The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 22 Issue 54

Thursday 6 February 2003

Contents

Risks of all-electronic voting systems
David L. Dill
NASA cultural failures on STS-107
Andrew Main
Some very last Columbia data possibly rejected as "corrupted"
Eric De Mund
Washington Monthly's 1980 critique of the space shuttle
Mike Godwin
Astronauts may have the most dangerous job
Derek K. Miller
All AA flights down due to computer crash
Keith Marzullo
Air Canada "Jazz" airline grounded by computer glitch
Derek K. Miller
19 charged in identity theft that netted $7 million in tax refunds
Benjamin Weiser via Monty Solomon
Old data systems a health-care burden
Beth Healy via Monty Solomon
Feds pull suspicious AONN.gov site
Declan McCullagh via Monty Solomon
Spam filtering stops the democratic process...
David Wj Stringer-Calvert
SPAM from Microsoft
PGN
MS: Upgrade! HP: Don't upgrade!
Peter Kaiser
Caida analysis of the Sapphire worm
Colleen Shannon
Re: Trouble with Prime Numbers: DeCSS, DVD, ...
Bob Langford
REVIEW: "Cybercrime: Vandalizing the Information Society", Furnell
Rob Slade
Subject: REVIEW: "Cyberlaw: National and International Perspectives", Girasa
Rob Slade
Info on RISKS (comp.risks)

Risks of all-electronic voting systems

<"David L. Dill" <elections@chicory.Stanford.EDU>>
Sun, 02 Feb 2003 22:54:07 -0800

I am collecting endorsements for a statement I have written (with a lot of
help) opposing electronic voting machines that do not produce paper ballots
(or, in the future, some other independent voter-verifiable audit
mechanism).

A lot of communities (and whole states, in some cases) are buying these
machines because of pressure resulting from the 2000 election.  The problem
is that if errors or fraud are detected in an election using these machines,
there is no way to recover, other than a revote.  Worse, and more likely,
errors or fraud may remain be undetected.

I have already collected endorsements from over 100 computer scientists,
many of them leading experts in elections, computer security, and software
engineering.

I have a Web page with background material, the statement, and the current
list of endorsements.  It would be great if you could join us in endorsing
this statement.  It would also be great if you could bring the issue to the
attention of others who might be interested.

  http://verify.stanford.edu/evote.html

If you are especially enthusiastic, other offers of help would be
appreciated.  This has turned out to be a bit more difficult than I thought
it would be!

Thanks a lot,  	David Dill  	Stanford University


NASA cultural failures on STS-107

<Andrew Main <zefram@fysh.org>>
Sun, 02 Feb 2003 22:16:58 +0000

On mission STS-107, the space shuttle Columbia (OV-102) suffered physical
damage to its left wing during ascent.  It is possible that this damage
contributed to the subsequent breakup and loss of the orbiter during
descent.  During the entire flight, despite being aware that damage had
occurred, NASA remained unaware of the extent of the damage, making
inadequate efforts to determine the nature of the damage. This error is
ascribed to three aspects of NASA's management of manned spaceflights:
excessive reliance on checklists, cumbersome EVA procedures, and a lack of
autonomy for astronauts in flight.
  http://www.fysh.org/~zefram/nasa/sts107_culture.txt

  [NASA is now backing off on the tile-damage theory.  PGN]


Some very last Columbia data possibly rejected as "corrupted"

<Eric De Mund <ead@ixian.com>>
Wed, 5 Feb 2003 22:42:47 -0800

When the Columbia shuttle stopped transmitting voice signals at 9 a.m, and
debris began raining down over a 200-mile-long swath of Texas and Louisiana,
some data apparently continued to flow for another 32 seconds after contact
was lost.  However, computers on the ground rejected the data because it was
"corrupted".  NASA is trying to reconstruct this data.  [Source: John
M. Broder, NASA Now Doubts Tank Debris Doomed Columbia, PGN-ed] *The New
York Times*, 5 Feb 2003; PGN-ed]
  http://www.nytimes.com/2003/02/06/national/nationalspecial/06XSHU.html

One obvious solution would be to have at least one process save all data,
corrupt or not.

