Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Time-Bomb Ticks In No-Name Pentium Motherboards By Alexander Wolfe, EETimes (Via PointCast News and TechWeb, 28 Apr 1997) > MILPITAS, Calif. — There may be a ticking time-bomb in millions of > Pentium motherboards. The problem boards — often low-cost or no-name > brands — skimp on the number and quality of capacitors that are required > to smooth out voltage spikes around the CPU, a U.S. electronics executive > has charged. As a result, they don't meet Intel's power specifications and > are subject to unexpected failures that could trash data and files of > unsuspecting consumers. Key points made by the author: * Bob Dobkin, a vice president at Linear Technology in Milpitas, CA, said "Your processor locking up may not be [caused by] your software — it could be cheap power-supply components on your motherboard." He added, "This is potentially a bigger problem than the Intel Pentium floating-point bug because there are millions of computers that could go bad." * Apparently some clone manufacturers have not taken into account the design criteria for Pentium and later CPUs and have used fewer and cheaper capacitors than they should. * "Klamath" (the Pentium II chip using MMX technology) will be even more demanding, with voltage and current surges that exceed anything used in Intel processors up to now. * The article includes test results for seven types of motherboards. The poor performers had 11 and 21 capacitors; better boards were using 54 capacitors. * Cheap capacitors also age quickly and can fail after a couple of years, leading to system lockup. * The author writes, "One way for OEMs to check that boards are within spec is with an Intel power validator, a piece of hardware that sells for approximately $1,000." M. E. Kabay, PhD, CISSP (Kirkland, QC) / Director of Education, National Computer Security Association (Carlisle, PA) / http://www.ncsa.com
Cyber Promotions, one of the largest conduits for junk e-mail, was hit with a temporary federal court restraining order in response to Earthlink's complaint against their electronic ``trespassing''. They also agreed to pay CompuServe $65,000 to settle a federal lawsuit, and agreed to stop spamming CompuServe users. (They had earlier agreed to a similar settlement with AOL.) Also, in the same two-day period, they experienced a 20-hour retaliatory reverse-spam that flooded their computer system with millions of requests for hardware identification numbers [which some might call a taste of their own medicine]. That attack was stopped by filtering out 50 net addresses. [Source: an AP item by Jennifer Brown, seen in the *San Francisco Chronicle*, 9 May 1997, C2]
An article in the *Electronic Telegraph*, 9 May 1997, describes an incident at Telehouse a supposedly "maximum security, telecommunications and computing back-up center" in east London. Despite several redundant power systems (two connections to the national grid, battery room and two diesel generators) the system was off line when "somebody simply flicked the wrong switch."  "The many fail-safe systems did not work because they are designed to operate if external power supplies are disconnected. In this case the power was switched off inside the building."  Quotes lifted from the electronic telegraph. [1,2] attributed to Adrian Bannington, financial director of Telehouse. Another example of the designers of a system protecting against a perceived problem, that of an unreliable external power supply, but neglecting the unreliability of the operators... Tim Sheen, Department Of Engineering, Fraser Noble Building, King's College, Aberdeen, AB9 2UE. firstname.lastname@example.org (+44)-1224-273-830
Next Saturday our Queen will open the last piece of the coastal defenses put in place after the 1953 floods. As part of the harbour of Rotterdam is behind the dam, it is movable. Quite a nice construction, actually: two floating walls attached to huge ball-bearings 240m behind. The closing time is about 11 hours, so the decision to close is based on the weather forecast, tides and so, and is made by a computer system "BOS" (Decision & Support System in Dutch). This is expected to happen once every 5 years or so. There is *no* manual override. Research at Leiden University has reportedly shown that humans will make a wrong decision every 1000 events, whereas the computer is trusted to fail once every 100000 decisions. We have been overtaken by software. [Source: http://www.nrc.nl/W2/Lab/Profiel/Waterkering/bos.html (in Dutch)] Geert Jan van Oldenborgh email@example.com http://www.xs4all.nl/~gjvo
I was looking around the Java applets that Sun has on its Javasoft site - they have a list at http://java.sun.com/applets/js-applets.html and I was trying a few of them out. I am using Netscape 3.01 for Windows 95. At one point, I came across one, http://java.sun.com/applets/Jumpingbox/example1.html and ran it. Netscape version 3.01 for Windows 95 crashes with the following error: a "crash" dialog box (red circle with white X) appears saying MICROSOFT VISUAL C++ RUNTIME LIBRARY RUNTIME ERROR PROGRAM C:\(directory list)\NETSCAPE.EXE R6025 - pure virtual function Dismissing this produces the system "crash" dialog box: NETSCAPE CAUSED AN INVALID PAGE FAULT IN MODULE MFC40.DLL at 0137:5F8012B6 This problem is reproducible, because I caused it to happen a second time when I watched where I was going and what I was doing so that I could discover exactly where the error was that crashed Netscape. Interesting to note that Netscape uses Microsoft Visual C++. Hmmm. This message is similar to one which has been sent to netscape both through their web site and as E-Mail.
