precedence: bulk Subject: Risks Digest 22.89 RISKS-LIST: Risks-Forum Digest Tuesday 2 September 2003 Volume 22 : Issue 89 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at http://www.risks.org as http://catless.ncl.ac.uk/Risks/22.89.html The current issue can be found at http://www.csl.sri.com/users/risko/risks.txt Contents: Chips that can self-destruct (Kenneth Ng) Diebold voting machines (John Paulson) A new approach to roller coasters (Henry Baker) Battling the threat of data extinction (NewsScan) Man steals tracking device, which tracks him down (PGN) Careful typography in the CAIB report (Craig DeForest) EchoStar sued for `No-Call List' breach (Monty Solomon) Bahrain's proposed smart ID cards (George Mannes) 802.11: When Is 54 Not Equal to 54? (Matthew Gast via Monty Solomon) EarthLink sues to stop Alabama and Vancouver spammers (Monty Solomon) Can't catch it? A virus can still hurt you. (Richard A. O'Keefe) Hackers cut off SCO Web site (Richard Forno via Dave Farber) More theories about Sobig vandal's motivation (NewsScan) Re: Sobig affects Amtrak trains, Air Canada (Scott Nicol) Re: "Good" worm fixes infected computers (Neil Youngman) More on the Davis-Besse worm attack (Martyn Thomas) Re: Satellite photo of Eastern North America during blackout (Dan Pritts) Re: Nasty elevator death at Houston hospital (Paul D. Walker, Richard H Miller) Re: Pilot fixes faulty jet (Daniel Lance Herrick) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 25 Aug 2003 15:51:55 -0400 From: "Ng, Kenneth (US)" Subject: Chips that can self-destruct Michael Sailor and colleagues at the University of California at San Diego have developed a self-destruct mechanism that can be activated (with a warning) if a machine detects that it has been stolen. The first thought I had was "program bug". The second was "virus". The third was "cyber denial of service attack". Personally, it wouldn't be the same without the "this chip will self destruct in 5 seconds, good luck, Jim" followed by the standard white smoke from Mission Impossible. http://www.newscientist.com/news/news.jsp?id=ns99991795 [The technique involves adding gadolinium nitrate to silicon. PGN] ------------------------------ Date: Tue, 2 Sep 2003 11:57:59 -0700 From: john paulson Subject: Diebold voting machines The head of a company vying to sell voting machines in Ohio told Republicans in a recent fund-raising letter that he is "committed to helping Ohio deliver its electoral votes to the President next year." http://www.cleveland.com/election/index.ssf?/base/news/106207171078040.xml Inspired by remotely triggered self-destructing chips, how about voting machines that can be remotely instructed to add and subtract votes? Well, you might say, why bother? It can already be done locally! PGN] ------------------------------ Date: Thu, 28 Aug 2003 10:03:58 -0700 From: Henry Baker Subject: A new approach to roller coasters [FYI -- Note the use of Windows OS to run this thing. HB] [Could give new meaning to the Blue Screen of Death. PGN] ``Roller coasters are boring. ... But a new two-seat ride called RoboCoaster is different. Its 4,400-pound, 22-foot-long mechanical arm provides a much wider array of twists and turns than any single traditional coaster can, its makers say. And because those whipping motions are just about infinitely programmable, riders can have radically different experiences on the same RoboCoaster, and can even customize their own thrills. ... Made by the German robotics company Kuka Roboter, the $350,000 RoboCoaster became available last November. Fourteen have been installed, two of them in the United States - at American World Resort in Wisconsin Dells, Wis., and at C.J. Barrymore's, 30 miles north of Detroit. Ten are housed in a vast hall at the Legoland theme park in Billund, Denmark, where they are called Power Builders. Riders use a Windows-based touch-screen computer to program their own RoboCoaster experience. There are seven levels of difficulty, and within each level are 14 movements -- dips, falls, rocket starts, butterfly rolls and loops - lasting 5 to 15 seconds. According to Legoland, more than 1.4 million combinations are possible. With six axes, the robot can throw riders in any number of directions, turning them upside down, spinning them side to side, or making them swoop as if they were in a jet fighter -- all at 1.9 G's, nearly twice the normal gravitational pull. Optical sensors attached to a motor in each axis calculate the position of the coaster's arm every 32 milliseconds. [Source: Taking Roller Coaster Limits for a Ride, Noah Shachtman, *The New York Times*, 28 Aug 2003; PGN-abridged] http://www.nytimes.com/2003/08/28/technology/circuits/28roll.html ?pagewanted=print&position= ------------------------------ Date: Fri, 29 Aug 2003 09:35:18 -0700 From: "NewsScan" Subject: Battling the threat of data extinction (NewsScan) Because most digital files are dependent on the operating systems in which they're stored and the software applications used to create and access them, would-be archivists are faced with the task of retaining and maintaining