Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
From The New York Times, May 4, 1990, Friday, Late Edition - Final Section A; Page 12, Column 3. In Colorado, a Furor Over Computer Mail (By JOHN MARKOFF) For more than a year, the Mayor of Colorado Springs read the electronic messages about city business that members of the City Council sent to one another from computers at their homes. The disclosure of the Mayor's mail perusal has not only touched off a bitter political dispute in the city but has also put a spotlight on problems in reconciling advances in computer technology with laws on open meetings, public records and personal privacy. The Mayor, Robert Isaac, has defended his actions, saying he monitored the council members' messages because he was concerned that they were using the system to hold illegal caucuses. Under Colorado law, City Council business, with a few exceptions, must be conducted at public forums. 'Public vs. Private Conflict' ''It's a good example of public versus private conflict in the face of new technology,'' said Carol Gould, a professor at the Stevens Institute of Technology, who has studied the ethical implications of computer networks. ''It's a problem that computer technology exacerbates, and it points to the importance of designing systems that distinguish between private communications and open public discussions.'' More broadly, the case has raised concern that actions like those of Mayor Isaac could undermine public trust in computerized technology designed to promote efficiency in civic affairs and to allow more residents to participate in their local government. ''It's serious,'' said Marc Rotenberg, national director of the Computer Professionals for Social Responsibility, an advocacy group. ''Because users of electronic mail systems should have a fundamental expectation of confidentiality, when that expectation is breached, the value of the network is undermined and a chilling effect on future use is likely to result.'' Some City Council members said that even if the Mayor's actions were legal, they undermined the political system. ''I did not know the Mayor was reviewing our mail,'' said Mary Lou Makepeace, a Council member. ''At the very least, it's bad manners.'' But at least two of the nine members said they had been aware that the Mayor had access to computer printouts of messages stored in the system. Only six members of the Council were using the computer system. $22,000 Computer System At the heart of the dispute is a computer system the Council purchased in November 1988. The $22,000 system included portable computers for Council members to permit them to send and receive electronic messages while they were away from the city offices. The base computer in the city offices also enabled officials to post public notices that city residents could see by calling the system. The Mayor's ability to monitor the messages was curtailed in February after several members of the Council became curious about his knowledge of issues that had been discussed on the computer. After they raised the issue, City Manager Roy Pederson decided the messages were as private as telephone calls and should therefore be read only by those to whom they were addressed. He ordered that a city secretary stop making copies of the messages from the base computer at the city offices. The Mayor confirmed that he had been reading the messages by complaining to the Council later that his access to them had been cut off. Mayor Isaac, who will become president of the United States Conference of Mayors in June, said he thought the Council members understood that all the messages sent on the computers could be read by anyone with access to the system. He Seeks Public Access Mayor Isaac told the Council that he had received copies so he would know what everyone on the Council was talking about. He said he believed that each Council member should see copies of the materials and that they should be open to the news media as well to make sure the Council was complying with the state law on conducting business in public. The Mayor also said he believed that the information on the computer, including the Council members' messages, should be accessible to the public. ''It's still an issue at this point,'' said Wayne Fisher, a Council member who says he is considering filing a complaint with the Federal Bureau of Investigation under the 1986 Federal Electronic Communications Privacy Act. ''Several times on the system I sent messages to other Council members that said, 'Boy, am I glad the Mayor can't read this.' '' The law requires operators of public electronic communications systems to protect the privacy of messages on their system. The law distinguishes betweeen public systems and those that are for private use. But the law also places some restrictions on privately maintained systems. Violations carry a maximum penalty of five years in prison. Until recently Mr. Isaac, a three-term Republican, was considering running as a Republican candidate for governor, but he decided not to enter the primary. He said his decision to withdraw was not related to the electronic mail controversy. Mayor Opposed the System But Mayor Isaac said he believed the issue was being used for attacks by Democratic politicians. ''I personally don't think we ought to be paying tax money for private telecommunications,'' said Mr. Isaac, who had opposed purchasing the computer system. The City Attorney, James Colvin, who is now reviewing the city's policy regarding the use of the electronic mail system, said he did not believe that the Mayor's actions had violated the communications privacy law. But legal experts said it was possible the law had been violated. ''I think that he could be in some trouble,'' said John Podesta, a consultant in the District of Columbia, who formerly served as legal counsel to Senator Patrick J. Leahy, Democrat of Vermont, the principal sponsor of the communications law. Mr. Podesta said he was concerned that the Colorado Springs controversy would cause other cities to think twice about relying on similar computer systems. ''People are going to worry that if they plug into these systems it will be like bringing Big Brother into their households,'' he said.
