The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 22 Issue 77

Wednesday 18 June 2003


Cyberterrorists in the U.S. Senate
Curt Sampson
Digital mobile phones can phreak pacemakers
George Michaelson
United Airlines to offer e-mail on domestic flights
$24-million spreadsheet "boo-boo"
Jonathan Levine
Crash loses names of Canadian firearms registrants
Derek K. Miller
Scotland Yard outage chaos
Dave Austin
eBay fraud
John Reinke
Tiny tracking chips surface in retail use
Monty Solomon
Smart cellphone would spend your money
Steve Holzworth
Virginia grievance system online - with a slight problem
Jeremy Epstein
Sign someone up to be an organ donor!
Giles Todd
Continental Airlines check-in computer foul-up
Steve Bellovin
Downloading data can turn your computer into a server
Re: U of Calgary to teach virus writing
Crispin Cowan
Computer bugs and believing reliable sources
Mark Brader
Re: Slade's Review of Mission Critical Security Planner
Eric Greenberg
Info on RISKS (comp.risks)

Cyberterrorists in the U.S. Senate

<Curt Sampson <>>
Wed, 18 Jun 2003 14:56:12 +0900 (JST)

  The chairman of the Senate Judiciary Committee [Sen. Orrin Hatch, R-Utah]
  said Tuesday he favors developing new technology to remotely destroy the
  computers of people who illegally download music from the Internet.

I don't know that there's much more to be said.

Curt Sampson  <>   +81 90 7737 2974

  [There's lots more to be said.  For example, some software vendors would
  like to do that to their competitors, not just to their customers.  PGN]

Digital mobile phones can phreak pacemakers

<George Michaelson <>>
Thu, 12 Jun 2003 10:02:57 +1000

The new generation of digital mobile phones can interfere with many types of
heart pacemakers, claims a new study in the Institute of Physics journal
Physics in Medicine and Biology. Pacemakers can confuse mobile-phone signals
with the heart's own electrical signals, causing a malfunction.

George Michaelson, APNIC, PO Box 2131 Milton QLD 4064, Australia
  +61 7 3367 0490

United Airlines to offer e-mail on domestic flights

<"NewsScan" <>>
Wed, 18 Jun 2003 08:35:11 -0700

By the end of the year, United Airlines will become the first domestic
airline to offer e-mail on all of its domestic flights.  Industry analyst
Jonathan Gaw of IDC says the service will be a good attraction for business
users, who both need their e-mail and who can expense it."  For $15.98 a
flight, a passenger will be able to send and receive e-mail and attachments,
by connecting a laptop computer to a jack on the Verizon Airfone handset
available throughout the plane.  [*Baltimore Sun*, 18 Jun 2003; NewsScan
Daily, 18 June 2003],0,7414783.story

  [And I presume first-class passengers will be offered a plate of Spam as
  an appetizer, with Monterey Jack.  (And why is Jack always female in this
  context?)  What about people SENDING spam from the plane?  What about spam
  filters for incoming e-mail?  Nothing like sitting on a 6-hour flight and
  watching your spam pile up.  PGN]

$24-million spreadsheet "boo-boo"

<Victor the Cleaner <>>
Wed, 4 Jun 2003 17:08:10 -0600

From *The Calgary Sun*, 4 Jun 2003:

  TransAlta Corp said yesterday a "clerical error" was a costly one for the
  power producer — $24 million US to be exact.  The Calgary-based company
  said a spreadsheet goof by an employee last April caused the company to
  pay higher than intended rates to ship power in New York.  CEO Steve
  Snyder told a conference call yesterday a "cut-and-paste" foul-up in an
  Excel spreadsheet on a bid to New York's power grid operator led TransAlta
  to secure 15 times the capacity of power lines at 10 times the price.  The
  costly human error couldn't be reversed by the grid operator and while
  TransAlta has since tried to recoup the mammoth losses, it was left with a
  $24-million US lesson.  [...]

The RISKS?  Jeez, where do you start?  This sort of thing is becoming so
depressingly common that it barely makes print.  Enormously complicated and
powerful tools that are capable of simultaneously magnifying minor errors
and burying from sight the megabuck consequences?  The apparent "we're
terribly sorry, but our computers aren't programmed to issue refunds"
response of the "New York power grid operator"?

