precedence: bulk Subject: Risks Digest 21.03 RISKS-LIST: Risks-Forum Digest Monday 28 August 2000 Volume 21 : Issue 03 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at and by anonymous ftp at ftp.sri.com, cd risks . Contents: New security vulnerability: 13-year-old 'r00ts' popular polynomial (Leonard Richardson) Pretty Good Bug found in Windows versions of PGP (Declan McCullagh) Two cables (Doneel Edelson) Four of the 13 root servers used by Network Solutions (Dave Farber) Court says FBI has been given too much wiretap power (NewsScan) "Free" e-mail accounts and passwords exposed for a month (Peter Kaiser) Hotmail blows it badly? (Jay R. Ashworth) Possible Y2K bug strikes UK Egg Bank (Ralph Corderoy) More risks of filtering software (David Goddard) Risks of Eurdora 4.x (David Sedlock) "Verify your age with a credit card": more than $188M fraud (Lenny Foner) Re: Airline E-tickets (Adam Shostack) Re: Hoaxes: when will they ever learn (Eric Murray) Re: SSL Server Security Survey (Sean Eric Fagan) Re: mechanical and human failures in Toronto (Mark Brader) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 24 Aug 2000 13:59:24 -0500 From: Leonard Richardson Subject: New security vulnerability: 13-year-old 'r00ts' popular polynomial [With permission, at the request of PGN.] 13-Year-Old 'r00ts' Popular Polynomial The well-known polynomial x^2+8x+6 was defaced today by a teenager who had "r00ted" the beloved function of one variable through the use of a popular script known as "QuAd 3QaZh0n". The attack set off the usual sequence of events: an initial panic setting off an orgy of media hype reaching a crescendo with an article in the mainstream media, a string of copycat successors, and a meaningless stream of empty promises from vendors who immediately lapsed back into apathy as the incident left the public's short-term memory. Segfault spoke with the culprit, who goes by the name of "2o31js34g", although his real name is Alvin Schumaker. "I did it for the kicks," said the eighth-grade desperado. "Also, it was problem 12 on my algebra homework." Schumaker's admission that he had learned the technique used to crack the equation "in class" led to sweeping reforms at Nathan Hale Middle School, his alma mater. These range from a draconian school uniform policy to periodic cavity searches to Internet filters on library computers so restrictive that they ban the school's own home page. "If these kids would just study their math, we wouldn't have anybody learning these dangerous equation things," said Nathan Hale principal Fred Fractal, previously known for shutting down the wood shop because "those nail things look like weapons." Numerous other tools are available for cracking polynomials exist, such as Fac-t0R. More worrying are tools for "solving" large groups of linear equations at a time; one such program makes reference to a "matrix", obviously an homage to the sci-fi classic. Many such programs are distributed for the TI series of "calculators", tools widely viewed as a security threat in many fields and rings. Disturbingly, such devices are increasingly being made avaliable to high school and college students. Public policy must now answer the question: where is the line to be drawn between useful tool and bloodthirsty weapon of mathematical carnage? Who will answer for the countless linear equations to have undergone Gaussian elimination? Predictably, immediately following the defacement, thousands of polynomial security companies came out of the woodwork to hawk their shoddy products. "Our proprietary polynomials are one hundred percent safe because they have no roots at all," said Len Eir of Rootless.com, a company offering sales and consulting for polynomials such as x^2+4 and x^6+x^2+101. Despite Eir's claims, attacks on such polynomials are not uncommon, although Eir dismissed all such reports as "imaginary". Dave Errential of Integrated Systems stated: "Integration technology makes it easy to add roots to your polynomial. Take 60x^2+264x, for instance. The roots for that polynomial have been posted in a million places on the web. But our proprietary integration technology can turn that into 5x^4+44x^3! I'd like to see someone try and find the roots of that polynomial!" [Try x=0. --Ed.] Research has shown that IS polynomials are vulnerable to several types of attacks, but, again, the vendor has chosen to go after the research, calling it "derivative", rather than investigate the vulnerabilities. "Our polynomials are of a magnitude so high that it would be impossible to find their roots even with the most sophisticated technology," said OrderOfMagnitude.com's Sean Gular. "Our