Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Just read in the daily paper that a mayor ordered the air-conditioning in a computer room to be turned off, as the noise was interfering with the council meeting. Unfortunately, no-one ordered it turned on again, and the staff turned up next morning to find one cooked computer... Dave Horsfall (VK2KFU), Alcatel-STC Australia, email@example.com dave%stcns3.stc.OZ.AU@uunet.UU.NET, ...munnari!stcns3.stc.OZ.AU!dave
A combination of circumstances at an unattended water-works caused the pollution of the water-supply to 22,000 homes in north Cornwall by aluminium sulphate last July. The following scenario was given by a TV programme last week. A relief driver was asked to deliver 20 tons of aluminium sulphate to an unattended waterworks. He was given a key to open the gate by the normal driver. This key should not have been available to the driver. The tank to store the aluminium sulphate was unlabeled, and the driver dumped his load into an underground reservoir of treated water. This water entered the water distribution system, now containing a amount of aluminium 500 times the maximum permitted. The water was now acidic (sulphuric acid), and started dissolving lead and copper from the pipes. When notified of a problem, the water board discovered a mal-functioning pump. They repaired this and dumped the contents of the reservoir into the river, poisoning thousands of fish and other river life. They stated the water was now safe to drink. (It wasn't!!). Many animals died, and humans suffered much pain and discomfort. The long term affects of the pollution are unknown. What has this to do with computing RISKS? The waterworks was automated, but all measuring devices were on the intake side of the waterworks. Designers had omitted to monitor the water exiting the works and entering the public supply, thus ensuring that the above sequence of errors was not picked up until the water reached the consumers! BTW, under British Law, no crime has been committed.
Chuck Weinstock asks how an incoming call is placed to a cellular telephone, and whether Big Brother could somehow use this to monitor persons' whereabouts. I used to work on cellular telephone switching system software, so I'll take a stab at it. When a call is placed to a cellular telephone, a "paging" message is broadcast in all the cells in the system. Certain frequencies are set aside solely for paging. All active cellular telephones are constantly monitoring the paging channel. When a phone detects a paging message with its own address, it broadcasts a page response message. This response is received by all the cells in the system, and the signal strength is measured. The cell receiving the strongest response is assumed to be the cell in which the phone is located, an unused frequency in that cell is assigned, and the phone call is switched to a transceiver in that cell. So cellular telephones are indeed located by a broadcast message, not by having the phones transmit periodic "here I am" messages. If no one is calling a particular cellular telephone, there is no way to know where that phone is. HOWEVER ... While a cellular telephone call is in progress, the phone may move into a different cell. If it does, the call must be "handed off:" the connection must be switched from the transceiver in the current cell to an unused transceiver in the new cell, usually on a different frequency. The current transceiver constantly monitors the phone's signal strength; when it falls below a threshold, a handoff is needed. All the cells broadcast another paging message to the phone, the phone responds, the signal strengths are measured, and the cell receiving the strongest signal is the new cell. Thus, _while_a_cellular_telephone_call_is_in_progress_ (either incoming or outgoing), the system knows the cell in which your phone is located, and unscrupulous parties could abuse this information. In between calls, you're safe. As for business competitors monitoring calls you place on your cellular telephone, to find out your clients' phone numbers: This is perfectly possible. However, you'd have to get your hands on the radio equipment used in a cell's base station, plus its controlling software, and change the software to record information about calls being placed. This is probably beyond most business persons' capabilities. One hopes the FCC, police, etc. would prevent anyone from offering such a product commercially. Alan Kaminsky, School of Computer Science, Rochester Institute of Technology, P. O. Box 9887, Rochester, NY 14623 716-475-5255
