002 18:12:50 -0500

On 30 Oct 2002, the General Accounting Office issued a report "Information
Management: Selected Agencies' Handling Of Personal Information" finding
that the Departments of Agriculture, Education, Labor, and State generally
adhere to government privacy laws.  "The report found that agencies'
handling of information varies and that a wide range of government personnel
have access to the information, but by and large, the agencies follow
current privacy laws."  (Information considered included names, phone
numbers, addresses, SSNs, financial and legal data, and demographic
information, provided for a specific purpose such as to receive benefits,
obtain services or loans, or participate in a specific federal program.)
[Source: Eric Chabrow, *InformationWeek*, 30 Oct 2002; PGN-ed]

  [RISKS always seeks positive items that do not represent horrible cases
  involving security, privacy, reliability, safety, survivability, financial
  losses, etc.  It is always startling how few really constructive cases
  there are.  On the other hand, the GAO report clearly does not imply that
  there are no potential problems in those four departments.  PGN]

REVIEW: "Ethical Issues of Information Systems", Ali Salehnia

<Rob Slade <>>
Tue, 29 Oct 2002 08:01:28 -0800

BKETHISS.RVW   20020831

"Ethical Issues of Information Systems", Ali Salehnia, 2002,
%E   Ali Salehnia
%C   1331 E. Chocolate Ave., Hershey, PA   17033-1117
%D   2002
%G   1-931777-15-2
%I   IRM Press/Idea Group
%O   U$ 800-345-432 717-533-8845 fax: 717-533-8661
%P   301 p.
%T   "Ethical Issues of Information Systems"

As with any collection of essays, there isn't much of a common thread
between the pieces.  However, in this case, there isn't even an
attempt to set up a structure, or group the papers into subjects.

In chapter one, Internet privacy is very poorly defined, and then we are
told that an opinion poll and an unqualified panel have decided that there
are five primary privacy concerns.  Chapter two points out that some
companies might not benefit from establishing their own global information
network.  There are some brief thoughts on uniform contract codes and
jurisdiction in chapter three.  A poorly documented study, in chapter four,
indicates that neural nets do better than random chance at predicting moral
attitudes from sets of disjoint questions.  A study in chapter five finds
that when you ask people ethical questions, and then ask why they decided
the way they did, morals are a strong factor.  Chapter six is much more
detailed than most of the other papers, and uses stories of the automation
of stock markets in China, Russia, and Chile to point out benefits and
problems with electronic auction systems.  Poor people, and countries, have
less technology with which to advance themselves, we are told in chapter
seven.  Chapter eight points out that we should do a proper risk management
analysis if we are relying on e-commerce.  After careful study and analysis,
chapter nine finds (from self-reports) that people who have more
opportunities to pirate software are more inclined to think that the
practice is OK.  Chapter ten tells us that there are problems with the
quality of software.  There is a brief, but not bad, introduction to
information warfare in chapter eleven.  Chapter twelve is a fictional
"conversation" on the ethics of teachers and researchers.  People who copy
or pirate software tend to think that it is OK to hurt a big guy (a
corporation) because hurting a big guy helps the little guy (individual), we
are told in chapter thirteen.  Chapter fourteen asserts the need for public
policy in relation to e-commerce.  Soren Kierkegaard theorized that remote
information keeps people from forming local relationships, and chapter
fifteen relates this to the Internet.  There are some interesting stories in
chapter sixteen about competitive intelligence or industrial espionage.  The
examination of the ethics of outsourcing, in chapter seventeen, is actually
more about fraud.  Chapter eighteen looks at the Nietzschean concept of
authenticity; that moral choices need to come from within the individual;
but does not examine the problems that have been analyzed in regard to the
very similar concepts involved in Kohlberg's level six of ethical
development.  A variety of views of ethics are listed in chapter nineteen.
A compilation of the arguments for and against the Australian Internet
censorship bill is given in chapter twenty.  Chapter twenty tells us that a
couple of researchers asked for an opinion survey on whether or not using
genetic tests for finding genetic diseases was ethical.

