Subject: RISKS DIGEST 17.58

Subject: RISKS DIGEST 17.58

RISKS-LIST: Risks-Forum Digest Friday 22 December 1995 Volume 17 : Issue 58

FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

***** See last item for further information, disclaimers, etc. *****

Contents: [Loose-end clean-up; I had a few extra end-year minutes. PGN]
I've been Framed by Gondolas! (Paul Menon)
Texas Instruments e-mail snafu... (Bruce R Koball)
My name is mud! [alta vista] (Piers Thompson))
Re: Indelible words [alta vista] (Bill Hawthorne)
Problems when PC BIOS is held in flash RAM (Martin Portman)
Re: Domain Registration RISK? ()
Write protection is in *hardware* (Rob Slade)
Re: German service providers must maintain covert customer databases?
(Otto Stolz)
Correction to previous posting re: IW attack on Navy by AF ([email protected])
Re: Navy Battleship takeover (Jim Haynes, John Oram, RSR Madison,
Mark Stalzer, Bob Brewin)
Re: Risks of checking accounts (Geoff Kuenning)
ABRIDGED info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Fri, 22 Dec 1995 20:04:44 +1100 (EST)
From: Paul Big-Ears Menon <[email protected]>
Subject: I've been Framed by Gondolas!

This year ('95) I think I've written a total of 3 memos. You know, those
official things you resort to when e-mail won't suffice. It is for that reason
I don't enjoy writing them. They're an extreme measure and have to be very
carefully worded.

Uhh .. huh .. so far, so good.

My last two were no different. They were addressed to the same audience (my
boss, the HOD, the academic enrollment officer and various people in the
administrative group that `controls' the database - another department,
including the director of that group). The subject, by the way, was
regarding access to student enrolment data for use in accounts creation. A
rather serious issue. The last memo was sent on the 19th of December.

Today (the 22nd of December, halfway through our Departmental Christmas
breakup, I wandered back into my room, making a final scan of the mess that
was supposed to be my desktop. In a vain attempt to clean up I shuffled a
few things around, and ended up with a copy of the last poison pen
production in my hand. An idle scan revealed the first point on the memo to
start [the names have been censored to protect the needle -- pnm]:

"1. Mr XXXX's approach to the ASG early last year regarding data
gondolas was in an expectation ..."

I cracked up.

Visualisation took over - yup that made sense. I could see it now. Extra
large data packets are now to be termed as gondolas.

How could anyone take this memo seriously? I shared my gaffe with a few
in the Staff Room (still enjoying the festivities) - including my boss, and
had them crying. My boss hadn't noticed it either.

So what had happened? You guessed it, a spelling checker was used. I had
used FrameMaker to compose the memo. I obviously got lazy when it was time
to check the spelling and didn't notice what was being suggested as a
correction (you know - hit the return key... just get on with it!). All I
can assume is that the intended word was supposed to be _downloads_, and my
fingers got out of synch with my brain, perhaps typing something like
downdolas, I'm not exactly sure ...

There's a risk where corrections to transposition errors cause an even
greater error, whereas if the error was left intact, it may have been
understood [mabye! :-)]. [And PGN had fun checking mispelings on this issue.]

Such errors arise from what I term keyboard race conditions. Common
typos are 'teh' instead of 'the'. I also have a dread of typing 'interested'
as there's a 20% chance (I'm sure) of it ending up as 'inetereseted'.

I've never suffered these race conditions when writing (by hand).

A Merry Christmas and a preprosperous (..) New Year to you all.

Paul Menon, Dept of Computer Science, Royal Melbourne Institute of Technology,
124 Latrobe St., Melbourne 3001, Victoria, Australia [email protected]

------------------------------

Date: Fri, 22 Dec 1995 11:14:59 -0800
From: Bruce R Koball <[email protected]>
Subject: Texas Instruments e-mail snafu...

This is a relatively pedestrian RISK for any one who's had experience
configuring e-mail lists, but it's notable, perhaps, because of the
stature of the problem's source...

Texas Instruments recently opened a Web site they're calling TI&ME, to
provide all sorts of technical info on their products, including data sheets
on their complete lines of analog and digital ICs (this is a lot of data...
the TI data books in my library take almost 10 linear feet of shelf space...
so such a resource could be quite useful to hardware designers).

In an effort to qualify access to this site they initially required that, at
sign-up time time, you select a login and password, and then wait while a
validation code was separately e-mailed to you. You then had to log back into
their Web site and enter the validation code before you could get access to
the data sheets.

