The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 23 Issue 62

Tuesday 21 December 2004


Flaw in Google's New Desktop Search Program
John Markoff via Jim Schindler
A chess-playing "bankomat"
Lothar Kimmeringer
GPS Shutdown "during national crisis"
Jim Youll
Atom 'Smasher'
French motorist obeys GPS navigation, makes U-turn into traffic
Peter G Capek
Colorado welfare system computer problems
Mike A
Automated medication worse than the disease?
Strange S&P numbers
Dawn Cohen
Judge slams spammers with $1-billion judgment
Unintended effects of RFID devices
Paul Wallich
Medical records-sharing in Massachusetts
Satellite TV broadcast pirated
Erling Kristiansen
Live television banner hacked
Matthew Schie
ATM spits out Canadian Tire "money"
Paul Schreiber
New browser vulnerability targets non-IE models, too
Re: When e-commerce and poor translation meet... terrorism?
Ulf Lindqvist
Re: Is Windows up to snuff for running our world?
Ben Galehouse
Re: More on the electoral process
D.F. Manno
Screensaver tackles spam websites
Amos Shapir
Freeze on anti-spam campaign
Amos Shapir
Re: ACM Needs Your Feedback
James Garrison
Increasing sophistication of phishing spammers
Jonathan de Boyne Pollard
Dan Wallach
Info on RISKS (comp.risks)

Flaw in Google's New Desktop Search Program

<"Jim Schindler" <>>
Mon, 20 Dec 2004 00:25:13 -0800

John Markoff, Rice University Computer Scientists Find a Flaw in Google's
New Desktop Search Program, *The New York Times*, 20 Dec 2004 [PGN-ed]

Prof. Dan Wallach and two of his students at Rice University discovered a
potentially serious security flaw in the desktop search tool for personal
computers that was recently distributed by Google.  The flaw could permit an
attacker to secretly search the contents of a personal computer via the
Internet, and is referred to as a composition flaw -- a security weakness
that emerges when separate components interact.  Dan Wallach said, "When you
put them together, out jumps a security flaw.  These are subtle problems,
and it takes a lot of experience to ferret out this kind of flaw."

A chess-playing "bankomat"

<Lothar Kimmeringer <>>
Wed, 08 Dec 2004 21:24:44 +0100

In German banks you find more and more machines, where you can check your
account's balance and do money-transfers. To be able to do this, there is a
keyboard available instead of the 11+4 keys for the standard-cash-points.

It seems that the program running on these machines is a simple window and
that it's possible to get the underlying "desktop" with "clicking" (the
screen is a touchscreen) onto the corresponding place where the
minimize-icon resides. Thanks to the available keyboard it's possible to do
everything you're used to do with every other computer with a shell.

Somebody took the opportunity to play a little bit around with these
machines and documented everything with a digital camera.

The pictures can be watched at
where the machine ends with a game of chess against itself running
instead of the application originally intended to be run on it.

Lothar Kimmeringer                E-Mail:

GPS Shutdown "during national crisis"

<Jim Youll <>>
Thu, 16 Dec 2004 10:51:29 -0500

Just consider how much of our world now relies on GPS for ordinary
day-to-day operation... what if it just "went away" during a time of crisis?

The EU has been planning its own version of GPS called Galileo...  progress
was hampered for years by all sorts of bickering, but the project recently
announced that deployment would happen by 2006. The threat of a US GPS
shutdown may motivate that project, but Galileo is already bound up in
agreements with the Americans and would probably be turned off as well in
cooperation, via NATO, on American orders... all this so "terrorists"
can't... I'm not sure what terrorists do with GPS that they can't do without

On the bright side, I guess times of national crisis will also be free days
on the GPS-metered toll roads now being tested in Oregon and elsewhere.

This seems like a great example of the sort of "solution" that turns a
regular-size crisis into an impressively crippling crisis. I don't
understand why reinstating Selective Availability isn't considered an option
this time.  [It dumbs down the accuracy, and was stopped by President
Clinton in 2000.  PGN]

  President Bush has ordered plans for temporarily disabling the U.S.
  network of global positioning satellites during a national crisis to
  prevent terrorists from using the navigational technology.  He also
  instructed the Defense Department to develop plans to disable, in certain
  areas, an enemy's access to the U.S. navigational satellites and to
  similar systems operated by others. The European Union is developing a
  $4.8 billion program, called Galileo.