the digital hardware necessary to read digital files as well as the files themselves. "With each passing day, the reservoir of digital documents grows," says Eastman Kodak manager Andrew Lawrence. "Often, there is no associated hard-copy output to archive via conventional means. Over time, the problem is that media decays and hardware and software platforms evolve, placing the electronically stored information at risk." Lawrence suggests the best approach to digital preservation is a dual track. For short-term needs, users can maintain structured electronic archives in their native formats. But for longer-term purposes, Lawrence suggests creating a referenced archive of permanent document images in analog format, such as microfilm, that could provide a technology-proof repository. Glenn Widener, director of Internet technology at Swiftview, has a different solution. He recommends using the Printer Control Language (PCL) format, invented by Hewlett-Packard for its LaserJet family of printers, as an easy way to preserve documents. "Many PCL viewers can view 15 to 20 years back. There will always be commercial tools readily available to read it." Meanwhile, Dan Schonfeld, director of products for Artesia, says his company's digital asset management software enables users to archive viewers, readers and players along with files. "Because we can store any type of media, we can actually store applications as well as the media files themselves." [TechNewsWorld 28 Aug 2003; NewsScan Daily, 29 Aug 2003 http://www.ecommercetimes.com/perl/story/31436.html ------------------------------ Date: Mon, 1 Sep 2003 08:56:43 -0700 (PDT) From: "Peter G. Neumann" Subject: Man steals tracking device, which tracks him down A man stole a $2500 GPS-based computerized home-detention tracking device that had been temporarily left outside the home of the woman who was supposed to be wearing it. By the time she reported the loss, prison officials had already rounded up the thief. [Source: AP item 1 Sep 2003; PGN-ed] http://www.newsday.com/news/nationworld/wire/ sns-ap-tracking-device,0,4015374.story?coll=sns-ap-nationworld-headlines [ADDED NOTE: The stolen device was apparently the transponder box. I presume the anklet was not removable. PGN] ------------------------------ Date: Wed, 27 Aug 2003 15:19:13 -0600 From: zowie@euterpe.boulder.swri.edu (Craig DeForest) Subject: Careful typography in the CAIB report I'm sure that many are reading and will contribute about the recent Columbia Accident Investigation report: http://www.caib.us A rare amusing moment occurs on p. 191, where noted communication expert Edward Tufte analyses the horrific viewgraph layout used within NASA. One of Tufte's points is that even a simple unit measurement ("cubic inches") is laid out three different ways in a single viewgraph, making it difficult to recognize that the three units are directly comparable (in this case an analytical model that was designed for foam chunks up to 3 cubic inches was used for a foam chunk that was over 300 times larger). But a diligent copy editor has regularized the three layouts in the corresponding figure caption, obscuring Tufte's argument. Tufte analysed the Challenger explosion in his fabulous book, "Visual Explanations". He convincingly argued that poor communication (caused in part by bad charting of the relevant risk factors) played a significant role in the loss of Challenger. The same arguments seem to hold about Columbia. ------------------------------ Date: Thu, 28 Aug 2003 08:54:27 -0400 From: Monty Solomon Subject: EchoStar Sued for `No-Call List' breach The state of Missouri sued EchoStar Communications Corp. on 27 Aug 2003, accusing the satellite television giant of violating the state's telemarketing "no-call" list, wrongly calling residents who had home telephone numbers registered with the state's no-call list, pitching its satellite equipment and television services. [Source: Jim Suhr, AP Online, 27 Aug 2003; PGN-ed] http://finance.lycos.com/home/news/story.asp?story=35468386 ------------------------------ Date: Thu, 28 Aug 2003 11:36:12 -0400 From: George Mannes Subject: Bahrain's proposed smart ID cards Bahrain Takes Swipe Into The Future With New Smart ID Cards, 26 Aug 2003, AP, http://www.informationweek.com/story/showArticle.jhtml?articleID=13900098 Bahraini officials envision a photo ID card with a 64-kilobyte microchip holding the card holder's name, address, national identification number, digital fingerprints and driver's license, passport, medical, financial and educational data. Users will be able to pay bills, withdraw cash, transfer money check their bank balances and conduct Internet transactions with a swipe of the card, and use the same card to votes in municipal and parliamentary elections. "We truly believe that this is going to improve and change things dramatically," Sheik Ahmed bin Ateyatella Al Khalifa, undersecretary of the Central Informatic Organization, told reporters Tuesday. Improve and change things dramatically for whom? The article -- which says Bahrainis already used bar-coded ID cards for