While a bit awkward, this process seemed to work OK... Last night, however,
I got e-mail from their service announcing that they had removed the
validation code requirement from their sign-up procedure... fine by me... I
was already in...

Unfortunately, whatever change they made in their system also seems to have
triggered an avalanche of bogus e-mail to people on their list... this
morning I logged in to find dozens of bounced mail replys, replys to bounced
mail replys, replys to replys of bounced mail, etc... all originating from
TI's site... and I'm hoping they fix it soon...

What's the RISK lesson? I suppose it's best summed up by something Mitch
Ratcliffe said a while back: "Computers let you make more mistakes faster
than anything except handguns and tequila..."

Bruce R. Koball, 2210 Sixth St., Berkeley, CA 94710 510 845-1350
[email protected] (fax) 510 845-3946

------------------------------

Date: Fri, 22 Dec 95 13:15:30 GMT
From: [email protected] (Piers Thompson \(Ionica\))
Subject: My name is mud! [alta vista]

I am interviewing job applicants at the moment. I saw the mention of the
alta vista search engine in Risks and thought it could be a useful tool for
gathering extra information about applicants from their usenet
participation. I am dubious about the morality of this course of action but
I am also keen to recruit the best person for the job.

Anyway, to cut a long story short, I didn't get any hits on any of the
applicants. So I tried searching for myself......and the first hit was an
obscene mailing to one of the alt newsgroups.

I have an unusual name so any prospective employer might very well assume
that the obscene poster was me.

In a way I think that this experience was amusing in an ironic way. I tried
to use underhand means to discover things about job applicants and, instead,
found out that my name's net image isn't quite as expected.

Piers [email protected]

------------------------------

Date: Fri, 22 Dec 1995 08:38:05 GMT
From: [email protected] (Bill H.)
Subject: Re: Indelible words [alta vista] (Hawthorne, RISKS-17.56)

There's also a hidden RISK in such archives, arising from the public's
ignorance of the way USENET works:

It's natural to assume that a person actually reads all the newsgroups they
post to; however, this is not always the case. Followups to a crossposted
article in most cases go to all of the original newsgroups, which is usually
not a serious issue; however, some posters make a nasty hobby of
crossposting "trolls" to totally unrelated newsgroups, often including
groups on pretty damning topics, in the eyes, for instance, of potential
employers. For a case in point do a search on Alta Vista
<http://www.altavista.digital.com/> for:

drugs.pot and [email protected]

Now, look at the actual content of the posts this search turns up... :-)

The RISK? If you aren't careful about following up to someone else's post,
you could be listed in search engines across the net as a regular poster to
newsgroups you don't actually read-- and there's no guarantee that potential
clients or employers will think to double-check the content of those posts.

- Bill H. ([email protected])

------------------------------

Date: Fri, 22 Dec 95 09:39:51 GMT
From: Martin Portman <[email protected]>
Subject: Problems when PC BIOS is held in flash RAM

Some pc motherboards now (or soon will) have flash RAM chips placed
where the old bios rom chips used to live. So after production, the
bios code is loaded into the flash RAM. The benefits are shorter time
to market (the bios doesn't have to be finished until the last minute)
and upgrades will also be possible in the field.

The RISK here is from code that would write to the flash RAM,
ie. altering the operation of the bios (viruses), or maybe deleting
random segments of it.

Each PC will have to come supplied with a re-load trusted bios program,
but I have no idea how (or if) this would work.

Another RISK is that the flash RAM will probably only be good for tens of
program cycles (updates) to keep costs down. After a few virus attacks and
reloading the bios and legitimately updating it, writes to the RAM chips may
start to fail and the whole pc will be useless.

Martin

------------------------------

Date: Fri, 22 Dec 1995 011:51:58 -0800 [received time]
From: [Same person as the RISKS-17.57 item with the same subject:]
Subject: Re: Domain Registration RISK?

(update to yesterday's note/today's posting)

Well, my No! Stop! Don't do it! e-mail to the hostmaster at the InterNIC did
not stop the erroneous DNS update from taking place. [I sent in a request to
update a domain i own XXXXs.net and made a typo of XXXX.net (no "s").]

The "system" is supposed to allow updates only from the "owner", technical
contact, or admin contact of a domain. Obviously, there is a "improvement
opportunity" in the current system, as I just checked and the erroneous
update occurred this morning, despite my not being associated with the other
domain in any way and sending a note to the NIC telling them NOT to make the
update....