  The military increasingly uses GPS technology to move troops across large
  areas and direct bombs and missiles. Any government-ordered shutdown or
  jamming of the GPS satellites would be done in ways to limit disruptions
  to navigation and related systems outside the affected area, the White
  House said.

  [Source: Ted Bridis, Bush prepares for possible shutdown of GPS network in
  national crisis The Associated Press, 15 Dec 2004, excerpted]

GPS Shutdown "during national crisis"

<"Atom 'Smasher'" <>>
Mon, 20 Dec 2004 01:59:12 -0500 (EST)

Great... if there's another 9/11, they can turn off GPS so the "terrorists"
can't use the system. of course, if there's another 9/11, the terrorists
will be dead before we know what happened. that will leave police, fire,
rescue, 911, red cross, air traffic, media, utility workers, etc all left
without their bearings, since they rely heavily on consumer-grade GPS
receivers. this is just brilliant.

But why stop there? how about turning off all cell phones, land-lines,
Internet connections, electricity and water? we don't want terrorists to be
aided by any of these things immediately following an attack.  [...]

French motorist obeys GPS navigation, makes U-turn into traffic

<Peter G Capek <>>
Fri, 3 Dec 2004 08:28:32 -0500

A 78-year-old driver, on a 130 km/h road near Nancy, and not realizing the
limitations of the navigation system, turned around when instructed to do
so.  He and the occupants of the car he collided with were, amazingly,
unhurt.  Police said this wasn't the first such incident they'd experienced.

[Source: News Interactive at,4057,11553850%255E15306,00.html

Peter G. Capek, IBM Thomas J. Watson Research Center,
Yorktown Heights, NY 10598-0218  (+1 914) 945-1250

  [Maybe that's a reason why GPS should be turned off?  PGN]

Colorado welfare system computer problems

<mikea <>>
Wed, 8 Dec 2004 14:20:47 -0600

On the National Public Radio program "Morning Edition" this morning, a story
by Elaine Korry on how, "Due to a crashed computer network, Colorado is
unable to distribute Medicaid and welfare benefits this holiday season. Food
banks are picking-up the slack."

According to the story, numerous benefit applications are still waiting to
be processed after the Federally-mandated 30 day processing deadline, and
food banks are serving unprecedented numbers of households: one food bank
served 157 in one day, where their typical _monthly_ load has been about

Automated medication worse than the disease?

<"NewsScan" <>>
Tue, 21 Dec 2004 07:57:23 -0700

A report from U.S. Pharmacopeia (USP), a nonprofit group that sets standards
for the drug industry, says that as more hospitals have implemented
automated systems for administering drugs the number of errors associated
with them has risen. USP vice president Diane Cousins says, "It would seem
logical that applying computer technology to the medication use process
would have a significant positive impact in preventing medication
errors. Yet, depending on the computer's design or user competence, new
points of potential errors can emerge." Kenneth Kizer of the National
Quality Forum agrees with Cousins: "Technology offers great opportunity to
reduce errors, but it's not a panacea. You can't just throw a computerized
system in and expect that everything's fixed. It has to be done right. The
technology is only as good as the people who use it."  [*The Washington
Post*, 20 Dec 2004; NewsScan Daily, 21 Dec 2004]

Strange S&P numbers

<"Cohen, Dawn" <>>
Tue, 21 Dec 2004 17:11:13 -0500

I just checked Yahoo's finance website and was rather surprised to learn
that the S&P had fallen nearly 870 points today.  I thought perhaps it was a
Yahoo issue, but I also checked the Fidelity web site and found the same
numbers.  So either a very strange anomaly has occurred causing S&P to lose
73% of its value while the Dow and Nasdaq gained 1% OR something's gone
funny in some database or application that reports S&P numbers.

I have screen shots.

I'm a RISKS reader.  I'm voting for database corruption or data entry issue.