elections last October -- doesn't say. I'm guessing I'm not the only RISKS reader who'd be a tad concerned about the RISKS of having all my personal, medical, financial, educational -- and perhaps political-leanings -- data all in one convenient, centrally informatic, location. ------------------------------ Date: Mon, 1 Sep 2003 04:11:22 -0400 From: Monty Solomon Subject: 802.11: When Is 54 Not Equal to 54? When Is 54 Not Equal to 54? A Look at 802.11a, b, and g Throughput by Matthew Gast, author of *802.11 Wireless Networks: The Definitive Guide* 08 Aug 2003 (updated: 14 Aug 2003) Now that the 802.11g standard has been finalized, comparisons with the other standards in the 802.11 family are inevitable. One conclusion that is frequently drawn is that 802.11g offers similar speeds to 802.11a. After all, both products are advertised as having a data rate of 54 Mbps. This article develops a simple model for the maximum TCP throughput of 802.11 networks so that a comparison can move beyond a simple comparison of nominal bit rates. According to the model, 802.11g is significantly faster than 802.11b. In a network consisting only of 802.11g clients, it is even slightly faster than 802.11a. However, "protection" mechanisms added to 802.11g to ensure backwards compatibility with legacy 802.11b clients can cut the throughput by 50 percent or more. ... http://www.oreillynet.com/pub/a/wireless/2003/08/08/wireless_throughput.html ------------------------------ Date: Thu, 28 Aug 2003 08:51:12 -0400 From: Monty Solomon Subject: EarthLink sues to stop Alabama and Vancouver spammers Internet provider EarthLink Inc. said it sued operators in Alabama and British Columbia for flooding its network with some 250 million unwanted commercial messages, in an attempt to break their e-mail "spam" rings -- which reportedly hide behind a veil of bogus Web sites and e-mail accounts bought with stolen credit-card numbers. EarthLink estimates costs around $5 million in employee time and wasted bandwidth. [Source: Andy Sullivan, Reuters, 27 Aug 2003; PGN-ed] http://finance.lycos.com/home/news/story.asp?story=35464940 ------------------------------ Date: Wed, 27 Aug 2003 15:41:08 +1200 From: "Dr Richard A. O'Keefe" Subject: Can't catch it? A virus can still hurt you. I thought I was safe. My mail machine is an Alpha running OSF/1. I use mailx, which not only doesn't do anything in particular with attachments, it wouldn't know an attachment if one bit it in the backside. I suppose it's theoretically possible to write a virus or worm for the Alpha, but there's not that much thrill in persecuting orphans; the bad guys much prefer going after idiot boxes. So I thought no virus could possibly pose a threat to *my* mail. Wrong. My mail comes through the University's Information Technology Services. Quoting their recent "ITS Incident Report: E-Mail Services #2", E-Mail from off-campus destinations were lost by the University e-mail system from approximately 5:00 am until 4:45 pm on August 23. People will have received an e-mail from the sender that contained no subject line or content. In fact I received a couple of hundred such messages. How could that be? Continuing the quote: Since Wednesday August 20 [to Monday August 25] the University has received over 120,000 copies of the Sobig-F virus. ... The University e-mail hubs scan all e-mail messages for viruses. Any e-mail that contains a virus is quarantined and no further delivery attempts are made. The quarantined e-mail messages are occasionally analysed in order to trace the origins of viruses, with old e-mail messages purged as required. So far so good. They try hard to stop viruses getting through, and they monitor the bad stuff so they can do a better job. BUT With the advent of Sobig-F, the number of e-mail messages quarantined grew dramatically. The file system on the mailhubs only permits 32,000 files per directory. On Thursday last week one of the mailhubs hit this limit. At this time it was thought that the large number of quarantined e-mail messages was due to historical data not being purged. However, another 32,000 virus infected e-mail messages were intercepted by each of the mailhubs over the next 36 hours which caused similar failures to the one on Thursday. As a result of these failures, incoming e-mail messages could not be written to disk for virus and spam scanning. When the system went to send on the e-mail to its destination, only the sender data was retained. OOPS. In hindsight, it was a bad idea to store quarantined messages and good ones on the same file system, and it might not have been such a good idea to store each quarantined message as a separate file. However, I'm pretty sure I wouldn't have thought of that without the benefit of hindsight. The e-mail messages that have had their content lost are not recoverable. The only way for you to know the contents of those e-mail messages is to ask for the sender to resend the message(s). You are urged to take care to only request a resend from known senders. In the event that a request for a resent message is made to a spammer, you are