Subject: RISKS DIGEST 17.73

Subject: RISKS DIGEST 17.73

RISKS-LIST: Risks-Forum Digest Weds 14 February 1996 Volume 17 : Issue 73

FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

***** See last item for further information, disclaimers, etc. *****

Contents:
Wildcard inconsistencies in Windows 95 (Lawrence D'Oliveiro)
Lack of Common Sense is Biggest Risk Of All (B. Gunderson)
More Web risks (David Gadbois)
Possible future risk of virtual reality (Martin Cohen)
Risks of your system clock being off? (J. Eric Townsend)
Time signals from TV stations (Clay Jackson)
Turn of the century (Lars-Henrik Eriksson)
Reverting to default PINs (Rebecca Walpole)
Medical Prescription Dispensing Robot (Sudhakaran Ram)
Spelling Checkers...(more) (Sudhakaran Ram)
RISKS of efficient netiquette enforcement? (Tim Kolar)
Re: The measurement of risk (Michael J Zehr, Clark Savage Turner)
Re: Homebanking NonSecurity demo (Sebastian Garbe)
IMC Resolving E-mail Security Complexity workshop (Dave Crocker)
Reliability Symposium (T Totev)
Call for Papers -- Journal of Technology Law & Policy (lazooli)
ABRIDGED info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 14 Feb 1996 09:39:05 +1300
From: "Lawrence D'Oliveiro" <[email protected]>
Subject: Wildcard inconsistencies in Windows 95

I just read something disturbing in PC Magazine, which I have verified is
true. In Windows 95, the "?" wildcard is treated inconsistently in file
specifications: sometimes it means "exactly one character", and other times
it means "at most one character".

Suppose you have a directory with two files in it, one named XX and one
named XXX. The command "DIR XX?" will only show the second file, but "DEL
XX?" will delete both files!

One dependable rule in every computer system I have ever used prior to this,
is that a wildcard specification will always expand to the same set of
filenames, regardless of what command you use it in. Wind95 not only breaks
this rule, it breaks it in the worst way: the "delete" command, given the
same wildcard specification, will delete a larger set of files than the less
harmful "directory" command will display! This means you can no longer use
the technique of checking a wildcard specification with DIR to make sure it
will only affect the right files, before letting it loose with DEL.

Lawrence D'Oliveiro, Computer Services Dept, University of Waikato
Hamilton, New Zealand +64-7-856-2889 [email protected]

------------------------------

Date: Thu, 8 Feb 96 15:18:01 PST
From: B Gunderson <[email protected]>
Subject: Lack of Common Sense is Biggest Risk Of All

Excerpted from a front page article of Feb. 5th, 1996 issue of Federal
Computer Week titled "Budget cuts, culture hurt NASA systems", article
written by Elizabeth Sikorovsky:

****snip*****
Hackers have already attached password sniffers to NASA systems and
used the space agency's computers to store and exchange stolen data
and software. And there are fears that satellites could be "hijacked"
by hackers armed with nothing more than a PC and a ham radio.

This is not science fiction, NASA security inspectors insist. No
attacks on satellites have been detected, but "the only reason it
hasn't happened is because hackers haven't thought about it yet,"
said [name deleted by the person submitting this to the RISKS forum,
out of kindness], a communications security specialist at NASA.
****snip****

Amazing. I wonder how many people are out there, right now, trying to be
the first to drive a NASA satellite from home. The biggest RISK will always
be people. Unless of course, the folks at NASA just wanted to encourage
some independent 'assessments' of their satellite comms' security posture.

B. Gunderson

------------------------------

Date: Thu, 8 Feb 1996 20:33:52 -0600 (CST)
From: David Gadbois <[email protected]>
Subject: More Web risks

One Web-related risk that many folks seem oblivious to is the amount of
information that a Web server can receive when they retrieve a document: The
client host name, the referring URL, and personal identifying information
(if the client is running a finger or ident server.)

