The RISKS Digest
Volume 22 Issue 60

Monday, 3rd March 2003

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Reversed 2002 election results in Alabama still unexplained
Computer error grounds Japanese flights
Eric De Mund
Japanese bullet trains still don't have dead-man switches
Joyce Scrivner
Electronically controlled failure of operating table
Patrik Reali
50,000 court records erased
David Kipping
Fake job listings on Net fostering identity theft
*Big* Red faces at Cornell over e-mail error
How to spam a closed mailing list
Andrew Lynch
New telemarketing tool makes caller ID fakery easy
Lexmark wins injunction in DMCA case
David Becker via Monty Solomon
BSA Accuses OpenOffice ftp sites of piracy
Michael Weishaar
FCW: Group issues final biometrics report
Someone protecting patient data well
Richard A. O'Keefe
Error: Scientology critic fined for undeclared file
Roger Gonnet
REVIEW: "WiFi Security", Stewart S. Miller
Rob Slade
Info on RISKS (comp.risks)

Reversed 2002 election results in Alabama still unexplained

<"Peter G. Neumann" <>>
Thu, 27 Feb 2003 17:01:47 PST

  [Thanks to Kim Alexander <> for noting this item.]

The Alabama governor's election in Nov 2002 was irrevocably impeded by an
unexplained anomaly in the use of ES&S optical-scan voting equipment in
Baldwin County, which reversed the outcome of the election.  In this case,
the printed results of votes produced in the Magnolia Springs precinct were
accurate (when compared with the actual ballots), but the data on the
cartridges used to tabulate the final results electronically was seriously
in error.  Unfortunately for the candidate who should have won based on the
acknowledged correct results, the erroneous electronic totals (in which
about 6,300 votes for that candidate were missing) were accepted as
official.  The official loser "ultimately abandoned his challenge after it
became clear that he would not be able to get the statewide vote recount he
had sought."  Thus, the candidate with the most votes was declared the
loser.  Three months after the election, it is still unclear why the cassette
was missing so many votes disappeared, blamed on a "computer glitch" --
possibly a "power surge at the precinct, static electricity, or something
else".  [Source: Brendan Kirby, Voting snafu answers elusive, *The Mobile
Register*, 28 Jan 2003; PGN-ed]

This case in Alabama is just one more example of why incontrovertible audit
trails are essential — especially when electronic results can so easily be
either accidentally incorrect or fraudulently tampered.  In the even less
perspicuous case of all-electronic elections, a voter-verified ballot image
is ever-more essential.  See an article by Henry Norr in today's *San
Francisco Chronicle*
as well as David Dill's Web site and petition at
and Rebecca Mercuri's Web site
plus the many items in previous issues of RISKS relating to the general
problem of election integrity and accountability.  This kind of problem
is really getting out of hand, and deserves your closer attention.
(If you cannot find the *Chron* column, I put a copy up on my Web site: )

  [Date typo fixed in archive copy.  PGN]

Computer error grounds Japanese flights

<Eric De Mund <>>
Sun, 2 Mar 2003 21:11:10 -0800 (PST)

As seen on Slashdot.  http URLs verified (9:00pm PST, 02 Mar 2003):

Computer Error Grounds Japanese Flights

Posted by timothy[1] on Sunday March 02, @04:50PM
from the presumption-junction dept.

zephiros[2] writes "Mainichi Daily News reports[3] that a "computer glitch"
in Tokyo air traffic control systems resulted in the cancellation of 203
flights this weekend. At 7am Saturday, the error "caused the names of
airlines and flight numbers to disappear from radar screens." A Japan
Times[4] article suggests the problem may be related to upgrades on a system
which exchanges flight plans with the Defense Agency. Makes one wonder about
the integration and maintenance risks of systems like CAPPS II[5]."

Quote from [3]:
  "Computers are just no good," said one 51-year-old company manager
  leaving [from Nagoya airport] for Sapporo. "I'm sure they're helpful,
  but they're just too fragile."

Excerpt from [4]:
  The troubled flight data-processing system at the ministry's[6] Tokyo Air
  Traffic Control Center in Tokorozawa, Saitama Prefecture, automatically
  transmits flight information to airports across Japan.  The system manages
  flight plans.

  The ministry said that early Saturday it partially replaced programs in
  the system that exchanges flight plans with the Defense Agency.  The
  system went down immediately after it was turned on following the

  A transport ministry official said it was too early to link the change to
  the failure.

