The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 23 Issue 12

Monday 12 January 2004


U.S. FAA warns of EFIS system fault
Peter B. Ladkin
B747-400 Electronic flight displays rendered inoperative
Peter B. Ladkin
Happy 2**30'th birthday, time_t! Now go patch Pro/ENGINEER
Paul Eggert
Danish PM's private communications disclosed by MS Word
Theodor Norup
Anti-spam law enacted -- so what's all this junk in my in-box?
Want chips with that burger?
Jim Schindler
Suing the customers
Joyce Scrivner
Burger King wireless risk
Robert Franchi
AP accidentally distributes celebrity phone numbers
Robert Franchi
'Unfixable' Word password hole exposed
Brett McCarron
VoteHere there and everywhere
Rebecca Mercuri
More voting snafus in Palm Beach and Broward Counties
Alan Fullilove
Correction re: Australian Voting
Eric Ulevik
Re: Electronic car doors trap man
Ian Mitchell
The dangers of PGN-ing
Simon Hogg
COMPSAC 2004 Call for Contributions
Yuen Tak Yu
EUSPRIG CFP July 2004 Klagenfurt
Patrick O'Beirne
REVIEW: "Ben Franklin's Web Site", Robert Ellis Smith
Rob Slade
Info on RISKS (comp.risks)

U.S. FAA warns of EFIS system fault

<"Peter B. Ladkin" <>>
Wed, 07 Jan 2004 07:02:33 +0100

According to *Flight International*, 2-8 December 2003, p34, the U.S. FAA
"has warned operators of Chelton Flight Systems FlightLogic [electronic
flight information system] EFIS avionics that the equipment can provide
misleading guidance under certain circumstances." The system is used on many
aircraft in Alaska operating under Phase 2 of the FAA's general aviation
Capstone program, which uses GPS to provide flight guidance and to track
aircraft in flight. Apparently, the system indicates a uniform rate of climb
of 300 ft/min for guidance in departure procedures, but some departure
procedures require a higher climb rate for obstacle avoidance.

B747-400 Electronic flight displays rendered inoperative

<"Peter B. Ladkin" <>>
Wed, 07 Jan 2004 06:54:18 +0100

On 2 December, 2003, the U.S. National Transportation Safety Board issued
Recommendations A-03-55 and A-03-56. The short document may be read at

"On January 23, 2003, a Singapore Airlines (SIA) Boeing 747-400 experienced
a complete loss of information on all six integrated display units (IDU) on
the flight deck instrument panels while in cruise flight from Singapore to
Sydney, Australia. The pilots flew the airplane for 45 minutes using standby
flight instruments while they communicated with SIA maintenance personnel
about the problem. SIA maintenance personnel advised the flight crew to pull
out then push back in (or cycle) the circuit breakers for the EFIS/EICAS
interface units (EIU), which returned the IDUs to normal operation. The
flight continued to Sydney and landed without further incident."

"A similar event occurred on another SIA B747-400 on November 6, 2001 ..."
while on a Sydney to Singapore flight, during an emergency descent because
of an cabin pressure warning. Maintenance personnel recycled the EIU circuit
breakers on the ground and restored the IDUs to normal operation.

"The six IDUs ... include the captain's Primary Flight Display (PFD) and
Navigation Display (ND), the first officer's PFD and ND, and the main and
auxiliary engine indicating and crew alerting system (EICAS) displays. The
PFD and ND displays [sic] provide the pilots with attitude, altitude,
airspeed, heading, and rate of climb and descent information. The EICAS
displays provide the flight crew with the airplane's engine indicating
information and annunciate advisories, cautions and warnings. Without these
displays, the flight crew is required to use standby flight instruments,
which consist of an altimeter, airspeed indicator, and artificial
horizon/attitude indicator; the Boeing B747-400 does not have standby engine
instruments. The loss of the IDUs would also eliminate the flight crew's
access to data from the traffic alert and collision avoidance system,
enhanced ground proximity warning system, and weather radar."

The EIUs are apparently responsible for data display on all six IDUs and
preliminary investigation has indicated that all six IDUs blanked because
all three EIUs stopped transmitting data. The EIUs are identical devices;
the architecture is triple-redundant. The cause of this loss of data has not
been determined, and no countermeasures have yet been identified that could
inhibit the loss of all six IDUs again.

Boeing recommended cycling the EIU circuit breakers in such an event, and
the NTSB recommended that this procedure be included in the quick-reference
handbook used by the flight crew to access procedures in an emergency.