likely to receive greater volumes of spam in the future. The really sad thing here is that the guys in ITS *do* have a clue or two, and were trying to do their job. ITS has now stopped reaining block e-mail messages containing viruses. Oh dear. Retaining messages was a *good* thing. The sheer volume of bad stuff has stopped them doing it. Death of the net? Oh yes, it's entirely forgivable that they didn't spend a lot of time thinking about the problem on Thursday, because tech support people around the campus have been as busy as one-armed paperhangers trying to clean up after Blaster and Sobig-F. Yes, they *do* stop those things entering through the network. Yes, they *do* provide up-to-date anti-virus software. However, people _will_ run Windows on their laptops, take them home, and bring the infection back... Instead of just deleting all virus messages, I think it would be better to retain a random sample of (say) 30,000 of them. So I've learned something: I can lose a couple of hundred messages because of a virus my machine didn't catch and cannot catch, because of what the virus did to a mail hub that didn't and couldn't catch it either. I've also learned that if I receive e-mail without content or subject line, I probably shouldn't delete it all, like I did. Sigh. [The quoted text was quite sloppy. Vastly too many "(sic.)"s have been removed, and various garbles fixed to make this message more readable. My apologies if I missed a few! PGN] ------------------------------ Date: Mon, 25 Aug 2003 17:42:09 -0400 From: Richard Forno Subject: More theories about Sobig vandal's motivation Is money the real motivation for the spread of the Sobig virus? Sobig is transmitted as an e-mail attachment and is the sixth variant of the malicious code by an unknown attacker. Mikko H. Hypponen, director of antivirus research at F-Secure corporation in Finland says: "I think the motivation is clear: it's money. Behind Sobig we have a group of hackers who have a budget and money." Computer security expert Russ Cooper suggests that the vandal is acting out comic book fantasies: "You can liken this guy to Lex Luthor and we're all Supermen. Luckily, we've been able to get the kryptonite from around our necks each time so far." One popular theory is that Sobig is the work of an e-mail spammer who is aggressively trying to build a clandestine infrastructure for blitzing the Internet with junk e-mail. Antivirus software researcher Joe Hartman of TrendMicro says, "If machines remain infected they could be used in any kind of attack. The question we ask ourselves is, What is he trying to achieve? We don't think it's planned for a specific threat, rather its more likely a money-making spam scheme." And Bruce Hughes of Trusecure points out: "There is some evidence that he's been tied in with spammers." Sobig spreads further only when a computer user selects the attached program that then secretly mails itself to e-mail addresses stored in the user's computer. The Computer Emergency Response Team at Carnegie Mellon University says, "Our current advice is: Don't open an attachment unless you are expecting one." [*The New York Times*, 26 Aug 2003; NewsScan Daily, 26 August 2003] http://partners.nytimes.com/2003/08/26/technology/26VIRU.html ------------------------------ Date: Wed, 27 Aug 2003 22:17:34 -0400 From: Scott Nicol Subject: Re: Sobig affects Amtrak trains, Air Canada (Leisner, RISKS-22.88) According to a technically sparse press release by CSX , it wasn't the signalling computers that were affected, but rather the communication lines that the signals are sent on. One would have to assume this means that the communication lines that are used for signalling are also used for other purposes, including sending e-mail. What happens when somebody inside CSX sends an e-mail to "all", on the subject of, say, next years health plan choices, with a 20MB powerpoint presentation attached? Do the signals get blocked for a few minutes until the e-mail is dispatched everywhere? ------------------------------ Date: Wed, 27 Aug 2003 18:51:16 +0100 From: Neil Youngman Subject: Re: "Good" worm fixes infected computers (Schindler, RISKS-22.87) > Even though the new worm is "good," it can cause plenty of > trouble for computer users ...   I remember discussing the topic of "good viruses" and why there was no such thing -- way back in 1989; see http://www.ja.net/CERT/CERT-CC/virus-l/archives/1989/v2i117 Now I know of one company whose network was taken off line for at least 24 hours by this "good virus". A truly destructive "good virus" may have taken a long time to arrive but I'm sorry to see that it finally got here. ------------------------------ Date: Sun, 31 Aug 2003 15:00:15 +0100 From: "Martyn Thomas" Subject: More on the Davis-Besse worm attack (RISKS-22.88) "When the Davis-Besse nuclear power plant in Ohio was hit by the Slammer worm [in Jan 2003], the reactor happened to be off-line. But the worm disabled a safety monitoring system for nearly five hours. 