The RISKS Digest
Volume 23 Issue 60

Saturday, 27th November 2004

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Another telco equipment theft
David Lesher
The coming catastrophe in German social services
Debora Weber-Wulff
BMW series 5 disables Dynamic Stability Control and ABS
Stefan Lesser
Business risks of software development
Peter B. Ladkin
Recent fiasco with computer system at Child Support Agency
Pete Mellor
Software is no substitute for thought: yet another instance
Robert Allan Zeh
Wanted by police: a few good icons...
David Lesher
Texas officials wary of plan to hunt by Internet
Arthur Goldstein
Whites Only websites?
Dan Jacobson
Re: Battlefield Robotics are risk to the world
Edward G. Nilges
Increasing sophistication of phishing spammers
Dan Wallach
Scott Sagan: The Problem of Redundancy Problem
REVIEW: "WarDriving: Drive, Detect, Defend", Hurley/Thornton/Puchol
Rob Slade
Computers, Freedom & Privacy Conference 2005, Call for Proposals
Bruce R Koball
Info on RISKS (comp.risks)

Another telco equipment theft

<David Lesher <>>
Sat, 27 Nov 2004 09:59:14 -0500 (EST)

911 service was disrupted for seven hours for some 25,000 customers in parts
of Westchester County NY.  Reportedly, police were sent to a telco building
in White Plains to investigate, but as they arrived two men were seen
wheeling a luggage cart out of the building.  It turns out that the men had
stolen $1 million worth of computer parts — whose removal had effectively
shut down 911 service.  The computer chip boards were valued from $5,000 to
$70,000 each.  The men were arrested.  Apparently, no ambulance delays or
other serious consequences were reported.  [Source: AP item, 26 Nov 2004:

The coming catastrophe in German social services

<Debora Weber-Wulff <>>
Fri, 26 Nov 2004 22:04:39 +0100

On 1 Jan 2005 Germany will switch over from two systems for compensating
people who do not work (Arbeitslosenhilfe and Sozialhilfe, money for people
who have worked but their unemployment insurance has run out and social
services payment for the poor) to a new one, Arbeitslosengeld II, called ALG
II or Hartz IV (after the guy who chaired the commission that thought this
mess up).

In order to make sure that no one hides any assets there is a 16-page
application form that needs to be filled out and all sorts of documentation
supplied. It takes an official at the public offices about an hour to put
all of this information into the central system just for one person.
Germany's jobless rate is at about 10% of the population.or 4.2 million
people officially registered, I could not find the number of people on

The system, however, was not finished on time. The time for starting the
data entry kept being slipped. When the data entry began, not all of the
workers could enter data at the same time, because the system
overloaded. The system has to be rebooted every day at lunch time, because
otherwise it would be too slow in the afternoon.  (Anyone hear hanging
processes screaming?). The data connections are very slow, and sometimes
die, taking all of the data entered up until now with them. It can take up
to an hour for the data entry station to permit a new logon.

If data entered is incomplete (and it often is, as someone missed one of the
many questions) the system automatically deletes the record after about
three or four weeks. Last week, a software update was put on the central
system in Nürnberg, crashing the system so completely, that the backup
had to be restored a day later. (At least they had one!).

In desperation some office managers pleaded with their workers to do
overtime and come in on the weekend to enter data. But there was a fire in
the central computing system and no data could be entered at all.

Amazingly, they have managed to calculate some of the payouts and send the
information to the people receiving them. But since they do not yet have all
of the forms and cannot put in all of the data in time, many offices are
being forced to just pay people some money in January and figure out later
if it was too much or too little.

So we pretty much have a great example of everything going wrong that
possibly can - one wonders perhaps why Germany has so many of these projects
at the moment: this, the TollCollect scheme, the health card proposed for
2006, etc.

There's a nice article in c't (in German) on why large software projects
don't work in Germany: (c't 23/2004, IT-Großprojekte: Warum so viele
Vorhaben scheitern, S. 218) It ranges from people without knowledge of
systems deciding what to implement to the politics of procurement. And, of
course, a good bit of wishful thinking - hoping that computers can cure
problems that have deeper causes.