proprietary technology allows us to offer x to the power of one billion, x to the power of one trillion, even x to the power of ten gazillion! No one can crack these polynomials!" [Try x=0. --Ed.] "It's irresponsible to distribute these polynomial-cracking kits," says security expert Bruce Schneier of Counterpane Internet Security. "It's like teaching a baby how to do surface integrals. He doesn't understand the socially responsible way to use this knowledge, so he wreaks havoc." For improved security, Schneier urges all polynomials to be of fourth order or higher, and to change roots at least once every two weeks. Originally published on segfault.org: http://segfault.org/story.phtml?id=396f3e5c-0958dfa0 Written by Leonard Richardson Posted on Fri 14 Jul 09:24:53 2000 PDT [Bastille Day, eh? Well, although it is a little late for the 1 April RISKS issue, this item seemed very timely in light of certain continuing efforts to control the underpinnings of cryptography. PGN] ------------------------------ Date: Fri, 25 Aug 2000 08:19:40 -0700 From: Declan McCullagh Subject: Pretty Good Bug found in Windows versions of PGP Background: http://www.politechbot.com/p-00067.html http://cgi.pathfinder.com/time/digital/daily/0,2822,12854,00.html http://www.wired.com/news/print/0,1294,16219,00.html FC: Pretty Good Bug Found in PGP, by Declan McCullagh (declan@wired.com) 25 Aug 2000 A bug in newer versions of Network Associates' popular PGP software exposes purportedly scrambled communications to prying eyes. Network Associates (NETA) Thursday confirmed the vulnerability, discovered by a German cryptanalyst, which allows malicious attackers to hoodwink Windows versions of PGP into not encoding secret information properly. The bug appeared in controversial features that the company included to satisfy government and corporate demands for key recovery, a technology that allows a third party to read encrypted communications. [...] In December 1996, the company that became Network Associates joined the Key Recovery Alliance, a group of dozens of companies trying to promote the idea of key recovery and key escrow technologies. Federal government regulations at the time gave preferential treatment to such products. Because of PGP's long history of institutional opposition to key recovery, Network Associates dropped out after buying the smaller software company. But in February 1998 they purchased Trusted Information Systems, a founder of the Key Recovery Alliance. "Trusted Information Systems has been a pioneer in key recovery and the Key Recovery Alliance where over 60 companies and systems vendors like IBM, Hewlett-Packard, Sun Microsystems, Boeing and Motorola are supporting their key escrow capability that allows for the export of strong encryption under U.S. Commerce laws," Network Associates CEO Bill Larson said in an interview on CNNfn at the time. Months later, Network Associates had quietly rejoined the Key Recovery Alliance. [...] ------------------------------ Date: Mon, 28 Aug 2000 12:28:53 -0400 From: "Doneel Edelson" Subject: Two cables During the Verizon strike, two New York employees attempted to cut a telephone cable with wire shears. Two cables were running up the side of a pole, one was for telephone service and the other was a high-voltage electric line serving about 4000 homes. They cut the wrong cable, showering hot sparks that burned their clothes and skin. The main part of the voltage ran up the pole; however, the heat was enough to melt the blades of the wire shears. The two were caught by the police, arrested, and treated at a local hospital. [Treated to what? Quite a trick. (It's too early for Hallowe'en.) I guess in this context "Pride in your work" becomes "Fried in your shirk" (with multiple meanings and a pun). Strike while the irony is hot? PGN] ------------------------------ Date: Fri, 25 Aug 2000 18:02:53 -0400 From: Dave Farber Subject: Four of the 13 root servers used by Network Solutions (From IP) Four of the 13 root servers used by Network Solutions to manage global Internet traffic partially failed for a brief period Wednesday night due to technical difficulties. The computers -- one in Tokyo, one in California and two in Virginia -- failed to serve requests for links to Web sites ending in ".com" suffix for a little over an hour. Web addresses ending in other suffixes were unaffected. While an e-mail distributed Wednesday by Network Solutions VP Mark Rippe described the event as "a *MAJOR, MAJOR* incident", an NSI spokesman later insisted the failure was simply "a minor hiccup invisible to end users." Minor hiccup indeed. The last time something like this happened, July