Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
The Canberra Times, Wed, Feb 3, 1988, page 3.
CORRECTION
For some considerable time, The Canberra Times has been publishing the wrong
tide times for Narooma. The error has been in arithmetical calculation in
this office of the difference between tide times at Fort Denison as published
in standard tide tables and times at Narooma. The error, the source of which
is lost in antiquity, was discovered last week when the editor, relying on
The Canberra Times figures, was swept out to sea. But he managed to return
to shore - and ordered this correction.
Mr. David Purdue Phone ISD: +61 62 68 8165 Fax: +61 62 470702
Dept. Computer Science Telex: ADFADM AA62030
University College ACSNET/CSNET: davidp@csadfa.oz
Aust. Defence Force Academy ARPA: davidp%csadfa.oz@uunet.uu.net
Canberra. ACT. 2600. JANET: davidp@oz.csadfa
AUSTRALIA Other Gateways: see CACM 29(10) Oct. 1986
UUCP: {uunet,hplabs,ubc-vision,nttlab,mcvax,ukc}!munnari!csadfa.oz!davidp
[There is no such thing as a shore thing, but
that will tide him over until next time. PGN]
There was an ad for anti-virus software for IBM PC's in this past Sunday's New York Times business section. Although I didn't call the number in the ad, my first thought was "what a marvelous way to spread yet another virus." (Sort of like the cyanide tampered Tylenol, though maybe not as deadly.)
I realize that viruses are becoming a serious problem, but all this virus
paranoia could make the world safe for a kind of "meta-virus." In RISKS
6.22 we read a recommendation:
While it is possible to, apparently, "cut" this Resource from infected
Systems with the Resource Editor THE ONLY SURE COURSE OF ACTION IS TO
TRASH ANY SYSTEM FILE THAT HAS COME IN CONTACT WITH THIS STACK.
Imagine what would happen if someone sent out this message:
WARNING! A serious virus is on the loose. It was hidden in the
program called 1987TAXFORM that was on this bboard last year.
This virus does several nasty things:
(1) Copies itself into several important system programs
so that it will propagate to other disks
(2) Copies itself into your own data files so that it can
infect system programs on other systems
(3) Keeps track of the files you encrypt and mails copies
of the cleartext to a bboard in Iowa and a computer
at the NSA
(4) Randomly garbles files so that you don't necessarily
know they are damaged
By now, it is possible that your system is infected even if you
didn't download this program, since you could easily have been
infected indirectly.
The only safe way to protect yourself against this virus is to
print all your files onto paper, erase all the disks on your system
with a demagnetizer, buy fresh software disks from the manufacturer,
and type in all your data again. But FIRST! send this message to
everyone you know, so that they will also follow these steps to
protect themselves.
The beauty of this "meta-virus" is that it took me about two minutes
to make it really scary and I didn't even have to write any code.
Moral: don't join witch-hunts until you trust the witch-hunter more than you
distrust the alleged witch.
-Jeff Mogul
(Martin Minow THUNDR::MINOW ML3-5/U26 223-9922)
Date: 8 Feb 88 20:54
Subject: Virus on All Things Considered
There was a report on the computer virus scare on Sunday's (Feb 7, 88)
All Things Considered (public radio news program). I took the following
notes: don't expect them to be accurate.
Professor Fred Cohen was interviewed. He claims that the virus will
spread in 1/2 hour through a computer timesharing system and that it
"is a mathematical fact" that you cannot protect against the virus
if you allow sharing, transmission, and general access.
Eric Hanson (Hansen?), a programmer from Minneapolis, blames the problem on
people who lack significance in their lives and gain self-esteem by
manufacturing viruses: a revenge of the nerds. He [somehow] draws a
parallel with Aids. (Eric sells a program to test for viruses. He claims
the government is interested.)
Martin
The U.S. Congress, Office of Technology Assessment recently released a
report on computer-based monitoring in the workplace entitled, "The
Electronic Supervisor: New Technology, New Tensions," OTA-CIT-333
(Washington, DC: U.S. Government Printing Office, September, 1987).
The following is from the Foreword:
"The Electronic Supervisor: New Technology, New Tensions"
deals with the use of computer-based technologies to measure
how fast or how accurately employees work. New computer-based
office systems are giving employers new ways to supervise job
performance and control employees' use of telephones, but such
systems are also controversial because they generate such
detailed information about the employees they monitor.
This assessment explores a broad range of questions related to
the use of new technology in the workplace and its effects on
privacy, civil liberties, and quality of working life.
The assessment reports six findings:
1. Computer technology makes possible the continuous
collection and analysis of management information
about work performance and equipment use. This
information is useful to managers in managing
resources, planning workloads, and reducing costs.
When it is applied to individual employees, however,
the intensity and continuousness of computer-based
monitoring raises questions about privacy, fairness,
and quality of work life.