Eric De Mund <ead@ixian.com> Ixian Systems, Inc., Mountain View, CA
http://www.ixian.com/ead/


Washington Monthly's 1980 critique of the space shuttle

<Mike Godwin <mnemonic@well.com>>
Mon, 3 Feb 2003 09:36:37 -0500

*Washington Monthly* has reposted its April 1980 critique of the space
shuttle design. It's worth reading as a reminder that there have long been
serious criticisms of the space shuttle for safety and economic reasons.

http://www.washingtonmonthly.com/features/2001/8004.easterbrook-fulltext.html


Astronauts may have the most dangerous job

<Derek K. Miller <dkmiller@pobox.com>>
Wed, 05 Feb 2003 09:27:19 -0800

In an extreme example of computing risk, the December 1996 issue of Fast
Company profiled the software developers for NASA's space shuttle program
and tremendous rigour they apply to their jobs.  Bill Pate, one of the
senior programmers, is quoted: "If the software isn't perfect, some of the
people we go to meetings with might die."

http://www.fastcompany.com/online/06/writestuff.html

The truth is, as we have been reminded, that might happen even if the
software _is_ perfect.

After the space shuttle Columbia broke up on re-entry last weekend, I
wondered whether astronauts have the most dangerous job in (or around) the
world.  While I'm not a statistician, my quick calculations indicate that
they do.

Fatality statistics are usually listed in numbers per 100,000, because for
most activities they are pretty small: the risk of death is 2 per 100,000
scuba divers; 22 per 100,000 vehicle drivers; and 122 per 100,000 loggers
(apparently the most dangerous of "normal" jobs).

We should be careful about making comparisons using astronauts and other
occupations with very small numbers of participants, where we can only
really calculate historical averages rather than yearly rates (which is how
most fatality rates are reported).

With that in mind, however, I did a quick Google search and figured out that
the death rate for astronauts and cosmonauts over the past 40+ years is (as
of this week) about 7.5%, or 7,500 per 100,000 -- something like sixty times
the rate for loggers. It is also nearly twice the 4.3% rate calculated for
high-altitude mountaineering (often called the world's most dangerous job).
That is especially notable since mountaineers often die from their own
decisions, sometimes alone, while astronauts are supported by thousands of
people and billions of dollars in technology, but still die more frequently.

Other jobs have been more hazardous in the past. Sixty-three percent of
German U-boat crew members were lost during World War II, nearly ten times
the death rate of astronauts. But being a frontline soldier actively hunted
in the open ocean during wartime is a different sort of "job," I would say.

I provide a bit more detail and links to my sources at:
  http://www.penmachine.com/journal/2003_02_01_news_archive.html#90270862
with a followup here:
  http://www.penmachine.com/journal/2003_02_01_news_archive.html#90276578

Again, these numbers are quick and off-the-cuff. But it seems pretty clear
that being an astronaut has always been and will remain a very risky
endeavour for the foreseeable future. Astronauts and cosmonauts have always
known that very well, even if the rest of us sometimes forget.

Derek K. Miller, Vancouver, Canada  dkmiller@pobox.com
Penmachine Media Company | http://www.penmachine.com


All AA flights down due to computer crash

<Keith Marzullo <marzullo@cs.ucsd.edu>>
Thu, 30 Jan 2003 21:04:41 -0800

I was on a flight back from Chicago to San Diego yesterday afternoon. We
were scheduled to leave a bit after 5, but we instead took off around 6.
The pilot said that all American Airlines flights were unable to take off
because "a big supercomputer in ... (I forget where; in the south, I
believe) crashed." It seems, according to him, that all flight plans, weight
allowances, and fuel amounts are computed at this one machine and
distributed out to the flights.

I had not known of this single point of failure. Does anyone know more? How
large of a region does this cover? Are crashes really rare enough to not
have a hot standby? (Okay, AA is on the verge of bankruptcy).