of 1997, it was seven root servers that failed, disrupting much of the traffic on the Net for a few hours. ["End user" is an interesting term in this context. Users were left with ends that were not connected. If the ends justify the means, then I suppose we need to have "mean" users as well. As in the movie *Network*, we need to at least get mad, if not mean. I mean it. PGN] ------------------------------ Date: Wed, 16 Aug 2000 09:51:39 -0700 From: "NewsScan" Subject: Court says FBI has been given too much wiretap power A three-judge panel of the U.S. Court of Appeals for the District of Columbia has ruled that the Federal Communication Commission's attempts to implement a 1994 electronic wiretap law have been too accommodating to law enforcement agencies and not sufficiently protective of the right of citizens to individual privacy or of the financial requirements of companies. The wiretap law (the Communications Assistance for Law Enforcement, or CALEA) was passed by Congress because the FBI had insisted it was losing ground against criminals because wireless phone companies were not designing wiretapping capabilities into their networks. An executive of the Center for Democracy and Technology, which had opposed the FBI's request to Congress, says the appellate court's decision means that "government cannot get its hands on what it's not authorized to get just by promising it won't read what it's not supposed to read." [*The Washington Post*, 16 Aug 2000; NewsScan Daily, 16 August 2000; http://www.washingtonpost.com/wp-dyn/articles/A32193-2000Aug15.html] ------------------------------ Date: Thu, 03 Aug 2000 23:19:54 +0200 From: Peter Kaiser Subject: "Free" e-mail accounts and passwords exposed for a month Zurich newspapers have just reported a horrible security lapse at one of Switzerland's big Internet service providers, Sunrise. Sunrise is the second biggest telecommunications provider in Switzerland, and like the two other big telephone providers -- Swisscom and diAx -- also offers Internet service. From July 2 to August 1, following a hardware upgrade, a search page supposed to be used only internally by Sunrise was exposed to external use, allowing anyone to look up e-mail account names and passwords. Sunrise knows that these data were accessed from at least twenty different locations to collect data on at least 700 (of about 300,000) accounts. Sunrise has sent e-mail to all its ISP customers advising them to change their passwords. The national data protection officer, Odilo Guntern, is reported as saying that the security lapse is a clear breach of the rules concerning protection of such data, and that he will be discussing it with Sunrise. Although it's not stated clearly, the tenor of the articles seems to be that the passwords were stored unencrypted. This reaches a too-familiar depth of careless design, especially coupled to their not noticing the situation for a month. It appears that the ability to do these searches was always there, protected only through the tiny obscurity of not making the search page externally accessible; but actual searches required no authentication. Perhaps they still don't. But that's not the only evidence of poor judgment; they've been clueless from the beginning. As a Sunrise phone customer I was among the first to get their offer of "free" Internet service, and of course I took a look. The signup page asked for an account name and password, but was unsecured. Not only did I abandon immediately the idea of signing up with them, but I called the next day and tried to get through to whomever was responsible for that particular stupidity; and although I talked to a lot of people, not one of them seemed to understand the risk of transmitting account information unencrypted. The least clueless of them told me that in any event it was software bought from a third party, and they had no control over it. I eventually gave up. Recently Sunrise began offering its phone customers another "free" service, storage and forwarding for voice messages and faxes, with signup over the web or via their call center. I went to the signup page and damn if it wasn't ANOTHER request for a password via an unsecured form page! I want to use the service, so I phoned the call center, which set it up at once over the phone. Once again I brought up the risk of doing it unsecured over the net, and the young lady at the call center told me "We prefer people to do it by telephone anyway, because it's easier for us." Many RISKS and obvious errors here, none of them new. [I have probably said it before here: ALWAYS look a Trojan horse in the mouth, whether it is free or