Judge slams spammers with $1-billion judgment

<"NewsScan" <>>
Mon, 20 Dec 2004 11:47:08 -0700

A federal judge in Iowa has awarded a small ISP more than $1 billion in
damages in what's believed to be the largest judgment ever against
spammers. The case was brought by Robert Kramer, whose company provides
e-mail service to about 5,000 customers, and who filed suit after his
inbound mail servers were jammed with as many as 10 million spam-mails a day
in 2000. Citing federal racketeering laws (RICO) and the Iowa Ongoing
Criminal Conduct Act, U.S. District Judge Charles R. Wolle ordered AMP
Dollar Savings of Mesa, Ariz., to pay $720 million; Cash Link Systems of
Miami, Fla., $360 million; and TEI Marketing Group, also of Florida,
$140,000. "It's definitely a victory for all of us that open up our e-mail
and find lewd and malicious and fraudulent e-mail in our boxes every day,"
said Kramer, who is unlikely to ever collect on the judgments.  [AP/*Wall
Street Journal*, 20 Dec 2004; NewsScan Daily, 20 Dec 2004],,SB110349923676804327,00.html (sub req'd)

Unintended effects of RFID devices

<Paul Wallich <>>
Tue, 07 Dec 2004 20:41:48 -0500

(or has this been done already?)

As anyone who has recently become a parent knows, hospitals are very serious
about making sure that no one leaves the premises with a baby not their
own. RFID anklets on the infant, combined with RFID scanners and existing
magnetic locks on maternity-ward doors seem like a good idea: chipped
infants can't leave, and only Authorized Personnel can remove the chips.

RFID is no respecter of walls, so a strategically placed baby in the nursery
can effectively lock down the maternity-ward exit until someone figures out
why the doors aren't opening -- which could be anywhere from a few minutes
to an hour or more. In a real emergency, the magnetic locks of course fail
open, but there are plenty of other urgent situations where not being able
to open the maternity-department doors (and not knowing why) could
complicate hospital operations significantly.

This isn't exactly an unintended effect, since the system is operating
exactly as intended (baby within range of RFID door scanner yields
non-opening door), but rather an imprecise specification ("within range"
doesn't mean what the implementors thought it meant). As RFID-based security
becomes more commmon, it will be interesting to see just how many more such
snafus crop up.

Medical records-sharing in Massachusetts

<"NewsScan" <>>
Tue, 07 Dec 2004 08:31:37 -0700

If a new Massachusetts "eHealth" pilot project is successful, physicians in
that state will be able to access patients' records from any hospital or
clinic by computer.  Gov. Mitt Romney says that switching from paper records
to easily shared electronic records could save the state millions of dollars
while improving patient safety and quality of care. He has given assurances
that the system will have strict controls to allow patients to control who
sees their records.  [AP/*Los Angeles Times*, 7 Dec 2004; NewsScan Daily, 7
Dec 2004],1,1268455.story?coll=sns-ap-toptechnology,1,1268455.story

Satellite TV broadcast pirated

<Erling Kristiansen <>>
Tue, 21 Dec 2004 21:12:27 +0100

According to *Space News*, 29 Nov 2004, a TV broadcast via the AsiaSat
satellite was pirated for 4 hours on 20 Nov.  A broadcast targeted at
mainland China was superseded by an unknown source transmitting a signal
with higher power than the legitimate programme towards the satellite
transponder, thus replacing the intended programme . The pirate broadcast
concerned the Falon Gong spiritual organization that is outlawed in China.

The source of the pirate signal is unknown, but is believed to originate in
Taiwan. (Is this a political or a technical assessment??)

Calculations by AsiaSat suggest that the signal could be generated by a 250
Watt transmitter on a 4.5-meter dish, or 100 Watt on a 7-meter dish.  Such
capabilities are quite standard in medium-sized Earth stations.

AsiaSat eventually decided to switch off the transponder for some hours.
The pirate signal was gone when the transponder was re-started.

This event underscores the vulnerability of, in this case, satellite TV
broadcast. But similar attacks could be launched on many other types of
(satcom) services. The equipment needed is commercially available and within
financial reach of even rather small organizations. The attack can be
launched from anywhere within the footprint of the satellite which, in most
cases, includes neighbouring countries, some of which may be less than

At least with bent-pipe satellites ("dumb" transponders that receive and
re-broadcast anything within their frequency band), the most common
technology today, very few defenses exist against such attacks. Also,
locating the perpetrator is difficult since the signal is transmitted
upwards in a highly directive beam and therefore is undetectable at ground
level unless you are very close to the transmitter.

Qinetic of Britain claim to have a method to determine the position of a
transmitting station by comparing the signal with weaker copies of the same
signal transponded through nearby satellites. Little detail of their satID
system is given in the article.

Live television banner hacked

<Matthew Schie>
Tue, 30 Nov 2004 12:34:26 -0500 (EST)

A television station in Raleigh, North Carolina (U.S.A.) created a Web
interface so local businesses could submit closure information during
inclement weather.  Although participants had to register and receive human
approval, there was apparently no further review of the submissions before
they appeared on-air.  Judging from the screenshots the hack went on for
many hours before being discovered.