Air Canada "Jazz" airline grounded by computer glitch

<"Derek K. Miller" <dkmiller@pobox.com>>
Thu, 06 Feb 2003 09:34:30 -0800

A virus apparently attacked an AC Jazz flight-planning computer that
provides essential information on fueling, weather, and other variables.
Without the computer's flight information releases, aircraft cannot take
off.  The problem affected only Air Canada's regional operations.  About 200
flights were affected, some canceled, some delayed.  [Source: *National
Post*, 6 Feb 2003]
  http://www.nationalpost.com/national/story.html
  ?id=%7B04638B16-6927-49FB-A548-1E8DC2D6E430%7D


19 charged in identity theft that netted $7 million in tax refunds

<Monty Solomon <monty@roscom.com>>
Wed, 5 Feb 2003 22:23:39 -0500

Federal prosecutors in Manhattan have charged 19 people with being part of
an identity-theft ring in the Bronx that received at least $7 million in
federal tax refunds by filing thousands of fraudulent income tax returns,
using stolen Social Security numbers for people who were deceased or
otherwise not filing returns.  Having been implicated, one corrupt tax
preparer in the Bronx then decided to cooperate with federal authorities,
recording conversations and gathering evidence, and enabling the other
culprits to be apprehended.  (They used the IRS's electronic filing system!)
The returns yielded an average of $2500 each.  [Source: Benjamin Weiser,
*The New York Times*, 5 Feb 2003; PGN-ed]
  http://www.nytimes.com/2003/02/05/nyregion/05TAX.html


Old data systems a health-care burden

<Monty Solomon <monty@roscom.com>>
Tue, 4 Feb 2003 17:36:02 -0500

Handling bills, claims sends costs climbing

When President Bush took aim last week at bloated medical bills, he blamed
lawyers, bureaucrats, and insurance companies for driving up costs. But
there is a hidden culprit he did not mention: woefully outdated back-office
technology. The medical system has invested heavily in new ways to heal
patients, but it has neglected the nuts-and-bolts business of managing bills
and records.  Of all the intractable challenges in health care, updating
bill collecting and claims processing might seem the simplest to address.
But the $1.4 trillion health industry for years has lagged the rest of the
economy in high-tech spending. Only agriculture and education spend less.

Even in Boston, where world-class hospitals spare no expense to treat cancer
or deliver babies, and software gurus thrive on solving complex problems,
health care was left behind in the drive for efficiency that changed the
face of American business in the 1990s.

Dr. Harris A. Berman, chief executive of Tufts Health Plan, said the medical
sector's failure to harness new systems is wasting a fortune: one-third of
every health-care dollar is spent on administration.  The piles of paperwork
and thickets of mismatched databases make life more difficult for consumers
and affect the care they receive.  Bankers, car dealers, and tax collectors
have all raced past health-care providers in basic technology, he said.  ...

[Source: Beth Healy, *The Boston Daily Globe*, 4 Feb 2003]
http://www.boston.com/dailyglobe2/035/nation/Old_data_systems_a_health_care_burden+.shtml


Feds pull suspicious AONN.gov site

<Monty Solomon <monty@roscom.com>>
Wed, 5 Feb 2003 22:25:11 -0500

By Declan McCullagh
Staff Writer, CNET News.com
February 5, 2003, 4:00 AM PT

In a move that raises questions about the security of governmental domains,
the Bush administration has pulled the plug on a .gov Web site pending an
investigation into the authenticity of the organization that controlled it.
Until recently, visitors to the AONN.gov Web site were treated to a
smorgasbord of information about an agency calling itself the Access One
Network Northwest (AONN), a self-described cyberwarfare unit claiming to
employ more than 2,000 people and had the support of the U.S. Department of
Defense.  [HOWEVER,] no federal agency called AONN appears to exist, and no
agency with that name is on the official list of organizations maintained by
the U.S. National Institute of Standards and Technology.  The General
Services Administration (GSA), which runs the .gov registry, pulled the
domain on Jan. 24, after a query from CNET News.com.  ...

http://news.com.com/2100-1023-983384.html

  [The entire message from Declan is at
    http://www.politechbot.com/p-04413.html
  A mirror of AONN.gov before it was taken down is at
    http://www.politechbot.com/docs/aonn/
  A subsequent message from Declan is at
    http://www.politechbot.com/
  as is information on how to subscribe.  Wonderful stuff.  PGN]


Spam filtering stops the democratic process...