not. PGN] ------------------------------ Date: Fri, 25 Aug 2000 13:31:44 -0400 From: "Jay R. Ashworth" Subject: Hotmail blows it badly? Members of the RISKS community are well aware of the problems that can happen when one user impersonates another on purpose. We've also seen porn purveyors cruise in behind the producers of less... exciting movies, and grab their expired top level domain names -- names which should never have been registered at the top level in the first place, because they were, by design, disposable. Well, there's a new contender in that category. Hotmail. According to this story , Hotmail is having a problem with buddy lists: > Microsoft is investigating a complaint that expired Hotmail accounts > retain the linked MS Instant Messenger buddy lists, and those lists > are available to the next person who registers the same e-mail address > on a Hotmail account. That's all fine and dandy, but it was the last clause that worried *me*: "registers the same e-mail address". What? You *can* do that? They *allow* the reuse of names? There are so many possible risks there that I don't think I *can* enumerate them. Even *AOL* has this right: once a screen name has been dropped, it's no longer reusable. Not that I ever thought Hotmail was a great idea in the first place, now I have even more reason to tell people not to use it. I wonder if they've finally gotten it to run on NT? :-) Jay R. Ashworth , The Suncoast Freenet, Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 ------------------------------ Date: Wed, 23 Aug 2000 22:52:08 +0100 From: Ralph Corderoy Subject: Possible Y2K bug strikes UK Egg Bank I've just received my first statement for an account with the UK's Egg Bank; www.egg.com. It was triggered by the annual interest payment on the 19th August 2000. The account has been opened for just under a year. The statement goes something like this. Opening balance. 0.00 19 Aug 1999 Interest gross xx.xx 19 Aug 1999 Tax deduction -xx.xx 23 Aug 1999 Deposit xx.xx 15 Oct 1999 Deposit xx.xx According to the above statement, the interest was paid before any money was in the account. If I inspect the account online the two interest entries are at the bottom of the statement dated correctly 19 Aug 2000. When telephoning Egg's service staff they also viewed the account on their computers with the correct year 2000 date. They seemed unconcerned that the printed statements they were sending people had the wrong year since the amount of interest was correct anyway. I doubt my report has been passed on internally by them. It's interesting to see what might be a Y2K bug popping up eight months after 1st Jan 2000 in an `Internet' bank that has only been running a year or two. Since information regarding interest received and tax paid has to be passed onto the Inland Revenue (the UK's IRS) as part of an individual tax return for the year this could cause problems for individuals when they fail to produce supporting material with the dates they are claiming. [Egg on the face of it? PGN] ------------------------------ Date: Mon, 28 Aug 2000 12:08:47 -0400 From: "David Goddard" Subject: More risks of filtering software The subject of usernames containing "offensive" words being automatically banned from blackplanet.com has recently received some publicity on Declan McCullagh's Politech list, with the filtering software getting upset about the name 'Babco*k'. Interestingly, the filtering software at blackplanet.com could be criticised not for what it doesn't let through but what it _does_ -- it appears to accept usernames based around the British swear words 'ar*e' and 'wa*k', for example. [PGN-ed asterisks just to avoid blocking of this issue?] It's a sure bet that many obscenities in other languages can also be used. Given that blackplanet.com appears to be aimed at a partly international audience, this is pretty poor. The RISK, yet again, is the blind faith in a software solution that a) operates only with a limited scope and b) returns false positives which irritate users and ultimately generate bad publicity. Given the many creative ways of coming up with offensive usernames and the obvious problems with being too restrictive, maybe they would be better off just relying on robust Terms Of Service and maybe a little grepping of the user lists. [I wonder in what language "grep" is a bad word! Grep Suzette? PGN] ------------------------------ Date: Mon, 28 Aug 2000 09:04:34 +0200 From: "David Sedlock" Subject: Risks of Eurdora 4.x I have used the "lite" version of Eudora for some time. It was good enough for my undemanding needs I recently upgraded to the latest Eudora, which doesn't provide