The NTSB letter was also reported in *Flight International*, 9-15 December
2003, p13; and by Frances Fiorino on p31 of Aviation Week and Space
Technology, December 15, 2003.

A similar loss of data to displays on an Airbus A340 in 1994 has been
reported in Risks (Hatton, RISKS-16.92; Ladkin, Rushby, RISKS-16.96), as
also on a Boeing B767 in 1996 (Ladkin, RISKS-18.19). EFIS failure was also
initially suspected in a turboprop accident in Zürich in 2000 (Ladkin,
RISKS-20.78) but the final report fingers pilot error and not technical
problems, according to the Neue Zürcher Zeitung, also 2 December 2003,

There are lots of things one could say about such flight information display
system architectures. All of them rely on the mechanical principles of the
older mechanical systems, but add a layer of electronic display technology
that was not present in the older systems, which drove the displays
directly. This extra layer, most obviously, introduces categories of failure
that were not present in the original systems, such as the failures
exhibited in these incidents. I shall not address here the question of
whether the benefits of such systems outweigh the risks.

The industry seems to be moving towards replacing the mechanical standby
flight instruments, built to designs that have functioned well for upwards
of a century now, by electronic displays. Electronic standby instrument
displays are available and are being advertised for many business jets.

Peter B. Ladkin, University of Bielefeld,

Happy 2**30'th birthday, time_t! Now go patch Pro/ENGINEER.

<Paul Eggert <>>
Fri, 09 Jan 2004 17:10:24 -0800

About 13 hours ago, the POSIX time_t counter exceeded 2**30, thus reaching
half its useful positive range (which counts seconds since 1970) on
traditional hosts with 32-bit signed integer time_t.  Unfortunately, some
software produced by Parametric Technology Corp. was using that 2**30 bit in
time values, so today's milestone introduced timeout glitches into unpatched
installations of PTC's Pro/ENGINEER, Pro/INTRALINK, and Windchill products.
PTC has made patches available to all users, regardless of maintenance
status; see <>.

I still do much of my computing on hosts with 32-bit time_t.  I expect this
to change in the next few years as 64-bit hosts take over, but I wonder: how
many applications will break in January 2038 when time_t exceeds 2**31, even
though the underlying hardware and OS works correctly?  Mark your calendars.

Danish PM's private communications disclosed by MS Word

<"Theodor Norup" <>>
Mon, 5 Jan 2004 23:10:34 +0100

The Danish newspaper Politiken cites a Ritzau (Danish telegram bureau)
telegram on Sun 4 Jan 2004

The Danish Prime Minister's Office has tightened IT Security with immediate
effect following the disclosure of the origins of the document containing
the New Year's speech of prime minister Anders Fogh Rasmussen. The speech
had been written in a document originally authored by Christopher Arzrouni,
head of the Trade and Industry Law section of the Association of Danish
Industries ("Dansk Industri").

Till now, the ministry has distributed Anders Fogh Rasmussen's speeches to
the press and others in word files but in two independent cases, just a few
clicks on the computer did reveal the document's origin or which changes had
been made. Therefore, the PM's office instituted a new procedure on Friday.

"We will in the future distribute speeches as PDF files so that such things
will not happen" says ministry spokesman Michael Kristiansen.

At the same time, the ministry has begun checking its web site security. (my
own translation)

Since the said Arzrouni chairs a well-known ultraliberalist (in the european
sense) discussion society and since the PM does his best to convince voters
that he himself has left former ultraliberalist convictions alone, the
disclosure is very interesting at least.

One wonders what state secrets have been published by the government being
blatantly ignorant to a very well-known MS word problem. And why an
inappropriate word processor choice leads to a completely unrelated check of
web site security.

The RISK: Wrongly believing that the higher echelons of governments and
their technical support has more than a faint idea of IT security.

On the positive side: This may give some publicity to that infamous word

Anti-spam law enacted -- so what's all this junk in my in-box?

<"NewsScan" <>>
Mon, 12 Jan 2004 10:15:53 -0700

The new federal anti-spam law went into effect Jan. 1, but consumers report
their inboxes are more cluttered than ever -- what's going on? Critics say
the new law doesn't actually ban spam but rather provides guidelines for
sending junk e-mail legally. "Now we have a green light for what would come
to be called 'legal spam,'" says ePrivacy Group CEO Vincent Schiavone. John
Levine, a board member of the Coalition Against Unsolicited Commercial
E-Mail, concurs: "Basically, it's a bill of rights for companies that want
to send junk e-mail." In addition, the federal law supercedes stricter laws
recently passed in several states, such as California. "Everyone was
planning for this California law, which was so draconian," says a California
lawyer who defends accused spammers. "Once the federal government passed the
federal law, everyone was kind of relieved." And while technology firms are
eagerly pursuing new ways of blocking spam, skeptics say the ultimate
solution won't be technological or legal, but will depend on developing more
savvy users. Mary Youngblood, abuse team manager at EarthLink, suggests
putting numbers in the middle of your e-mail address to make it more
difficult to guess and using a separate address for online shopping and
newsgroup postings.  [AP, Jan 11 2004; NewsScan Daily, 12 Jan 2004]