> If I dial a phone number attached to a cellular phone, how does the > cellular system know which cell should send the ring signal to the phone? The standard for communication between a cellular telephone and a base station is EIA Interim Standard IS-3-C (June 1986). I got my copy in Feb 1987 from Global Engineering Documents at +1 800 854 7179 or +1 714 261 1455. At cellular phone power-up, the phone listens on a set of fixed frequencies for a control message ("overhead message") telling it which channels are locally used as paging channels. It then listens to all those channels, picks the one with the highest signal strength, and listens on that channel for overhead messages and "mobile control messages". One such control message is a "page", which indicates that the land system wishes to get in touch with a particular mobile (identified by its phone number). In a simple cellular system, this "page" would probably be sent by all cells; in a more complex system, it could be initially sent in a likely cell or cells, and later sent in all cells if no response was heard. When a cellular phone receives a "page", it responds by transmitting a "page response" on a "reverse control channel". This tells the land system that the page has been received, and specifies which transmitter's page it heard. That cell will respond with an "initial voice channel designation" message, if it has a free voice channel. The phone responds by transmitting an audio tone on that channel to indicate that it has seized the channel. Then the land station sends an "alert" message which causes the phone to ring its audible bell. If and when you answer the phone, it turns off the audio tone and starts transmitting your voice. As you can see, it's possible for the cellular system to "page" your phone and establish its whereabouts without ever sending an "alert", which would let you know that your phone was active. In fact, there is another order called "audit" which causes the phone to silently transmit a message back to the system, without ever telling you. In some cases it appears that the audit response includes the phone's serial number as well as its phone number. In normal operation a cellular phone will not transmit unless it is paged or you ask it to make a call. There is no ongoing tracking of idle phones, though specific phones could be targeted for tracking by sending periodic "page" and "audit" messages to them. If you want privacy I recommend not using a cellular phone. A possible compromise would be to get a paging beeper and a cellular phone. Leave the beeper on all the time and power off the phone. The beepers have batteries that last for a month anyway, while the phone will die in hours if on. When someone wants to talk with, they call your beeper and punch in their number and/or a prearranged code. You receive the beep, but your beeper does not transmit any response. If you choose to respond, you can power on your phone, dial back to whoever beeped you, talk, then power off the phone. You can only be traced for the duration of the call (and, of course, the call is on the radio so it can be overheard). I'm actually surprised that I haven't seen cellular phones with built in beepers like this, since it extends your battery life. If your cellular phone was modified to present itself to the system as a random phone number and serial number (most conveniently obtained from recent traffic heard over the air by the phone, since it isn't encrypted), you would not be traceable at all — nor would you be billed for the call. (Your phone's transmission could be traced, but there is nothing to tie it to "you"). Making calls that are charged to other people is against the law of course, but seems to be common practice; there's an "underground" traffic in phones with this kind of modified firmware.
A local company specializing in hardware for the US Government has been cooperating with the FBI into an investigation of illegal use of their voice mail system. Recently when they hired a new employee when they wanted to set him up a voice mail box they discovered the password had been changed for the system administrator. Technical support from INTELLICOM (the manufacturer) determined that someone had created several new voice mailboxes and were using them for credit card data. Apparently the passwords had never been set when the VMB was received from the manufacturer. Intellicom has advised all their customers who use these systems to also disconnect their 800 service outside of hours as this serves to deter miscreants from inhabiting your VMB. This appears to be a criminal twist on previous risks reported. Peter.