a separate lite version, but instead offers three modes: full-featured paid, full-featured free paid by ads, and limited-feature free with no ads. The second mode fetches ads from the Eurdora site via HTTP. The differences in the modes were clearly explained and after firing up the program I soon decided the limited-feature free mode with no ads was good enough for me. After choosing that and restarting the program the entries in my proxy log for the Eurdora site appeared to stop and I thought that was the end of the matter. However, looking in the proxy log a few days later to solve an unrelated problem, I was perplexed to find new connections to the Eudora site. In fact, the mail tool was connecting to a Java servlet in a directory called "adserver" about twice a day. I wrote to both the webmaster and customer service (as a nonpaying user you don't even get a support e-mail address) and heard nothing for a few days. I wrote back and threatened to go public and then got two answers. One came from a technical person who said Eudora is checking for upgrades and I can turn this off by adding a few lines in its ini file. I did and the connections didn't stop. The other came from a non-technical person who said the connections where there to support "co-branding" (whatever that is) and not to worry since they happen "really really fast" and don't divulge "any private data". This reply failed to comfort me, since after all I pay for the price of a phone call to my provider if I'm not hooked up when Eudora decides to co-brand and my dialing daemon fires up. I wrote again for clarification and have yet to receive a reply. The risks? Many come to mind, but the one that stands out is software that silently carries out unexpected actions. One day our PCs may be so bound up with the Internet that we expect a software program to make unannounced connections to external servers, but today I don't expect that a mail client has any need to connect to external servers except when it is sending or receiving mail. Today such connections need to be documented and announced. Eudora was clear about its fetching ads in the "full-featured free paid by ads" mode, and I have no problem with that. But the fact that after choosing the limited-feature mode the program continued connecting was totally unexplained and probably goes on undetected by the majority of users. Eudora, you're in the dog house! David Sedlock ------------------------------ Date: Fri, 25 Aug 2000 14:29:33 -0400 (EDT) From: Lenny Foner Subject: "Verify your age with a credit card": more than $188M fraud Back when the CDA was hot news, lots of people were claiming that "asking for credit card numbers" was a reasonable way to prove that someone was "old enough" to view certain web sites. Below is a great example---one which people have been warning about for years---of why this is a horrendous idea, even if you don't care about the civil liberties implications [see [*] below] of using a credit card as an age check, or of having an age check at all: U.S. CRACKS DOWN ON NET PORN FRAUD The Federal Trade Commission has filed a lawsuit against Crescent Publishing Group and 64 affiliated companies that operate adult Web sites, accusing them of charging customers for services advertised as "Free Tour Web Sites." Like many adult sites, the Crescent sites requested that users supply credit card information to verify they were of legal age to view pornographic material. Customers who'd been promised a free online peep show say they were then billed for recurring monthly membership fees ranging from $20 to $90. Included among the complainants were some people who said they'd never visited the sites at all -- in fact, one woman who'd been charged a recurring fee for several months didn't even own a computer. To add to the confusion, the charges were made under different company names. Instead of finding a charge from Highsociety.com on their statements, consumers would find charges from "Online Forum," or "Hoot Owl," or "Knock Knee." The FTC has classified the scam as one of the largest it's ever seen on the Internet, generating $141 [million] in the first 10 months of 1999 alone. (E-Commerce Times 24 Aug 2000) http://www.ecommercetimes.com/news/articles2000/000824-4.shtml (The above was from NewsScan; the full story is at the cited URL, including how the company moved to Guatemala to continue the scam.) [*] What civil liberties problems? How about: (a) It discriminates against people who are too poor or have too bad a credit history to own a card (including those who've gone bankrupt) (b) It identifies people to sites in a very accurate and intrusive