There is a peculiar bug in the AppleLink application which, taking into account the country in which I currently live (Chile) made me sit up and grin. (The AppleLink application is a nice front end for Apple Computer's worldwide electronic mail and bulletin board system.) This is the bug: 1 Write a new memo and save it using the name "General". 2 Quit to the Finder or switch to it if you're using MultiFinder. 3 Now try to find the file "General". It's not there! This problem occurs in both AppleLink version 4 and version 5. I don't have a copy of version 5.1, so I can't tell if it happens there as well. The problem is repeatable 100%. A document that is supposedly saved as "General" will cause some disk activity as if it is being saved, but you will never find anything on your disk. As far as I only it only happens with documents saved as "General". You can imagine how baffled I was the first time it happened to me, just after finishing a lengthy letter. I looked all over the place using disk utilities, searching utilities, etc. (no, you hackers out there: the file is not "invisible" either). It was gone. However, after a while the logic behind the "General's disappearing act" dawned on me: some of you may remember that only two months ago, Chile's former dictatorial regime, headed by General Augusto Pinochet, was replaced by the democratically elected president Patricio Aylwin. So remember from now on: General will always disappear :) -- Thomas Fruin Apple Chile AppleLink: LAICHI.SPT (laichi.spt@applelink.apple.com) Internet: tafruin@heraldo.apple.cl
The Spring, 1990, issue of Visions, the Oregon Graduate Institute's
quarterly magazine, has an interesting article on a man who broke into
telephone computers, creating the kinds of disruptions that have been
discussed lately on RISKS. The programmer, named Corey Lindsly, lives
in Portland, OR. He was eventually arrested and pled guilty to a
felony count of stealing long-distance phone service.
Here is an excerpt.
--David
Confessions of a Computer Hacker
by Michael Rose
Visions (Oregon Graduate Institute quarterly magazine)
Spring, 1990
...
Perhaps the most disturbing part of Lindsly's adventures was his
penetration of AT&T Switching Control Center Systems. These sensitive
computers support long distance telephone service. System
administrators for 17 of these computers spent over 520 hours mopping
up Lindsly's damages.
According to [AT&T New Jersey manager of corporate security Allen]
Thompson, Lindsly could have "severely disrupted" the nations's
telephone service.
Lindsly, however, bristles at the suggestion of his doing potentially
dangerous stunts. Anything beyond harmless pranks is "beneath the
hacker ethic and uncouth," he says.
He does admit to disconnecting phones, changing billing status, and
adding custom calling features. He also likes to convert residential
lines to coin class service, so when the unwitting homeowner picked up
his phone, a recorded voice would tell him to deposit 25 cents.
"Swapping people's phone numbers ... now that was great trick," he
recalls, with obvious amusement. "You would have your next door
neighbor's number and he would have yours, and people would call you
and and ask for your neighbor, and vice versa, and everyone's getting
totally confused."