Furthermore, the Alta Vista server includes the search keywords in the URL
corresponding to the search results: I was initially alarmed when I saw a
referring URL on my server that had the keywords "explicit," "sex," and
"images." It turned out that the Alta Vista webcrawler had indexed a
technical report that just happened to contain those three words.

--David Gadbois

[Perhaps RISKS will now be on the censored list?]

------------------------------

Date: Wed, 14 Feb 96 17:10:50 PST
From: Martin Cohen <[email protected]>
Subject: Possible future risk of virtual reality

I was recently watching my 11-year-old son play a computer racing game. His
car was invulnerable, and he crashed into other cars at every opportunity.
It occurred to me that enhancements of this might lead to this future risk:

A 15 year old is an expert player of a VR racing game (this is set about 5
years from now) that almost completely simulates reality - steering wheel,
pedals, eyes and ears with VR input, and more. In the game, you do better by
crashing into cars that cut you off.

At sixteen, our hero gets a driver's license. On the road, another driver
cuts him off. Using his finely tuned, VR trained reflexes, he immediately
crashes into the other car.

Is this risk plausible?

What other risks might there be from using reflexes developed in VR games in
real-life situations?

------------------------------

Date: Sat, 10 Feb 1996 22:29:57 -0800
From: [email protected] (J. Eric Townsend)
Subject: Risks of your system clock being off?

[How many of us don't care what time our non-networked micro is set
to? How many of us might care now? --jet]

SYRACUSE, N.Y. (AP) -- A convicted felon was charged with
possession of pornography after he asked a repairman to delete
pornographic images of young boys from his computer, officials
said.
[... blah blah, claimed some kids had been at his house using the
computer, said he wasn't there... children said they were 'looking at
things they shouldn't have... blah blah ]
Instead the repairman took a computer disc containing the images
to police, who turned it over to the FBI, Riker said.

==> The dates on the files did not match Moore's story, Riker said. <===

Moore was sentenced to five years' probation May 15, 1995, after
he was convicted of first-degree sexual abuse in Onondaga County Court.

------------------------------

Date: Fri, 09 Feb 1996 22:47:04 -0800
From: Clay Jackson <[email protected]>
Subject: Time signals from TV stations

Here's an interesting twist - we purchased a new VCR recently, it has a
"feature" that will receive time signals "over the air". The signals are
mostly broadcast on PBS channels.

The other night, we set the VCR up to record a program, as normal, and just
happened to be near the VCR at the time it should have come on - it didn't.
We recorded the program manually, and then went troubleshooting. It turns
out that the date/time in the VCR had been set by a signal from KCTS
(Channel 9, here in Seattle) which had the correct TIME, but was off by a
full day! When I called Channel 9, it took them 2 days to get back to me,
and the person who returned the call said "Thanks for letting us know - we
have no real monitors on that system, and it took a 'power hit' a few days
ago".

I'm glad I wasn't trying to do anything more serious with that time
signal...

Clay Jackson [email protected]

------------------------------

Date: Tue, 13 Feb 1996 23:10:12 +0100
From: [email protected] (Lars-Henrik Eriksson)
Subject: Turn of the century

Yesterday my wife noticed the first tangible evidence of software problems
caused by two-digit year fields rolling over from 99 to 00, that I have seen
here in Sweden. A note was stuck on a credit-card parking meter in my town,
with the text: "Due to a software error this machine does not accept XX
cards with an expiration date after 1999". I happen to have an XX card which
was issued only two months or so ago. I took a quick look to see that it
expires in November 1999. The first cards expiring in January 2000 must just
have been issued...

Lars-Henrik Eriksson Logikkonsult NP AB, Swedenborgsgatan 2, S-118 48
STOCKHOLM, SWEDEN +46 8 615 68 69 Fax: +46 8 641 19 06 [email protected]

------------------------------

Date: Fri, 09 Feb 96 17:17:25 PST
From: [email protected]
Subject: Reverting to default PINs

My university uses phone registration with a PIN that depending on your
department and status is either assigned to you or is your birthdate.
Students can also access and change certain personal information online
using the same PIN. This Access program allows you to change your PIN as
well, so I did, since I was one of those with a birthdate PIN.