way, by name, rather than simply making it clear that they are "old enough". Remember, it's age, not identity, that such sites are supposed to be caring about. (c) "Old enough" varies based on where you are, even in the US and especially in the world, but this system makes no provisions for that. (d) How old you have to be to get a credit card varies by country, and many countries don't have the sort of credit-card presence that the US does, which might make it impossible to get one at all. (e) It assumes that differentiating content by age is a reasonable idea in the first place. These are just the most obvious ones off the top of my head. I'm sure these, and more, were all mentioned prominently at the time. But, of course, the bad system of credit-card verification took hold anyway, and we seem to be stuck with it. [Also, from a purely security standpoint and not a civil-liberties standpoint, this also assumes that no kid is going to be bright enough to copy down a parent's CC info while they're not looking. Surely all parents ensure that all their credit cards are secured 24x7. Of course, they can't use a -key-, unless that key is also secured and/or on their person 24x7... Wait---parents don't tend do this?] ------------------------------ Date: Sun, 27 Aug 2000 13:03:03 -0400 From: Adam Shostack Subject: Re: Airline E-tickets (Wallich, RISKS-21.02) > swipe a credit card or other means of ID [...] I have two comments here. The first, as the credit card companies will tell you, their cards are not meant to be used as identification (just like the social security card.) [And yet, they are! PGN] The second is it seems likely [...] that someone willing to go to the trouble of blowing up an airplane can't be bothered to engage in a little identity theft or ID-card forgery. Adam [Similar comments from Ian Lance Taylor, Marc Auslander, Jim Rees... PGN] ------------------------------ Date: Sun, 27 Aug 2000 09:46:13 -0700 From: Eric Murray Subject: Re: Hoaxes: when will they ever learn A digital signature on the press release would not have prevented this -- it was a real press release sent out by Internet Wire, a business press-release agency. The hoaxers got the release sent by social-engineering IW- they convinced a "day staff" that the "night staff" had approved the story. [Source: (San Jose) *Mercury News*, 26 Aug 2000]. Thus the story was accepted without checking the facts. The real problem here is shoddy "journalism". Digital signatures would have prevented this only if IW accepted only e-mailed releases that were digitally signed, and they actually verified the signatures. If they accepted phoned-in releases, hoaxers could still send in fakes ones. Fixing the verification procedure is the way to prevent this sort of problem from occurring again. Eric Murray http://www.lne.com/ericm ericm at lne.com Consulting Security Architect ------------------------------ Date: Sun, 27 Aug 2000 03:46:04 GMT From: sef@kithrup.com (Sean Eric Fagan) Subject: Re: SSL Server Security Survey (Solomon, RISKS-21.02) Self-signed certificates are *not* any weaker than those signed by third-party certificates. This is a popular myth I keep running into -- all a third-party-signed certificate means is that someone else has agreed that you are who you say you are. And in the case of Web browsers, it also means that this someone forked out a load of cash to Microsoft and/or Netscape to be included in the default set of known certificates. ------------------------------ Date: 27 Aug 2000 04:06:46 GMT From: msb@vex.net (Mark Brader) Subject: Re: mechanical and human failures in Toronto (van Egmond, Risks-21.02) > Each car has an operator's cab where motion and doors can be controlled, > and a window which, when opened, reveals door control buttons. I think the last sentence is misleading enough to merit correction. There are indeed door control buttons outside of the cabs: as the cab is only on one side of the train, this allow the doors on the other side to be opened without the guard having to cross to the next car. But exposing these buttons requires a key, presumably the same one that opens the cab. ------------------------------ Date: 13 Dec 1999 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, SEND DIRECT E-MAIL REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 20" for volume 20] http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. http://the.wiretapped.net/security/textfiles/risks-digest/ . ==> PostScript copy of PGN's comprehensive historical summary of one liners: illustrative.PS at ftp.sri.com/risks . ------------------------------ End of RISKS-FORUM Digest 21.03 ************************