Jonathan Levine, Middle Digital Inc.
  [Also noted by Morty Ovits.
   and George N. White III.  PGN]

Crash loses names of Canadian firearms registrants

<"Derek K. Miller" <>>
Wed, 04 Jun 2003 15:29:19 -0700

A database crash now threatens to turn people trying to comply with an
unpopular law into lawbreakers instead.

The Canadian government has been attempting to implement a nationwide
firearms registry for several years now.  What was originally supposed to
cost at most a few million dollars to document every previously undocumented
rifle or shotgun in the country has now ballooned into a $1 billion-plus
megaproject that appears not to work.

Even those, like me, who are firmly for Canada's strong gun-control laws
find the way this project has been put together to be laughable (and that's
a charitable assessment). In many rural parts of Canada, a long gun is a
necessity, at least to hunt for food or as protection against potentially
dangerous wildlife (everything from polar bears to moose and wolverines,
depending on where you are) for people living or working in the bush, from
native communities to petroleum exploration teams.

The latest registry mishap to come to light is that the database software,
overloaded before the registration deadline was extended several months from
its original 1 January 2003 date, crashed, and apparently took some
registrants' names with it. No one seems to know how many, and I haven't
been able to track down any details of the kinds of software or platforms
that were in use.

To add to the federal government's trouble, a number of provinces have now
said they will refuse to prosecute people who flout the act by not
registering their guns — and there are many such scofflaws.

>From the CTV article above:
> The federal Firearms Act and the Criminal Code state that anyone possessing a
> firearm as defined in Section 2 of the Code must hold a valid firearms
> registration certificate. The new legislation requires that owners of
> long-guns such as rifles and shotguns, register their weapons by July 1 or
> face legal action.
> Critics of the gun registry have argued that the legislation is nothing more
> than a costly waste of time.
> The auditor general has projected it could end up costing more than $1
> billion by 2005 rather than the net $2 million over 10 years projected
> when it was established in 1995. And many say people who would use their
> firearms for violent offences aren't likely to register their guns anyway.

Aside from the direct risks of setting up a database without the bandwidth
or computational headroom for large increases of traffic before a deadline,
lacking proper file journaling, and insufficiently backed up, there is the
additional risk that the predictable failure of such a system will cast
further bad light on a project already suffering from a reputation for
inefficiency and poor planning.

Derek K. Miller -
  [Also noted by Dan Haggarty.  PGN]

Scotland Yard outage chaos

<"Dave Austin" <>>
Fri, 6 Jun 2003 11:01:37 +0100

I thought that this was of interest, an old risk but surprising to find such
a high profile building vulnerable:

Yard crisis as power fails , 4 Jun 2003

Scotland Yard was plunged into crisis today by a massive power and
communications failure.  All phones in the building were cut off as all
lines to the Yard were down, while the central system for handling 999 calls
also failed and had to be switched to local police stations.  Computers
which log emergency and other calls to police in London - known as the CAD
system - failed, along with a second system to Hendon which was supposed to
provide an emergency back-up.  Emergency generators restored power to the
building, but officers had to resort to using mobile phones.  A group of
senior officers was called together to handle the crisis. One police source
said the meeting had examined the possibility that the power failure was a
terrorist or a criminal act, though this had been ruled out.  The failure
showed the vulnerability of the Yard's communications network at a time when
London is on alert for a possible terrorist outrage.  The phones and
electricity crashed at about 9.30am and were still out of action two hours
later. A Yard spokesman said the crisis was caused by a single workman
cutting through an electricity cable in the Victoria area, and that the
company's chief executive had personally apologised to senior officers.  As
engineers from the Yard and outside companies were working flat-out to solve
the problem, the police spokesman emphasised that officers were still
responding to 999 calls which had been routed through the main London police
stations.  "We have contingency plans in place which are working well,"
added the spokesman. "We are still able to provide emergency cover for
London.  "This is a serious matter and we are seeking to bring the building
back on-line as quickly as possible."  One employee at the building said:
"We're in the hands of the engineers." Asked if it was causing huge
problems, he said: "You could say that."  Visitors to the Yard's reception
who had fixed appointments were told they couldn't be seen today because of
"internal communication problems".  Staff at reception were unable to make
internal phone calls and unless visitors had the mobile phone numbers of
staff they were due to meet, they were told they would not be able to see
them.  Other buildings in the area were also affected by the blackout.
London Ambulance said its 999 service was still operational but calls were
being handled on paper for about an hour and a half while the power was
disrupted. Scotland Yard has contingency plans to relocate its emergency
systems and senior officers in the event of a massive crisis such as a
terrorist attack.  However, this did not happen this morning.  Another
police source said: "This could come from the plot of a film.  "One wonders
whether there is a massive criminal heist going on somewhere in London.
"The fact that someone can bring the building to a halt by cutting a single
cable is a little alarming.  "I am sure there will be a few internal
inquiries about this."

