The RISKS Digest
Volume 25 Issue 22

Tuesday, 8th July 2008

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


InciWeb map coordinate errors for California fire
Henry Baker
Oyster and Mifare cracked: NXP sues to silence Oyster researchers
Free Berlin subway rides
Debora Weber-Wulff
Citibank ATM breach reveals PIN security problems
Jordan Robertson
Web-based SSH key generation with escrow
Tina Bird
ComCast in Concrete?
Robert P Schaefer
State Dept: Celebrity passport files viewed repeatedly -
California's Super-Stupid Anti-Science Cell Phone Law Takes Effect
Lauren Weinstein
Re: HTML comments reveal corporate weakness
Ivor Hewitt
Re: Approval voting and sincerity
Andrew Koenig
Dag-Erling Smørgrav
REVIEW: "The dotCrime Manifesto", Phillip Hallam-Baker
Rob Slade
Info on RISKS (comp.risks)

Map coordinate errors for California fire

<Henry Baker <>>
Thu, 03 Jul 2008 09:11:01 -0700

InciWeb is (apparently incorrectly) reporting the location of the "Gap" fire
as 34.487 latitude, -119.783 longitude:

This places the fire almost on Highway 154, and a number of miles away from
the description of the fire location as "The Gap Fire started at
approximately 5:45p.m. on July 1 in the West Camino Cielo area, 4 miles west
of State Highway 154 in Los Padres National Forest".

Google/Keyhole has the more-or-less correct location as 34°30'1.34"N,
119°51'26.50"W (=N34.50036 W119.85736), which places it very near West
Camino Cielo, as reported.

I would be willing to bet that this discrepancy is caused by conversion
among the plethora of different latitude/longitude formats, some having
decimal degrees, some having integral degrees and decimal minutes, and some
having integral degrees and minutes, but decimal seconds.  Unfortunately, I
can't figure out which conversion reproduces this error.

Needless to say, an incorrect location for a major fire can cause
significant problems.

Oyster and Mifare cracked: NXP sues to silence Oyster researchers

<"Peter G. Neumann" <>>
Tue, 8 Jul 2008 5:56:07 PDT

[Source: *The Register*, 8 Jul 2008; PGN-ed]

Researchers at Nijmegen's Radboud University have evidently cracked and
cloned London's Oyster travel card, after previously having had similar
success with the Dutch MIFARE travel card (which is supposed to replace
paper tickets on all trams, buses, and trains in The Netherlands).

The Dutch researchers are planning to publish their scientific paper,
Dismantling MIFARE Classic, in October at Esorics, in Spain.  The paper
extends a preliminary report.

The dichotomy between belief in security by obscurity and flawed systems

Free Berlin subway rides

<Debora Weber-Wulff <>>
Mon, 07 Jul 2008 20:50:55 +0200

Berlin newspapers report that on 1 Jul 2008 it was not possible to buy a
subway ticket during the morning rush hour.

More than 600 of the 700 ticket machines refused to work after they were
updated from a central server overnight. An unnamed Swiss company was
updating the database (probably for fare calculation) when the machines
began failing. It took until 1 pm for the error to be fixed on all machines.

In the meantime, security people walked around encouraging people to just
get on the trains. The ticket checkers (who travel undercover and announce
ticket controls just after the doors close) were pulled from the subway and
put on bus and tram duty.

The BVG won't say how much income it lost in the incident, but they do state
that only a very few people complained about having to ride for free.
[These were probably people with passes who could not take advantage of a
free ride. — dww]

Debora Weber-Wulff, FHTW Berlin, Internationale Medieninformatik,Treskowallee
8, 10313 Berlin +49-30-5019-2320