<"David Wj Stringer-Calvert" <david.stringer-calvert@sri.com>>
Wed, 05 Feb 2003 22:06:24 -0800

Rather ironically, Members of Parliament have installed an offensive-e-mail
filtering system that overzealously blocked distribution of a Sexual
Offences Bill as well as a Liberal Democrat consultation paper on
censorship, among other things.  [PGN-ed.  No surprises there.]

http://www.vnunet.com/News/1138508


SPAM from Microsoft

<"Peter G. Neumann" <neumann@csl.sri.com>>
Wed, 5 Feb 2003 13:31:34 PST

A colleague of mine just received this response from Microsoft, in response
to a request to be REMOVED from an MS spam list.  He/she remarked that "Not
only is their SQL software buggy, it is slow too..."

Date: Wed, 5 Feb 2003 12:48:26 -0800 (PST)
From: Microsoft <TechEd2003@email.microsoft.com>
Subject: Don't miss TechEd 2003: The definitive Microsoft technology event ...

... Please note that it can take up to eight weeks to update customer
information in our database; therefore, you may receive e-mail from us
within that time period.


MS: Upgrade! HP: Don't upgrade!

<Peter Kaiser <kaiser@acm.org>>
Sun, 02 Feb 2003 20:56:04 +0100

While searching the Hewlett-Packard site for information about a particular
model of Presario 63xx computer (which, incidentally, appears unfindable
through their usual mechanisms) I happened on

http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source
=DO020926_CW01.xml&dt=3

  Customer Advisory: DO020926_CW01 - Various Issues May Occur After
  Installing Windows XP Service Pack 1 On Presario 6300 Series Computers

  After installing Windows XP Service Pack 1 on Presario 6300 Series
  computers and then performing a non-destructive restore, the system stops
  responding and will not boot into Windows....  The user must perform a
  destructive recovery to restore the system.  All personal data that is not
  backed up will be lost....

  HP recommends that customers refrain from downloading and installing SP1
  on Presario 6300 Series computers at this time.

"Various issues"!  HP advises customers to "check back frequently", but the
notice has been up for 4 months.

According to Microsoft, SP1 is an important upgrade:

  Windows XP Service Pack 1 (SP1) provides the latest security and
  reliability updates to the Windows XP family of operating systems, and
  includes Internet Explorer 6 SP1.  Windows XP SP1 is designed to ensure
  Windows XP platform compatibility with newly released software and
  hardware, and includes updates that resolve issues discovered by customers
  or by Microsoft's internal testing team.

The RISK to the normal user seems clear enough: the user may perform the
upgrade without ever knowing about the "advisory" on HP's site.  My brother,
for whom I was doing the research, bought his computer after the date of the
advisory, but had never heard about it; luckily I was able to warn him
before he did anything foolish, like attempting to install this recommended
upgrade.


Caida analysis of the Sapphire worm

<Colleen Shannon <cshannon@caida.org>>
Fri, 31 Jan 2003 17:25:01 -0800

We have completed our preliminary analysis of the spread of the
Sapphire/Slammer SQL worm.  This worm required roughly 10 minutes to spread
worldwide making it by far the fastest worm to date.  In the early stages
the worm was doubling in size every 8.5 seconds.  At its peak, achieved
approximately 3 minutes after it was released, Sapphire scanned the net at
over 55 million IP addresses per second.  It infected at least 75,000
victims and probably considerably more.

This remarkable speed, nearly two orders of magnitude faster than Code Red,
was the result of a bandwidth-limited scanner.  Since Sapphire didn't need
to wait for responses, each copy could scan at the maximum rate that the
processor and network bandwidth could support.

There were also two noteworthy bugs in the pseudo-random number generator
that complicated our analysis and limited our ability to estimate the total
infection but that did not slow the spread of the worm.