  The air traffic center was forced to take alternative measures, which
  included telephoning airports to give flight information and inputting
  flight data manually.

  The system has a backup, but both systems went down at the same time,
  according to the ministry.

6. Land, Infrastructure and Transport Ministry at Tokyo's Haneda airport

Eric De Mund <>  Ixian Systems, Inc.  Mountain View, CA

  [Also noted by David Kennedy, Naoki Yamamoto, and Bob Heuman — who added:
     "The risks should be obvious, even if the cost in this instance is
     not. How many times will we hear 'due to a reprogramming hiccup' and
     why were both the main system and the backup taken out of service???
     It is interesting how the press sensationalised it by throwing in
     security preparedness and nuclear arms, which are NOT direct risks from
     this incident."

Japanese bullet trains still don't have dead-man switches

<joyce scrivner <>>
Thu, 27 Feb 2003 07:01:33 -0600

A couple years ago, in RISKS-21.27, I noted a bullet train that ran without
a driver.  This new item shows the driver can fall asleep and the train
keeps running.  It stopped, but not before timing out.

A bullet-train driver snoozed at the wheel for 8 minutes on 26 Feb 2003
while the high-speed train ran at a speed of 270 kilometers per hour.
Fortunately, because the driver had failed to push a confirmation button and
apply the brakes manually, an automatic brake system stopped the train at
the wrong location — 100 meters short of the Okayama Station on the West
Japan Railway.  Station workers found the drivers still asleep, as he had
been ever since the Shin-Kurashiki Station.  [Source: *Mainichi Shimbun*,
27 Feb 2003; PGN-ed]

Electronically controlled failure of operating table

<"Patrik Reali" <>>
Sun, 2 Mar 2003 10:33:33 +0100

An article notes unexpected troubles while doing heart surgery at Derriford
Hospital in Plymouth.  During the surgery, an electronically controlled
operating table ("an up-to-date 50,000-pound [money, not weight] piece of
equipment") began collapsing, causing the patient to "jolt forward".  The
patient died three days later, but there is no evidence the two events are

50,000 court records erased

<"David Kipping" <>>
Thu, 27 Feb 2003 12:03:55 -0700

A computer crash has erased nearly 50,000 local 3rd District Court cases ...
in southwestern Idaho [Caldwell].  ... Third District Court Administrator
Dan Kessler said staff members arrived Tuesday to learn the court's computer
server dumped thousands of new court cases and countless updates to older
ones.  ... "It's more than a mere glitch," Kessler said.  "We lost all of
our database from March 5, 2002 to Feb 14, 2003."  [A lot of discussion of
how difficult it is to conduct business without the records.]  ... John
Peay, information systems chief for the Idaho Supreme Court said his office
is to blame for an operator error when a technician was expanding the 3rd
District court computer to improve response time.  As a result, both copies
of the records were lost.  .... The hard drive was sent to California, where
specialists may be able to recover some of the lost data.  [Excerpt from AP
story, 20 Feb 2003]

  [As I read this, the backup was a duplicate copy of the data on the server
  hard disk.  Apparently there was no other backup — tape, CD, other
  server, etc.  The RISKS are obvious.  DK]

Fake job listings on Net fostering identity theft

<"Peter G. Neumann" <>>
Fri, 28 Feb 2003 19:11:40 -0800 (PST) (which claims to house 24.5 million resumes) sent out a
"critical service message" to millions of job seekers, warning that bogus
job postings are resulting in the illegal collection of personal information
that could result in identity theft.  This is a problem that applies equally
to,, and other job sites as well, although
these others seem to be downplaying the risks.

*Big* Red faces at Cornell over e-mail error

<Peter Neumann <>>
Fri, 28 Feb 2003 10:38:02 -0500

Cornell University sent e-mail to 1,700 high-school students on 26 Feb 2003
informing them that they had been accepted into the class of 2007.  However,
almost 550 of these students had previously been informed in Dec 2003 that
they had been rejected.  Shortly thereafter, the mistake was recognized,
and followed by an "oops" e-mail, apologizing for the error.
[Source: Karen W. Arenson, *The New York Times*, 28 Feb 2003; PGN-ed]

How to spam a closed mailing list

<"Andrew Lynch" <>>
Sat, 1 Mar 2003 15:55:44 +0100

As a member of ACM SIGOPS, I am on their sigops-announce mailing list. Just
now I received e-mail from that list with the subject "Rejected posting to
SIGOPS-ANNOUNCE@ACM.ORG", even though I have never posted to this list.

