[Thanks to Kim Alexander <firstname.lastname@example.org> for noting this item.] The Alabama governor's election in Nov 2002 was irrevocably impeded by an unexplained anomaly in the use of ES&S optical-scan voting equipment in Baldwin County, which reversed the outcome of the election. In this case, the printed results of votes produced in the Magnolia Springs precinct were accurate (when compared with the actual ballots), but the data on the cartridges used to tabulate the final results electronically was seriously in error. Unfortunately for the candidate who should have won based on the acknowledged correct results, the erroneous electronic totals (in which about 6,300 votes for that candidate were missing) were accepted as official. The official loser "ultimately abandoned his challenge after it became clear that he would not be able to get the statewide vote recount he had sought." Thus, the candidate with the most votes was declared the loser. Three months after the election, it is still unclear why the cassette was missing so many votes disappeared, blamed on a "computer glitch" -- possibly a "power surge at the precinct, static electricity, or something else". [Source: Brendan Kirby, Voting snafu answers elusive, *The Mobile Register*, 28 Jan 2003; PGN-ed] http://www.al.com/news/mobileregister/index.ssf ?/xml/story.ssf/html_standard.xsl?/base/news/104374962627050.xml This case in Alabama is just one more example of why incontrovertible audit trails are essential — especially when electronic results can so easily be either accidentally incorrect or fraudulently tampered. In the even less perspicuous case of all-electronic elections, a voter-verified ballot image is ever-more essential. See an article by Henry Norr in today's *San Francisco Chronicle* http://www.sfgate.com/cgi-bin/article.cgi ?file=/chronicle/archive/2003/03/03/BU122767.DTL&type=tech as well as David Dill's Web site and petition at http://verify.stanford.edu/evote.html and Rebecca Mercuri's Web site http://www.notablesoftware.com/evote.html plus the many items in previous issues of RISKS relating to the general problem of election integrity and accountability. This kind of problem is really getting out of hand, and deserves your closer attention. (If you cannot find the *Chron* column, I put a copy up on my Web site: http://www.csl.sri.com/neumann ) PGN [Date typo fixed in archive copy. PGN]
As seen on Slashdot. http URLs verified (9:00pm PST, 02 Mar 2003): Computer Error Grounds Japanese Flights http://slashdot.org/article.pl?sid=03/03/02/2123253 Posted by timothy on Sunday March 02, @04:50PM from the presumption-junction dept. zephiros writes "Mainichi Daily News reports that a "computer glitch" in Tokyo air traffic control systems resulted in the cancellation of 203 flights this weekend. At 7am Saturday, the error "caused the names of airlines and flight numbers to disappear from radar screens." A Japan Times article suggests the problem may be related to upgrades on a system which exchanges flight plans with the Defense Agency. Makes one wonder about the integration and maintenance risks of systems like CAPPS II." Quote from : "Computers are just no good," said one 51-year-old company manager leaving [from Nagoya airport] for Sapporo. "I'm sure they're helpful, but they're just too fragile." Excerpt from : The troubled flight data-processing system at the ministry's Tokyo Air Traffic Control Center in Tokorozawa, Saitama Prefecture, automatically transmits flight information to airports across Japan. The system manages flight plans. The ministry said that early Saturday it partially replaced programs in the system that exchanges flight plans with the Defense Agency. The system went down immediately after it was turned on following the replacement. A transport ministry official said it was too early to link the change to the failure. The air traffic center was forced to take alternative measures, which included telephoning airports to give flight information and inputting flight data manually. The system has a backup, but both systems went down at the same time, according to the ministry. Notes: 1. http://www.monkey.org/~timothy/ 2. mailto:joseph%20at%20dreamlands.org 3. http://mdn.mainichi.co.jp/news/archive/200303/01/ 20030301p2a00m0dm002000c.html 4. http://www.japantimes.co.jp/cgi-bin/getarticle.pl5?nn20030302a1.htm 5. http://www.privacyactivism.org/Item/48 6. Land, Infrastructure and Transport Ministry at Tokyo's Haneda airport Eric De Mund <email@example.com> Ixian Systems, Inc. Mountain View, CA http://www.ixian.com/ead/ [Also noted by David Kennedy, Naoki Yamamoto, and Bob Heuman — who added: "The risks should be obvious, even if the cost in this instance is not. How many times will we hear 'due to a reprogramming hiccup' and why were both the main system and the backup taken out of service??? It is interesting how the press sensationalised it by throwing in security preparedness and nuclear arms, which are NOT direct risks from this incident." PGN]