I recently received a message on a mailing list I look after with the alarmist subject line: "Fw: [Fwd: IMPORTANT!!! STOP EVERYTHING AND READ THIS." Readers of Risks will not be surprised to learn that this was PENPAL, and indeed there were already a couple of replies that told everyone to relax, it was a hoax. However, I currently use MS Internet Mail (the one that comes with Internet Explorer), and there's a bit of a twist to the tale. This particular message had arrived as a disembodied attachment. MSIM turns attachments into a rich computing experience. (See previous postings on ActiveX for an explanation of this phrase.) They show up as icons in a tray at the bottom of the message. If you double click the icon, you may start up Word or Excel, or you may even run the the attachment as an executable. This particular icon was nicely labeled "IMPORTANT!!! STOP EVERYTHING AND READ THIS NOW!!!", but there was no obvious way of knowing what would happen if I double clicked. I've figured out how to detach MSIM attachments and inspect them. It turned out that this one was just the PENPAL notice with a couple of "forwarded by" headers. However, if someone chose to attach a destructive executable and labeled it "Read Me Now", and if I double clicked to read it, I could have a very rich computing experience indeed. There's really nothing fundamentally new here, just a situation where a generally user friendly program makes it a little too easy for a novice to get bitten. Perhaps there's a thread that MS is too deeply rooted in the mind set of individual computers (security by accident), and is jumping onto the internet bandwagon without sufficient forethought. Who knows? Perhaps lemmings enjoy the ride. John Mainwaring Nortel RTP NC firstname.lastname@example.org
Mikael Pawlo <email@example.com> writes (in a Scandinavian mailing list on legal issues) about a Norwegian surveillance camera that is ``is sending pictures from the entrance of a brothel [a `massage studio' according to the article] out on the WorldWideWeb,'' quoting an article in the Norwegian (net) newspaper, Nettavisen, noting that this would probably not be legal in Sweden. The article is <http://www.nettavisen.no/Innenriks/862983189.html> (in Norwegian) and the camera is at <http://sel.ikke.no/horer/> According to the article (and assuming my translation is accurate), the pictures are legal ``as long as auto license numbers or the identity of people photographed is not made known.'' Nettavisen also noted that the person who is broadcasting the photos did not dare to have his picture or name published. The picture I saw was of such low quality that I doubt that anyone could be recognized, so the risk may be small. But it is only the start. (About a year ago, a Swedish restaurant had a camera on their web page, showing presumably happy eaters, and was told by the Data Privacy folks to turn it off.) Martin Minow firstname.lastname@example.org [I don't recall Martin submitting the parenthetical item before. He must have been smorgas-bored. PGN]
http://www.rdg.opengroup.org/public/tech/base/year2000.html outlines a cunning plan to delay the problem until everyone responsible has retired, and probably died.[*] It suggests interpreting years from 00-68 as being in the 21st century, and 69-99 as being in the twentieth. While the paper does say that 4-digit dates are the correct solution, the use of sliding date windows like this is avoiding the problem in a way I hadn't seen before. It seems unjustifiably optimistic to assume that computers will be retired just because of a Nth instance of a date problem. Adam [*] Is this a new risk of life extension techniques? That people will live long enough to be lynched for (their mistakes||practical decisions made under the pressures of the day)? [This does not do much for the folks-over-100 problems we find in RISKS now and then, and creates a bunch of new folks-over-31 problems. Another simplistic solution that will create lots of new problems? PGN]
Note the estimated fraud figure of 6 billion ECUs. If we assume half of the fraud was done on the net, and that there are perhaps 10 million European net users, and that an ECU is worth about a buck, that's $300/user. The high end of the range gives $3000! I can see why Europe is hesitating to go online, what with money just oozing away through the modem like that. Rich email@example.com EC STUDY CITES FRAUD ON THE INTERNET (from EDUPAGE) A study conducted by Deloitte & Touche on behalf of the European Commission estimates that international fraud has cost the European Union anywhere from 6 billion to 60 billion European currency units, with much of that fraud perpetrated over the Internet. "At its simplest, the Internet allows a fraudster to set out a site on the World Wide Web which claims to be the site of a reputable company or organization. Victims are then induced to part with funds via credit-card payments, or induced to reveal valuable information. At least one major international bank is known, confidentially, to have suffered from this although details of losses are not available," says the study. And while encryption can help ameliorate some of the problems, it is a "double-edged sword" says the study, because it can also shield the nefarious doings of crooks on the Net. The study calls for international cooperation among governments in apprehending electronic fraudsters, and says the issue poses "huge" challenges to law enforcement and civil agencies: "The traditional sources of forensic and other evidence will become rarer, and a range of new types of evidence will need to be acceptable to the courts." (BNA Daily Report for Executives, 5 May 1997)
