Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
There have been OVER 50 MESSAGES to RISKS since last evening, and over a hundred backlogged since Friday. Bear with me. I'll get to them. I am only human, although I try to be that as well as I can. Things have been fairly hectic here. Not surprisingly, most of the pending messages deal with the RTM worm/virus discussion, which continues with healthy discussion on propriety, morality, ethics, prosecution, judgement, compensation, penance, etc. The messages are vastly too repetitive to include fully, and range wildly all over the map -- from "string him up" to "let's learn the lessons he has offered for us." The discussion is indeed very worthwhile, but needs significant editing to make it palatable to our usually discriminating audience. Thus, I thought it might be nice to have an issue on other subjects while I am trying to get the worm material together. Here is a potpourri of backlog. By the way, something approaching a hundred copies of RISKS-7.69 — which have been queued since Friday — are still waiting on my system for the recipient systems to accept delivery. (RISKS-7.70 and 71 also.) I assume many sites are STILL off the (ARPA|MIL) net. Worse yet, we had need today to poke at a UNIX system that claims to be up on the ARPANET but was rejecting mail. SMTP showed the system working. But, guess what? The DEBUG option still works fine on that system! I wonder how many other system administrators have still not learned anything yet.
Today's "Wall Street Journal" carries a story about American Airlines suing a Tulsa, OK woman and her father who have credit for more than 50 million miles in American's frequent flier program. The airline alleges that they and unknown co-conspirators stole the mileage by breaking into American's computer reservations system. They have also been indicted by a federal grand jury for wire fraud in the alleged scheme. The woman is an independent employee of a travel agency. She is accused of shifting miles from actual travelers who were not part of American Airlines frequent flier program into fake frequent flier accounts, then redeeming for tickets and selling those. But the story concludes with some more general worries: The allegations raise some troubling questions about access to airline computer systems. Such systems contain a wealth of information not only about frequent-flier trips, but also about the confidential travel plans of hundreds of companies. And yet any employee at any travel agency can normally log into the agency's system and see any trips the agency has booked. "It's just too easy to get into these systems," says John Caldwell, a travel attorney in Washington, D.C. "I think this is going to become an increasingly sensitive issue."
From the "Backbytes" page in Computing Australia, 31st Oct 88: ``Where the Gigabyte meets garter belt As computer and related industry manufacturers scout for new niche markets, they could do worse than consider the world's oldest profession. In recent months, US cops have busted several large prostitution rings — all heavily dependent on microcomputer support. The databases held such priceless information as clients' names and addresses, billing methods, preferred frolics and the names of who did what best. And to whom. How the new technocrats had missed the lucrative sales possibilities to this service industry is hard to fathom, as one recently raided establishment of easy virtue was in San Jose, in the heart of California's Silicon Valley. In its computer's ledger were the names of more than 50,000 customers. Obviously, a considerable horizontal market worth the attention of a lateral-thinking, but discreet, sales go-getter.''
In recent issues of RISKS there has been concern voiced over the ability to
trace the location of a car from its car phone. Last night, no BBC's TOP GEAR
programme, a device deliberately designed to locate cars was described.
Essentially, it is a navigational aid designed to take into account traffic
congestion.
You tell the device your intended destination and it determines the best route.
On the way, it tells you when the turn right or left both on a dashboard
indicator and a synthesised voice. So far, nothing particularly revolutionary.
The route selected takes into account the traffic congestion on various roads.
To determine this, there are many sensors across a town. When you pass one of
these sensors, the device in your car sends a message to it. Each sensor is
connected to a central computer. This records the time taken to travel from one
sensor to another to judge the current congestion alone the route. However, the
side effect is that the central computer knows our location and route through a
city. This loss of privacy would be even greater should the scheme be extended
to cover not only the individual cities but also the interconnecting motorways
and side roads.
At present, the scheme is only in prototype. It is being developed at the
Goverment's Road Research Laboratories. However, it does indicate the sort of
devices we may be getting in the future.
To the best of my knowledge, Digital Equipment Co. has no involvement in the
project. Hence the usual disclaimers apply.
Dave Robinson
I had to spend a few hours at the British Airways terminal at Heathrow last
week, and to help kill time I picked up a copy of the October 1988 issue of a
free magazine called "Airport". The cover story is "Fighting for the Freedom
of the Skies: In Europe ...", and covers the European experiences with their
version of airline deregulation. Apparently, the fragmented and uncoordinated
nature of European Air Traffic Control is causing chaos (my own flight was
delayed by ATC for 45 minutes, and our pilot told us as we left that flights
requesting clearance at that time were being told to wait for 90 minutes).