Unfortunately, these PINs are reset automatically and without notification!
I was unable to log in until, in desperation, I tried the old birthdate PIN.
Being a swamped graduate student, I let this happen 3 times before I found
someone to complain to. Here's the response I received:

> I was not aware that we were changing PINs back to dates, but it does
>not surprise me. The University is in the process of bringing up a new
>version of Telephone Registration that will use a separate PIN for
>advising functions, (Unfortunately, it will not be coming up as soon as we
>would have liked.) At that time the Access PIN we use now will not be
>continually reset. Until then however, I guess we have to put up with it.

Besides the obvious risk of a malicious person dropping me from all my
classes, giving me late registration fees, or changing my address, I can now
worry about the risks of non-risk-sensitive people in high places.

------------------------------

Date: Fri, 9 Feb 96 15:18:06 PST
From: Sudhakaran Ram - 7035 <[email protected]>
Subject: Medical Prescription Dispensing Robot

Few days ago there was a report on CNN that a Hospital in Atlanta has
switched to a Robot system to dispense inhouse medications for the Hospital
patients. Patient prescriptions will be read from barcodes. How many times
have heard about patients being wrongly tagged. Risks are obvious, the human
factor involved (tagging wrongly) and a robot blindly dispensing what it
sees.

------------------------------

Date: Fri, 9 Feb 96 15:12:56 PST
From: Sudhakaran Ram - 7035 <[email protected]>
Subject: Spelling Checkers...(more)

Here is another item on spelling checkers. I had misspelled the word
"Contributed" as "Contibuted" in a FrameMaker document. The following were
the alternatives that it gave: Countability, Conduplicate, Conductible,
Contiguity, Contiguities, Conjugated, Contested, etc. "Contributed" was
never listed. This from a popular word processing software.

[You've contibplated another spelling checker? PGN]

------------------------------

Date: Tue, 13 Feb 96 23:28:16 PST
From: Tim Kolar <[email protected]>
Subject: RISKS of efficient netiquette enforcement? (Garfinkel, RISKS-17.72)

In a recent RISKS article, [email protected] recounted the tale of a
friend who had accidentally left a program running that looked like it was
attacking LANL over the network. He told of LANLs rather aggressive
response, threating to sue both his friend and his friend's ISP, and
(apparently having received no response) ended up getting the ISP to shut
down the account. His last paragraph:

>This is really scary --- the thought that some government official can call
>up your ISP and, through a combination of threats and legal citations, have
>somebody's internet feed immediately terminated. What about due process of
>law? What about innocent until proven guilty? What about having to go
>through the mere formality of obtaining a court injunction before having
>action such as this taken?

I read this with some amusement, reflecting that calling up a suspected
hacker's ISP (usually a university) has *always* been the fastest and
easiest way to deal with a threat. Shutting down an account until you could
figure out what was going on was SOP.

Back in college I had my student account (mistakenly) shut down this way
once, and later as an system administrator I was involved in a number of
cases that started with a concerned phone call from a remote sysadmin. When
people of talk of the internet being a cooperative effort, this implicit
responsibility taken by ISPs is the first thing that springs to my mind.

But there's an important wrinkle now -- to my knowledge no student has ever
sued a university over having a computer account shut down by accident
(though I did get a homework extension when it happened to me). A lawsuit
against a commercial ISP is almost a certainty.

Obviously LANL knows this and went completely over the top in order to
secure the ISPs' cooperation. In the process what used to be a respectful
exchange between sysadmins has been turned into a legal feeding frenzy.

Was LANL wrong to do this? I don't know. Commercial ISPs have been
increasingly strident in refusing to take responsibility for their users,
and may need prodding. On the other hand, LANL could simply have stopped
accepting all traffic from that ISP and called it a day. It would be
interesting to know their reasoning.

The only RISKs in this situation are ones we already know about. Lawsuits
follow money, and money has found the internet. Who can sue who, and for
how much, is still being worked out.