Want chips with that burger? (Simson Garfinkel)

<Jim Schindler <>>
Mon, 12 Jan 2004 10:10:40 -0800

Weblog: A Chip for Your Hamburger: Can radiofrequency I.D. devices
  help stop the spread of beef tainted by mad cow disease?
[MIT Technology Review blog item]

  Well, not quite, but this article in the RFID Journal indicates that both
  official[s] and the industry are now thinking of using RFID chips to enable
  greater tracking of meat through the food supply.  This will help track
  things like infected beef (e.g., ground mad cows).  What the article
  doesn't say is that this will also help protect against a terrorist attack
  --- or at least allow the tracking and faster recovery if terrorists go
  after the food supply.  Simson Garfinkel

[Topic: Security and Defense ],4qkw,4rw,ij9s,j8tx,i328,m8yb>

  [Might this require edible RFID microchips that survive meat grinders
  and wind up in each hamburger patty?  PGN]

Suing the customers

<Joyce Scrivner <>>
Mon, 12 Jan 2004 13:10:23 -0600

Rockwell, is suing a law firm that is currently suing Rockwell's customers.
The law firm says that Rockwell has infringed on a patent.  (I'm uncertain
what relationship the law firm has to the patent holder.)  The law firm
appears to assume that suing Rockwell's customers will get more money than
suing Rockwell.  Rockwell sees this as blackmail/threat because the law firm
has not -- and cannot (without suing Rockwell) -- prove that the patent is
or is not infringed.  So Rockwell is now suing the law firm.  Rather nasty.

  In Rockwell Automation Inc. v. Schneider Automation Inc., 02-01195,
  Rockwell says its technology is not covered by the Solaia patent, and
  rather than battling that issue out in court, Niro Scavone and its clients
  have sought to "'shakedown' manufacturers through threats of potential
  business interruption or catastrophic damages."

Burger King wireless risk

<"Franchi, Robert" <>>
Fri, 9 Jan 2004 16:53:35 -0500

Burger King Customer being told they are too fat to order a Whopper by
hackers into the wireless speaker system at the drive through window!

AP accidentally distributes celebrity phone numbers

<"Franchi, Robert" <>>
Fri, 9 Jan 2004 17:00:01 -0500

The Associated Press sent out a list of 250 celebrities' phone numbers by
mistake. Many of the numbers are old and some of the celebrities are dead,
but you can see the potential annoyance.

'Unfixable' Word password hole exposed

<"Brett McCarron" <>>
Fri, 09 Jan 2004 10:31:46 -0800

The password used to "protect" a Microsoft Word form can be revealed with
a simple text editor, according to a recent BugTraq article.  The RISK in
this case goes beyond the ability to edit a protected document (you can
bypass this anyway with Edit > Select All > Copy, open a new document and
Paste). The real RISK is that the user's password is so easy to discover.
Ideally, users would protect a form with a password that is different from
their network authentication password(s). But in the real word ...

News Story,39020396,39118935,00.htm=20

BugTraq Article

VoteHere there and everywhere

<Rebecca Mercuri <>>
Tue, 06 Jan 2004 19:25:05 -0500

There's an interesting statement in the Volume 2, Number 1, January 4, newsletter regarding the VoteHere break-in.

VoteHere's website says that they sell a product called RemoteVote (c) "an
e-voting election system that supports the convenience, ease-of-use, and
mobility of online voting. It's unique in delivering best-of-breed security
and information technology practices, easy to administer and easy to use -
and has been praised for its effect on voter turnout and overall voter

But's news item says: "VoteHere, a Bellevue, Washington
company developing security technology for electronic voting "suffered an
embarrassing hacker break-in." The electronic intruder broke into the
company's system last October and has now been identified, according to the
company's CEO Jim Adler. This event got a lot of news coverage, but we're
not sure of its significance, since VoteHere says they are going to release
all their software."

