precedence: bulk Subject: Risks Digest 22.24 RISKS-LIST: Risks-Forum Digest Weds 11 September 2002 Volume 22 : Issue 24 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at and by anonymous ftp at ftp.sri.com, cd risks . Contents: Florida Primary 2002: Back to the Future (Rebecca Mercuri) Nurses refuse to wear locator devices (Duane Thompson) Computer-Assisted Passenger Screening System defeated (Max) The Underground Web (Monty Solomon) Missed phone connections (Robert Kuttner via Monty Solomon) Microsoft says Win 2000 hacking outbreak subsides (PGN) Greek court finds Government ban on electronic games unconstitutional (Giorgos Epitidios) The pinnacle of chutzpah in spam filtering (Przemek Klosowski) REVIEW: "Computer Forensics and Privacy", Michael A. Caloyannides (Rob Slade) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 11 Sep 2002 03:14:39 -0400 From: "Rebecca Mercuri" Subject: Florida Primary 2002: Back to the Future Well, Florida's done it again. Tuesday's Florida primary election marked its first large-scale roll-out of tens of thousands of brand-new voting machines that were promised to resolve the problems of the 2000 Presidential election. Instead, from the very moment the polls were supposed to open, problems emerged throughout the state, especially in counties that had spent millions of dollars to purchase touchscreen electronic balloting devices. Florida voters, including Gubernatorial candidate Janet Reno, experienced delays (ranging from minutes to hours) due to touchscreen machines not working properly or at all. Reno, and others (including Duval County officials) reportedly sought court orders requesting additional time for the day's voting session. Governor Jeb Bush granted a two hour extension, but some of the polling places did not receive notice and shut down their machines at 7PM, only to discover that restart was impossible because of the way the machines had been designed. In addition to polls and machines that opened late, many precincts reported problems with some electronic cards voters used to activate their ballots. A few machines in Miami-Dade County reset themselves while voters were trying to vote. Even the mark-sense ballots proved troublesome -- in Orange County many votes will have to be hand-counted because defects made them unreadable by the optical scanners. Lest readers think that Florida is alone with these election problems, other states, including Georgia and Maryland, have also reported similar difficulties with touchscreens. Problems in MD led 4 counties there to commission a report from UMD, which revealed serious reliability concerns, due to "catastrophic failure," "malfunction," and "unusability" of one of the two machines they were given for testing. The Association of Computing Machinery's Special Interest Group on Computer Human Interaction (ACM SIGCHI) offered to perform similar evaluations on Palm Beach's new voting equipment, urged by U.S. Representative Robert Wexler, but the offer was declined by the County's Board of Elections. Florida was forewarned about problems with some of their new machines when, in local municipal elections held back in March 2002, anomalies surfaced in Palm Beach County. Some voters submitted sworn affidavits to the state's 15th Circuit Court, attesting to problems ranging from a lack of privacy at the voting booth, to machines "freezing up" until rebooted or reset, and voter cards being rejected. During this past summer, as part of an investigation into Emil Danciu's contest (one of two lawsuits for the March Palm Beach County election), the court permitted me to perform a "walk through inspection" of the County's Board of Election warehouse where the machines were being stored and prepared for this Fall's primary. To my amazement, I learned that the devices would not be tested to see whether they would register a vote for each candidate that appeared on the ballot face. Rather, the tallying system was checked by transferring data between cartridges, (circumventing the ballot face on each machine) and only one vote, for the first candidate in each race, was cast using the touchscreen. This essentially meant that most of the new machines would get their first real use only at the actual election. (Not only does this testing lack rigour, but it only marginally complies with Florida election law.) The Palm Beach County machines were running new software too, since the firmware on each of their 3400 machines was reprogrammed just weeks before the Fall primary. (Such firmware reprogrammability represents a major security and auditability risk.) A thorough inspection of the machines, requested by Danciu's legal team, was denied by the court, on the grounds that the purchase contract with Election Supervisor Teresa LaPore made it a felony violation (for her) of the vendor's trade secret clause if any devices were provided (Danciu had even offered to pay for one) for an internal examination. This trade secrecy also apparently prevents disclosure of the program code files and testing reports maintained by the state of Florida as part of their certification process. But there's more. Further problems may begin to surface after the tabulation results are analyzed. Although if any candidate wishes to seek a recount, the only one they will get from the touchscreen machines is a printout of the same electronic data residing inside of the machines -- not an independent tally from human-readable ballots that were examined by the voters who cast them on election day. Even Brazil, where 400,000 fully-electronic voting machines were first deployed nation-wide in their 2000 election, deemed it appropriate to retrofit their machines to produce