Police chiefs told to explain blackout

5 June 2003

Police chiefs have been ordered to provide a full report into the power
failure which led to computers and telephones at Scotland Yard crashing for
more than seven hours.  Toby Harris, chair of the Metropolitan Police
Authority, said there were "grave concerns" after an engineer blacked out
the HQ yesterday by accidentally cutting a single cable in the street.  He
added it called into question the Met's ability to cope in a crisis.

Source: (London) Evening Standard - also covered in The Times et al.

Dave Austin <>

eBay fraud

<"John Reinke" <>>
Fri, 13 Jun 2003 09:14:12 -0400

Police in South Salt Lake, Utah, are working with eBay to determine just how
many people were victimized by what authorities say was one of the biggest
frauds in the auction site's history.  Police arrested 31-year-old Russell
Dana Smith last weekend after hundreds of auction winners complained that
they sent $1,000 or more to a company named Liquidation Universe for laptop
computers they never received.  Police say the firm appears to have raked in
$1 million from about 1,000 victims in just a few weeks.  [...] [Source: Bob
Sullivan, MSNBC, Man arrested in huge eBay fraud; Buyers criticize auction
site's seller verification service]

[FJR: Guarantees are only as good as the guarantor. There ain't no free
lunch. When will people take security seriously?]
  [This one is a long and ugly story.  PGN]

Tiny tracking chips surface in retail use

<Monty Solomon <>>
Tue, 10 Jun 2003 01:34:38 -0400

Tom Pounds waved his overflowing grocery basket at the wall and offered a
glimpse of our shopping future.  The coffee cans, razor blades, and other
items in his basket each carried a stowaway — a tiny chip, the size of a
fleck of black pepper, coupled with an antenna.  Each emitted a short burst
of identifying data that streamed via radio waves to a sensor on the wall.
[...] Within fractions of a second, a computer translated those received
signals onto a monitor as images of each product in the basket.  [...]  In
15 or 20 years, futurists predict, the pervasive RFID tags will link to
massive computer networks, enabling speedy checkout from the grocery store,
medicine cabinets that tell you when to take pills, and milk cartons that
inform your fridge when to add another gallon to the grocery list.  [...]
[Source: Chris Gaither, Radio Frequency Identification Tiny tracking chips
surface in retail use Retail uses for ID chips surfacing, *The Boston
Globe*, 9 Jun 2003]

Smart cellphone would spend your money

<Steve Holzworth <>>
Tue, 17 Jun 2003 11:32:52 -0400

  "A consortium of the world's top consumer electronics firms, mobile
  networks and broadcasters are funding the development of cellphones that
  will spend money on your behalf. The consortium, called Mobile VCE,
  includes Nokia, Sony, Vodafone and the BBC.  It might sound like a
  bankruptcy waiting to happen, but software engineer Nick Jennings is
  supremely confident the phones will not mess up anybody's life.  [...]
  The cellphone agents only offer help if triggered by a diary event or if a
  definite pattern of behaviour, such as going to the movies every Friday,
  has been established."  [Source: New Scientist]

[SCH - how many "supremely confident" software engineers have watched
as their rocket booster exploded, their online store got hacked, etc.?]

What mechanisms will be in place to dispute or refuse purchases that your
cellphone agent makes on your behalf?  Be *sure* that you always want to go
to the movies every Friday...

I own a DirecTivo video recorder, which has a similar agent-like process
that automatically records "suggested" programs for you, based on analyzing
your previous viewing habits.  I'm still often amused by some of the
"suggestions" it makes, which have no obvious relevance whatsoever to my
typical viewing habits.