The final two paragraphs of the article made me chuckle (nervously):
Aviation Scientists in Britain, the US, France and West Germany are
now working on a data-exchange system which would reduce or even
eliminate the human element in air traffic control and in airport
approach, landing and take-off-slot technique.
[so far, so good]
Machine-talking-to-machine would enable the system to improve
perhaps five-fold, because the precise nature of computer science
is unencumbered by fears about cutting safety margins too finely. A
cold dish of comfort, perhaps; one which will not be available until
well after 2005. And anyway, nobody knows yet how much such a system
will cost. But we all know who's going to pay for it, don't we?
The syntax of the first sentence is a little confusing, but I think the
author believes that once things are computerized there will be no need for
safety margins. Computerization might well reduce the need for safety
margins, but this has little to do with how precise computer science is
(or is alleged to be).
Andy-Krazy-Glew writes: > (3) Have there been any incidents of remote sabotage of answering machines, > or, worse, criminal interception of messages, or bugging, as I describe > above? During the latest election campaign here, one of the major parties set up several answering machines for political messages, e.g. "if you want to know why you should vote for us, dial 555-1234". They were very surprised when they found out that the messages have been changed, (not in their favor of course). The machines were rented from a company that lets users have only a phone number to call to, and an access code; so the only way such messages may have been altered is by remote control. Amos Shapir, National Semiconductor (Israel) P.O.B. 3007, Herzlia 46104, Israel
Andy Glew expresses some concerns about the security of telephone answering machines. I too have these concerns, and have had some problems along these lines with my answering machine at home. It is an older Cobra model. Manufactured in about 1982 it offers remote message retrieval with the use of a tone generating device. The remote control device is a pain to use...you have to carry it around with you, and past experiments have shown that tone units from other machines will work just as well as the one the company provides! A friend of mine had a similar machine, of another brand, and our remote controls worked interchangably. Also, I did a little experimenting and found that I could activate both our machines by using a sweeping tone generated by my home computer. About six months ago I had a problem with an unknown person calling my machine and listening to my messages. There was no way I could disable this option, but there is a switch that prevents outside callers from erasing the messages after listening to them. There is no option to change outgoing messages and the like so that is not a concern with this machine. Luckily I have since moved and the new phone number has stopped these outside invasions of my privacy. A back issue of 2600 Magazine had a short editorial on this subject. Their response to the uncaring attitude of the manufacturer was to call the company at night, (the company was using their own machines to man the phones at night) and change the outgoing message to one warning others about the lack of security on the product. Gordon R. Meyer, Dept of Sociology, Northern Illinois University.
The cobra AN-8500 allows ONLY remote listening to messages and has a switch on
the machine which determines whether msgs will be erased after being heard
remotely. Unfortunately, the code for remote listening is one (1) factory
preset digit.
Bob Felderman feldy@cs.ucla.edu
UCLA Computer Science ...!{rutgers,ucbvax}!cs.ucla.edu!feldy
> Are there any machines on the market.....
Well, the one that I have (mainly for cost reasons, since I'm just an
undergrad) is a Phonemate. Basically, it answers the phone, plays my digitally
recorded message, and takes the message.....then when I come home I can listen
to them.
About the only thing that it does remotely is answer the phone, and get my
messages. Although it does allow one to turn it on (if its accidently let
off) from a remote location by letting the phone ring 15 times or more (it will
pick up and play the message to let you know that it is on.....).
After being on RISKS for a few years, I have realized that the convience
realized by a completely remote machine is not worth the risks. I suppose
I could always go to voice mail, or hire a secretary if I needed one....
> Is there any machines out there w/o the remote erase....
What's the big deal? The machine *usually* has a cassette, in it, and assuming
that it wont do a remote rewind of the cassette after playback, all one would
have to do to disable the erase circuit would be to install a small switch in
series with the erase head....when you go out, flip it off when you come back
in and want to erase — flip it on. GEtting a copy of the schematics would be
helpful if possible so that you could disable the entire circuit thereby
preventing the thing from rewinding w/o erasing and then taping over the
messages....perhaps a circuit that would prevent erasure during rewind (the way
they usually work) so that you could play them back but not erase em (i.e. it
wouldnt rewind or erase if you selected erase with the "switch" off....
Shouldn't be too much of a hassle if you are somewhat knowledgeable in
electronics.....or if you arent — try to find a hungry student in electronics
and offer PIZZA! :->
Greeny
Bitnet: miss026@ecncdc
Internet:miss026%ecncdc.bitnet@cunyvm.cuny.edu
Disclaimer: I ain't responsible for nothing you or anyone else does...so
don't blame me....
