Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
[Background: In Canada, voting in all levels of election has been done by the voter pencilling an X on a paper ballot, which is then counted by hand. Municipal elections are normally the only ones where multiple offices are voted on at once, with several X's on the ballot. In Ontario, all municipal elections are synchronized and they were held last week. For the first time, the elections in Toronto used an auto- matic technique. The voter had to blacken a circle to vote for a candidate; obviously optical mark recognition.] Toronto Star, November 22, 1983: Toronto is going to make doubly sure that a recount of last Monday's municipal election ballots is correct. At an emergency meeting of the outgoing city council yesterday, politicians ordered staff to recount all 142,107 ballots by hand as well as by automatic voting machine — an arduous task that could take several days. Although provincial law only recognizes the machine count, councillors said the unofficial manual recount will [!] help to restore confidence in the city's new $1.6 million automated system. The recount was recommended by City Clerk Roy Henderson last week after his staff discovered that a record 1,408 ballots were rejected by the city's new automated voting machines. The machines are programmed to reject spoiled ballots, but Henderson says he finds "it hard to believe that there were 1,408 spoiled ballots". Because the rejected ballots were not singled out when they were initially fed through the machines [sigh!] on Monday, a recount is needed to find the rejected ballots and examine them, he told council. Henderson said he believes that the high number of rejected or "unread" ballots was not the fault of the machines, but due to a cutting error on the ballots. Staff ran some ballots through the machine as a test last week and found that some ballots were not cut properly, but correctly filled out, were rejected, he told council. "Any variance of 25 thousandths of an inch would cause the machine to reject a ballot", he said, quoting information from the Business Records Corporation, the American company that supplies the city's voting machines and ballots. The only race in Toronto that could be affected and which wasn't already so close that recounts had already been called is the contest for public school board trustee in Wards 9 and 10. Sandra Bussin beat Anne Ferguson by 217 votes, but the number of "unread" ballots in those wards was 238. ... Some alderman questioned why the city should do a full recount of all the wards if the outcome of the election won't be changed and staff already know what caused the error. "The electorate has to be confident that the vote tabulation machines do the job they are supposed to do", city solicitor Dennis Perlin replied. [There were no such reports of problems from other municipalities in Metropolitan Toronto which also used the voting machines.] Mark Brader, Toronto utzoo!sq!msb, msb@sq.com
"Touchtone registration" is what many universities are going to, including the one I work for. This allows students to register, drop, and add classes from the comfort of any available touchtone phone. (There are some on campus for students that don't have access to one normally.) Unlike the previous early registration system, it allows students to choose their own alternatives when classes are filled or are not allowed. (class full, conflicting times, not authorized, etc.) What worries me is the choice of 9 digit student ID (one will be assigned in the 900 range for students not supplying their SSN) and 6 digit access code (the student's birthday). With this information about any student, it is possible to rearange their schedule. (Confirmation of the change is sent in the mail, assuming that your address is up to date.) Pranks (register someone for "human sexuality") and dropping someone from a full class so you can get in are possible abuses, as is changing your mind about a schedule rearrangement then complaining that you didn't do it. [Supposedly, ethically minded students would not entertain such pranks? But, historically, pranks abound among college kids. On the other hand, designing a system to prevent such malicious misuse is not easy. Note that audit trails would not help much, because the record will say that the victim was the person who authorized the change! A written notification might help, with some period allowed for appeals that it was not legitimate, but that too could be abused intentionally — e.g., to give you a deferred option... PGN]
The following is taken from Intercom, Vol 28, No 24, Nov, 11, 1988, an Air Force Communications Command newsletter: Computer break-in By Special Agent Mike Forche, AFOSI computer crime investigator A computer hacker penetrated an Air Force Sperry 1160 computer system in the San Antonio, Texas, area. The hacker was discovered by alert Air Force Communications Command computer operators who notified the data base administrator than an un-authorized user was in the system. The data base administrator was able to identify the terminal, password, and USERID (system level) used by the hacker. The data base administrator quickly disabled the USERID/password (which belonged to a computer system monitor). The data base administrator then observed the hacker trying to get into the system using the old USERID/password. He watched as the hacker successfully gained entry into the system using another unauthorized USERID/password (which was also a system administrator level password). The hacker was an authorized common user in the computer system; however, he obtained system administrator access level to the government computer on both occasions. Review of the audit trail showed that the hacker had successfully gained unauthorized access to the computer every day during the two weeks the audit was run. In addition, the hacker got unauthorized access to a pay file and instructed the computer floor operator to load a specific magnetic tape (pay tape). The hacker was investigated by Air Force Office of Special Investigation computer crime investigators for violation of federal crimes (Title 18 US Codes 1030 computer fraud, and 641 wrongful conversion of government property), Texas state crimes (Title 7, Section 33.02 Texas computer crime wrongful access) and military crimes (obtaining services under false pretense, Uniform Code of Military Justice, Article 134). The computer crime investigators made the following observations: - USERIDs used by the hacker were the same ones he used at his last base when he had authorized system access in his job. The use of acronyms and abbreviations of job titles will hardly fool anyone; plus the use of standard USERID base to base is dangerous. - The passwords the hacker used were the first names of the monitors who owned the USERIDs. The use of names, phone numbers, and other common easily-guessed items have time and time again been beaten by even the unsophisticated hackers.