recountable voter-verifiable paper ballots, and they will begin to institute this by modifying some 3% of their machines for their next election. Sadly, many US communities seem to feel that it is necessary to rush ahead with voting equipment procurements, while reliable systems, appropriate testing, usability, security, and auditability procedures, and other safeguards, are years away. Florida 2000 woke us up to what many already knew -- our voting systems and laws were flawed. Florida 2002 lets us know that expensive computers can not and will not provide the answer to our election troubles. For the short run, communities that have purchased malfunctioning equipment should return it to the manufacturers and request refunds. There should be an immediate moratorium throughout the United States (and world) on the procurement of electronic voting systems that do not provide voter-verifiable paper ballots. In other words, if your community is thinking of buying touchscreen or other fully-computerized voting equipment, don't let them do it! Candidates and voters who believe they may have evidence of ballots being lost or foul-play with voting systems, should contact me, as soon as possible, at mercuri@acm.org in order to learn how data could be secured before it may be deleted. Those seeking additional information on voting systems can refer to the numerous articles linked on Peter Neumann's website and on mine (at www.notablesoftware.com/evote.html). Please let your voice and concerns be heard. Democracy is at stake. Rebecca Mercuri, Ph.D., Bryn Mawr College *This article is copyrighted property of Rebecca Mercuri (c) 2002. All rights reserved. Reprint permission is granted only in its entirety, with this notice intact. This article can be distributed but not sold. For any other uses, please contact the author for permission.* ------------------------------ Date: Fri, 6 Sep 2002 16:31:11 -0700 (PDT) From: Duane Thompson Subject: Nurses refuse to wear locator devices [This is interesting. It was forwarded via a Healthcare Management e-mail list to which I subscribe. DT] Since Monday, nearly half of the 120 nurses at Castro Valley, Calif.-based Eden Medical Center who were assigned to wear personal locator badges as part of a program to provide more efficient care have turned in their devices to protest a system they say invades their privacy and could be misused by managers. The nurse locator system-launched in October on two floors with plans to expand to a third-allows hospital administrators to locate a nurse or a supervisor anywhere at any time. Although the systems, which are used by hospitals across the U.S., can record response times, number of nurse visits to a patient room, and length of time of each visit, Eden uses its $273,000 system to record only response times. According to hospital officials, the system is meant to help nurses answer patient calls faster and allow the hospital to track nurses more easily in case of emergency. They add that since the installation of the system, patient satisfaction ratings have increased and response times have decreased. But nurses say the devices invade their privacy, interfere with patient care by disrupting conversations between nurses and patients, and contain potentially harmful infrared sensors-a charge the hospital's radiation-safety officer rejects. The nurses note that the hospital has installed the system in the nurses' lounge and kitchen and say that supervisors could use the vocal communication feature to listen in on conversations; the hospital says it has no intention of using the system to listen to nurses. Eden has not taken action against the nurses who refuse to wear the badges. [Reang, *San Jose Mercury News*, 6 Sep 2002; Tate, (Contra Costa Times*, 6 Sep 2002.] ------------------------------ Date: Sat, 07 Sep 2002 11:06:14 -0700 From: Max Subject: Computer-Assisted Passenger Screening System defeated I just read an excellent paper on the inequities of the Computer-Assisted Passenger Screening System (CAPS) for airline travelers (thank you Crypto-Gram), and thought it would add some quantitative analysis to the Homeland Insecurity RISKS debate. Here's the abstract: To improve the efficiency of airport security screening, the FAA deployed the Computer Assisted Passenger Screening system (CAPS) in 1999. CAPS attempts to identify potential terrorists through the use of profiles so that security personnel can focus the bulk of their attention on high-risk individuals. In this paper, we show that since CAPS uses profiles to select passengers for increased scrutiny, it is actually less secure than systems that employ random searches. In particular, we present an algorithm called Carnival Booth that demonstrates how a terrorist cell can defeat the CAPS system. Using a combination of statistical analysis and computer simulation, we evaluate the efficacy of Carnival Booth and illustrate that CAPS is an ineffective security measure. Based on these findings, we argue that CAPS should not be legally permissible since it does not satisfy court-interpreted exemptions to the Fourth Amendment. Finally, based both on our analysis of CAPS and historical case studies, we provide policy recommendations on how to improve air security. And here's a link to the whole paper (the formatting is a little off; scroll down a bit from the title): http://swissnet.ai.mit.edu/6805/student-papers/spring02-papers/caps.htm ------------------------------ Date: Thu, 29 Aug 2002 04:04:31 -0400 From: Monty Solomon Subject: The Underground Web Drugs. Gambling. Terrorism. Child Pornography. How the Internet makes any illegal activity more accessible than ever: It's the kind of call everyone