Citibank ATM breach reveals PIN security problems

<"Peter G. Neumann" <>>
Wed, 2 Jul 2008 12:50:09 PDT

Hackers broke into Citibank's network of ATMs inside 7-Eleven stores and
stole customers' PIN codes, according to recent court filings that revealed
a disturbing security hole in the most sensitive part of a banking record.
Hackers are targeting the ATM system's infrastructure, which is increasingly
built on Microsoft's Windows operating system and allows machines to be
remotely diagnosed and repaired over the Internet.  despite industry
standards that call for protecting PINs with strong encryption — which
means encoding them to cloak them to outsiders — some ATM operators
apparently aren't properly doing that. The PINs seem to be leaking while in
transit between the ATMs and the computers that process the transactions.
[Source: Jordan Robertson, Associated Press, 2 Jul 2008; PGN-ed]

Full story here:

Web-based SSH key generation with escrow

<Tina Bird <>>
Sun, 29 Jun 2008 12:58:02 -0500

Risks are left as an exercise to the reader...
  [This one requires little explanation  by your moderator.  PGN]

ComCast in Concrete?

<"Schaefer, Robert P \(US SSA\)" <>>
Mon, 7 Jul 2008 10:42:27 -0400

This happened to me over the holiday weekend...

On 3 Jul 2008, approximately 9PM, my son detected that our desk PC (windows
98) was no longer able to access the Internet through the cable modem. I
started diagnosing the problem midday July 5. Resetting the cable box and
the computer several times did not help, neither did running
ipconfig/release ipconfig/renew at the command prompt. The error that
ipconfig returned was "DHCP Client refused". I phoned the Comcast 800
number, and after several resets at both ends with no success Comcast
revealed that they refused to support the Firefox browser. On that same
phone session I then attached a laptop running XP and Explorer to the cable
modem and successfully reconnected to the Internet.

I went back to the first computer and the Internet still did not connect. It
appears that Comcast not only does not support Firefox but can now detect
either Firefox or Win98 (which together form an ambiguity group) and refuse
to connect. The Win98 PC was initially also connected to a Lynksys wireless
router so I could connect to the Internet from the laptop anywhere in the
house. I connected the cable modem directly to the wireless router and
disconnected the laptop, I discovered that I could no longer connect to the
Internet through the wireless although the laptop saw full signal strength.

To recap: Win98 no, XP yes, direct cable yes, cable plus wireless, no.

I phoned Comcast a second time and learned that Comcast did not support the
Lynksys wireless router but they immediately and cheerfully without my
prompting provided the 800 number for Lynksys. The call to Lynksys revealed
that my wireless router was out of warranty, but for only $29.95..., I said
thank you and hung up. I phoned Comcast a third time and asked which
particular wireless router they did support, their answer was
"none". Luckily for me, I had an extra wireless router, Belkin, that I had
bought when I had to re-install the Lynksys but thought I had lost the
installation disk (and couldn't get any help from their website - Of course
the Lynksys installation disk turned up after I had bought its replacement.)
Anyway, I installed the Belkin and was good to go. Later, using a second
desktop with XP, Firefox, and a wireless modem I was also able to connect to
the Internet. That experiment adjusts the probability on the ambiguity group
(Win98 or Firefox) to point to either Win98 or now the Firefox "version". I
only just now in writing this realize that I could also have tried
re-reconfiguring the Lynksys again through the laptop, but it had worked
before, and the laptop did see full signal strength, so probably something
else was going on.

To sum up, the implication is that at the same instant that Comcast chose to
refuse to work with Firefox browsers on Win98 machines they also were
(allegedly) in collusion with Lynksys to obsolete a model of wireless
router, all scheduled to occur just in time for the July 4th holiday.  Two
hours of my life as an unpaid system administrator for my home computers I
will never get back.

  [Subject line retitled by PGN.]

State Dept: Celebrity passport files viewed repeatedly -

<"Peter G. Neumann" <>>
Fri, 4 Jul 2008 8:22:20 PDT

  [Thanks to Gene Spafford]

California's Super-Stupid Anti-Science Cell Phone Law Takes Effect

<Lauren Weinstein <>>
Tue, 1 Jul 2008 13:26:56 -0700 (PDT)

Greetings.  Well, today's the day that political expediency and anti-science
stupidity combine for the banning of handheld cell phones while driving in

I've discussed this topic here <a
href="">several times
before</a>, noting that virtually every study shows no reduction in accident
rates when talking on a hands-free cell phone vs. handheld units. In fact,
there are concerns that people fumbling around to dial and answer hands-free
units may actually make matters worse.