In the November 1988 issue of CACM, at page A-17 there is a tear-out postcard for ordering ACM Press book. On the back of the postcard there is a blank for one's credit card number and expiration date. Yes, on a postcard. Eric Hughes hughes@math.berkeley.edu ucbvax!math!hughes
From: IN%"KAHIN@hulaw1.HARVARD.EDU" "Brian Kahin 617-864-6606" 18-NOV-1988 17 : 5 3 Return-path: info-law-request@sem.brl.MIL Date: Tue, 15 Nov 88 16:36 EST From: Brian Kahin 617-864-6606 <KAHIN@hulaw1.HARVARD.EDU> Subject: EDUCOM white paper Readers of this list may be interested in the white paper, "Property and Propriety in the Digital Environment: Towards an Examination Copy License," just published by the EDUCOM Software Initiative. The paper, which I prepared for ESI, proposes to two model licenses to encourage faculty evaluation of software programs while maintaining respect for the rights of copyright owners. The first model license is for "circulating evaluation copies" — i.e. copies which can be circulated by libraries or other campus facilities. It is targeted to commercial publishers of tools and courseware. The second model license is for "distributable evaluation copies" — copies which may be downloaded or duplicated subject to certain conditions. In effect, it proposes a standard for "academic shareware" that is more rigorous than conventional shareware licenses. It addresses the differences among shareware licenses by offering a kind of lowest common denominator. It is hoped that the model license — and the kind of user environment that the EDUCOM Software Initiative is trying to foster — will encourage academic authors to disseminate evaluation versions of their software over the academic networks. The white paper will appear in the next issue of the EDUCOM Bulletin. A specially published version is available on request from the EDUCOM Software Initiative: EDUCOM Software Initiative, PO Box 364, Princeton, NJ 08540 609-520-3340 BITNET: esi@educom
There is much apathy about teaching ethics to our children.
Some have suggested this is because the ethics that is being taught
is really only in the self interest of the teacher at the
expense of the child. 'It is your DUTY to die for your country
whenever the government calls', etc.
Others have suggested it is because religions of various sort
have given it a bad name by making ethics some sort of absolute code
of behavior independant of any external circumstances. If you are married
and there is an atomic war and you and someone else who is NOT your wife
are the only two people left alive, is it immoral to have sex with them
to restart the human race even if there is no preacher to marry you?
Maybe there is something to be said for these ideas that years
of misuse of teaching ethics for ulterior motives has given it a bad
taste in everyones mouth, but it seems to me that there is still away
to revitalize the subject as long as we leave the religious fanactics and
the parents telling their kids its unethical to talk back out of the
picture.
One of the most effective ways of teaching new drivers to slow
down and drive carefully is to show them movies of mangled corpses
from accidents. Sometimes movies are not enough. After having seen
a few real cars that had been wrapped around a telephone pole, I got
a message through to my brain about something or other that I will
never forget. Cars are fragile and should be driven with care.
Maybe by indoctrinating kids with the RESULTS of unethical
behavior in its goriest details and letting THEM decide and vote on
how it came about and what was unethical and how to avoid it, we will
form young adults who are capable of determining ethics for themselves
from the data of the consequences. Show them the consequences and let
them figure it out, rather than tell them the answer (what is and is not
ethical) and hope they never have to see the consequences.
How many kids develope sexual tragedies (pregnancy, disease etc.)
because their well meaning (?!) parents never talked to them about sex
for fear they would HAVE sex if they knew about it. Are we not ALL
suffering from this kind of mentality in America today?