dreads. For Kristen Bonnett, the daughter of NASCAR race driver Neil Bonnett, it came on Feb. 11, 1994--the day her father crashed during a practice run at the Daytona International Speedway. A few hours later, he died. Bonnett was devastated, but she got on with her life. Then, seven years later, came a second call. This time, it was a reporter asking for comment on autopsy photos of her father that were posted on the Internet. Shocked, she quickly got online. "Forty-eight thumbnail pictures, basically of my Dad on the table, butt-naked, gutted like a deer, were staring me directly in the face," says Bonnett. Now, when she thinks of her father, she pictures him lying atop an autopsy table. Warning: You are about to enter the dark side of the Internet. It's a place where crime is rampant and every twisted urge can be satisfied. Thousands of virtual streets are lined with casinos, porn shops, and drug dealers. Scam artists and terrorists skulk behind seemingly lawful Web sites. And cops wander through once in a while, mostly looking lost. It's the Strip in Las Vegas, the Red Light district in Amsterdam, and New York's Times Square at its worst, all rolled into one--and all easily accessible from your living room couch. ... [*Business Week*, cover story, 2 Sep 2002] http://www.businessweek.com/magazine/content/02_35/b3797001.htm ------------------------------ Date: Wed, 28 Aug 2002 23:24:53 -0400 From: Monty Solomon Subject: Missed phone connections By Robert Kuttner, *The Boston Globe*, 28 Aug 2002 OUR LONG-DISTANCE telephone service stopped functioning yesterday. For the magazine I edit, it was a pretty big inconvenience. For several hours we pooled cellphones. My first call was to our bookkeeper. Were we current on our bills? We were. My second call was to Qwest, the offending long-distance company. Its lines were jammed. A company spokeswoman said she didn't know how many customers had lost service, but Qwest's own filing with the Federal Communications Commission yesterday, as required by law, indicated that 500,000 calls per hour didn't get through. ... http://www.boston.com/dailyglobe2/240/oped/Missed_phone_connections+.shtml ------------------------------ Date: Tue, 10 Sep 2002 11:19:08 PDT From: "Peter G. Neumann" Subject: Microsoft says Win 2000 hacking outbreak subsides On 30 Aug, Microsoft warned customers of an increase in reported hacker attacks against Windows 2000, but offered few details about the root of the problem. On 6 Sep 2002, MS said the malicious activity has "lessened significantly" -- claiming that the attacks probably did not result from new vulnerabilities in its operating system, but rather from administrators not following standard procedures to secure their servers. "By analyzing computers that have been compromised, Microsoft has determined that these attacks do not appear to exploit any new product-related security vulnerabilities and do not appear to be viral or worm-like in nature," the company stated in its advisory, available online at http://support.microsoft.com/default.aspx?scid=kb;en-us;q328691. "Instead, the attacks seek to take advantage of situations where standard precautions have not been taken," the advisory said. "The activity appears to be associated with a coordinated series of individual attempts to compromise Windows 2000-based servers." MS urges us to take preventive measures to protect themselves against future attacks: eliminate blank or weak administrator passwords, disable guest accounts, run up-to-date antivirus software, use firewalls to protect internal servers, and stay up to date on all security patches. [Source: article by Matt Berger, *Info World*, 9 Sep 2002; PGN-ed, TNX to Lillie Coney] http://www.infoworld.com/articles/hn/xml/02/09/09/020909hnmshack.xml [So, it's all OUR fault, even if I don't even use MS software! PGN] ------------------------------ Date: Wed, 11 Sep 2002 15:56:05 +0300 From: "Giorgos Epitidios" Subject: Greek court finds Government ban on electronic games unconstitutional (Re: Pareas via Max, RISKS-22.23) One of the advantages of Greek law is that every court (no just special ones as in many countries) can decide on the constitutionality of a law. This has it's own risks - inconveniences but, I am glad to report that in this case it worked well. The stupid law banning electronic games has been found unconstitutional by the court that was judging the "criminals". Giorgos Epitidios, Athens, Greece gepiti@gepiti.com ------------------------------ Date: Wed, 11 Sep 2002 01:24:09 -0400 From: Przemek Klosowski Subject: The pinnacle of chutzpah in spam filtering Recently, I got a piece of spam, which I forwarded to the 'abuse' at the sending ISP (a large, national carrier). I quickly got a reply: ************* Content Filter Notification ************** The following mail was blocked since it contains sensitive content. Source mailbox: Destination mailbox(es): Policy: Prohibited Word Filter I wrote back, without much hope for any effect: Well, sure the mail contains offending material.. IT WAS SENT TO ME FROM YOU GUYS---THAT'S WHY I AM COMPLAINING [Why you'd have a content filter on an 'abuse@...' is beyond me.] [Because they get lots of spam also? PGN] ------------------------------ Date: Mon, 9 Sep 2002 19:56:41 -0800 From: Rob Slade Subject: REVIEW: "Computer Forensics and Privacy", Michael A. Caloyannides BKCMFRPR.RVW 20020604 "Computer Forensics and Privacy", Michael A. Caloyannides, 2001, 1-58053-283-7, U$79.00 %A Michael A. Caloyannides micky@ieee.org %C 685 Canton St., Norwood, MA 02062 %D 2001 %G 1-58053-283-7 %I Artech House/Horizon %O U$79.00 800-225-9977 fax: 617-769-6334 artech@artech-house.com %P 392 p. %T "Computer Forensics