Prof. Dr. Debora Weber-Wulff, FHTW Berlin, Treskowallee 8, 10313 Berlin
Tel: +49-30-5019-2320

BMW series 5 disables Dynamic Stability Control and ABS

<Stefan Lesser <>>
Mon, 8 Nov 2004 23:59:42 +0100 (W. Europe Standard Time)

After two accidents involving police cars of Berlin, Germany, at first the
drivers were blamed and appointed to a security training. But taking into
consideration the driver's nearly identical reports, which claimed that the
cars on-board drive dynamic control systems had failed, BMW took on and
inspected the case. The result was: Yes, after an emergency brake exceeding
a certain preset pressure on the pedal, all stability systems are disabled
and can only be re-enabled by switching off the ignition for five seconds...

Originating report (German only):

Follow-Ups (German ditto):

Stefan Lesser, Muenchen, Burda Digital Systems GmbH, Am Kestendamm 2,
77652 Offenburg, Germany  +49 89 9250-3433

Business risks of software development

<"Peter B. Ladkin" <>>
Sat, 13 Nov 2004 08:30:43 +0100

Another data point from the *International Herald Tribune*

The large German engineering conglomerate Siemens AG held a news conference
Thursday 11 November 2004 in Munich, in which it said inter alia that its
mobile phone division lost €141m in the fourth quarter 2003
(July-September) compared with a profit of €14m in the same quarter
2002. Siemens is reported as saying that the main reason for the loss was a
delay in selling the S65 phones to correct a software defect.

University of Bielefeld, Germany

Recent fiasco with computer system at Child Support Agency

<Pete Mellor <>>
Fri, 19 Nov 2004 21:43:54 +0000 (GMT)

The Child Support Agency is a UK Government organisation set up some years
ago to trace absent parents and extract maintenance payments to the parents
of the children they have abandoned.  (In the way of the world, the
absentees are usually the fathers, and the abandoned are usually the
mothers, but the opposite can occur.)

The CSA has never worked well.  Under the 'old legislation', the calculation
of payments due was complicated and time-consuming, and left little time for
staff to trace the absentees and enforce payment.

Under the 'new legislation', which went into effect on 3 Mar 2003, the
algorithm for calculating payments was simplified to allow more effort to be
concentrated on enforcement.  To implement the new rules, a computer system
was procured from EDS under a contract valued at GBP 456 million over 10

On the BBC Radio 4 'Today' news and current affairs programme this morning
(Fri 19 Nov 2004), the Work and Pensions Secretary, Alan Johnson, stated
that the new computer system is "problematic", but, under pressure from the
interviewer, John Humphrys, he admitted that "disastrous" might be a better

The backlog of cases is growing at 30,000 per month, and has now reached
around 250,000 cases.  The CSA's debt (money owed to abandoned parents and
children) stands at GBP 720 million, and, in addition, GBP 1 billion has
been "written off".  Of 478,000 absent parents, 417,000 "have not paid a
penny".  (I presume that these statistics cover the whole life of the CSA
under both the 'old' and 'new' systems, and reflect the great difficulty of
tracing those who owe the maintenance and enforcing payments, rather than
being due solely to recent computer problems.)

Applicants are regularly told that their cases cannot be progressed, since
certain "incidents cannot be resolved" on the new computer system.  So far,
only new cases have been entered.  95,000 cases are still stuck on the 'old
system'.  These applicants should have received interim payments of GBP 10
per week since March 2003, but the 'new system' cannot cope with this,

Two employees of the CSA were interviewed anonymously.  It appears that once
an incident has occurred while processing a case, no further work can be
done on that case.  (For "incident" read "system failure".)  One interviewee
claimed that the new system "cannot cope with change".  For example, if a
couple decide to get back together (which happens, and which means that
maintenance payments no longer need to be enforced), there is no way of
entering this information into the system.

The underlying problem seems to be an inadequate requirements specification.
Alan Johnson blames EDS.  (The CSA has withheld GBP 1 million per month from
payments due to EDS under the contract, to a total of GBP 12 million so
far.)  Tony Collins of Computer Weekly said that, in his opinion, the
responsibility lay 50/50 between customer and contractor, and that CSA
probably did not know what they wanted, and their requirements were
therefore unstable.

On Wednesday, Alan Johnson faced tough questions in Parliament.  On
Thursday, the chief executive of the CSA resigned.  According to Johnson,
this was just because he had been in post for four years.  (Presumably he
wanted to spend more time with his family!)

Another triumph for UK Government IT procurement!

The official CSA website is:
This includes a description of the method of calculating payment due.

To hear the brief report from the Today programme on Wed 17 Nov 2004, visit:

To listen to a summary of the background to the problem, and (in a later
item) the Work and Pensions Secretary, Alan Johnson, wriggling on a hook, on
Friday 19th November, visit:
and follow the links.