A couple years ago, in RISKS-21.27, I noted a bullet train that ran without a driver. This new item shows the driver can fall asleep and the train keeps running. It stopped, but not before timing out. A bullet-train driver snoozed at the wheel for 8 minutes on 26 Feb 2003 while the high-speed train ran at a speed of 270 kilometers per hour. Fortunately, because the driver had failed to push a confirmation button and apply the brakes manually, an automatic brake system stopped the train at the wrong location — 100 meters short of the Okayama Station on the West Japan Railway. Station workers found the drivers still asleep, as he had been ever since the Shin-Kurashiki Station. [Source: *Mainichi Shimbun*, 27 Feb 2003; PGN-ed] http://mdn.mainichi.co.jp/news/20030227p2a00m0fp001000c.html
An article notes unexpected troubles while doing heart surgery at Derriford Hospital in Plymouth. During the surgery, an electronically controlled operating table ("an up-to-date 50,000-pound [money, not weight] piece of equipment") began collapsing, causing the patient to "jolt forward". The patient died three days later, but there is no evidence the two events are correlated..... http://www.timesonline.co.uk/article/0,,2-593995,00.html
A computer crash has erased nearly 50,000 local 3rd District Court cases ... in southwestern Idaho [Caldwell]. ... Third District Court Administrator Dan Kessler said staff members arrived Tuesday to learn the court's computer server dumped thousands of new court cases and countless updates to older ones. ... "It's more than a mere glitch," Kessler said. "We lost all of our database from March 5, 2002 to Feb 14, 2003." [A lot of discussion of how difficult it is to conduct business without the records.] ... John Peay, information systems chief for the Idaho Supreme Court said his office is to blame for an operator error when a technician was expanding the 3rd District court computer to improve response time. As a result, both copies of the records were lost. .... The hard drive was sent to California, where specialists may be able to recover some of the lost data. [Excerpt from AP story, 20 Feb 2003] [As I read this, the backup was a duplicate copy of the data on the server hard disk. Apparently there was no other backup — tape, CD, other server, etc. The RISKS are obvious. DK]
Monster.com (which claims to house 24.5 million resumes) sent out a "critical service message" to millions of job seekers, warning that bogus job postings are resulting in the illegal collection of personal information that could result in identity theft. This is a problem that applies equally to CareerBuilder.com, HotJobs.com, and other job sites as well, although these others seem to be downplaying the risks. http://www.cnn.com/2003/TECH/internet/02/28/monster.theft.ap/index.html
Cornell University sent e-mail to 1,700 high-school students on 26 Feb 2003 informing them that they had been accepted into the class of 2007. However, almost 550 of these students had previously been informed in Dec 2003 that they had been rejected. Shortly thereafter, the mistake was recognized, and followed by an "oops" e-mail, apologizing for the error. [Source: Karen W. Arenson, *The New York Times*, 28 Feb 2003; PGN-ed] http://www.nytimes.com/2003/02/28/education/28CORN.html
As a member of ACM SIGOPS, I am on their sigops-announce mailing list. Just now I received e-mail from that list with the subject "Rejected posting to SIGOPS-ANNOUNCE@ACM.ORG", even though I have never posted to this list. The rejected mail claimed to be from firstname.lastname@example.org itself, but with an IP address that does not match my DNS server's entry for listserv.acm.org. The rejected mail was included in full and consisted of some HTML code with an IFRAME-embedded attachment containing a file named README.EXE disguised as Content-Type audio/x-wav. Luckily my Unix mail program does not interpret HTML. I hate to think what this might do in MS-Outlook and friends. The risk resulted from a combination of two things: (a) The (automatic?) rejection message from the list server contains a complete copy of the original mail. (b) The original sender fakes his address to be that of the list itself. The result is that the list server happily sends the rejected message to the whole list (albeit with a different subject line).