'We are still working through the information to find out what happened', says a spokesman for Akron-based FirstEnergy, which owns the plant." [Source: *New Scientist*, 30 Aug 2003, page 5] ------------------------------ Date: Wed, 27 Aug 2003 17:15:06 -0400 From: Dan Pritts Subject: Re: Satellite photo of Eastern North America during blackout (R-22.88) Given the population density, I would be shocked if there were not more cars and generators per square mile in metro NYC than anywhere else on the continent. Detroit and Cleveland are certainly much less densely populated than metro NYC (I don't know about Toronto but it can't be any MORE dense). I would also expect that the saturation of generators is likely very low in all of these areas compared to the saturation of cars. Most families have multiple cars - few families have generators. Obviously not all the cars were on, but traffic snarls in NYC might also suggest that the commuters all were still trying to get home 7 hours later. ------------------------------ Date: Sat, 23 Aug 2003 22:30:19 +0800 From: "Paul D. Walker" Subject: Re: Nasty elevator death at Houston hospital (RISKS-22.87) > RISKS reported the earlier cases in Ottawa [...] Actually, there were three deaths that summer from elevators. I lived in Ottawa during that summer and since then I have become extra cautious about crossing elevator doors. ------------------------------ Date: Fri, 22 Aug 2003 10:08:51 -0500 (CDT) From: rick@bcm.tmc.edu (Richard H Miller) Subject: Re: Nasty elevator death at Houston hospital > ... We also previously reported the Houston elevator that failed > in the floods caused by Tropical Storm Allison and by default went down to > the BOTTOM, drowning its occupant (RISKS-21.47). Actually this is becoming a bit of an urban legend. The elevator did not take the woman down to the basement. What happened was the several people walked down to the lower levels of the garage to attempt to move their cars higher. [I believe it was the woman and a security guard]. In the basement level, a wall separating the garage from the bayou was penetrated and the water came rushing into the garage. The woman was picked up by the water and happened to be flung into the open elevator. Some of the details may be fuzzy but it was not a case of an elevator opening into a flood Richard H. Miller, MCSE, Information Security Manager, Information Technology Security and Compliance, Information Technology - Baylor College of Medicine ------------------------------ Date: Tue, 2 Sep 2003 13:42:16 -0400 (EDT) From: daniel lance herrick Subject: Re: Pilot fixes faulty jet (Ladkin, RISKS-22.88) Peter Ladkin's followup in RISKS-22.88 had the URL of a BBC story on the incident. That story had a whole lot of (generally uninformed) comments added at the end. There was one highly informative contribution: I was one of the passengers on this flight (with my wife and 2 young children) and have been amazed by the inaccuracy of the reporting on this event. The vote was not to see if we should "risk it" but merely whether passengers wanted to go the lengths of boarding the plane again (3rd time) to try and fly home. The only "risk" was that the plane would only be able to taxi to the end of the runway and because of the fault not start the initialisation sequence. We would then have had to go straight back to the terminal and wait at least another 4 hours for the engineers to be flown from the UK. All the news I have read today is about a "patched" plane "personally repaired" by the pilot and then us voting whether we thought it was safe to fly, which is just not the case but obviously makes for a better headline. It is funny that the bit of oil on the pilots shirt has now become him being "caked" and "covered" in oil! Nigel, England What a letdown! ------------------------------ Date: 30 May 2003 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, send e-mail requests to with one-line body subscribe [OR unsubscribe] which requires your ANSWERing confirmation to majordomo@CSL.sri.com . If Majordomo balks when you send your accept, please forward to risks. [If E-mail address differs from FROM: subscribe "other-address " ; this requires PGN's intervention -- but hinders spamming subscriptions, etc.] Lower-case only in address may get around a confirmation match glitch. INFO [for unabridged version of RISKS information] There seems to be an occasional glitch in the confirmation process, in which case send mail to RISKS with a suitable SUBJECT and we'll do it manually. .UK users should contact . => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES: http://www.sri.com/risks http://www.risks.org redirects you to the Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue] Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r http://the.wiretapped.net/security/info/textfiles/risks-digest/ . http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/ ==> PGN's comprehensive historical Illustrative Risks summary of one liners: http://www.csl.sri.com/illustrative.html for browsing, http://www.csl.sri.com/illustrative.pdf or .ps for printing ------------------------------ End of RISKS-FORUM Digest 22.89 ************************