Wait a second, we're not sure of its significance?  VoteHere is selling an
Internet voting product but they apparently aren't capable of protecting
their own network from attack and their sensitive files from theft.  That
certainly sounds significant to me, and this has absolutely nothing to do
with whether their software is publicly accessible or not.  The USA Today
report quoted Adler as saying "the break-in did not affect the integrity of
its voting technology." This certainly should reassure the "large and small
corporations, professional associations, unions, cooperatives, universities,
political organizations and government groups" that VoteHere is marketing
RemoteVote that their product is not more vulnerable than the insecure
platform it is running on top of.  I know that I feel much better knowing
that the hacker (and probably also his pals) has a copy of the source code.

More voting snafus in Palm Beach and Broward Counties

<Alan Fullilove <>>
Sat, 10 Jan 2004 14:30:55 -0500

Seems Palm Beach and Broward counties can't certify a recent election. The
"winner" of the election won by 12 votes out of 10,844 cast.  137 votes were
blank ballots.

 From the PalmBeachPost newspaper:

"Florida law requires a manual or hand recount of all "under-votes"
and "over-votes" in an election decided by less than 0.25 percent.

But touch-screens leave behind nothing to count by hand. "

Oops !

Correction re: Australian Voting (Williams, RISKS-23.10)

<"Eric Ulevik" <>>
Sat, 10 Jan 2004 20:34:50 +1100

I would like to correct some previous misinformation regarding the
Australian electoral system.

In Australia, the law requires every person on the electoral roll to submit
a valid vote. Simply getting your name checked off and leaving may result in
the Electoral Commission staff recording a failure to vote. Note that the
staff do not examine the votes before they are placed in the ballot box -
meaning there is no enforcement of the validity requirement.

In the state of NSW, in my case, the penalty for not voting was a $120
fine. I intended to refuse to pay the fine on principle as I do not believe
in compulsory voting. However, the alternative penalty in the case was
canceling my driving license.

Hence I voted 'donkey' - giving my preference by order on the ballot (which
is determined randomly). Donkey votes are typically 5-10% of the Australian
vote. The clear risk here is that attempting to enforce democratic
principles increases the influence of random chance on the final results.

Re: Electronic car doors trap man (Healy, RISKS-23.06)

<"Mitchell, Ian (MED, nVISIA)" <>>
Mon, 5 Jan 2004 14:03:54 -0600

I own a CRV 4WD. The way out in a situation such as this is probably through
the rear window. Unlike the side windows, this is not electric. It is
released by a button under the dash that connects to the window lock via a
cable.  Once released, the window can be pushed open from the inside. This
completely mechanical system would presumably still function even when
underwater, although if totally submerged it may be necessary for the water
inside the vehicle to reach a certain level before the pressure can be
overcome and the window opened.

The dangers of PGN-ing (Re: RISKS-23.11)

<Simon Hogg <>>
07 January 2004 22:18

  [PGN note: I messed up my PGN-ed version of the item with Subject line
    "Bank of England falls victim as e-mail scams rise by 400%"
  It might more accurately have been titled
    "Visa customers hit by phishing expedition seemingly from Bank of England"
  Oops!  PGN]

As I'm sure many of the RISKs readers are aware, the Bank of England is a
Central Bank and hence does not issue its own Visa (or any other credit
cards) at least for consumers.  Similarly, it doesn't operate consumer bank
accounts.  I suppose you could say that the Bank of England is equivalent to
the Federal Reserve, *not* Bank of America.  Therefore the BoE is unlikely
to be a 'victim' in the ordinary sense of the word.

Therefore, I thought there was something a bit fishy with the PGN version
saying that the "This was reportedly the first time BoE was victimized by a
"phishing" expedition that apparently fooled about 5% of their Visa
customers into divulging their card and PIN numbers."

Looking at the original news story the 'phishing' quote apparently relates
to a different episode, "A campaign that targeted Visa credit card holders
was said to have fooled one in 20 victims into divulging their personal
details, including their card and pin numbers" *i.e. not the BoE e-mail

The point of the story is to say that lots of people were sent an e-mail with
an executable attachment with the message "Please install our special
software, that will remove all the keyloggers and backdoors from your
computer."  The implication (for the sender the hopeful implication) was
that since the e-mail was apparently from the BoE, the software was in some
way 'official'.  Imagine the same e-mail in the US from

I think the problem here is wider than a standard
e-mail since it is apparently from a 'trusted' central bank (the one who
controls the 'normal' banks) but it doesn't cause any direct 'damage' to the
apparent sending agency.

So, three apparent risks;

1.  Mis- / Dis-information (scaremongering?), accidental or otherwise,
caused by incorrect summary of other news stories.

2.  E-Mails apparently from a trusted source (common / usual RISKs here, but
the 'trusted source' in this case is a 'super-trusted source').