Peter Mellor, Centre for Software Reliability, City University,
London EC1V 0HB  +44 (0)20 7040 8422  Pete Mellor <>

Software is no substitute for thought: yet another instance

<Robert Allan Zeh <>>
Sun, 21 Nov 2004 13:13:58 -0600

I live in River Forest, IL, a Chicago suburb.  The November 10th, 2004
edition of our local paper, The Wednesday Journal, contained coverage of a
development review board meeting for some new construction.

The architect for the construction had done a computerized "Shadow Study" to
determine how the new construction would impact the area.  The study
simulated conditions on Jun 20 and Dec 20. Here is the section relevant to

  When Nimesh said that long shadows were present at 6 p.m. in the 20 Dec
  simulation, DRB chairman Frank Martin look at him for a second, then said
  'It's dark at 6 p.m. in December."  "The software's not perfect," replied
  Nimesh after a moment's hesitation.

I would suggest that the user needs a little work too.  Checking your
answers for reasonableness is always a good practice, even if you aren't
using a computer.

And old physics teacher of mine enjoyed showing a physics problem to
students to see if they'd spot what didn't make sense.  The problem, which
involved a door, had originally used English units, but was later converted
to metric.

However, the units were changed without changing the values.  The door was 7
meters tall, with a doorknob 3 meters up.

Wanted by police: a few good icons...

<David Lesher <>>
Sat, 13 Nov 2004 19:30:49 -0500 (EST)

Wanted by the Police: A Good Interface,
Katie Hafner, *The New York Times*, 11 Nov 2004

  San Jose has a reputation as one of the safest large cities in the nation,
  with the fewest police officers per capita.  Yet a number of the 1,000
  officers in this city of 925,000 in the heart of Silicon Valley have been
  worrying about their own safety of late. Since June, the police department
  has been using a new mobile dispatch system that includes a Windows-based
  touch-screen computer in every patrol car. But officers have said the
  system is so complex and difficult to use that it is jeopardizing their
  ability to do their jobs.  [...]

This article reads like a casebook for your class Risks 201:
"How NOT to build a system..."

  "Do you think if you're hunkered down and someone's shooting at you in
  your car, you're going to be able to sit there and look for Control or Alt
  or Function?" said Sgt. Don DeMers.

A) Single-tasking. Recall the Star Trek spoof when Data can't shoot back
   because his console has a rotating hourglass as he raises shields....?
B) Non-intuitive.
C) Too much data for the audience.
D) No consultation with end-users. "We know what's best for you.."

Now I'll grant cops can be tough crowd for technology; I recall decades ago
explaining to several, in slow detail, how you adjusted the squelch control,
and yes, it DOES matter if you put the mike up to your mouth. [Several would
leave it on the dash and just yell...]

But the vendor should KNOW that.

PS: As for Sgt. DeMers, maybe Mr. Clippy will show up and help him out....

Texas officials wary of plan to hunt by Internet

Wed, 17 Nov 2004 15:44:47 +0000

This just strikes me as having a risk:

Hunters soon may be able to sit at their computers and blast away at animals
on a Texas ranch via the Internet, a prospect that has state wildlife
officials up in arms.  A controversial Web site,,
already offers target practice with a .22 caliber rifle and could soon let
hunters shoot at deer, antelope and wild pigs, site creator John Underwood
said on Tuesday.  Texas officials are not quite sure what to make of
Underwood's Web site, but may tweak existing laws to make sure Internet
hunting does not get out of hand.
  [Excerpted from Jeff Franks, Reuters, 17 Nov 2004]

  [Guncams instead of webcams as the next rage?  AG]

    [Don't forget the Internet Web-enabled Thai robot that
    could aim and fire a gun (RISKS-21.02).  PGN]

Whites Only websites?

<Dan Jacobson <>>
Fri, 19 Nov 2004 01:20:33 +0800

First it was blocking e-mail from countries one never expects to get mail
from (even though one unwittingly sends mail to there, expecting
replies). Now some websites don't even allow browsers from lesser countries
to connect.  "Who from there would need to read our website?  They're all
just spam bots."  So next time you go abroad, you might find yourself locked
out of familiar websites, and not just during elections, e.g.,

Re: Battlefield Robotics are risk to the world (Kuenning, RISKS-23.59)

< (Edward G. Nilges)>
12 Nov 2004 23:01:10 -0800

No, I don't think the brass hats should read old SF. They'd curl up with
Heinlein and the next thing you know, hard service in Iraq would be a
prerequisite for citizenship. They'd read the first chapter of Ursula
LeGuin's The Left Hand of Darkness and throw up at the very idea of people
changing their sex.