2. Computer-based systems offer opportunities for
organizing work in new ways, as well as means of
monitoring it more intensively. Electronic monitoring
is most likely to raise opposition among workers when
it is imposed without worker participation, when
standards are perceived as unfair, or when performance
records are used punitively. Worker involvement in
design and implementation of monitoring programs can
result in greater acceptance by workers, but despite
activities of labor unions in some industries and
recent progress in labor-management cooperation in
others, most firms do not have mechanisms to do this.
3. There is reason to believe that electronically
monitoring the quantity or speed of work contributes
to stress and stress-related illness, although there
is still little research separating the effects of
monitoring from job design, equipment design,
lighting, machine pacing, and other potentially
stressful aspects of computer-based office work.
4. Monitoring the content of messages raises a different
set of issues. Some employers say that service
observation (listening to or recording the content of
employees' telephone conversations with customers)
helps assure quality and correctness of information
and by protecting all parties in case of dispute.
However, service observation also impacts the privacy
of the customer, and workers and labor organizations
have argued that it contributes to the stress of the
employee, and creates an atmosphere of distrust.
Monitoring the content of electronic mail messages or
personal computer (PC) diskettes also raises privacy
issues.
5. Telephone call accounting (computer-generated records
of the time, duration, destination, and cost of calls)
gives employers a powerful tool for managing the costs
of telephone systems. However, it raises privacy
questions when accounting records are used to track
calling habits of individuals. Other cost control
technologies can be used to limit nonbusiness uses of
telephones, either instead of or in addition to call
accounting. Establishing a policy for use of these
technologies will be especially important for the
Government as it builds a new Federal Telephone
System.
6. Electronic monitoring is only one of a range of
technologies used in today's workplace to gather
information about the work process or to predict work
quality based on personal characteristics of the
workers. Many applications of technology, including
polygraph testing, drug testing, genetic screening,
and, possibly, brain wave testing, illustrate the
tension between employers' rights to manage their
enterprise, reduce costs, and reduce liability, and
the employees' rights to preserve individual privacy
and autonomy. Recent concerns of employers, labor
unions, civil liberties groups, the courts, and
individual workers suggest that a range of workplace
privacy issues are in need of resolution.
A discussion of this report and this topic in general might be
appropriate for this newsgroup.
Jan Wolitzky, AT&T Bell Labs, Murray Hill, NJ; 201 582-2998; mhuxd!wolit
(Affiliation given for identification purposes only)
Just thought folks might be interested in a more real, tangible = $$$ risks of
a system such as lojack. In actuality, depending upon how our insurance policy
is written, you may not want the authorities to find your vehicle very soon
after it's stolen.
One reason is that some policies have a clause that requires the car to be
missing for a certain period of time (days) before it can be covered under
"theft" insurance. [Think of how many people would be reporting stolen cars
without such limits.] Another more compelling reason is that depending upon
the type of thief, unless they do all the damage to your car very quickly
(within 15 mins !!), finding your car soon frequently means the consumer will
pay for most any damage, and not the insurance company. (This of course
depends upon your level of deductible, and how much damage must be done before
your car is "totalled".) The insurance companies like lojack for these
perhaps not so obvious reasons.
In Massachussetts (where I live), car theft is a simple misdemeanor. If
someone take your car for the thrill of joyridding (as oppossed to a pro who
might strip it for parts), it's probable that some but not utterly devastating
damage could be done. Such cosmetic damage can be far more costly settlement
wise, then having your car totalled.
Anyway, apart from the skewed economics, I believe the transmitters are not
terribly difficult to find on some automobiles, especially if your car is
going directly to a junk yard to be stripped. Where the transmitter get's
located is often a function of the intelligence of the mechanic who is
installing it - there is obviously no one standard place to put it on each
make of car! Imagine some archetypical mechanic ("Gee boss, never hid a
transmitter on a Ferrari before...can I try ?")
Note the Lojack system is not an anti-theft device, in that it doesen't
physically do anything to make the car harder to steal; it can however save
the insurance companies money). I would still rather have my "Z-lok" (or
"Chapman" lock).
Of course, anyone who really wants your car will examine it very carefully
before attempting to steal it. Even a careful flashlight examination cannot
distinguish the exact mechanism attached to the key/collar fitting beneath
most dashes. Unless of course you take the risk of placing a label on your
car saying you have an alarm system; a label displaying "what kind" of alarm
system is the worst thing you can do. "This car equipped with `brand X'
electronic protection" provides the truly professional thief with some very
specific information. The best compromise is to find a generic "protected by
alarm system" label, if you feel your car must have one at all.
In summary, "Lojack" may only prove beneficial to the consumer's wallet in the
instance of a highly professional theft, where your car risks being dismantled
within the hour. In this case it really is a race against time, since they
will probably find the transmitter (and be looking for it if you have that
label).