-Tim

------------------------------

Date: Wed, 14 Feb 96 20:08:27 -0500
From: [email protected]
Subject: Re: The measurement of risk (Minow and Walking-Owl, RISKS-17.72)

The "Us vs. Them" and the business of groups weighing the economic costs
of risks leads to the issue of not only how do people evaluate risks,
but how to groups evaluate risks.

Individuals have inherently different means of valuing things than
groups do, and this is only sound economic principles at work. For
example, most individuals will expend virtually all their assets in
order to maintain their health and prolong their life. (They tend to do
this more at the later stages than the earlier ones, based on the future
vs. immediate risks, as has been mentioned here.) Yet while this makes
fine sense for an individual, it would be ludicrous to suggest that 100%
of the world's GDP should be spent on medicine and hospitals.

The community as a whole has to allocate both benefits and risks to the
individuals around, but allocating a risk or benefit isn't the same as
evaluating the worth of the individuals involved.

As previously noted, people downplay risks they understand, such as the
risk of being in a car accident. Likewise they downplay the reduction
in such risks. Having mobile phones means that the average response
time to many emergencies (car accidents, crimes, fires, etc) can be
reduced thanks to a person having a phone in their hand as the emergency
occurs. (Of course this goes along with the added risk of a drive on a
mobil phone *causing* an accident!)

I don't want to be the one in a million that catches cancer, but neither
do I want to be the one in a million that needs emergency help when the
phone lines are down but a mobile phone would still be functioning....

-michael j zehr

------------------------------

Date: Wed, 14 Feb 1996 16:42:03 -0800
From: Clark Savage Turner WA3JPG <[email protected]>
Subject: Re: The measurement of risk (Shaw, RISKS-17.71)

Dave Shaw's comments are well taken, and the ideas have been around for some
time.

A particularly interesting formulation of the main ideas is expressed by
Martin and Schinzinger in their book, "Ethics in Engineering" (McGraw-Hill
1989). They view engineering as a form of social experimentation.
Engineers do not have complete knowledge of the world and all its natural
and social laws, but go ahead with projects due to the perceived benefits.
Viewing engineering as an experiment on a societal scale puts the focus
where it "should be" - on the human beings affected by technology.

In an analogy with medical experimentation, the authors note that society
has recently come to recognize the primacy of the subject's safety and
freedom of choice as to whether to participate. Informed consent is
considered an important moral and legal safeguard in this respect. Informed
consent is seen as having two elements: (1) subjects must be given all the
information needed to make a reasonable decision, and (2) subjects must
enter into the experiment without being subjected to force, fraud, or
deception.

What is "sometimes overlooked" is "the common enough human readiness to
accept risks voluntarily undertaken (as in daring sports), even while
objecting to involuntary risks resulting from activities in which the
individual is neither a direct participant nor a decision maker. In other
words, we all prefer to be the subjects of our own experiments rather than
those of somebody else." (page 69)

Clark Savage Turner, Esq., Grad Student in computer science at UC, Irvine.
[email protected]

------------------------------

Date: Fri, 2 Feb 1996 21:03:09 +0100 (MET)
From: Sebastian Garbe <[email protected]>
Subject: Re: Homebanking NonSecurity demo (Brunnstein, RISKS-17.66)

Is the German Homebanking unsecure?

In his article Klaus Brunnstein "proved" that Homebanking in Germany is
unsecure. But this is not true in practice! I had the possibility to
correct this in an television interview this Monday in the same TV Magazine
in which Mr. Brunnstein gave his "proof" of NonSecurity last week. Indeed
theoretically there are some possible attacks concerning PARTS of the
whole security system. But a whole system is secure for the customer and
the bank if the sum of all necessary criminal acts that are necessary to
break the system do not destroy the interest of potential criminal hackers.
Our Homebanking-System is really very secure as the statistics show: Over 15
Years, with now over 1.5 million accounts, there was not even one successful
attack!!!!

Why isn't there any encryption?