The rejected mail claimed to be from
itself, but with an IP address that does not match my DNS server's entry for

The rejected mail was included in full and consisted of some HTML code with
an IFRAME-embedded attachment containing a file named README.EXE disguised
as Content-Type audio/x-wav.  Luckily my Unix mail program does not
interpret HTML.  I hate to think what this might do in MS-Outlook and friends.

The risk resulted from a combination of two things:

 (a) The (automatic?) rejection message from the list server contains a
     complete copy of the original mail.
 (b) The original sender fakes his address to be that of the list itself.

The result is that the list server happily sends the rejected message to the
whole list (albeit with a different subject line).

New telemarketing tool makes caller ID fakery easy

<mathew <>>
Thu, 27 Feb 2003 20:31:16 -0500

  Castel Inc., a maker of automated dialing technology, boasts that its
  DirectQuest software is immune to the TeleZapper, a $40 gadget designed to
  thwart sales calls by faking the tones of a disconnected number.

  Beverly, Mass.-based Castel has been mailing brochures to telemarketers
  and other prospective customers touting the software, which also includes
  a feature that lets salesmen transmit any phone number or text message to
  residents' caller ID displays.

Obviously, no regular RISKS reader trusts caller ID at this point.  However,
I suspect that enterprising criminals who purchase this $2,700
caller-ID-faking equipment will get a healthy return on investment.

Lexmark wins injunction in DMCA case

<Monty Solomon <>>
Thu, 27 Feb 2003 23:51:07 -0500

Printer maker Lexmark International Group won a preliminary injunction on 27
Feb 2003 in efforts to prevent a company from selling computer chips that
allow toner cartridges to be recycled.  Judge Karl Forester of the
U.S. District Court for the Eastern District of Kentucky issued the pretrial
injunction against Static Control Components, a small Sanford, N.C.-based
company that sells printer parts and other business supplies.  The order
prohibits the company from selling its Smartek chip.  When installed in
compatible Lexmark printers, the chips allow the printers to use cheaper
recycled toner cartridges that would otherwise be rejected by the printer's
sensors.  [Source: David Becker, CNET, 27 Feb 2003]

BSA Accuses OpenOffice ftp sites of piracy

Fri, 28 Feb 2003 08:57:38 -0600 (CST)

It seems that some FTP sites that host OpenOffice are getting "cease and
desist" e-mail from the BSA about their purported piracy of MS Office.
Maybe their scripts should enhance their search criteria.  Imagine the
consequences if the BSA (or some other IP watchdog) had the authority to
shut down "piracy" sites.

  [Maybe a browser string search on "MS" and "OFFICE" also results in women
  being asked to cease and desist if they are referred to as "MS." and
  happen to have the title "Corporate Executive OFFICEr".  PGN]

Here is an excerpt of the e-mail, which was posted at

>> From: "Copyright Europe" <>
>> To: "Abuse" <>
>> Sent: Wednesday, February 26, 2003 5:51 PM
>> Subject: [NOC] Case ID 588853 - Notice of Claimed Infringement
>> Wednesday, February 26, 2003
>> Westfaelische Wilhelms - Universitaet
>> Roentgenstr. 9-13
>> Muenster, D-48149  DE  DE
>> Re: Unauthorized Distribution of the following copyrighted computer
>> program(s):
>> Microsoft Office
>> Dear Sir/Madam:
>> The Business Software Alliance (BSA) has determined that the connection
>> listed below, which appears to be using an Internet account under your
>> control, is operating an FTP server to offer unlicensed copies or is
>> engaged in other unauthorized activities relating to copyrighted computer
>> programs published by the BSA's member companies.
>> Infringement Details:
>> ------------------------------
>> First Found: 24 Nov 2002 15:31:40 EST (GMT -500)
>> Last Found: 24 Feb 2003 01:19:59 EST (GMT -500)
>> IP Address:
>> IP Port: 21
>> Protocol: FTP
>> FTP Login Name: anonymous
>> FTP Login Password:
>> What was located as infringing content:
>> ------------------------------
>> Filename: /mandrake_current/SRPMS/
>> (199,643kb)
>> Filename:
>> (35,444kb)
>> The above computer program(s) is/are being made available for copying,
>> through downloading, at the above location without authorization from
>> the copyright owner(s).
>> Based upon BSA's representation of the copyright owners in anti-piracy
>> matters, we have a good faith belief that none of the materials or
>> activities listed above have been authorized by the rightholders, their
>> agents, or the law.  BSA represents that the information in this
>> notification is accurate and states, under penalty of perjury, that it
>> is authorized to act in this matter on behalf of the copyright owners
>> listed above.
>> We hereby give notice of these activities to you and request that you
>> take expeditious action to remove or disable access to the materials
>> described above, and thereby prevent the illegal reproduction and
>> distribution of pirated software via your company's network. As you
>> know, illegal on-line activities can result in 50 million people on
>> the Internet accessing and downloading a copyrighted product worldwide
>> without authorization - a highly damaging activity for the copyright holder.
>> We appreciate your cooperation in this matter. Please advise us
>> regarding what actions you take.
>> Please include the following CaseID in any response you send: Case ID
>> 588853
>> Yours sincerely,
>> Corinna Beck
>> Business Software Alliance
>> 1150 18th St NW Suite 700
>> Washington,DC 20036
>> E-mail:

FCW: Group issues final biometrics report

<"Peter G. Neumann" <>>
Thu, 27 Feb 2003 15:41:15 PST

[Source: Group issues final biometrics report Michael Hardy, *Federal
Computer Week*, 25 Feb 2003; PGN-ed]

The International Biometric Group has presented the White House's Office of
Science and Technology Policy with a 200-page final report on using
biometric technologies to secure the nation's borders, airports, and
seaports.  New counterterrorism laws, including the USA Patriot Act and
Enhanced Border Security and Visa Entry Reform Act, require authorities to
use biometrics to detect immigration fraud.

Among the report's recommendations:

* The United States should design a solution that incorporates other
  countries' choices of biometrics. The United States, for example, may
  prefer fingerprint readers because they can interact with existing law
  enforcement databases, while another country chooses facial recognition or
  iris scanners.

* The State Department should capture multiple biometric identifiers from
  every person who applies for a U.S. visa, including high-quality face,
  fingerprint and iris scans.

* Biometrics used at a port of entry should augment, not replace, an
  inspector's judgment in deciding whether to admit someone.

* Use tethered portable fingerprint devices in traffic lanes at border
  crossings to easily read fingerprints from everyone in a car.

In a similar study recently, the Commerce Department's National Institute of
Standards and Technology suggested that a combination of fingerprint and
facial-recognition technologies would be the most secure. NIST suggested
using at least two fingerprints to identify each visa applicant, and a
combination of fingerprint and facial recognition to verify the identity of
visa holders crossing borders.

  [The GAO also has a report on the relative merits of using biometrics
  for border security, GAO-03-174, Nov 2002.  PGN]

Someone protecting patient data well

<"Dr Richard A. O'Keefe" <>>
Fri, 28 Feb 2003 16:20:24 +1300

We hear so much bad news on comp.risks I thought it would be nice to pass on
a story about someone doing something right.  A common mistake is selling
computers whose discs contain sensitive information.  There's a medical
research group in this University that get data from all round the country,
including patient name, address, phone number, and all sorts of stuff.  I
asked the sysadmin what she did when they disposed of any computers.

1. The disc is reformatted.
2. The drive is physically removed from the computer.
3. The case of the drive is opened, and every visible wire cut.
4. She then takes it home and her husband slams a heavy axe through
   the platter a couple of times.
5. The thing is then put in an ash bucket and hot domestic ash
   dumped on it and shaken well in.
6. Finally it's taken to the recycling depot.

If there's anything she can do to make it harder for the data to be
recovered, short of melting the unit down, I'd like to know what it might
be, and so would she.

Error: Scientology critic fined for undeclared file (RISKS-22.59)

<"roger gonnet" <>>
Sat, 1 Mar 2003 08:40:05 +0100

The item in RISKS-22.59 is erroneous; indeed, the "religious" aspect wasn't
part of the final trial against me.  Though the plaintiff tried to complain
also for that (Article 226-19 of the penal code), this was specifically
dismissed by the instructor judge (Non-lieu).

The truth of the matter is that in France, Article 226-16 of the penal code
(for which I was convicted) says that one has no right to establish any
lists of people's names before having done some "declaration of personal
filings" to an official agency (called CNIL).