I would like to report an incident that confirms the positive social benefits of this forum. A while ago I posted an example of an SSL security breach. Luckily for me, I mentioned the name of the bank involved, and with even more luck, somebody passed the item on to a national newspaper. This was extremely lucky, because banks and lawyers don't read comp.risks, but they read newspapers. It all started when the now-never-named bank put its mutual fund information on a third party's site that had absolutely no legal-liability relationship with the bank. My company has thousands of employees going through a single firewall with a single IP address. Since the bank is downstairs, it turns out that just before an important income-tax deadline that my company was funnelling out extraordinary traffic to the third-party web site. Even though the SSL traffic was encrypted, a unique session key has to be generated each time somebody goes into the site. You can't `log out' so your session stays open until they decide to expire it, a few hours later. Now 40 bits is a lot, but lucky for us, somebody decided to use the IP address as part of the key generator. Suddenly, for our company, 32 bits of randomness was eradicated. The high volume meant that session keys were being fully rotated every hour. As luck would have it, the inevitable happened. Person X checked their portfolio, and 40 minutes later, Person Y checked theirs. Person Y was instantly teleported into Person X's account. This messenger tried to sort things out and suffered the ventilation of most such messengers. But, lucky for Society, there was lots of employment for lawyers. Security experts benefited from the large amount of money that was spent to straighten this out, by the bank that had nothing to do with it. Of course, with great humbleness, not a word of this will get out. We are lucky that we never have to worry about this problem again, and although some may think that the lesson here is to 'never mention names', we may have not had such a fortunate outcome, if this correspondent hadn't been so naive.
Courtesy of the Dow Jones News Service via CompuServe's Executive News Service: Plaintiffs Join Privacy Suit Against Metromail,R.R Don Dow Jones 5/1/97 12:00 PM > WASHINGTON (Dow Jones)--A Washington law firm said plaintiffs from three > states joined an ongoing purported class action against Metromail > Corp. (ML) and R.R. Donnelley & Sons Co. (DNY), which owns about 38.4% of > Metromail, over alleged privacy violations. :: Ohio grandmother completed a metromail survey and received a "sexually graphic and threatening letter" from the person who keypunched her data. That person was a guest of the taxpayers of the State of Texas resulting from a rape conviction. :: Persons from four states have joined the suit. :: Donnelley spun off Metromail in June 96. :: The Texas Department of Criminal Justice was originally part of the suit, but has been dismissed by the court. Dave Kennedy [CISSP] Research Team Chief, National Computer Security Assoc.
<> Mr. Blair, who will become the youngest prime minister since 1812, Need I point out that the quoted date of 1812 is also incorrect. It should be 1832. Perhaps it is a RISK of computer users that we notice the (frequent) spelling errors and this numbs us to the more significant factual errors. paulward (DrGS)
Courtesy of Reuters News via CompuServe's Executive News Service: Swedish hacker who paralyzed US switchboards fined Reuters North America 4/30/97 2:39 PM > GOTHENBURG, Sweden (Reuter) - A Swedish teen-ager who paralyzed > U.S. telephone switchboards for months, prompting a global hunt by the > FBI, was fined the equivalent of $350 by a Swedish court Thursday. The > self-styled "Demon Freaker," who was not named in court, jammed Florida > switchboards last year by linking them to sex lines. He had cracked the > codes of a company that enables Americans to call home from abroad, > allowing him to call anywhere in the United States free. :: 60K calls valued at US$250K. > He managed to transfer the telefax number of the soft-porn magazine > Hustler to his own line so that he received orders for the magazine and > for sexual paraphernalia.... His mother said the boy had problems with > alcohol and glue-sniffing but she had no idea he was spending his nights > on the phone to America.... The boy was fined $345. He is now in a state > care institution. [DMK: Comment--US$345? What ever happened to the criminal justice principles of correction, deterrence and punishment?] Dave Kennedy [CISSP] Research Team Chief, National Computer Security Assoc.