3.  For me the most worrying RISK is that the UK's "National High-Tech Crime
Unit" came out with the very enlightening statement "We have opened the
attachment, but we have so far not been able to find out what it does, if
anything."  How many programmers does it need to be able to analyse a piece
of code to be able to work out what it does?  Anti-virus labs are pretty
good at this, so why not the Government-funded anti-crime 'specialists'?  At
least they are apparently being honest here(!).

COMPSAC 2004 Call for Contributions

<CS Asst Prof Dr Yuen Tak YU <>>
Sun, 11 Jan 2004 19:38:55 +0800 (CST)

                       COMPSAC 2004
    The 28th IEEE Annual International Computer Software
                and Applications Conference
              September 27-30, 2OO4, HONG KONG


15 Jan 2004: Deadline for WORKSHOP and PANEL PROPOSALS
15 Mar 2004: Deadline for REGULAR and WORKSHOP PAPERS

W. Eric Wong, University of Texas at Dallas, USA, Email:
Karama Kanoun,LAAS-CNRS, France, Email:

EUSPRIG CFP July 2004 Klagenfurt

<"Patrick O'Beirne" <>>
Wed, 07 Jan 2004 14:07:50 +0000

  EuSpRIG 2004: Spreadsheet Risks, Development and Audit Methods
  Theme: Risk Reduction in End-User Computing
  Best practice for spreadsheet users in the new Europe
  Thursday July 15th - Friday July 16th 2004
  Klagenfurt University, Klagenfurt, AUSTRIA
For submission instructions, details of formatting, handling of
illustrations etc. download guidelines from

Patrick O'Beirne, European Spreadsheet Risks Interest Group

REVIEW: "Ben Franklin's Web Site", Robert Ellis Smith

<Rob Slade <>>
Fri, 2 Jan 2004 07:56:31 -0800

BKBNFRWS.RVW   20031013

"Ben Franklin's Web Site", Robert Ellis Smith, 2000, 0-930072-14-6,
%A   Robert Ellis Smith
%C   P. O. Box 28577, Providence, RI   02908
%D   2000
%G   0-930072-14-6
%I   Privacy Journal
%O   U$24.50/C$32.25 401-274-7861
%P   407 p.
%T   "Ben Franklin's Web Site"

In the introduction, Smith notes that Americans are both (and
simultaneously) interested in protecting their privacy, and very
curious about others.  This work is a social history of American
thought and feelings about privacy.  The chapters are not numbered,
but named.  There is an attempt to assign date ranges to periods of
events and opinion, but this effort is pretty much exhausted by the
time the book ends.

"Watchfulness," from the late seventeenth to the early eighteenth
century, notes an age of church based communities and close living.
Fear of the government registration is suggested to be primarily based
on anxiety about the fact that a low population (or other indicator of
lack of wealth) would reflect badly on the locale (or locals).
"Serenity" links geographic isolation with privacy, but mostly
concentrates on early enumeration operations.  The post office, more
about the census, and the beginnings of information technology with
Hollerith and Morse is in a chapter called "Mistrust."  "Space"
outlines the degradations of slavery, factories, and workhouses.
"Curiosity" looks at gossip and the popular press.

A chapter called "Brandeis" doesn't talk about him or his essay (with
Warren in the Harvard Law Review) as much as the intellectual
environment and subsequent debate.  Another reviews decisions and
government actions in regard to different types of surveillance.  It
is difficult to say what a chapter called "Sex" has to do with
privacy, and it reuses a lot of material from "Serenity," "Curiosity,"
and "Brandeis."  "Torts" examines various lawsuits related to invasion
of privacy.  Politicking on the Supreme Court in cases possibly
related to privacy populates a chapter called "Constitution."
"Numbers," unlike "Census," discusses the improper use of the Social
Security Number, as well as the concept of a national identity card.
Credit reporting agencies are examined in "Databanks."  "Cyberspace"
touches on a number of Internet related topics.  "Ben Franklin's Web
Site" attempts to guess what Franklin's "Poor Richard's Almanac" would
say about privacy, in pithy aphorisms: a kind of Poor Robert's list of
privacy protecting guidelines.

Smith's book is certainly an entertaining read, and does provide the
occasional lost nugget of significant information on the development
of thought in regard to privacy.  It is, however, difficult to say how
useful the work is for practical endeavours in pursuit of the
protection of privacy, or development of current privacy policy.

copyright Robert M. Slade, 2003   BKBNFRWS.RVW   20031013    or

Please report problems with the web pages to the maintainer