[Date: Fri, 22 Dec 1995 14:57:02 -0800 received time]

I just got a reply acknowledging my "NO! Don't do it!" note which I
sent to the InterNIC after receiving their confirmation of my (typoed)
request to update my domain nameserver XXXXs.net

The note says that the _correct_ update has now been performed and
will be available on Monday - what a Christmas present for the folks
in the other domain.

Checking with the NICs whois service today, I see the (incorrect)
data is available, earlier than promised (5 PM today). ]

------------------------------

Date: Fri, 22 Dec 1995 14:21:33 EST
From: "Rob Slade" <[email protected]>
Subject: Write protection is in *hardware*

As much as I hate to disagree with anyone saying anything bad about Win95 ...

> it is possible to format write-protected disks when using the German
> version of Windows 95.

Sorry, but either they are wrong or the report was incomplete. Win95
mostly, and to the best of my knowledge only, runs on BIOS/Intel/DOS
compatible machines. Almost without exception, these computers use disk
drives where the write protection circuitry is built into the hardware.
(Believe me, we have discussed this times without number in the virus
discussion area.)

It is possible for the circuitry to fail. Also, 3.5 inch drives fail
"writeable" while 5.25 inch drives fail "safe". And there are interesting
problems with transparent or silvered tabs or disks. Macs generally have
the same type of hardware write protection, although I believe there was
discussion of bypassable write protection on some obsolete models.

DECUS Canada Communications [email protected] [email protected]
Author "Robert Slade's Guide to Computer Viruses" 0-387-94311-0/3-540-94311-0

[NUMEROUS e-mails on that point, including
[email protected] (Did the author mean files?),
"Robert Beckman" <[email protected]>,
Alain Knaff <[email protected]>,
PGN.]

------------------------------

Date: Fri, 22 Dec 1995 10:00:34 +0100
From: Otto Stolz <[email protected]>
Subject: Re: German service providers must maintain covert customer databases?
(RISKS-17.57)

I have not read that article yet. However, I wish to improve on the
translation of the two terms given in German:

> Such a practical ["praktisches"!] information system is needed by the

In this context, "praktisch" usually means both "useful", and "easy-to-use".
Hence, the preceding sentence means: Such a handy information system is
needed by the German government and secret services. (A rather cynical
remark, typical for the "Bulkware" column that does not mince matters.)

> This database must be organised so that it can be accessed by higher
> places ["hoeheren Orts"!] without the telecommunication provider noticing

"Hoeheren Orts" is an almost obsolete term, from Prussian and the Kaiser's
times, meaning "by the authorities", or "by the powers that be"; this term
was often used to indicate personal involvement of the emperor. ("Man war
hoeheren Ortes nicht erfreut" == "His Majesty was not amused".) Again,
Bulkware hints at an attempt to reinstate features of an authoritarian
state that supposedly had been overcome.

Otto Stolz <[email protected]>

------------------------------

Date: Fri, 22 Dec 1995 16:36:17 -0500 (EST)
From: [email protected] (Information Warfare Mailing List)
Subject: Correction to previous posting re: IW attack on Navy by AF

I made an error in my previous posting to Risks. I incorrectly stated that
a Navy captain was the person responsible for the demonstration - it was an
Air Force captain - a big difference. Please let your readers know.

[For some reason there was a difference between the original
IW posting and its almost equivalent RISKS posting. PGN]

------------------------------

Date: Fri, 22 Dec 1995 10:57:41 -0800
From: [email protected] (Jim Haynes)
Subject: Re: Naval Battleship takeover (Long, RISKS-17.55)

In correcting/debunking this story the moderator has managed to introduce a
new error. He talks about the improbability of a teenaged Navy captain;
while the original story said an Air Force captain. "Captain" has a very
different meaning between the two services. Air Force captains, while not
teenagers, tend to be many years younger than Navy captains. Navy captain
<~=> Air Force colonel; Air Force captain <~=> Navy lieutenant. (where ~=
means "approximately equal")

------------------------------

Date: Thu, 21 Dec 1995 20:54:49 -0800
From: [email protected] (John Oram)
Subject: Re: Naval Battleship takeover (Long, RISKS-17.55)

>If he was a Navy captain, he could not have been all that young. Whizzkids
>are usually considered teenagers. Anyone know of any teenaged Navy captains?

Minor point - the guy was supposed to be an Air Force captain (third officer
rank), not a Navy captain (6th officer rank). A U.S. Air Force captain
could be as young as 25 or so, which could be considered whizzkid-esque from
an upper-echelon (i.e. Navy captain, early to mid forties) perspective.