Castel Inc., a maker of automated dialing technology, boasts that its DirectQuest software is immune to the TeleZapper, a $40 gadget designed to thwart sales calls by faking the tones of a disconnected number. Beverly, Mass.-based Castel has been mailing brochures to telemarketers and other prospective customers touting the software, which also includes a feature that lets salesmen transmit any phone number or text message to residents' caller ID displays. http://story.news.yahoo.com/news ?tmpl=story&ncid=528&e=5&cid=528&u=/ap/20030226/ap_on_hi_te/telemarketer_tool Obviously, no regular RISKS reader trusts caller ID at this point. However, I suspect that enterprising criminals who purchase this $2,700 caller-ID-faking equipment will get a healthy return on investment.
Printer maker Lexmark International Group won a preliminary injunction on 27 Feb 2003 in efforts to prevent a company from selling computer chips that allow toner cartridges to be recycled. Judge Karl Forester of the U.S. District Court for the Eastern District of Kentucky issued the pretrial injunction against Static Control Components, a small Sanford, N.C.-based company that sells printer parts and other business supplies. The order prohibits the company from selling its Smartek chip. When installed in compatible Lexmark printers, the chips allow the printers to use cheaper recycled toner cartridges that would otherwise be rejected by the printer's sensors. [Source: David Becker, CNET News.com, 27 Feb 2003] http://news.com.com/2100-1028-990501.html
It seems that some FTP sites that host OpenOffice are getting "cease and desist" e-mail from the BSA about their purported piracy of MS Office. Maybe their scripts should enhance their search criteria. Imagine the consequences if the BSA (or some other IP watchdog) had the authority to shut down "piracy" sites. [Maybe a browser string search on "MS" and "OFFICE" also results in women being asked to cease and desist if they are referred to as "MS." and happen to have the title "Corporate Executive OFFICEr". PGN] Here is an excerpt of the e-mail, which was posted at http://distribution.openoffice.org/servlets/ReadMsg?msgId=581265&listName=dev >> From: "Copyright Europe" <email@example.com> >> To: "Abuse" <firstname.lastname@example.org> >> Sent: Wednesday, February 26, 2003 5:51 PM >> Subject: [NOC] Case ID 588853 - Notice of Claimed Infringement >> >> Wednesday, February 26, 2003 >> >> Westfaelische Wilhelms - Universitaet >> Roentgenstr. 9-13 >> Muenster, D-48149 DE DE >> >> Re: Unauthorized Distribution of the following copyrighted computer >> program(s): >> >> Microsoft Office >> >> Dear Sir/Madam: >> >> The Business Software Alliance (BSA) has determined that the connection >> listed below, which appears to be using an Internet account under your >> control, is operating an FTP server to offer unlicensed copies or is >> engaged in other unauthorized activities relating to copyrighted computer >> programs published by the BSA's member companies. >> >> Infringement Details: >> ------------------------------ >> First Found: 24 Nov 2002 15:31:40 EST (GMT -500) >> Last Found: 24 Feb 2003 01:19:59 EST (GMT -500) >> IP Address: 18.104.22.168 >> IP Port: 21 >> Protocol: FTP >> FTP Login Name: anonymous >> FTP Login Password: email@example.com >> >> What was located as infringing content: >> ------------------------------ >> Filename: /mandrake_current/SRPMS/OpenOffice.org-1.0.1-9mdk.src.rpm >> (199,643kb) >> Filename: >> /mandrake_current/i586/Mandrake/RPMS/OpenOffice.org-libs-1.0.1-9mdk.i586.rpm >> (35,444kb) >> >> The above computer program(s) is/are being made available for copying, >> through downloading, at the above location without authorization from >> the copyright owner(s). >> >> Based upon BSA's representation of the copyright owners in anti-piracy >> matters, we have a good faith belief that none of the materials or >> activities listed above have been