and Privacy" This book occupies a unique place in the literature of computer forensics. Most works in the field, such as Kruse and Heiser's "Computer Forensics" (cf. BKCMPFRN.RVW), concentrate on documentation of the investigation with a view to presentation in court. The actual mechanics of data recovery tend to be left to commercial tools. Caloyannides demonstrates how to delve into corners of the computer in order to actually get the data out. At the same time, this work is inconsistent, on at least two levels. The perspective flips back and forth between forensics and privacy, alternately emphasizing how to find evidence, and how to hide evidence. The technology involved is the same, but the shifts in viewpoint can be jarring to the reader. At the same time, the depth of technical detail can vary wildly. At one point the book stops shy of telling you how to undelete files with a sector editor (an activity that could be useful to every computer user), while other sections list lengthy and extraordinary measures to secure personal computers. Part one concentrates on the data recovery aspect of computer forensics. Chapter one is entitled an introduction, but seems to be more of an editorial on privacy, with the added statement that the book is intended both for law enforcement personnel needing details of computer forensic techniques and those wishing to preserve the privacy of data. The use of, and factors related to the use of, computer forensics is supported by specific cases (rather than vague suppositions) in chapter two. One has to agree with the author's statement, in chapter three, that "computer forensics can be done-- and, sadly, is often done--by persons with a minimal amount of either education or experience." Therefore it is unfortunate that the forensic tools list and book structure are both difficult at this point, although there is good material and writing, and Caloyannides is not afraid to tackle the social and political aspects of the field. Chapter four outlines various places (primarily in Windows) from which data may be recovered. It is an odd mix of little known and very valuable information, and extremely poor explanations of basic functions like manual undeletion and file overwriting. A strange and terse look at steganography, US and UK surveillance systems, cryptography, and anonymity makes up chapter five. Data acquisition, from sources such as key logging and Van Eck radiation, is reviewed in chapter six. Chapter seven debunks a short list of measures falsely believed to provide privacy protection. Part two turns to privacy and security. Chapter eight is a discussion of legal and commercial protections of privacy (mostly in the US) and their failings. Installing and configuring a privacy protected configuration of Windows is covered in chapter nine, in considerable detail. Chapter ten's review of basic online privacy is heavy on additional software packages. Intermediate online privacy, in chapter eleven, looks at browser and email configurations, more packages, and has a section on tracing email that would be helpful in dealing with spam. (An unfortunate typesetting error seems to have deleted what might have been valuable information about PGP [Pretty Good Privacy].) Chapter twelve is more advanced, dealing with anonymizing services and personal firewalls, but may be beyond the average user. A general opinion piece on cryptography, chapter thirteen nevertheless provides a good, basic background, albeit with a social and political emphasis. Chapter fourteen looks at more practical encryption, detailing PGP and specialized cryptographic programs, with a detour into biometrics. Part three is a brief look at legal and other issues. Chapter fifteen is a brief look at laws, mostly in the US. Chapter sixteen touches on security aspects of VoIP (Voice over Internet Protocol) and GSM (Global System for Mobility) wireless services. Despite the ragged organization and style, and some glaring gaps in coverage, this book does contain a wealth of information for both the computer forensic examiner, and the user concerned with privacy. For anyone beyond the most basic user it is well worth a read. copyright Robert M. Slade, 2002 BKCMFRPR.RVW 20020604 rslade@vcn.bc.ca rslade@sprint.ca slade@victoria.tc.ca p1@canada.com http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade ------------------------------ Date: 29 Mar 2002 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, send e-mail requests to with one-line body subscribe [OR unsubscribe] which requires your ANSWERing confirmation to majordomo@CSL.sri.com . If Majordomo balks when you send your accept, please forward to risks. [If E-mail address differs from FROM: subscribe "other-address " ; this requires PGN's intervention -- but hinders spamming subscriptions, etc.] Lower-case only in address may get around a confirmation match glitch. INFO [for unabridged version of RISKS information] There seems to be an occasional glitch in the confirmation process, in which case send mail to RISKS with a suitable SUBJECT and we'll do it manually. .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 21" for volume 21] http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. Lindsay Marshall has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r http://the.wiretapped.net/security/info/textfiles/risks-digest/ . http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/ ==> PGN's comprehensive historical Illustrative Risks summary of one liners: http://www.csl.sri.com/illustrative.html for browsing, http://www.csl.sri.com/illustrative.pdf or .ps for printing ------------------------------ End of RISKS-FORUM Digest 22.24 ************************