To make things more confusing, the Navy equivalent of an AF captain is a
lieutenant, and the Navy equivalent of a AF lieutenant is an ensign.
Convoluting matters further, in the Canadian and British militaries,
lieutenant is pronounced 'lef-tenant' yet spelled the same. And the AF
equivalent of a captain is a colonel, which is also not pronounced as it
sounds because of a horrific entomological journey from Italian via French
to English.

A 2nd Lieutenant wears a gold bar, yet a 1st lieutenant wears a silver bar.
And even though a major outranks a lieutenant, a lieutenant general (3
stars) outranks a major general (2 stars).

Ranks make much sense sometimes. The RISK - not using unique keys for
different military service's ranks. :)

John Oram (son of an Air Force Colonel), MIS Department
University of British Columbia

[Also noted by Mark Stalzer <[email protected]>,
Sten Drescher <[email protected]>, and others. PGN]

------------------------------

Date: Fri, 22 Dec 1995 00:59:09 -0500
From: [email protected]
Subject: Re: Naval Battleship takeover (Long, RISKS-17.55)

>From Richard S. Russell ([email protected]):

A message from the InfoWar list noted that: <<There are NO active US
battleships!!! And there weren't any last September.>>

As stated, this is true. However, let the record show that the US Navy still
flies the flag daily over 1 commissioned battleship, the USS Arizona,
permanently stationed in Honolulu.

------------------------------

Date: Fri, 22 Dec 95 08:21:13 EST
From: [email protected] (Mark Stalzer)
Subject: Re: Naval Battleship takeover (Long, RISKS-17.55)

Thanks for debunking the battleship takeover story. It's right up there with
the death ray that supposedly cooked the President's helicopter.

Mark Stalzer, [email protected]

------------------------------

Date: Fri, 22 Dec 1995 10:53:56 -0500
From: Bob Brewin <[email protected]>
Subject: Re: Naval Battleship takeover (Long, RISKS-17.55)

Yikes. This story will not die -- it just lives on a Web site at the Daily
Telegraph in London. Having worked for a British news organization (Reuters)
for years, if you believe the Telly story, call me about a bridge I have for
sale.

The Air Force did not hack the Navy over the Internet. They did it over a
secure network (SIPRNET) which is firewalled from the Internet.

The Air Force conducted this attack with the Navy's knowledge and permission.

The Navy does not have any battleships on active duty.

The Air Force did not get control of the none-existent battleship.

Yep. This does have the makings of a legend.

Bob Brewin editor-at-large (whatever that means) federal computer week
[email protected] [email protected]

------------------------------

Date: Fri, 22 Dec 1995 11:13:07 -0800
From: Geoff Kuenning <[email protected]>
Re: Risks of checking accounts (Watson, RISKS-17.57)

In RISKS 17.57, Gary M. Watson tells of receiving someone else's
checking statement, and writes:

> 2. Don't put all sorts of important numbers on check Memos.

Unfortunately, this won't help. Take a look at the back of your cancelled
checks sometime. When you make a payment to any moderately large company,
the first thing they do is print important audit-trail information on the
back: the date, the amount of the payment, and the account number credited
are always included, among other things. They need this in case a problem
arises. So a moderately knowledgeable thief can extract the critical
numbers regardless of whether you put the account number in the memo line.
(The only time the "please put account number on check" advice is actually
useful is when your check gets separated from the bill stub before it can
get into the processing machine, which one hopes is a rare occurrence. I
ignore the advice out of laziness, not for security purposes.)

Geoff Kuenning [email protected] [email protected]
http://www.cs.ucla.edu/ficus-members/geoff/

------------------------------

Date: 6 September 1995 (LAST-MODIFIED)
From: [email protected]
Subject: ABRIDGED info on RISKS (comp.risks)

The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. [...]
DIRECT REQUESTS to <[email protected]> (majordomo) with one-line,
SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:]
INFO [for further information]

CONTRIBUTIONS: to [email protected], with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, and nonrepetitious. Diversity is
welcome, but not personal attacks. [...]
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.

RISKS can also be read on the web at URL http://catless.ncl.ac.uk/Risks

RISKS ARCHIVES: "ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>
cd risks<CR> or cwd risks<CR>, depending on your particular FTP. [...]
[Back issues are in the subdirectory corresponding to the volume number.]
Individual issues can be accessed using a URL of the form
http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]
ftp://unix.sri.com/risks [if your browser accepts URLs.]

------------------------------

End of RISKS-FORUM Digest 17.58
************************