However, if you own THAT KIND of ($$,$$$) car, such caliber of thieves are
usually quite persistent, once they know who you are (or rather where you
live). One of my bosses had his brand new, fully alarmed, 1986 Toyota Celica
removed from his driveway in Beacon Hill by a wench equipped truck in the wee
hours of the morning. He made it out the door only to hear the periodic beep
of his pendulum alarm muffled from inside a large van as it went down the
street. One week later he still got the bill for the excise tax. Lojack might
of helped here. Very clean, very fast - no broken glass - picking up the car
set off the pendulum. The Boston police could not offer him much consolation
except, "Yup, they wanted your car real bad." Last statistics I saw still rate
Mass. as the auto-theft capital, with the most stolen cars as (1) Toyota
Celica [GT/turbos] (2) Saab 900 series (3) Porsche's.
The Missouri voting issue brought this up in my mind, but I don't know how
relevant it is to the discussion.
I worked for several years in local politics here in Ohio, primarily doing
polling analysis and election analysis. In Ohio people normally vote by
pulling levers in a mechanical voting booth then indicate that they are
finished by throwing a huge, red-handled lever which causes the machine to
mechanically tally their votes. (I don't suppose this is unusual. You can
also use a paper, punch-type, ballot by getting an "absentee" ballot and
swearing that you will be unable to vote at a normal polling place on election
day.) The numbers in the machine are copied down by the election workers at
the end of the day, all the numbers from the various precincts in a county are
taken to the county board of elections, where they are typically entered into
a computer which totals them. There are a number of sources of error, of
course. But I don't know what the estimated error rate is. If the race is
closer than 2% or so of the total vote, the candidates are entitled to a free
recount, otherwise they can pay for one, so that might be taken as an error
rate (but that assumes the 2% figure was arrived at rationally). A recount
consists in manually retracing all the steps of tallying the votes (except
actually revoting), arguing endlessly over discrepancies, and ultimatelly
throwing out results from questionable precincts.
The relevant phenomenon (to the Missouri issue) is that the total number of
votes cast in a given race is strongly correlated with the position of that
race on the ballot in the machine. (I'm sure this also happens in places
where paper ballots are used.) Races listed toward the left get more votes
than those toward the right. This is very predictable and nearly independent
of the visibility factor, i.e., the factor that accounts for the fact that
more people will vote in a Presidential race than in the race for Judge of the
Court of Domestic Relations. Pick any two races and the one listed to the
left will get more votes. E.g., County Recorder gets more votes than County
Coroner and Recorder appears just to the left of Coroner. Not more than one
person in a thousand has the slightest idea what either official does, who the
canditates are, or what the qualifications are for the office. This hold
across all 88 counties, election after election.
The candidates within each race are in random order across all the machines.
E.g., for each race, 50% of the machines will have the Republican candidate on
the left and the Democrat on the right, 50% will have them reversed. Many
Ohio pols would like to see a return to straight ballot days, when a person
could simply vote democrat (or republian) by making one mark and vote for all
democrats (or republicans) on the ballot.
Where's the interest for RISKS readers? I don't know if they're RISKS
exactly but:
- It indicates that most people don't vote on everything. So
not counting a vote because not all the levers are pulled
(or holes punched) probably undercounts a lot of otherwise
correct ballots.
- I have an image of the average voter pulling levers from
left to right until he finds himself voting on things he
doesn't recognize, begins to lose energy, and finally stops
pulling levers and quits. Maybe we make it too easy to
vote. Many of those tail-end votes a likely to be spurious.
But should we scramble the order of races as well as
candidates within races? What difference would that make?
- Is scrambling the candidate order really a good idea? What
if a lot of democrat-first ballots in a close race found
their way (accidentally or on purpose) to a precinct with a
large population of independent voters? Or wherever they
could make a difference. (I wonder if this has ever
happened, or even been looked for during recounts.)
- How much affect does the randomizing algorithm have on the
outcomes of elections? Even with a good algorithm it's
possible in any particular election to get lots more
republican-first ballots than democrat-first (or vice
versa). Do they keep re-doing it until they get a 50-50
split? If not, would it be grounds for challenging the
election, forcing a special election?
- The randomizing, assigning of ballots to machines, machines
to precincts, and the final totalling of votes are all done
by various computers. Some of it is done by the Secretary
of State, some in the county Boards of Elections. But there
are many steps done manually, figures copied by hand,
ballots hand-carried to voting machines, etc. But the fact
that computers are involved tends to obscure the human
factor and the possibilities of human error (or mischief)
for causing problems.
-- mike tanner
Dept. of Computer and Info. Science tanner@tut.cis.ohio-state.edu
Ohio State University ...cbosgd!osu-cis!tut!tanner
2036 Neil Ave Mall, Columbus, OH 43210
Please report problems with the web pages to the maintainer