Even the Luddite who spent years pushing through this legislation admits
that the science and studies are against him, but he's convinced that having
both hands on the wheel is safer.  Of course, the law doesn't require two
hands on the wheel — which would be fairly difficult for stick drivers like
me in any case, eh?

When I was out driving earlier today, I saw one women swerving while putting
on make-up, and a guy weaving all over while apparently wolfing down a
burger. Another car almost didn't make a stop while the woman inside
appeared to be screaming at her kids in the back seat — all classic
distractions unaffected by the new law.  However, I saw several people now
driving illegally but safely with handheld cell phones.

There are already laws against distracted driving.  The new cell phone law
(as applied to adult drivers) is both unnecessary and counterproductive --
the latter by making people erroneously believe that they're safer with
hands-free phones while driving.

This sort of "feel good" law that flies in the face of science, <a
href="">studies</a>, and logic,
is an example of our political system operating as a pandering pomposity of
the most inane kind.

Re: HTML comments reveal corporate weakness (Jidanni, RISKS-25.21)

<Ivor Hewitt <>>
Mon, 30 Jun 2008 14:24:57 +0100

The "risk" in HTML comments revealing corporate weakness looks simply like
an HTML workaround technique for a bug in Netscape Navigator 4.7 (ns47) that
probably doesn't display correctly (behave) without having a fake
"concreate"(sic) row (i.e. HTML table).

Unlikely to bring "the entire house of cards down", simply a developer
documenting why he was required to do something weird in the markup.

  [Also noted by several others.  PGN]

Re: Approval voting and sincerity (Drysdale, RISKS-25.21)

<"Andrew Koenig" <>>
Mon, 30 Jun 2008 13:35:30 -0400

If I remember correctly, the article deals with this question, but
unfortunately I don't remember all the details.

Approximately, though, the reasoning hinges on the definition of "approval."
The article claims that a voter's optimum strategy is to rank-order the
candidates, and then vote for all the candidates above a given threshold,
where that threshold depends in a way I do not recall on the voter's
assessment of how likely each candidate is to be elected.

In other words, if A is my favorite candidate, I am willing to tolerate B,
and I never want C to be elected, then I should certainly vote for A and
certainly not vote for C.  Whether I vote for B depends (again, according to
an algorithm that I do not recall) on how likely I think it is that my vote
will cause B to be elected instead of A.

If you consider the process of rank-ordering the candidates and then voting
for all the candidates beyond a threshold to be insincere, then I guess
approval voting could foster insincerity.  But I don't consider it that way,
and, if I remember correctly, neither did the article.

Re: Approval voting and sincerity (Drysdale, RISKS-25.21)

<Dag-Erling Smørgrav <>>
Mon, 30 Jun 2008 03:16:00 +0200

> Thus voting insincerely ... leads to a better result.

Define "better".  In the first scenario, 20% of the voters (those who voted
for C) are dissatisfied.  In the second scenario, 40% of the voters (those
who voted for B plus those who voted for C) are dissatisfied.

Dag-Erling Smørgrav -

REVIEW: "The dotCrime Manifesto", Phillip Hallam-Baker

<Rob Slade <>>
Thu, 03 Jul 2008 11:06:12 -0800

BKDCRMNF.RVW   20080317

"The dotCrime Manifesto", Phillip Hallam-Baker, 2008, 0-321-50358-9,
%A   Phillip Hallam-Baker
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   2008
%G   978-0-321-50358-9 0-321-50358-9
%I   Addison-Wesley Publishing Co.
%O   U$29.99/C$32.99 416-447-5101 fax: 416-443-0948 800-822-6339
%O   Audience n+ Tech 2 Writing 2 (see revfaq.htm for explanation)
%P   415 p.
%T   "The dotCrime Manifesto: How to Stop Internet Crime"

In the preface, the author notes that network and computer crime is a
matter of people, not of technology.  However, he also notes that
changes to the network infrastructure, as well as improvements in
accountability, would assist in reducing user risk on the net.