Christ, kids don't WANT to hurt. Don't you think we can solve the
teaching problem just as we have solved so many others? Some would
tell you that people are bascially bad, certainly seems this way sometimes.
Maybe people look into their own hearts and they see THEY are basically bad
so they teach that others are also. But maybe this is all wrong.
Maybe people are basically GOOD. Even bad people. Maybe something
went wrong. Maybe it is up to us to figure it out and do it right.
The solution to apathy is to realize that there IS a problem,
and there IS an answer, and WE WILL find it. You just keep going
until you do. The only other answer is to lock everyone up at birth.
Homer W. Smith
Senior Programmer
Hubbard Fractal Research Facility
Cornell National Supercomputer Facility
Pennsylvania has been using entry-exit tolls on the Penn
Turnpike for a good many years now. One of the main problems
they ran into when they first cut over about a decade ago hasn't
been mentioned here yet: Unsynchronized clocks. That's right.
There was no "master clock" for all the toll booths. The problems
are obvious. On short trips you found yourself exiting *before*
you got on (does this mean they pay YOU a toll?) or on medium-length
trips, it was common to average somewhere over 400 miles per hour
between two certain booths. This was during the era of mechanical
clocks, but such problems could easily carry over to the electronic age.
brent laminack (gatech!itm!brent), In Touch Ministries, Atlanta, GA
"Why not make use of such a system voluntary? ... The principle
seems to me to be that if you are potentially diminishing
someone's privacy, they should have a choice about it, and the
costs and benefits should be made clear."
In the proposed scheme, people who desire privacy must single
themselves out by entering the queue of those who want privacy. This
alone diminishes their privacy.
It's similar to a (fanciful) scheme in which voters can choose the
"express, no privacy" line, where others can see their choices, or can
select a standard voting booth. Those who choose to vote in privacy
may be stigmatized as those who have "something to hide."
Andrew Klossner, Tektronix, Wilsonville, Oregon
(uunet!tektronix!hammer!frip!andrew) [UUCP]
The following blurb along with a flyer appeared in my phone bill
yesterday (Upper/lower case added by me):
Suspend, restore and disconnect with RightTouch(SM) service
You can suspend, restore or disconnect your Florida home telephone
service at your convenience with Southern Bell's RightTouch
service. You can use RightTouch service 24 hours a day, seven days
a week by dialing 1 800 826-6290 from a touch-tone telephone.
There is no additional charge for using the service, although the
normal charge for restoring your phone service still applies.
To access RightTouch service, you will need the personal access
code (PAC) shown below. This code has been assigned to your
telephone number and should be protected as you would a credit
card.
***Personal access code xxxx***
Once you dial the RightTouch service number, easy-to-follow verbal
instructions will guide you through the ordering processing to
suspend, restore or disconnect your phone service.
Yet another 'service' I can do without, but there's a positive
side to this one. It's currently possible to initiate some types
phone company service orders via a simple verbal phone call. No
significant attempt is made to identify that the caller is who they
claim to be. If RightTouch eventually *replaces* that process then it
may actually be an improvement. It depends on how well it handles
repeated invalid password attempts. ---Scott.
Last week I purchased and installed a cordless telephone. It is marketed as the "Freedom Phone" by Southwestern Bell (the local AT&T spinoff). After one phone conversation, I noticed that, for a very brief interval, I could hear what sounded like another conversation. I've experienced cross-talk on long-distance calls, but this was a local call. Anyway, I suspected that I was hearing another cordless telephone. To verify this, I unplugged the base unit (to kill its carrier signal), and, by golly, I could hear *both ends* of on of my neighbor's phone conversations (I recognized my neighbor's voice!) I checked the manual to see what to do about this - after all, if I can hear my neighbor, couldn't he hear me? The "Freedom Phone" transceiver uses any one of 10 channels in the 46-49 MHz range, selectable by an internal rotary switch. Well, I switched the handset to each of the 10 possible channels, and could hear conversations on EVERY CHANNEL! The unit has a 9-bit "security" DIP-switch, but this seems to only prevent another handset on the same frequency from accessing my base unit. The unit advertises a range of 1000 ft., and I'm sure that range is for usable access of the base unit. Actual audible signal range appears to be MUCH farther. When actually using the phone properly, with the handset in close proximity to the base unit, the relative signal strength of the units is much stronger than a neighbor's more distant unit, so you are normally unaware of a neighbor on the same channel. However, when using the cordless phone, I now always consider that others may be listening!
Please report problems with the web pages to the maintainer