ATM spits out Canadian Tire "money"

<Paul Schreiber <>>
Thu, 2 Dec 2004 10:43:29 -0800

[For the non-Canadians out there, an intro to Canadian Tire money:]

A CIBC cash machine at a mall near Moncton, New Brunswick, Canada dispensed
an assortment of 11 Canadian Tire bills in denominations ranging from 10
cents to $2 instead of legitimate Canadian cash.  The bogus cash reportedly
must have originated from business customers.  [Source: CBC.CA, 2 Dec 2004]

New browser vulnerability targets non-IE models, too

<"NewsScan" <>>
Tue, 30 Nov 2004 09:06:22 -0700

Since its debut, Microsoft's Internet Explorer browser has been plagued by a
steady stream of "flaw discovery" announcements followed by the requisite
patches. Usually those flaws are exclusive to the Microsoft model, but a new
vulnerability also affects the Mozilla Browser, Mozilla Firefox, Opera and
Apple Safari browsers. This latest bug, called the Infinite Array Sort
Denial of Service Vulnerability, causes the affected browsers to execute an
infinite JavaScript array sort, which in turn causes a crash.  The flaw was
discovered by independent security researcher Berend-Jan Wever, who also
uncovered the IFRAME vulnerability that affects banner ads.
[*InternetNews*, 29 Nov 2004; NewsScan Daily, 30 Nov 2004]

Re: When e-commerce and poor translation meet... terrorism?

<Ulf Lindqvist <>>
Thu, 9 Dec 2004 09:15:48 -0800 (PST)
  (Harry Neumann, RISKS-23.61)

I pasted the German version into three free translator sites:
Google Language Tools
Altavista Babelfish
Freetranslator <>

Google gives the same English version as the one Harry Neumann had noted, so
that is probably what was used. Altavista's result is just as weird except
for "Vatican city", while Freetranslator seems to do a much better job
(although not perfect).

> (Why other place names were not subjected to this treatment
> remains a mystery).

It seems like some of them were:
  Isle of Man -> Isle of one
  Jersey -> jersey (lower case indicates clothing, not island or cow)

Ulf Lindqvist, Computer Science Laboratory, SRI International

Re: Is Windows up to snuff for running our world?

<Ben Galehouse <>>
Wed, 8 Dec 2004 23:37:16 -0500

I have always assumed that the tendency to use Windows for everything stems
from a perception that development is less expensive for the more standard
systems. This perception might even be correct. However, I'm not sure I'd
want a programmer who couldn't learn a new environment writing a glass
cockpit, and I have seen Windows based glass cockpits advertised.

Recently, several people have mentioned using OS X, and now other BSD
derivatives for special purpose turnkey systems such as ATMs. The basic
quality might be higher, but these general purpose projects still spend a
lot of time developing and adding features irrelevant here. It seems to me
that the QNX and its competitors are meant for such applications and would
have serious advantages. I'd especially expect more stability and better
long term support.

Re: More on the electoral process

<"D.F. Manno" <>>
Thu, 09 Dec 2004 20:44:23 -0500

In Risks Digest 23.61, "J.E. Cripps" <> wrote:

> If someone can't find those few minutes over a two year period, then fine,
> keep them out of the voting booth.

I don't know about your neck of the woods, but here in Pennsylvania, USA, we
have elections in April and November of every year. I don't think six months
is sufficient time to overhaul the electoral process in the way you suggest.

By the way, your suggestion would disenfranchise me. Since I'm disabled and
homebound, I would be unable to present my birth certificate in person at
the office of the Board of Elections.

Screensaver tackles spam websites

<"Amos Shapir" <>>
Tue, 30 Nov 2004 11:38:15 +0200

I found the following on the BBC's site.  The RISK here is, of course, did
Lycos take care of all the (mainly legal) aspects of such a sponsored DoS
attack against spammers?  Knowing how spammers work, they would either find
a way to make someone else pay for their increased bandwidth, or sue Lycos
for lost revenues (or both).  After all, the targeted sites are probably
quite legal, and it may be easier to associate the attacking screensavers
with Lycos, than to associate the targeted sites with the spam that
advertises them.