authorized by the rightholders, their >> agents, or the law. BSA represents that the information in this >> notification is accurate and states, under penalty of perjury, that it >> is authorized to act in this matter on behalf of the copyright owners >> listed above. >> >> We hereby give notice of these activities to you and request that you >> take expeditious action to remove or disable access to the materials >> described above, and thereby prevent the illegal reproduction and >> distribution of pirated software via your company's network. As you >> know, illegal on-line activities can result in 50 million people on >> the Internet accessing and downloading a copyrighted product worldwide >> without authorization - a highly damaging activity for the copyright holder. >> >> We appreciate your cooperation in this matter. Please advise us >> regarding what actions you take. >> >> Please include the following CaseID in any response you send: Case ID >> 588853 >> >> Yours sincerely, >> >> Corinna Beck >> Business Software Alliance >> 1150 18th St NW Suite 700 >> Washington,DC 20036 >> http://www.bsa.org >> E-mail: firstname.lastname@example.org
[Source: Group issues final biometrics report Michael Hardy, *Federal Computer Week*, 25 Feb 2003; PGN-ed] The International Biometric Group has presented the White House's Office of Science and Technology Policy with a 200-page final report on using biometric technologies to secure the nation's borders, airports, and seaports. New counterterrorism laws, including the USA Patriot Act and Enhanced Border Security and Visa Entry Reform Act, require authorities to use biometrics to detect immigration fraud. Among the report's recommendations: * The United States should design a solution that incorporates other countries' choices of biometrics. The United States, for example, may prefer fingerprint readers because they can interact with existing law enforcement databases, while another country chooses facial recognition or iris scanners. * The State Department should capture multiple biometric identifiers from every person who applies for a U.S. visa, including high-quality face, fingerprint and iris scans. * Biometrics used at a port of entry should augment, not replace, an inspector's judgment in deciding whether to admit someone. * Use tethered portable fingerprint devices in traffic lanes at border crossings to easily read fingerprints from everyone in a car. In a similar study recently, the Commerce Department's National Institute of Standards and Technology suggested that a combination of fingerprint and facial-recognition technologies would be the most secure. NIST suggested using at least two fingerprints to identify each visa applicant, and a combination of fingerprint and facial recognition to verify the identity of visa holders crossing borders. [The GAO also has a report on the relative merits of using biometrics for border security, GAO-03-174, Nov 2002. PGN]
We hear so much bad news on comp.risks I thought it would be nice to pass on a story about someone doing something right. A common mistake is selling computers whose discs contain sensitive information. There's a medical research group in this University that get data from all round the country, including patient name, address, phone number, and all sorts of stuff. I asked the sysadmin what she did when they disposed of any computers. 1. The disc is reformatted. 2. The drive is physically removed from the computer. 3. The case of the drive is opened, and every visible wire cut. 4. She then takes it home and her husband slams a heavy axe through the platter a couple of times. 5. The thing is then put in an ash bucket and hot domestic ash dumped on it and shaken well in. 6. Finally it's taken to the recycling depot. If there's anything she can do to make it harder for the data to be recovered, short of melting the unit down, I'd like to know what it might be, and so would she.