Most of our customers use simple terminals so called "BTX-Decoder". These
terminals do not support any encryption or signature and do not have any
intelligence. A lot of the customers even use hardware-terminals (special
telephones or TV-set-top-boxes) which don't have any possibility to be
updated. We feel, that we don't have the right to exclude all these people
from our homebanking, especially as there never has been any fraud.

Will there be any improvements in the future?

Yes there will! For some time we are already working on an new
Homebanking-Standard called "Homebanking Computer Interface (HBCI)" which
will provide a whole bunch of new features, digital signature and
encryption. It will only be usable for PC users (not for users of dump
BTX-terminals), but for those it will really be a fantastic improvement
(especially it is supported be all German banks, so you will be able to use
the homebanking-software of your choice with all German banks).

Sebastian Garbe, Association of German Banks [email protected]
Kuempchenshof 13, D-50670 Koeln (Germany) Tel. (priv): ++49-221/1300 189

------------------------------

Date: Fri, 9 Feb 1996 10:53:58 -0800
From: Dave Crocker <[email protected]>
Subject: IMC Resolving E-mail Security Complexity workshop

For those who have not already seen this announcement:

Resolving E-mail Security Complexity Workshop

21 February 1996 * 8:30 AM - 5:00 PM
San Jose (CA) Hilton & Towers * San Carlos Room
(next to Convention Center)

Pre-registration & payment: $50 * After February 16: $75
(cash, check, wire transfer, money order, or First Virtual)

Security is critical for moving the Internet further into
the mass- and commercial-market. There are multiple choices
for e-mail-based security over the Internet, but they do not
interoperate with each other. MOSS, PGP, and S/MIME each has
supporters and detractors. In general, the constituencies
are not communicating with each other, instead pursuing
their development and deployment independently, promising us
all a future filled with considerable complexity and non-
interoperability. We suffer an excess of riches.

COMPLEXITY AND NON-INTEROPERABILITY

The Internet Mail Consortium (IMC) is organizing a one-day
workshop to consider the problem of multiple MIME-based
security mechanisms. This is a complicated topic with a long
and painful history, but the previous pain is insignificant
compared to what is in store for vendors and, worse still,
for users.

This is an open working meeting intended for e-mail security
principal contributors and others involved in this area. It
will include key contributors and solicit additional
attendance by vendors, providers, users, and technologists
who are knowledgeable about e-mail security and concerned
with its lack of coherence.

The workshop is not a tutorial. Attendees are assumed
to be familiar with the basics of the three major e-mail
security alternatives. IMC is providing a pre-workshop
discussion list and printed materials at the workshop.

The attendance goal is to have a critical mass of those with
the technical expertise and industry involvement to review
and debate the requirements, capabilities, and
possibilities. The work goal is to seek common ground for a
common solution.

While we are not overly hopeful that the end of the day will
see peace and resolve among the masses, we do hope for
improved understanding and some convergence. With luck,
there will even be clarification of the constituencies --
that is, a strengthening of the political base for some of
the alternatives.

This Workshop is scheduled on the last day of E-Mail
World in San Jose, California and the day before a two-
day ISOC Security conference in San Diego, California.

AGENDA

The meeting will be structured with a tight agenda, having a
very focused sequence of work; it is definitely not for
general education. Some amount of review is appropriate, but
not much. The following agenda is tentative and will be
reviewed and modified on the pre-workshop discussion list.

Morning

* Very briefly describe the MOSS, PGP, and S/MIME
solutions
* Review the functional and technical concerns
* Review the extent to which each alternative satisfies
the concerns
* Seek consensus for concerns that qualify as
requirements

Afternoon

* Haggle about the strengths and weaknesses of the
technical alternatives
* Explore the choices and/or negotiate a preferred
solution

Those who have worked on this topic in the IETF are quite
tired of the whole situation, but the unfortunate reality is
that the current product and user choices are quite
problematic. We need to continue seeking a viable service.

ON-LINE PRE-/POST-MEETING

The following Web page is provided for pre-meeting
registration.