A screensaver targeting spam-related websites could help drive spammers out
of business.
Full story:

Freeze on anti-spam campaign

<"Amos Shapir" <>>
Sat, 04 Dec 2004 11:54:50 +0200

It seems that what I had predicted just 2 days ago has already happened;
again from the BBC's site:

A controversial anti-spam campaign by Lycos Europe appears to have been put
on hold.
Full story:

Re: ACM Needs Your Feedback

<James Garrison <>>
Tue, 07 Dec 2004 14:53:56 -0600

I received the following today.  My response is below. wrote:
> Dear ACM Member,
> We are redesigning parts of the website to make it more
> member-friendly, informative, and easily navigable, and we would like your
> assistance in this effort.
> You can help us by taking a moment to complete our ACM website survey
> located at:
> The survey should take no more than 10 minutes to complete, and your
> answers will be kept confidential and considered only in aggregate
> form. Your participation will help us to identify ACM's most valuable
> content and functionality, and at a later time, you will also have the
> opportunity to provide feedback on actual suggested website redesigns.

Are you aware that this request is indistinguishable from a phishing scam?
The link you provide is NOT within the domain, and the message is
not authenticated (i.e., in PGP-signed).  My guess is it's probably
legitimate, but you are contributing to the problem by not making it
possible for recipients to unambiguously distinguish this from phishing.  I
continue to be extremely disappointed by ACM's apparent ivory-tower
unawareness of what actually goes on in the real world.

Increasing sophistication of phishing spammers (Wallach, RISKS 23.60)

<Jonathan de Boyne Pollard <J.deBoynePollard@Tesco.NET>>
Wed, 01 Dec 2004 12:42:50 GMT

W> eBay and similar companies should eliminate these public
W> servers that serve up static images for e-mail and should pay
W> attention to referrer information to refuse images being sent to
W> pages other than their own.

Checking referrer headers at the content HTTP server is not necessarily the
wisest course of action.  It is easy to do wrongly, has maintenance problems
for the publisher, and is conceptually shaky as well.  And it isn't
addressing the issue actually at hand, in any event.  The far better way to
address the issue at hand is one that many people have been advocating for
quite some time now, for this and other reasons: ensure that all MUAs are
designed *not to automatically fetch external content* when displaying
messages (with body parts of any sort, not just "text/html", moreover).

The RISK?  Thinking that RFC 2017 is a good idea.  (-:

I'm not aware of anything as detailed as the GNKSoA and the GNKSoA:MUA for
web browsers and HTML display engines, but were there one, one of my
suggestions for inclusion in it, that pertains here, would be the display of
(CIS) URLs broken-down into their component pieces, preventing the confusion
between domain parts and usernames that is often also exploited by these
electronic mail scams.

W> Probably the only true answer is for eBay, my credit card company,
W> and all of these other vendors to start digitally signing their mail.

It is interesting to note how many of these same companies make a point of
noting that they provide end-to-end validation when one is accessing
their web sites (For the case of eBay, for example, see
and yet fail to do the same thing for their electronic mail communications.

However, one should always bear in mind that the architecture of SMTP-based
Internet electronic mail is the architecture of paper mail.  The former is
simply, and solely, cheaper ("There are fewer electrons in an electronic
mail message than in a sheet of paper.  So it's cheaper by weight."),
allowing the architectural flaws to be revealed more readily.  Digital
signatures *are* the tool for determining whether a message came from whom
it purports to have come from.  However, look at paper mail and consider:
When you last received a paper communication from such a company, was it on
mass-printed stationery with a computer-printed copy of someone's signature
at the end?  How did you know that that was the correct signature?  What
steps did you take to validate it?  Do you even know what the person's
correct signature is supposed to look like?  When you next contacted the
company, did you use the contact information (telephone number, et al.)
supplied at the bottom of such a letter?  When you telephoned the company's
customer account line using the telephone number from the letter, did you
supply your account number and password to the complete stranger on the
other end of the line?

Re: Increasing sophistication of phishing spammers (RISKS-23.60)

<Dan Wallach <>>
Mon, 29 Nov 2004 20:15:57 -0600

> JIM HORNING responded: I also suspect that we are probably going to have
> to give up the use of html in e-mail.

I seem to get an awful lot of legitimate HTML e-mail.  I don't think that
HTML is the problem.  My hope is that some of the "low hanging fruit" (e.g.,
servers like can be fixed, at least increasing the
marginal cost of business for spammers.  These guys are all about thin
marginal profits multiplied by huge numbers of messages.  If you can make
those messages even a little more expensive, you hurt the spammers.

Please report problems with the web pages to the maintainer