I suppose that if your life runs on a rigid schedule, this might be useful.
My life certainly doesn't...

Steve Holzworth Senior Systems Developer SAS Institute - Open Systems R&D

Virginia grievance system online - with a slight problem

<Jeremy Epstein <>>
Fri, 6 Jun 2003 11:10:44 -0400

Virginia put its workplace grievance system online as a way of improving
responsiveness (the old system typically took a year to process), according
to *The Washington Post* Expected savings are $100,000/year, possibly more.
As a Virginia taxpayer, that's good.... every little bit helps.

"The system is secure from prying eyes, yet those who need to know a case
history can view an entire file by using the employee's Social Security
number."  So... yet another new system that uses the employee's SSN as the
key.  That's bad.  [And we won't even get into how they know that "the
system is secure from prying eyes".]

Sign someone up to be an organ donor!

<Giles Todd <>>
Fri, 13 Jun 2003 22:22:23 +0200

Add anyone you like to the UK's NHS Organ Donor Register at:

Apart from trivial address validity checks, the sole attempt to ensure that
the person being signed up is really who he or she says he or she is is an
e-mail message sent to the e-mail address supplied.

  Date: Fri, 13 Jun 2003 21:11:12 +0100 (BST)
  Subject: I want to be a donor

  Thank you for joining the NHS Organ Donor Register.  Your new record will
  now be downloaded directly to the register.

  If you wish to amend the personal information held on the register at any
  time you can do so through this website, or by contacting:
    The Organ Donor Line (0845 60 60 400) between 7am and 11pm seven days a
    week for a form, or by writing to:
      The NHS Organ Donor Register, UK Transplant, PO Box 14, FREEPOST
      Patchway, BRISTOL BS34 8ZZ  UK

Continental Airlines check-in computer foul-up

<Steve Bellovin <>>
Sat, 14 Jun 2003 13:35:54 -0400

This morning, I tried to check in for a Continental flight from Newark to
Seattle.  But all of the self-service check-in kiosks and all of the
domestic check-in computers were down.  It seems that they'd done a software
upgrade at 0200, and when things got busy the system died.  One of the
customer service managers was muttering that they should have installed the
upgrade on a Sunday morning instead.

They told people to go upstairs to the International check-in area, which
hadn't been "upgraded".  But they didn't allocate enough desks — or enough
people from the non-functional domestic check-in — to handle the crowd.
Nor, despite assurances from Customer Service, did they hold any flights.
The system wouldn't let me check in 10 minutes prior to flight time, of
course, which is reasonable under normal circumstances but not when their
own software has fouled things up.  They also didn't have any priority
procedure for folks on earlier flights.

But it turns out that they did hold the flight, or so it seems — checking
the Continental Web site when I got home, I found that my flight took off 25
minutes late.

In possibly-unrelated computer confusion, one of the arrival status monitors
at EWR was displaying the Internet Explorer "this page is not available"
screen, while one of the departure monitors was showing a typical Windows
desktop.  Hmm — looking at the pictures I took, I see that it has Winzip

Steve Bellovin,

Downloading data can turn your computer into a server

<greep <>>
Fri, 6 Jun 2003 12:49:02 -0700

The Register reports
(<>) that Joltid is
using "content distribution technology that utilises users' own PCs to
disseminate content for publishers."  According to the article, when
someone loads content (such as software) using the Joltid system, the
computer loading the data then becomes a server for that same data.

There seem to be a number of potential risks to users of such a system:

They could held liable for "publishing" information over which they have no
control.  This liability could include copyright and patent infringement.
If the content is found to contain viruses or material which is illegal, the
liability could be even more severe.

Bugs in the Joltid software could expose their personal files to the outside
world, even if their computers run no other server software.

Their own network throughput, or other computer resources, might be affected
by having their computers act as servers.

They may be subject to additional ISP charges for excessive outbound

People who retrieve data from another customer's computer (not from the
original publisher) need to consider the possibility that the data has been
altered.  The article does say: "All files are digitally signed to prevent
tampering, the company claims", but no details are provided.

Re: U of Calgary to teach virus writing (Weaver, RISKS-22.76)

<Crispin Cowan <>>
Sat, 14 Jun 2003 14:53:10 -0700

How is it that worms specifically, or malicious code in general, is a
legitimate area of research, but not a legitimate study topic for
students in a class? How are we to obtain more defensive experts such as
Weaver if we do not train young people in the area.