Another Article (226-19) establishes a rule about an interdiction to file
religious and political opinions of people, but I wasn't sued for that,
because Scientology is considered to be a dangerous cult in France, and has
never been called a religion apart from a sentence by a judge that was
subsequently canceled by the Supreme Court (Cassation).

Moreover, the State Council has even rejected the religious status of
Scientology years ago, and the cult does pay lots of taxes, like companies.

  [Slight changes made in English for clarity, hopefully without changing
  the intended meaning.  I trust Roger will correct me if I erred.  Merci!

REVIEW: "WiFi Security", Stewart S. Miller

<Rob Slade <>>
Thu, 27 Feb 2003 07:46:34 -0800

BKWIFISC.RVW   20030209

"WiFi Security", Stewart S. Miller, 2003, 0-07-141073-2,
%A   Stewart S. Miller
%C   300 Water Street, Whitby, Ontario   L1N 9B6
%D   2003
%G   0-07-141073-2
%I   McGraw-Hill Ryerson/Osborne
%O   U$49.95/C$78.95/UK#40.00 800-565-5758 fax: 905-430-5020
%P   309 p.
%T   "WiFi Security"

When a book starts out with a preface that is basically an advertising pitch
for the author's consulting services, one can be forgiven for doubting the
author's dedication to the task of informing the audience.  This work is yet
another attempt to jump on a hot topic bandwagon.

Supposedly chapter one introduces us to the standards for wireless LAN
security.  Instead, the material meanders through an unstructured collection
of security and wireless topics.  The material is limited, random, and not
particularly informative.  Even when dealing with strictly technical areas,
such as the various types of spread spectrum technologies, the text seems to
have been lifted wholesale from marketing brochures, and fails to explain
much of anything.  There isn't much "Technology Comparison" in chapter two
unless we are comparing apples and oranges: again there is a haphazard
compilation of topics, with Bluetooth getting the lion's share of the ink.
Instead of considering security factors, chapter three lists some basic
attacks against systems in general.  The "issues in wireless security" are a
little more on topic in chapter four.

Chapter five mentions a few terms related to the 802.11 family of standards.
There isn't much about the promised 802.11 security infrastructure in
chapter six: instead we have another amalgam of security problems.  Miller
demonstrates his limited understanding of the technology, in chapter seven,
with common mistakes such as the comparison of "40" and "128" bit WEP (Wired
Equivalent Privacy) keys (WEP keys are composed of either 40 or 104 bit base
keys concatenated with 24 bit initialization vectors, for total lengths of
64 or 128 bits respectively), so it is no surprise that the analysis of the
weaknesses of WEP is only half a page long, and misses all the fundamental

Chapter eight is a generic warning that people might snoop on you.  The
authentication topics jump around so much that it is impossible to say what
chapter nine is really talking about.  A number of technologies are
mentioned, but those discussed together frequently come from completely
separate protocols or functions.  Similarly, chapter ten is entitled "Direct
Sequence Spread Spectrum," but doesn't explain anything about DSSS at all,
and isn't even consistent in terms of the subject area under discussion.
Chapter eleven does stick to the topic of equipment issues, but does not
provide any useful direction to the reader.  Cross-platform issues are
rather confused, in chapter twelve, although there is a reasonable
discussion of the WEP initialization vector reuse problem--which should have
been covered in chapter seven.  The vulnerabilities listed in chapter
thirteen constitute another grab bag: since we have been discussing wireless
LANs throughout the book, why do we now bring up the topic of the "WAP
(Wireless Access Protocol) gap," which only affects Internet enabled cell
phones?  Chapter fourteen and fifteen mostly duplicate content from nine,
with a few minor additions.  Chapter sixteen repeats a lot of other
material, adding a tiny bit on risk assessment.  PDA security issues are
reviewed in chapter seventeen.  Chapter eighteen collects another random
assortment of duplicated topics for a supposed look to the future.

This is an arbitrary and disorganized conflation of subjects, with very
little of value to anyone.  There are a few salient and helpful facts,
which, if brought together, might fill a few pages.  However, these tidbits
are buried in a deluge of impenetrable verbiage, designed more to impress
the naive reader than to inform anyone.

copyright, Robert M. Slade, 2003   BKWIFISC.RVW   20030209

Please report problems with the web pages to the maintainer