I'd recommend the Cambridge History of Iraq, instead, because therein one
reads of British redcoats, roaring about the desert in the exact same way as
us, in 1921, egged on by lunatics including T. E. Lawrence and Gertrude

An analysis of what it means to be "responsible" for a software system is
needed, including the ways in which digital systems designers have
historically limited their liability.

It would show that no bright line can be drawn between "my responsibility"
and "someone else's".

A simple example from the history of ordinary software illustrates.  When I
started coding, my boss of course had me do a lot of maintenance in addition
to development, and I was shocked to see that the older programmers' code
had all sorts of bugs causable by invalid input. I extended my own boundary
and that of the legacy code by adding error checks, thereby gaining a
reputation in some jobs as an ivory tower theorist, or something, despite
the fact that error checking is grubby praxis, and not theory.

I believe that the Bush administration wants power without responsibility,
and in software this has been the typical administrative/MIS gesture of
authorizing the development of crud.

In dark moments I wonder if the whole purpose of software is not rhetorical
and not logical, to manufacture a post-Enlightenment consent which
necessarily contains the memory of Enlightenment.

Military standards, of course, are much higher, as shown in the Ada
language. But the very precision of the process draws a bright line around
responsibilities which have in the past, excluded military responsibility
for "legacy code" in the form of land-mines and unexploded ordnance.

And as a confirmed civilian, watching Marines fire over Najulla's walls
exactly as they were filmed at the Citadel in 1968, I find it hard to
believe that they are worried about the existing laws of war, or will pick
up after themselves when the battle is over, if it ever is.

We may discover that one's responsibility extends so far in fact and in
ethics that the only RATIONAL response is an end to war. Gee, how about

Increasing sophistication of phishing spammers

<Dan Wallach <>>
Tue, 23 Nov 2004 10:08:28 -0600

I recently received a spam message claiming to be a response, forwarded to
me via eBay, in regards to an item I was auctioning.  Of course, I have no
auction going on eBay, making it obviously fake.  The message was an HTML
message and included numerous in-lined images from,
helping make the message appear more real.  A link at the bottom, attacked
to a "Respond Now" button (which users might presumably click to helpfully
say "you got the wrong person") takes you to an IP address that has nothing
to do with eBay and which feeds you a recent JavaScript exploit against
Internet Explorer.  That JavaScript appears to be in Unicode (making it
annoying to look at with Emacs), and further contains a hex-encoded message
which is decoded with JavaScript's "unescape" operator.  The exploit is
designed for Internet Explorer, but caused Firefox 1.0 to wedge.  I had to
restart it.

This particular spam seems intended to take over machines, presumably for
zombie purposes.  I've gotten other spams that similarly inlined "real"
images to lure unsuspecting users toward credit card information phishing

Issue #1: eBay and similar companies should eliminate these public servers
that serve up static images for e-mail and should pay attention to referrer
information to refuse images being sent to pages other than their own.  Make
the spammers work harder to make their pages look "real".  They'd either
need to set up their own static image servers, or they'd need to embed the
images in the spams as MIME attachments, making the spam larger and reducing
the number of spams they can send with a given amount of bandwidth.

Issue #2: I get plenty of legitimate e-mail from companies with which I do
business, such as my preferred airline, car rental, and credit card vendors.
All of them have my e-mail address and occasionally have real reason to send
me messages (e.g., I like getting an e-mail copy of my travel itinerary).
Even those companies, however, occasionally send me "promotional" messages
and such, even though I always go out of my way to select the "don't e-mail
me" option.  As long as we're using e-mail for business purposes (either in
response to actual business, like when I reserve a plane ticket, or
"promotional"), then we're going to have spam that imitates this legitimate
mail.  Probably the only true answer is for eBay, my credit card company,
and all of these other vendors to start digitally signing their mail.
S/MIME has been integrated in modern e-mail systems since 1996 or 1997.
It's time for these firms to use it.

Scott Sagan: The Problem of Redundancy Problem

<"Peter G. Neumann" <>>
Thu, 18 Nov 2004 20:46:44 PST

Scott Sagan has written a fascinating article entitled
  The Problem of Redundancy Problem: Why More Nuclear
  Security Forces May Produce Less Nuclear Security,
which appears in the current issue of *Risk Analysis*.
This article is quite provocative, and also illustrative of the profound
difficulties we have in designing trustworthy organizations to manage highly
dangerous technologies.