Aside from the lack of structure and depth, this book has a number of
problems.  Some are technical: the proofreading is a definite problem, with
famous names being spelled incorrectly and punctuation appearing in bizarre
places.  As demonstrated by the bibliographies attached to each paper, the
authors are attempting to deal with issues involving technology without
having read standard technical references.  (An additional bothersome point
is that all of these papers seem to have been collected from a very limited
pool of resources: all have appeared in Idea Group books or periodicals.)

While the individual papers may raise some issues that might be interesting
for discussion, ultimately the book does not contribute to the computer
ethics debate.  Pretty much everything in the book is either glaringly
obvious, or has been discussed to death in other works.

copyright Robert M. Slade, 2002   BKETHISS.RVW   20020831    or

REVIEW: "Computer Security Handbook", Seymour Bosworth/M. E. Kabay

<Rob Slade <>>
Mon, 4 Nov 2002 08:03:31 -0800

BKCMSCHB.RVW   20020911

"Computer Security Handbook", 2002, Seymour Bosworth/M. E. Kabay,
%E   Seymour Bosworth
%E   M. E. Kabay
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2002
%G   0-471-41258-9
%I   John Wiley & Sons, Inc.
%O   U$75.00 416-236-4433 fax: 416-236-4448
%P   1224 p.
%T   "Computer Security Handbook, Fourth Edition"

There are many recognizable (and a lot more not so recognizable) names
in the list of contributors.  Authors such as Rebecca Bace, Donn
Parker, and William Stallings stand out as people who have something
worth saying, and can say it well.  Other names are associated with
less worthy works.

Chapter one states that the purpose of the handbook is to describe
information system security risks, the measures for mitigating those
risks, and the techniques for managing security risks.  In a sense, it
does that, but risk management is not the whole of computer security.
Even if the title of the book were to confine itself to risk
management, one would still have to say that, overall, there are other
works that cover the field more completely, with less wasted verbiage.

There has been an attempt to remove the limiting of previous editions
to topics relevant to "big iron."  However, new technologies still
seem to get short shrift.

Part one looks at foundations of computer security, with papers
examining the history and mission of security (actually just history
of computers), law and computer forensics (random collection of legal
issues, almost nothing on forensics), common language for computer
incident information (proposal with no proof that it will either cover
all incidents or assist with dealing with incidents), surveys of
computer crime (lots of material on how studies should be conducted,
and uncritical reports of some studies), and new framework for
security (Donn Parker says we are missing pieces of security).

Threats and vulnerabilities are reviewed in part two, including essays
on the psychology of computer criminals (mostly good but some
questionable observations and theories about black hats), information
warfare (information systems can be attacked--surprise!), penetrating
systems and networks (there are different ways to get unauthorized
access), malicious code (traditional models and some recent examples
of viruses), mobile code (some aspects of ActiveX and scripting),
denial of service attacks (reasonable overview of various types--and
some unrelated exploits), intellectual property (random legislation
and thoughts), e-commerce vulnerabilities (various weaknesses), and
physical threats (generic disaster recovery).

Part three covers preventive technical defenses, containing topics
such as protecting information infrastructure (generic security,
mostly physical), identification and authentication (brief
introduction), operating system security (good introduction to access
control), local area networks (random thoughts), e-commerce safeguards
(legal protections and vague ideas), firewalls (confused grab bag),
protecting Internet systems (basic concepts), protecting web sites
(broad but not deep), public key infrastructure (basic components, but
no more), antivirus technology (simplistic look at scanning), software
development (simplistic look at the software development life cycle),
and piracy (piracy is going on and we have to find some way to stop

Human factors, in part four, looks at standards for security products
(verbose description of the Common Criteria components), security
policy guidelines (miscellaneous related documents), security
awareness (do interesting seminars), ethics (vague), employment
policies (grab bag), operations security (and another), Internet use
policies (yet again), working with law enforcement (generic and poorly
structured), social psychology (redoing the security awareness article
with extra psychological jargon), and auditing computer security (a

Part five's look at detection is brief, with intrusion detection
(excellent introduction), monitoring (you should log stuff), and
application controls (database integrity).