>When a man visited the Minnesota lottery office with a winning ticket worth >$1000, employees looked through his records and found he owed the state that >amount - and more. So he was handed a cheque for $0.00 - and a tax form. Completely true, and has happened a number of times already. The amounts mentioned in local papers range up to the maximum $5,000 prize. Quite a lot of controversy about introducing a state lottery here — a columnist made an interesting observation: this is the first time the state of Minnesota (known as a very high-tax state) has ever offered a tax break based on intelligence. I guess I agree — the payout is something like 12.5 cents on the dollar. With a max of 5 grand, it takes a real dweeb to blow anything on a ticket. Of course, they are selling millions per week . . . . Innumeracy runs rampant. Mike Beede, Secure Computing Technology Corp 1210 W. County Rd E, Suite 100, Arden Hills, MN 55112 (612) 482-7420
This is true. If you win any lottery amount for which you must go to the
lottery office to collect (usually $1,000 and up) they will check you records
for:
1) Outstanding Taxes Owed.
2) Gov't supported loans which are in arrears
(i.e. delinquent or defaulted STUDENT loans)
3) Any fines (parking, traffic, etc) owed.
4) Basically any outstanding money owed to the gov't.
(Provided it is in collections)
and take that out of your winnings. I had a friend who had won $1,000
in the Virginia lottery but had several thousand dollars in delinquent
student loans, so he had to find a very good friend, who didn't owe
the gov't money, and whom he trusted ALOT to go pick up the money.
Emmett Hogan Computer Science Lab, SRI International
[Further contribution from david paul hoyt <YZE6041@vx.acs.umn.edu>
steve@jhereg.Minnetech.MN.ORG (Steve Peterson).]
Ever wonder how TRW access information gets "discovered"?
TRW dialup access is still notoriously unsecure, and any employee
in the credit office of a legitimate TRW subscriber (like a major retail
store) can obtain in a matter of minutes access information which would
allow any third party with a PC to spoof the legitimate TRW subscriber.
During the 1970's when many TRW subscribers were still using ASR-33
teletype machines to access the TRW database, the lack of security was
appalling. Typically, a TRW subscriber would encode credit request information
for one or more customers while the ASR-33 was offline; i.e., they would punch
a paper tape. The TRW access code (common to a local area) and subscriber
identification number was encoded in the answerback drum of the ASR-33. The
first part of the paper tape consisted of this punched information when the
answerback was triggered by the operator entering a CTRL-E, which was the first
step in preparing the paper tape. A measly two-character "security check" was
then entered by hand. This two-character "security check" often remained the
same for the better part of a year. After the tape was prepared it was placed
in the ASR-33 reader and the local access number dialed. Following printing of
the reports, the paper tape was discarded - usually without regard to security.
Anyone rummaging through a dumpster who got their hands on even ONE paper tape
would obtain all the access information necessary to spoof the target store.
But wait... it gets *worse*... The two-character "security check"
code was also openly printed on any resultant credit report! And any
customer who asked to see their credit report (a not unusual or
unreasonable request, if made under appropriate circumstances), and
who knew where to look could obtain the subscriber identification and
security check code for the target store.
Short of implementing a hardware encryption or other security
device whose physical presence is necessary and whose encryption and/or
authentication keys cannot be readily extracted, the risk of unauthorized
access to the TRW Credit Database will remain significant.