Section one enlarges on the theme that people are more important than
machines or protocols.  Chapter one looks at the motive for Internet crime
(money, just like non-computer crime), and repeats the motifs of the
preface.  The text goes on to list various categories and examples of
network fraud.  The content of chapter two is very interesting, but it is
hard to find a central thread.  Overall it appears to be saying that
computer criminals are not the masterminds implied by media portrayals, but
that the problem of malfeasance is growing and needs to be seriously
addressed.  What Hallam-Baker seems to mean by "Learning from Mistakes," in
chapter three, is that security professionals often rely too much on general
principles, rather than accepting a functional, if imperfect, solution that
reduces the severity of the problem.  Chapter four presents the standard (if
you'll pardon the expression) discussion of change and the acceptance of new
technologies.  A process for driving change designed to improve the Internet
infrastructure is proposed in chapter five.

Section two examines ways to address some of the major network crime risks.
Chapter six notes the problems with many common means of handling spam.
SenderID and SPF is promoted in chapter seven (without expanding the acronym
to Sender Policy Framework anywhere in the book that I could find).
Phishing, and protection against it, is discussed in chapter eight.  Chapter
nine is supposed to deal with botnets, but concentrates on trojans and
firewalls (although I was glad to see a mention of "reverse firewalls," or
egress scanning, which is too often neglected).

Section three details the security tools of cryptography and trust.  Chapter
ten outlines some history and concepts of cryptography.  Trust, in chapter
eleven, is confined to the need for aspects of public key infrastructure

Section four presents thoughts on accountability.  Secure transport, in
chapter twelve, starts with thoughts on SSL (Secure Sockets Layer), and then
moves to more characteristics of certificates and the Extended Verification
certificates.  (The promotion of Verisign, infrequent and somewhat amusing
in the earlier chapters is, by this point in the book, becoming increasingly
annoying.  The author is also starting to make more subjective assertions,
such as boosting the trusted computing platform initiative.)  Domain Keys
Identified Mail (DKIM) is the major technology promoted in support of secure
messaging, in chapter thirteen.  Chapter fourteen, about secure identity,
has an analysis of a variety of technologies.  (The recommendations about
technologies are supported even less than before, and the work now starts to
sound rather doctrinaire.)  It may seem rather odd to talk about secure
names as opposed to identities, but Hallam-Baker is dealing with identifiers
such as email addresses and domain names in chapter fifteen.  Chapter
sixteen looks at various considerations in regard to securing networks,
mostly in terms of authentication.  Random thoughts on operating system,
hardware, or application security make up chapter seventeen.  The author
stresses, in chapter eighteen, that the law, used in conjunction with
security technologies, can help in reducing overall threat levels.  Chapter
nineteen finishes off the text with a proposed outline of action that recaps
the major points.

Hallam-Baker uses a dry wit well, and to good effect in the book.  The
humour supports and reinforces the points being made.  So does his
extensive and generally reliable knowledge of computer technology and
history.  In certain areas the author is either less knowledgeable or
careless in his wording, and, unfortunately, the effect is to lessen
the reader's confidence in his conclusions.  This is a pity, since
Hallam-Baker is championing a number of positions that would promote
much greater safety and security on the Internet.  Overall this work
is, for the non-specialist, a much-better-than-average introduction to
the issue of Internet crime and protection, and is also worth serious
consideration by security professionals for the thought-provoking
challenges to standard approaches to the problems examined.

copyright Robert M. Slade, 2008   BKDCRMNF.RVW   2008031

Please report problems with the web pages to the maintainer