The item in RISKS-22.59 is erroneous; indeed, the "religious" aspect wasn't part of the final trial against me. Though the plaintiff tried to complain also for that (Article 226-19 of the penal code), this was specifically dismissed by the instructor judge (Non-lieu). The truth of the matter is that in France, Article 226-16 of the penal code (for which I was convicted) says that one has no right to establish any lists of people's names before having done some "declaration of personal filings" to an official agency (called CNIL). Another Article (226-19) establishes a rule about an interdiction to file religious and political opinions of people, but I wasn't sued for that, because Scientology is considered to be a dangerous cult in France, and has never been called a religion apart from a sentence by a judge that was subsequently canceled by the Supreme Court (Cassation). Moreover, the State Council has even rejected the religious status of Scientology years ago, and the cult does pay lots of taxes, like companies. [Slight changes made in English for clarity, hopefully without changing the intended meaning. I trust Roger will correct me if I erred. Merci! PGN]
BKWIFISC.RVW 20030209 "WiFi Security", Stewart S. Miller, 2003, 0-07-141073-2, U$49.95/C$78.95/UK#40.00 %A Stewart S. Miller email@example.com %C 300 Water Street, Whitby, Ontario L1N 9B6 %D 2003 %G 0-07-141073-2 %I McGraw-Hill Ryerson/Osborne %O U$49.95/C$78.95/UK#40.00 800-565-5758 fax: 905-430-5020 %O http://www.amazon.com/exec/obidos/ASIN/0071410732/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0071410732/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0071410732/robsladesin03-20 %P 309 p. %T "WiFi Security" When a book starts out with a preface that is basically an advertising pitch for the author's consulting services, one can be forgiven for doubting the author's dedication to the task of informing the audience. This work is yet another attempt to jump on a hot topic bandwagon. Supposedly chapter one introduces us to the standards for wireless LAN security. Instead, the material meanders through an unstructured collection of security and wireless topics. The material is limited, random, and not particularly informative. Even when dealing with strictly technical areas, such as the various types of spread spectrum technologies, the text seems to have been lifted wholesale from marketing brochures, and fails to explain much of anything. There isn't much "Technology Comparison" in chapter two unless we are comparing apples and oranges: again there is a haphazard compilation of topics, with Bluetooth getting the lion's share of the ink. Instead of considering security factors, chapter three lists some basic attacks against systems in general. The "issues in wireless security" are a little more on topic in chapter four. Chapter five mentions a few terms related to the 802.11 family of standards. There isn't much about the promised 802.11 security infrastructure in chapter six: instead we have another amalgam of security problems. Miller demonstrates his limited understanding of the technology, in chapter seven, with common mistakes such as the comparison of "40" and "128" bit WEP (Wired Equivalent Privacy) keys (WEP keys are composed of either 40 or 104 bit base keys concatenated with 24 bit initialization vectors, for total lengths of 64 or 128 bits respectively), so it is no surprise that the analysis of the weaknesses of WEP is only half a page long, and misses all the fundamental problems. Chapter eight is a generic warning that people might snoop on you. The authentication topics jump around so much that it is impossible to say what chapter nine is really talking about. A number of technologies are mentioned, but those discussed together frequently come from completely separate protocols or functions. Similarly, chapter ten is entitled "Direct Sequence Spread Spectrum," but doesn't explain anything about DSSS at all, and isn't even consistent in terms of the subject area under discussion. Chapter eleven does stick to the topic of equipment issues, but does not provide any useful direction to the reader. Cross-platform issues are rather confused, in chapter twelve, although there is a reasonable discussion of the WEP initialization vector reuse problem--which should have been covered in chapter seven. The vulnerabilities listed in chapter thirteen constitute another grab bag: since we have been discussing wireless LANs throughout the book, why do we now bring up the topic of the "WAP (Wireless Access Protocol) gap," which only affects Internet enabled cell phones? Chapter fourteen and fifteen mostly duplicate content from nine, with a few minor additions. Chapter sixteen repeats a lot of other material, adding a tiny bit on risk assessment. PDA security issues are reviewed in chapter seventeen. Chapter eighteen collects another random assortment of duplicated topics for a supposed look to the future. This is an arbitrary and disorganized conflation of subjects, with very little of value to anyone. There are a few salient and helpful facts, which, if brought together, might fill a few pages. However, these tidbits are buried in a deluge of impenetrable verbiage, designed more to impress the naive reader than to inform anyone. copyright, Robert M. Slade, 2003 BKWIFISC.RVW 20030209
Please report problems with the web pages to the maintainer