Techniques to write viruses and worms are evidently already very well known
in the black hat community, as evidenced by the proliferation of such
worms. It is only in the defensive community where ignorance is relatively
common, as evidenced by the naive defenses that are proposed over and over
again. In light of that, how is the suppression of malicious coding
techniques in the education system any different from the suppression of how
to sharpen a pointed stick with which to murder one's neighbor?

I'm sorry, but the cat is clearly out of the bag, and there is little
benefit in attempting to suppress knowledge of how to write a worm.  IMHO,
all the hand-wringing over this course is badly misplaced.

Crispin Cowan, Ph.D. 
Chief Scientist, Immunix

Computer bugs and believing reliable sources

< (Mark Brader)>
Fri, 13 Jun 2003 17:13:52 -0400 (EDT)

Back in comp.risks 22.73, Monty Solomon quoted

| Computer bugs have been around since malfunctions in a 1945
| [Harvard] Mark II were blamed (facetiously) on a moth trapped
| in a relay.

In fact, the malfunction in question *was* caused by the moth trapped in a
relay — the facetious part was the association of this event with the
existing slang term for a problem, i.e. "bug".  As
<> shows, the moth
was preserved along with the annotation, "First actual case of bug being
found".  (Note the word "actual".)

Now that's not Risks-worthy, but I think the other error in the quoted
sentence is: the Lycos writer gave the date of the incident as 1945.  As the
web page I just cited shows, the logbook with the moth now belongs to the
Smithsonian Institution's National Museum of American History, and *they*
say that the correct date is 1947.  Since the illustrated page does not show
the year, I e-mailed to query the point.  They replied to say
that 1947 is correct and that "The year does not appear on the page, but it
does appear elsewhere in the logbook."

Now try a google search for the phrase "first computer bug" and each of the
years 1945 and 1947.  Go ahead, I'll wait...  But here are the counts I get
when I do it.

        "first computer bug" 1945               388
        "first computer bug" 1947               140

Of course, some of these will be false hits — the year being mentioned in
another context on the same web page — but it's easy to see from the google
synopses that many of the 388 hits do give the wrong date.  Among these are:

and a *large* number of university sites.  Obviously sources that you would
expect things to be right, aren't they?  I even found one page (but I lost
it again, so no cite) that seems to show Grace Murray Hopper, who was part
of the group working on the computer, herself saying that the incident was
in 1945.

And it's actually even worse than the above numbers suggest.  Of the 140
hits in the second (1947) search, many *are* false.  If you search for the
phrase together with *both* years, there are 103 hits, and many of these are
pages that date the incident to 1945 and then mention 1947 in another

Everyone learns quickly enough that you can't believe everything you
read on the Web.  But in this case there are enough pages at enough
reliable-seeming sites that it's hard to believe that they're all
wrong — and yet (unless my correspondent at the Smithsonian, where
the actual logbook is, was lying or mistaken) they are.

The difference between a 1945 and 1947 date for a minor piece of
etymological history is a trivial error to practically everyone.  But the
next time you believe what you read, it might not be trivial.

(Of course this sort of problem can happen with non-Internet research
too.  The Risks relevance is that Web searching makes it so much easier
to become very sure very fast...)

Mark Brader   |   "I'm a little worried about the bug-eater", she said.
Toronto       |   "We're embedded in bugs, have you noticed?"   |                          — Niven, "The Integral Trees"

Re: Slade's Review of Mission Critical Security Planner

<"Eric Greenberg" <>>
Mon, 16 Jun 2003 09:14:49 -0400

My book titled Mission Critical Security Planner (Wiley, 2003), which
Slade has critiqued here, survived full scrutiny and review on, a tough group of folks

and has been reviewed by many reviewers, all of which have offered
nothing but praise. I encourage you to see the other reviews on and elsewhere on the Internet.

You might also visit the Mission Critical Security Planner companion
Web site, where you can download a free electronic copy of the
Chapter 1 and the free worksheets used in the book, at

Judge my commitment to this book, supporting the readers, and security
planning in general, by that material and the Web site.

Eric Greenberg

Please report problems with the web pages to the maintainer