All missiles currently used by the Navy for air defense (the RIM-7 SeaSparrow and the Standard) are semi-active homing: the little radar in the front of the missile is receive-only, requiring illumination from the Mark 99 (or similar) X-band illuminator on the shooting ship (though later CEC-like improvements may allow another asset to serve as illuminator). So, it would require the *entire system* to confuse Flight 800 with the target drone. While not impossible, there would be recorded data (especially in a test) to show whether this in fact occurred. Furthermore, test ops involving live fire go through elaborate safeguards to prevent this confusion. If there was in fact a drone airborne to be shot at, it would have been done in restricted airspace (like off of Wallops Island), with adequate warnings broadcast and stringent abort requirements if any planes flew near the area. Dr. Marty Ryba MIT Lincoln Laboratory firstname.lastname@example.org [DISCLAIMERS!]
I also know nothing directly about what the Navy does, but I met someone, now out of the Navy, who told me a story about a Navy missile-targeting program for downing Exocet-like missiles used during the Gulf War. He said the program initially suffered from an alarming tendency to end up targeting the ship the hostile missile was heading towards rather than the hostile missile itself. To prevent the anti-missile from hitting one of our ships, the program was changed to have the anti-missile veer off when it was close to a friendly ship. During the war he and some other officers spent their time during the war in a crow's nest of a ship. They saw an Iraqi missile coming towards their ship, seemingly right at them. One of our cruisers fired a missile at it and they watched in horror as our missile veered off as programmed. Fortunately, a nearby British cruiser had also fired a missile at it, downing it in the nick of time. It seems the British did learn their lesson from their experience in the Falklands. He said our missiles' program was changed as fast as possible as a result of this incident. Meanwhile, when they got to port later, they looked up the seamen from the British cruiser and treated them to whatever they wanted to drink for as long as they wanted to drink. Fred Ballard email@example.com Highland Park, Illinois USA
The missile that all of the shoot down people say was used was an SM-2 from an AEGIS Weapon System. This missile will not go "looking for the target on its own". "It's primary mode of target engagement uses mid-course guidance with radar illumination of the target by the ship for missile homing during the terminal phase". This comes from http://www.dote.osd.mil/reports/FY95/sm2.html. That means that the ship had to be locked onto the 747. There is one SM-2 that will is a radar homing model, but that one locks onto a specific type of radar and then goes for it. Someone on the ground would have to have it be looking specifically for a 747. Also for this to have been a missile, a LARGE number of people would now be involved in the coverup: The crew of the ship that fired the missile. It is very obvious when a missile fires onboard ship. The navy reports none were fired that night in the area. The people who did the inventory of all of the navy ships in the area to make sure they were not missing any missiles. The crash investigation team who have reported that all of the explosive damage is consistent with an explosion from the inside and no shrapnel damage that would have to be there from a missile. The officers in the Command and Control chain who have seen the orders that made the coverup happen. The enlisted men who work the como gear in that C&C chain. Does anybody really think that the US government is capable of that kind of coverup, with that many people? I am a former military brat who is very interested in this stuff. Sorry for the long rant. Clark Merrill, Space Telescope Science Institute, Baltimore, Maryland firstname.lastname@example.org
At a recent lecture here on the Lockerbie bomb disaster, the lecturer displayed the radar recording, and explained that there were two distinct tracks of debris, the "south track" and "north track". These were produced by the front section, which detached in the few seconds following the explosion, and the rear section, which included the wings, and took longer to come down. Many vital clues to the way in which the aircraft disintegrated were deduced from what bits landed where. You can learn a lot from the distribution of debris. > But my mind may be prejudiced by the fact that there are no exact > solutions for n-body differential equations. It is true that in Newtonian mechanics no closed-form solution has been found to the differential equations which describe the motion of three or more bodies under the influence of one another's gravitational attraction, but this has nothing to do with the scattering of debris. Peter Mellor, Centre for Software Reliability, City University, Northampton Square, London EC1V 0HB, UK. Tel: +44 (171) 477-8422, email@example.com
I have not read this book but it seems highly unlikely that you can deduce anything about a non-explosive missile strike from the debris pattern (unless you found a piece of the plane with a hole in it). The best public evidence to date about the cause of the TWA 800 disaster is that the center fuel tank exploded, and the debris pattern should be consistent with this explosion. A missile without a warhead simply does not have enough momentum to change the pattern in any discernible way, particularly if it went right through the plane. Also, if judged by past behavior, the US Navy does not lie about shooting down airliners. When the Vincennes downed the Airbus, the Navy admitted they did it, held an investigation, axed the skipper, and the US government ultimately made reparations to the families. I think we should give the navy the benefit of the doubt if they say they didn't do it. — Mark (Incidentally, the n-body problem is solvable to any finite accuracy on a computer.) [I have not been able to find a copy of the book yet. RISKS had until Peter Wayner's review stayed out of the ongoing discussion, waiting for something definitive. I'm still waiting. But there are also risks related to the long delay in awaiting some definitude. PGN]
Please report problems with the web pages to the maintainer