Registration: <http://www.imc.org/workshop-registration>
or: <mailto:[email protected]>

For participating in on-line discussion before and after the
meeting:

Discussion: <http://www.imc.org/workshop/>
or: <mailto:[email protected]>

For information about the Internet Mail
Consortium, see <mailto:[email protected]> or
<http://www.imc.org/>.

Dave Crocker +1 408 246 8253
Brandenburg Consulting fax: +1 408 249 6205
675 Spruce Dr. [email protected]
Sunnyvale CA 94086 USA http://www.brandenburg.com

Internet Mail Consortium http://www.imc.org, [email protected]

------------------------------

Date: 5 Feb 1996 14:18:24 GMT
From: [email protected] (T Totev)
Subject: Reliability Symposium

12TH ARTS
ADVANCES IN RELIABILITY TECHNOLOGY SYMPOSIUM
Tuesday 16th and Wednesday 17th April 1996
Holly Royde Conference Centre
University of Manchester, UK

Organised by:

Institution of Mechanical Engineers
Safety and Reliability Society
Universities of Manchester, Loughborough, Bradford,Liverpool and
UMIST

A biennial event which provides an international forum for discussing
current research and demonstrating recent advances, in the development and
management of reliability engineering. To maximise academic participation,
attendance costs have been kept as low as practicable. Also of interest to
reliability consultants and practitioners.

Please contact:

12th ARTS, (M.J.Harris)
Division of Mechanical Engineering,
The School of Engineering,
The Simon Building, The University of Manchester, Oxford Road,
Manchester M13 9PL, UK
Tel. +44 161 275 4501; Fax +44 161 275 4346
E-mail [email protected]

------------------------------

Date: Tue, 13 Feb 1996 19:21:56 -0500 (EST)
From: [email protected]
Subject: Call for Papers -- Journal of Technology Law & Policy

Journal of Technology Law & Policy, University of Florida, College of Law
CALL FOR PAPERS: Spring 1996 issue

The Journal of Technology Law & Policy is devoted to exploring the legal and
policy issues raised by emerging technology. We invite contributions of
original works for our Spring, 1996 issue. Student contributions are
encouraged.

To promote access to the Journal, the Journal will be published on the World
Wide Web. Submissions to the Journal are encouraged to take full advantage
of this medium. Relevant graphics, sound, and video may be utilized.

There are no length limitations for submissions. Submissions must include a
copy in electronic form. All citations should be in Bluebook and endnote
form. Please include the URL of any cited information available online.

Please direct all questions, and submissions to [email protected]

http://grove.ufl.edu/~techlaw [email protected]
Fax number: (352)-377-7655

Mailing Address: Journal of Technology Law & Policy, University of Florida
College of Law, P.O. 117640, Gainesville, FL 32611-7640

------------------------------

Date: 14 February 1996 (LAST-MODIFIED)
From: [email protected]
Subject: ABRIDGED info on RISKS (comp.risks)

The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. [...]
DIRECT REQUESTS to <[email protected]> (majordomo) with one-line,
SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:]
INFO [for further information]

CONTRIBUTIONS: to [email protected], with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, nonrepetitious, and without caveats
on distribution. Diversity is welcome, but not personal attacks. [...]
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
By submitting an item that is accepted for publication in RISKS, the author
grants permission for unlimited noncommercial public distribution and
redistribution in electronic and print form. Relevant contributions may
appear in the RISKS section of regular issues of ACM SIGSOFT Software
Engineering Notes or SIGSAC Review.

RISKS can also be read on the web at URL http://catless.ncl.ac.uk/Risks

RISKS ARCHIVES: "ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>
cd risks<CR> or cwd risks<CR>, depending on your particular FTP. [...]
[Back issues are in the subdirectory corresponding to the volume number.]
Individual issues can be accessed using a URL of the form
http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]
ftp://ftp.sri.com/risks

PRIVACY: For info on the PRIVACY Forum Digest and Computer PRIVACY Digest,
see the INFO file at RISKS-Request (one-line message INFO noted above).

------------------------------

End of RISKS-FORUM Digest 17.73
************************