The full analysis is available at
http://www.caida.org/analysis/security/sapphire/ (click on tech report)
http://www.silicondefense.com/sapphire/
http://www.cs.berkeley.edu/~nweaver/sapphire/

The animation (made by Ryan Koga and Jeffery Brown) is available at
http://www.caida.org/analysis/security/sapphire/sapphire-2f-30m-2003-01-25.gif

David Moore, CAIDA & UCSD CSE
Vern Paxson, ICIR & LBNL
Stefan Savage, UCSD CSE
Colleen Shannon, CAIDA
Stuart Staniford, Silicon Defense
Nicholas Weaver, Silicon Defense and UC Berkeley EECS

Caida mailing list  <Caida@caida.org>
http://login.caida.org/mailman/listinfo/caida


Re: Trouble with Prime Numbers: DeCSS, DVD, ... (Bumgarner, R-22.52)

<Bob Langford <langford@silicon-masters.com>>
Thu, 30 Jan 2003 15:26:17 -0500

Bill Bumgarner's message in Risks 22.52 clarifying the purposes of the CSS
encryption used on DVDs is a clear, well-written statement of why CSS is
used.  However, there is one point on which I think he is mistaken.  He
said, "CSS is intended to prevent unlawful access to the content in three
ways."

The problem here is the word "unlawful".  These activities are not in
themselves unlawful, although the MPAA would like everyone, including the
legal system, to think that they are.  These are activities the DVD
publishers don't want you to be able to do, but with the exception of laws
like the DMCA, they can only enforce their wishes by making it difficult.
But to allow them to claim that they invented CSS to prevent "unlawful"
activity makes a lot of otherwise fair uses of DVD appear illegal.

I was watching a movie the other day (Goldmember) that deactivated the fast
forward, rewind, and pause buttons on my DVD player.  The only way to watch
it is from the beginning, without stopping.  If the phone rings, or
something else distracts you, too bad.  You'll have to start the movie over
to see what you missed.

Are the movie studios really wanting to claim it's unlawful to watch this
movie any other way?

Bob Langford, Silicon Masters Consulting, Inc.


REVIEW: "Cybercrime: Vandalizing the Information Society", Furnell

<Rob Slade <rslade@sprint.ca>>
Thu, 6 Feb 2003 08:03:10 -0800

BKCYBCRM.RVW   20030121

"Cybercrime: Vandalizing the Information Society", Steven Furnell,
2002, 0-201-72159-7, U$29.99/C$44.95
%A   Steven Furnell
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   2002
%G   0-201-72159-7
%I   Addison-Wesley Publishing Co.
%O   U$29.99/C$44.95 416-447-5101 fax: 416-443-0948 bkexpress@aw.com
%O  http://www.amazon.com/exec/obidos/ASIN/0201721597/robsladesinterne
%P   316 p.
%T   "Cybercrime: Vandalizing the Information Society"

The preface states that this book is a general introduction to cybercrime,
directed at any audience, and requiring no specific technical background.
With certain provisos, those objectives are met.

Chapter one is a historical look at information and the rise of the net,
dealing particularly with basic concepts and security.  Computer related
crime is said to be happening, in chapter two, and some anecdotal examples
are given.  Blackhat "celebrities" and groups are examined in chapter three.
While the jargon that Furnell uses tends to come from the media, his
research is obviously superior to that of many similar books on the topic.
Chapter four lists some exploits and attack approaches.  Malware, in chapter
five, also shows better than normal investigation, although some of the
terminology is dated.  Societal aspects of cybercrime, in chapter six, seems
to rely primarily on opinion surveys, but there is some interesting material
on laws and the public perception of cybercriminals.  Recent developments,
such as ethical hacking, hacktivism, information warfare, and
cyberterrorism, are collected in chapter seven.  Chapter eight lists some
recommended security practices.

The book does fall into the all-too-usual trap of concentrating on the
sensational side of information and network related crime (that of the
outside, and targeted, intruder), and therefore fails to provide a complete
picture.  However, within its limits, the work does present a reasonable and
balanced view.

copyright, Robert M. Slade, 2003   BKCYBCRM.RVW   20030121
rslade@vcn.bc.ca  rslade@sprint.ca  slade@victoria.tc.ca p1@canada.com
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade


REVIEW: "Cyberlaw: National and International Perspectives", Girasa

<Rob Slade <rslade@sprint.ca>>
Mon, 20 Jan 2003 08:06:51 -0800

BKCBRLAW.RVW   20021126

"Cyberlaw: National and International Perspectives", Roy J. Girasa,
2002, 0-13-065564-3
%A   Roy J. Girasa rgirasa@pace.edu www.prenhall.com/girasa
%C   One Lake St., Upper Saddle River, NJ   07458
%D   2002
%G   0-13-065564-3
%I   Prentice Hall
%O   +1-201-236-7139 fax: +1-201-236-7131
%O  http://www.amazon.com/exec/obidos/ASIN/0130655643/robsladesinterne
%P   433 p.
%T   "Cyberlaw: National and International Perspectives"

The back cover states that this is the "most comprehensive Internet law text
for students of any discipline."  The preface doesn't really contradict that
statement, but then, it doesn't really specify a particular audience.  The
text itself, on the other hand, does not appear to be a reference, but
rather a textbook for law students, and law students only.  (American law
students, at that.)  While one cannot fault the author for the presumption
of the publisher (who ultimately gets to decide on jacket copy), the overly
broad attempt at marketing is going to be frustrating for some readers.

Part one provides an introduction and examines jurisdiction.  Chapter one is
an introduction and overview of both the technology and law.  This
demonstrates a number of limitations (the technology is limited to the
Internet), and, of course, the sort of bias one would expect to see in a
legal text.  (The definition of the Internet is taken from a "Finding of
Fact" in the case that struck down the Communications Decency Act and
contains a number of errors in terminology and, well, fact.  The legal
system is described only in terms of the various levels of US courts.)  A
number of cases regarding jurisdiction, first between US states and then
between states and foreign States, is presented in chapter two.  While this
will undoubtedly be of value to US lawyers engaged in such battles, for the
layman the best that can be determined is that a) the situation is
indeterminate, and b) the material is confusing.

Part two deals with contracts, torts, and criminal law aspects of
cyberspace.  Chapter three looks at US case law regarding contracts and
torts, including related topics such as commercial codes like UCITA.  (Many
implications of the legislation are poorly expressed: there are several
paragraphs describing the implied warranties under UCITA, and a brief
mention of the fact that using the words "as is" voids them all.)  The
construction of chapter four is very odd, since it begins with a review of
international statutes dealing with commercial online transactions, and then
moves on to torts, and back to US cases.  Although the first presentation of
criminal cases is from Germany, all of the remaining material in chapter
five, primarily on censorship, obscenity, and a little fraud, comes from the
US.

Part three looks at intellectual property rights.  Most of the copyright
cases in chapter six, all from the US, deal with general issues unrelated to
technology, at least not directly, while the cases presented in chapter
seven are more directly related to technology.  Chapter eight deals with
trademarks, and the relation to technology is primarily made in terms of
cybersquatting (the practice of registering a domain name using a famous
name or trademark, so that the owner must buy it from you).  Patents and
trade secrets are covered in chapter nine, and the relation to network
technology is rather slim.

Part four addresses privacy and security issues.  Except that there is only
chapter ten, on privacy.

Part five talks about antitrust, securities regulation, and relaxation.
Antitrust, in chapter eleven, covers Microsoft, IBM, and a number of others.
Chapter twelve's review of securities regulation cases primarily deals with
fraud, and the technical links are basically irrelevant.  The taxation of
net businesses is in chapter thirteen.

As a textbook for law school students, this is undoubtedly useful.  The
cases are collected, and questions are asked to encourage students to think
about various aspects of cases, and related precedents that might be
applicable.  While US structures and law predominate, there is not only
acknowledgement of foreign legislation, but some detailed case examination
as well.  In fact, practicing lawyers would also find this volume extremely
valuable, for the direction in terms of case research on precedent if
nothing else.  For non-lawyers, such as security professionals, the content
is extremely frustrating: all questions and no answers.  Still, given the
extremely murky state of US law in regard to the net and technology, this
tome certainly could be worthwhile, even for those outside the US legal
system.

copyright Robert M. Slade, 2002   BKCBRLAW.RVW   20021126
rslade@vcn.bc.ca  rslade@sprint.ca  slade@victoria.tc.ca p1@canada.com

Please report problems with the web pages to the maintainer

Top