Remediation reviews computer emergency response teams (generic),
backups (pedestrian), business continuity planning (have a plan),
disaster recovery (repeat previous), and insurance (get some) in part

Part seven examines management's role, including management
responsibilities (you could be liable), developing policies (generic),
risk assessment (assess risks), and Y2K (management is now onside--
yeah, right).

Other considerations, such as medical records (good introduction and
discussion of the issues), using encryption internationally (laws
differ), censorship (random thoughts), privacy (various laws),
anonymity (psychological ponderings), and the future (various
thoughts) make up part eight.

There is useful material in the work, but it is difficult to abstract
the good from the mundane unless you are already quite expert in the
field.  The newcomer would be advised to get some basic training or
reading before attempting to deal with this work, but the expert will
be able to find some useful nuggets.

copyright Robert M. Slade, 2001, 2002   BKCMSCHB.RVW   20020911    or

CARDIS '02: 5th Smart Card Research/Advanced Application Conference

<Alex Walker <>>
Mon, 04 Nov 2002 09:55:37 -0800

5th Smart Card Research and Advanced Application Conference
San Jose, CA, 21-22 Nov 2002

Keynote speaker Vincent Cordonnier, LIFL; 14 refereed papers; panel
discussions; Work-In-Progress reports as well as ample opportunities to
informally interact with fellow attendees and speakers.  Unlike events
devoted to commercial and application aspects of smart cards, the CARDIS
conferences bring together researchers who are active in all aspects of the
design, validation, and application of smart cards.  The breadth of smart
card research stimulates a synergy among disparate research communities,
making CARDIS an ideal opportunity to explore and learn from the latest
research advances.

Peter Honeyman, CITI, University of Michigan
CARDIS '02 Program Chair

Alex Walker, Production Editor, USENIX Association
2560 Ninth Street, Suite 215, Berkeley, CA 94710  1-510/528-8649 x33

Formal Methods Europe 2003 cfp

<Diego Latella <>>
Mon, 04 Nov 2002 11:37:44 +0100

FM 2003: the 12th International FME Symposium
Pisa, Italy -September 8-14, 2003
Papers must be submitted electronically by 7 Mar 2003.

FM 2003 is the twelfth in a series of symposia organized by Formal Methods
Europe, an independent association whose aim is to stimulate the use of, and
research on, formal methods for software development.  These symposia have
been notably successful in bringing together a community of users,
researchers, and developers of precise mathematical methods for software
development as well as industrial users.

Formal methods have been controversial throughout their history, and the
realisation of their full potential remains, in the eyes of many
practitioners, merely a promise. Have they been successful in industry? If
so, under which conditions? Has any progress been made in dispelling the
scepticism that surrounds them? Are they worth the effort? Which aspects of
formal methods have become so well established in industrial practice that
they have lost the "formal method" label in the meanwhile?

FM 2003 aims to answer these questions, by seeking contributions not only
from the Formal Method community but also from outsiders and even from
skeptical people who are most welcome to explain, document, and motivate the
source of their reluctance. We are confident that a wide spectrum of
experiences and a loyal contrasting of opinions will foster a better and
deeper understanding, if not a wider adoption of Formal Methods.

Far from restricting the focus of the conference, however, FM 2003 also
welcomes papers with strong theoretical content that establish a connection
with the practice of formal methods.  [PGN-ed]

Dott. Diego Latella, Consiglio Nazionale delle Ricerche
Area della Ricerca di Pisa - Ist. di Scienze e Tecnologia
dell'Informazione - ISTI
Via G. Moruzzi, 1 - I56124 Pisa, ITALY
phone: +39 0503152982 or +39 348 8283101
  fax: +39 0503138091 or +39 0503138092

Please report problems with the web pages to the maintainer