After a little browsing, I found this paper noted on his Web site at
Scott has long been studying and writing about risks-related issues
that transcend the scope of what normally appears in RISKS.

  Scott D. Sagan, Professor of Political Science
  Co-Director, Center for International Security and Cooperation (CISAC)
  Stanford Institute for International Studies, Encina Hall
  616 Serra Street, Stanford University, Stanford, CA 94305-6165
  (650-725-2715) phone

REVIEW: "WarDriving: Drive, Detect, Defend", Hurley/Thornton/Puchol

<Rob Slade <>>
Thu, 11 Nov 2004 10:31:44 -0800

BKWARDRV.RVW   20040823

"WarDriving: Drive, Detect, Defend", Chris Hurley/Frank
Thornton/Michael Puchol, 2004, 1-931836-03-5, U$49.95/C$69.95
%A   Chris Hurley
%A   Frank Thornton
%A   Michael Puchol
%C   800 Hingham Street, Rockland, MA   02370
%D   2004
%G   1-931836-03-5
%I   Syngress Media, Inc.
%O   U$49.95/C$69.95 781-681-5151 fax: 781-681-3585
%P   495 p.
%T   "WarDriving: Drive, Detect, Defend"

Chapter one is an introduction to the concept, with a discussion of required
components, and the relevant characteristics thereof.  Installing
NetStumbler is described in chapter two, with operating instructions in
three (which also repeats some of the earlier advice on component choice).
Kismet installation is detailed for Slackware in chapter four, Fedora in
five, and the operations are listed in six.  Screenshots of using
StumbVerter (and Microsoft MapPoint) or DiGLE to produce maps with the data
previously obtained are shown in chapter seven.

Chapter eight describes, in detail, how to organize your own wardriving
contest (including an eight page Perl script for scoring results).  Simple
means of attacking and connecting to wireless networks are given in chapter
nine.  Screenshots of dialogue boxes for enabling basic security features on
the major wireless routers are listed in chapter ten.  Some features
providing more advanced security are discussed in chapter eleven.

The material provided in the book is clear, and will provide you with enough
information to start wardriving and connecting to other networks.  The
content is fairly rudimentary, though, without the background information of
a work like "Wireless Hacks" (cf. BKWLSHCK.RVW), by Rob Flickenger, which
would allow the reader to go further in both understanding the technology
and defending wireless networks.

copyright Robert M. Slade, 2004   BKWARDRV.RVW   20040823    or

Computers, Freedom & Privacy Conference 2005, Call for Proposals

<Bruce R Koball <>>
Sun, 14 Nov 2004 19:29:16 -0800 (PST)

  12-15 Apr 2005, Westin Hotel, Seattle, WA

The 15th annual conference on Computers, Freedom & Privacy takes place
from Wednesday 12 Apr to Friday 15 Apr 2005, in Seattle, Washington.
The Program Committee is now accepting proposals for conference sessions and
speakers for CFP2005. The deadline for submissions is 31 Dec 2004.

CFP serves as an internationally recognized forum for the members of the
technical, government, hacker, legal, business, education, media,
cyber-rights, and non-profit communities to address cutting edge technical,
business, legal and cultural issues. Programs, topics, and speakers from
prior years' CFP conferences can be found at:

The CFP2005 Program Committee welcomes proposals on all aspects of
technology, freedom and privacy.  We are particularly interested in
receiving proposals that ask the hard questions about privacy and freedom in
emerging surveillance societies, and challenging those assumptions.  For
example, how much surveillance is too much?  When does surveillance cease
making us more secure and begin to change the fabric of society?

The theme of the 15th CFP is "Panopticon 2005." Over time, and particularly
recently, surveillance of ordinary citizens has increased to dramatic
levels.  Not only are governments watching more aspects of their citizens'
lives, but those in the private sector are increasing surveillance of people
as well. Often lost in the race to "increase intelligence" are discussions
about different approaches to address problems like the threat of terrorism
that are equally or more effective, but do not involve extensive and
constant surveillance.

Other areas of interest include:

1. domestic and international travel issues
2. communications surveillance
3. children and young adults growing up in a surveillance society
4. social networking
5. the flourishing of free speech (i.e. blogging) in spite of increased
6. RFIDs and other emerging technologies
7. Intellectual property issues

All submissions must be received by 31 Dec 2004.  Complete submission
instructions appear on the CFP2005 Web site:

Please report problems with the web pages to the maintainer