In RISKS 7.68, Andy "Krazy" Glew asks if there are any answering machines
with redefinable passwords that are long enough for an acceptable level of
security and if any have only non-destructive remote commands. One possible
solution is an "answering machine card" for a PC. Essentially, it is a
complete telephone interface, capable of recognizing touch tones, recording
and playing digitized speech (stored on a hard disk or floppy) and acting as
a modem. A program is usually included with the board that makes it
function as an answering machine. Since the full power of a complete
computer is available, the user can create any kind of password scheme they
desire, including multi-level menus for leaving messages for specific
people. Also, the program can be modified to eliminate destructive remote
commands and new functions can be added. They can even be set up to call
people, delivering a pre-recorded message (ala, computer cold calling).
There are two such boards available, that I know of. Either can be had for
about $250, not much more than a full featured, top-of-the-line dedicated
machine.
I'm not quite sure that this is a good solution to the problem, though. Now
we have a potentially expensive machine attached to the phone line. If
you're worried about losses to messages on a dedicated tape, just think
about the PC with one of these cards.
William Curtiss
> That noise is *very* nasty; there really ought to be emissions standards.
> Every low-cost computer I've ever worked with has been horribly annoying.
> IBM PC's with CGA cards (or EGA cards in CGA mode) were terrible offenders;
> even my Mac is fairly offensive.
I used to shudder when I heard an IBMPC go into EGA graphics mode. On my
current job that happens ten or twenty times a day, I still don't like it
but I'm used to it. I love using the Mac but do notice the noise:
sometimes it helps on a lot of these monitors to hang a cloth or drape
something soft behind the machine. When the monitor is backed against a
solid wall the problem is usually worse. I also have noticed noise coming
out of a couple of IBM AT clone's power supplies, though not at irritating
frequencies.
> (High-resolution screens (noninterlaced, 640x480 and up) don't seem to
> have the problem, but they won't become common in cost-sensitive
> applications for quite a while.)
I don't agree with this. I think you just can't hear them anymore because
they're using higher scan rates. My usually reliable intuition has steered
me away from a Sun workstation with a 19" color screen. However, working
with Unix PC's has really sensitized me to this stuff: when I was last
abroad I had trouble being in the same room as a European TV set (625 scan
lines), especially 25" models.
> How can we drum up some pressure to get OSHA to look into this?
Good question. I've never thought about it, but I sure would like to try. I
suspect letters and phone calls to one's favorite senator or representative
would be a start. Might even be worth trying...
— Ed Ravin
Reader bears responsibility for all opinions expressed in this article.
In RISKS-7-68 eravin@dasys1.UUCP (Ed Ravin) writes: >I've got my own story to tell about high frequency noises crawling out of >computer related devices, and since I'm new to RISKS, my apologies if any >or all of this has been discussed before. I, too, am new to RISKS (drawn here by news of the ARPAnet worm), and I, too, share your earitability. (sorry!) When I was much younger, I used to hear whistle sounds and I'd ask my parents what they were. They immediately took me to the doctor, who told them that I did *not* have an ear infection. They stopped only short of taking me to a neurologist to find out if something upstairs was shorting out. >After that I began noticing the sounds made by all the other CRT's in my >life. They were high pitched and slightly irritating, but not painful. I had >always, even before meeting computers, noticed the 15khz whine from a TV set, >but it had never bothered me. It didn't take me long to figure out that this was among the causes of the noise I was hearing. I have also heard sounds which are distinctly higher in pitch than a standard NTSC CRT (i.e. higher frequency than a 15,750 Hz flyback transformer). I am puzzled as to exactly what these are as the only things I know of that operate around 16 KHz RF are LORAN-type devices and, to the best of my knowledge, I am near no such installations (e.g. the nearest sizable body of water is a long drive from here). >Maybe my problem is that I never listened to loud rock music and my hearing >above 15khz is mostly intact. Here's the kicker: I HAVE listened to loud rock music. I have worked in factories where a wide spectrum of loud noises assaults me for eight or twelve hours at a time (with occasional breaks), but my inability to hear these high frequencies clearly fades within an hour or so after I leave, leading me to believe that that my decreased hearing sensitivity is more a muscle reaction in my ear rather than damage cause by the volume. What, then, leads some of us to be sensitive to these frequencies to a fault and others to be completely unaware of them? Worse, how can we determine what levels are acceptable, given that some people are simply more sensitive than others? If indeed ultrasonic emissions are a cause of illness or other unacceptable consequences, it is vital that a study into the area be launched. Who knows; in a few years we may find our present CRTs replaced with ones that have a horizontal scan rate above 30 KHz to avoid this problem. Geoffrey Welsh, 66 Mooregate Crescent, Suite 602, Kitchener, Ontario N2M 5E6 - CANADA
Please report problems with the web pages to the maintainer