Larry Lippman @ Recognition Research Corp. a
As I was driving through York last night, I came to a set of traffic lights which were red-amber (for non-British readers, the British traffic lights work on a sequence of red, red-amber, green, amber, red). A driver in front of us had stopped at these lights (which is slightly unusual, most UK drivers seem to take red-amber as meaning 'go', although you are supposed to wait until the lights go green). After waiting at the lights for twenty seconds or so, it became apparent that the lights weren't going to change (they normally stay red-green for 1.2 seconds, if my memory serves me correctly), so the driver drove on, and we followed him. Traffic controllers in the UK are based around a microprocessor controlling up to 16 or 32 'phases' (i.e. different sets of lights). In addition to software protections, a hardware interlock is provided to ensure that no two conflicting phases go green at the same time. However there is only software preventing other failures. In York there is also a traffic control centre, which can alter traffic light timings, and other parameters (the controller software cannot, however, be altered). A possible scenario of what happened is that the register containing the time of the red-amber state became altered from 6 to some larger time step (the timings go up in steps of 0.2 seconds). The implications of this are slightly worrying: green lights on one phase with red-amber on a conflicting phase. The above information is based on my employment with a company who makes traffic controllers, and may be incorrect in places, but is mostly correct. Andy Coombes, Department of Computer Science, University of York, Heslington, YORK
I posted a news about two kinds of virus Namba I and Namba II on Sharp
X68000. During the long vacation of Japan (so called Golden Week, until May 6)
the story of a high school boy about making the virus with fourty people
according to the request of a client turned to be a fake. Asahi Shinbun
newspaper on its May 4 issue printed an apology for making trouble to many
people with the unfounded story.
It remains a mystery who made the two viruses and how the game
software was contaminated by them.
Yoshio Oyanagi (Univ. of Tsukuba)
Artdink Inc. is now distributing the vaccine against the virus which was
contained in the simulation game software "FAR SIDE MOON". It says that the
virus in question is attached to the battery backed-up area of the SRAM of
X68000 and if the system is booted by a floppy without the protect seal, the
floppy is contaminated. It is named "NX68K IPL V1.02". The effect of the
virus is it will destroy the data on the floppy after July this year. This
virus started to prevail among X68000 users last December.
Artdink started to sell "FAR SIDE MOON" for X68000 on April 13 (Friday
!!!!). 3200 sets have been sold before calling back due to the virus. Not all
the articles are contaminated, only those in limited lots. This software
consists of three floppies, among which only game disk is contaminated while
system and data disks are not. If a user boots the dirty floppy according to
the manual, the virus is not transfered to the SRAM.
The vaccine, named "DOCTOR" was written by the editorial office of the
journal "Oh! X" for X68000 users. It initializes the SRAM and make it immune
and it kills the virus on the floppy. However, it is effective only to two
viri V1.02 and V1.05.
Yoshio Oyanagi (Univ. of Tsukuba)
The Boulder, CO Sunday Camera for May 6, 1990 reports [in a box of "National
Briefs" attributed to unnamed "Camera wire services"]
Army considers computer virus as weapon:
The U.S. Army is looking for help to develop the seeds of new-age germ warfare:
It wants business to help it turn computer "viruses" into military weapons.
Experts predict the viruses, if successfully developed, could be used to wreak
havor on the increasing number of computers in the battlefield. The
destructive computer programs, which have increasingly damaged commercial and
research computer systems in the past four years, could be used to disrupt
military communications, impede the control of weapons and feed misleading data
to enemy commanders.
The viruses could also be used to alter the programming of crucial
communications satellites serving combat units, the experts said. The Army is
soliciting bids from small businesses to determine the feasibility of using
computer viruses in warfare. And it is willing to pay as much as $550,000 to a
company that comes up with a plan for creating the programs — and figures out
how to use military radio systems to introduce them into enemy computers.
[No mention of a comparable RFP to protect the Army's computers against the
same fate.]
Gary McClelland gmcclella@clipr.colorado.edu
[Also noted by jwm@stdc.jhuapl.edu (Jim Meritt)]
An Associated Press story in the May 7 St. Paul Pioneer Press says that Northwest Airlines is having recurring problems with its A-320 flight control systems. "Northwest has sent pilots a bulletin advising them of possible problems following 'a recent series of events related to suspected failures' in the cockpit computer system." Northwest is reportedly involved in discussions with the FAA and Airbus to prevent and correct the problems. The rest of the report contains quotes and so forth maintaining that none of the failures has endangered passengers, and that such failures are normal "when you're breaking in an aircraft". No explanation of exactly what types of failures or anomalies have been observed.
Please report problems with the web pages to the maintainer