In RISKS 7.57, Chuck Weinstock writes (regarding his friend's Ford Probe going nuts when a computer was plugged into the cigarette lighter): > One wonders if a radar detector or a cb radio (two common appliances that use > the cigarette lighter) would cause the same difficulty. The owners manual for my 1988 Mazda 626 (mechanically the same as Ford Probe) has the following warning: "If a mobile two-way radio system is installed improperly, or if a wrong type is used, the fuel injection system and the cruise control system may be affected. To avoid damage to your vehicle, be sure to check with an Authorized Mazda Dealer for proper installation of a mobile two-way radio." The Shop Manual (the one they would sell me) contains an almost impossible to interpret diagram that attempts to show where NOT to run the antenna lead for a radio transmitter. There is no information about what "a wrong type" might be. I sure hope my Authorized Mazda Dealer has better information. I wonder if the thousands of places that will install a CB radio for you are aware of the danger of doing it improperly in a Mazda. (I don't mean to pick just on on Mazda. I suspect the same is true for lots of cars.) Also, given that malfunction of the fuel injection system and/or cruise control could do damage to people, not just the vehicle, the warning should be a lot more prominent. I have no idea how the warning could be made available to whoever might own my car 15 years from now. Maybe the Army should publish the locations of the radio transmitters that do in their helicopters, so I can avoid driving near them. Steve Jay, Ultra Network Technologies, 101 Daggett Drive, San Jose, CA 95134 Internet: firstname.lastname@example.org uucp: ...ames!ultra!shj 408-922-0100
From FLORIDA TODAY, Melbourne, Florida (a Gannett Company) without permission: TALLAHASSEE- For private investigators, the tools of the trade used to be trench coats, binoculars and soft shoes. But that was before the revolution. Now, private investigators are just as likely to be huddled over computer screens as they are to be hanging out in the bushes. Like a growing number of states, Florida last month set up a computer link that makes driver license and vehicle registration records available to anyone with a computer. To access corporate records, it costs $25 an hour, not including membership fees to Compuserve, which runs the system. For highway department records, it costs $60 an hour, and users have to deposit money in advance. Last year the state made about $80,000 from fees on the service. [Quotes from users] State officals say they're banking on the adage that time is money. The potential of saving time, and therefore tax money, is one of the reasons they expanded the program. The program was started in 1986 after the Division of Corporate Records did a study that showed the agency was only responding to 15 percent of the requests for corporate information, said David Mann, director of the division. "It was a way to get heavy users off the system," he said of the computer link. "It worked like a charm, and it didn't cost the state any money." Since installing the computer link, about 13,000 of the 70,000 requests the agency gets each day are being handled by the computer. And its response rate is now about 45 percent, he said. [more quotes from users] With the push of a button, a law firm can tell a client whether a corporate name he wants to use is already in use, whether a corporation interested in buying a piece of property may be on shaky financial ground and who the corporate officers are. Mann and David Jacobson, of the motor vehicles agency, said hundreds of firms from Seattle, Wash., to New York City have signed up for the service. The firms include insurance companies, banks, labor unions and law firms. But the prime users appear to be private investigators. Both Mann and Jacobson agree that it's likely the system will be expanded as it proves its usefulness. Mann and Jacobson also said steps have been taken to avoid state records tampering. Part of the drive behind allowing computer access to state records is Florida's "Sunshine Law". A previous article said that only the information listed on your driver's license and vehicle registration will be available. This information is ruled to be information of public record. Driving infraction histories will not be accessable. William Curtiss
> "Please do not take these glasses as a souvenir. > They will impair your vision outside this theatre." The sentence is literally true. The glasses are not completely transparent; they absorb a small fraction of the light passing through, and so one's vision, while wearing the glasses, is impaired. Until reading this posting, I never considered the more sinister interpretation, that one's vision would be permanently impaired. -=- Andrew Klossner (decvax!tektronix!tekecs!andrew) [UUCP] (email@example.com) [ARPA] [Also noted by "Robert J. Reschly Jr." <reschly@BRL.MIL> linden@Sun.COM (Peter van der Linden) seanf@ucscc.UCSC.EDU (Sean Fagan) firstname.lastname@example.org (Jurjen N.E. Bos, CWI, Amsterdam) email@example.com (Eric Roskos) ]
> Caution: Use of this remote on another TV set could damage it...(or something > along those lines....) I find it *VERY* hard to believe that anyone would believe this claim by a hotel. This is simply a way to keep moronic, paranoid people who want to be a cleptomaniac for a day from stealing the remote control (as if it would actually work on their TV set at home...:-> ) To date, I have about 10 IR controls in and about my house and I have found only two of them that have signals close enough to cause problems (they are eaisly worked around...but still). And I find it even harder to believe that an IR control could be engineered to "figure out" what type of signal was sent to your TV to turn it on/off, and to do so at such a pulse rate as to cause your TV to die....nope, just cant believe it. Maybe it could be done if they knew what kind of TV you had at home, but why? Basically, if the hotel in question had any brains at all, they would simply install a proximity type detector and put one of those little metal strips inside of the control. Then when you left your room, an alarm would sound. And to further reduce costs, ONE detector could be installed at the bottom of the stairs or other heavily used guest exit point.... ..I guess this is just one more example of how gullible the public really is... Greeny Bitnet: MISS026@ECNCDC
Please report problems with the web pages to the maintainer