precedence: bulk Subject: RISKS DIGEST 19.25 RISKS-LIST: Risks-Forum Digest Friday 18 July 1997 Volume 19 : Issue 25 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** Contents: Partial failure of Internet root nameservers (Daniel Pouzzner) Norwich Union to make e-mail libel payout (Jonathan Bowen) Phone industry wants FCC's help against FBI's wiretap plans (Edupage) Voice-controlled MS WORD (Edupage) Medical computer crashes (Tom Van Vleck) New York State information-systems learning standards (Frederick W. Wheeler) Regulatory Improvement Act requires risk assessments (Mary Bryant) Unique definition of "proof of correctness" (Daniel P.B. Smith) Vigilante fallout from the Megan's Law CD-ROM (Joel G) Re: Website on Spreadsheet Research (John R. Levine) DEC Alpha Bug, final resolution (Gregory F. March) Security risks from active usenet articles (Jonathan de Boyne Pollard) Re: Faulty lavatory smoke detector lawsuit (PGN) DA Computer Chief Almost loses Job:" follow-up report (Curtis Karnow) Anti-spam redux (Simson L. Garfinkel) comp.risks was spammed last night (PGN) The truth about Usenet's Psychic Spammers! (Greg Corteville) "25 Steps to Safe Computing" by Sellers (Rob Slade) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 17 Jul 1997 05:58:57 -0400 (EDT) From: Daniel Pouzzner Subject: Partial failure of Internet root nameservers In the wee hours of 17 Jul 1997, a remarkable event occurred. The 4AM update of the root nameserver database was botched - horribly. The immediate and very real effect of this is that the Internet does not work right. In this episode, the top-level domains .com and .net have ceased to exist. .edu and .gov (presumably among others) appear to be unaffected, but in short - most of the network is practically inaccessible. So that the full weight of this error can be appreciated, I list below some sample results of attempted name resolutions. -* dnsquery -n a.root-servers.net. digital.com. Query failed (h_errno = 1) : Unknown host -* dnsquery -n a.root-servers.net. saic.com. Query failed (h_errno = 4) : No address associated with name -* dnsquery -n a.root-servers.net. sun.com. Query failed (h_errno = 4) : No address associated with name And similar responses for queries for mobil.com, exxon.com, toyota.com, internic.net, mci.com, sprint.com, geffen.com, ge.com, and presumably any other .com or .net we've come to take for granted. IBM fails in a slightly different way: they have a special entry for the *host* ibm.com, which successfully resolves, but this is of no practical utility since that host is not itself a name server. If the dysfunction endures for much longer, we can expect serious repercussions. Barring a quick repair, people will start arriving at work over the next two hours to discover that the Internet, as far as they are concerned, has ceased to exist overnight. Even if the Internic manages to get things rolling again before then, we should all consider this a harbinger. The outage continues as I complete this message. To get this e-mail to the RISKS mailbox, I bypassed the root name servers by resolving sri.com through the Stanford University name servers (on a hunch). These are the sorts of tricks we will all be slowly learning as the size of the Internet and the weaknesses of its foundational technology continue to burgeon beyond manageability. -Daniel Pouzzner, New York City [The problem apparently began around 11:30pm 16 Jul EDT, during the autogeneration of the NSI top-level domain zone files, and resulted from the failure of a program converting Ingres data into the DNS tables, corrupting the .COM and .NET files. Quality-assurance alarms were evidently ignored and the corrupted files were released at 2:30am EDT -- with widespread effects. Other servers copied the corrupted files from the NSI version. Corrected files were issued four hours later, although there were still some lingering problems. An excellent analysis by Peter Wayner exists on the 18 Jul 1997 www.NYTimes.com Cybertimes. PGN] ------------------------------ Date: Fri, 18 Jul 1997 10:58:29 GMT From: J.P.Bowen@reading.ac.uk (Jonathan Bowen) Subject: Norwich Union to make e-mail libel payout [In addition to the Internet fiasco,] further e-mail problems were also reported in the [London] *Times* on 18 July 1997, p25: Norwich Union, an insurance company, has been ordered to pay 450,000 UK pounds (c $750,000) and to issue an apology for libeling a private healthcare group by e-mail, the first time [in the UK?] that a company has received damages for libel via e-mail. ------------------------------ Date: Thu, 17 Jul 1997 18:38:50 -0400 From: Edupage Editors Subject: Phone industry wants FCC's help against FBI's wiretap plans Arguing that the FBI's requests for expanded wiretap capabilities go beyond that agency's authority, telephone industry officials are asking the Federal Communications Commission to help them resist the FBI's proposed digital phone design, which would allow law enforcement officials to continue the wiretapping of a conference call even after the person targeted by a court-authorized wiretap drops out of the call. The phone industry claims the request would cost billions of dollars to implement and would expose it to lawsuits by civil liberties groups fighting against privacy invasions. (*The New York Times*, 16 Jul 1997; Edupage, 17 July 1997) ------------------------------ Date: Thu, 17 Jul 1997 18:38:50 -0400 From: Edupage Editors Subject: Voice-controlled MS WORD (Edupage) Lernout & Hauspie, a speech technology software vendor, will introduce a voice-controlled software editor for Microsoft Word in the fall. Users will be able to select a sentence, underline a group of words, and change the color and size of a font, all by naturally spoken voice. "It'll make people give up the mouse," says Lernout & Hauspie's chief technology officer. The Lernout & Hauspie product uses discrete dictation pathology software from Kurzweil Applied Intelligence, which it acquired earlier this year. Kurzweil's artificial intelligence technology allows the software to prompt users for answers as if they were entering information onto a form. The initial product will be aimed specifically at pathologists, with other versions for the legal profession and police reporting to follow. (*InfoWorld Electric*, 17 Jul 1997; Edupage, 17 July 1997) [RISKS has previously suggested what might happen if someone walking by your office coincidentally uttered something meaningful to the system. The concept of SPOKEN WORD viruses may present some glorious new forms of attack, as well as utter punning. Victor Borge would have a field day. PGN] ------------------------------ Date: Wed, 16 Jul 1997 19:49:14 -0700 From: thvv@best.com (Tom Van Vleck) Subject: Medical computer crashes I visited a hospital emergency room recently late at night. As I was reciting my data to the admitting clerk, a horn sounded, and she said, "Oh darn, the computer's crashed. It crashes every day at midnight, and takes about fifteen minutes to come back." She didn't know what kind of computer it was; the keyboards were labeled IBM. [Why wait for Y2K? This is Midnight Madness, or Rollover Twist. PGN] ------------------------------ Date: Thu, 10 Jul 1997 11:43:24 -0400 From: "Frederick W. Wheeler" Subject: New York State information-systems learning standards RISKS readers will be pleased to learn that New York State public schools are preparing students to address many of the concerns discussed in this forum. The New York State Education Department (http://www.nysed.gov) has published learning standards as a guide to evaluate school curricula and student proficiency. The Mathematics, Science and Technology Standard (http://www.nysed.gov/mst) has a section on Information Systems that addresses the benefits, risks and ethical issues of using computers to store information. The three parts of the Information Systems section are listed below, along with examples of student proficiency for each part. The examples are excerpted from "Mathematics, Science and Technology Performance Indicators", pages 8,9 (http://www.nysed.gov/mst/perf.pdf). Mathematics, Science and Technology Standards: Section 2, Information Systems PART 1: Information technology is used to retrieve, process, and communicate information and as a tool to enhance learning. PART 2: Knowledge of the impacts and limitations of information systems is essential to its effective and ethical use. Elementary Level Students: * understand that computers are used to store personal information Intermediate Level Students: * understand the need to question the accuracy of information displayed on a computer because the results produced by a computer may be affected by incorrect data entry * understand why electronically stored personal information has greater potential for misuse than records kept in conventional form Commencement Level Students: * explain the impact of the use and abuse of electronically generated information on individuals and families * discuss the ethical and social issues raised by the use and abuse of information systems PART 3: Information technology can have positive and negative impacts on society, depending upon how it is used. Elementary Level Students: * demonstrate ability to evaluate information critically Intermediate Level Students: * describe applications of information technology in mathematics, science, and other technologies that address needs and solve problems in the community * explain the impact of the use and abuse of electronically generated information on individuals and families Commencement Level Students: * discuss how applications of information technology can address some major global problems and issues * discuss the environmental, ethical, moral, and social issues raised by the use and abuse of information technology A RISK here is assuming that the standards are met. Fred Wheeler, Electrical Engineer (wheeler@ipl.rpi.edu) Susan Nelson, Music Teacher ------------------------------ Date: Fri, 27 Jun 1997 19:43:27 -5 From: "Mary Bryant" Subject: Regulatory Improvement Act requires risk assessments A statement released 27 Jun 1997 by Senator Fred Thompson on the proposed bipartisan Levin-Thompson Regulatory Improvement Act is available on line in RiskWorld, along with a summary of the proposed legislation. The Act will require cost-benefit analyses and risk assessments of major rules, a process for reviewing existing rules, and executive oversight of the rule-making process. A press release from the offices of the bill's sponsors, Senator Thompson, R-Tenn., and Senator Carl Levin, D-Mich, is also posted. Visit RiskWorld at http://www.riskworld.com and go to the News Stories department. ------------------------------ Date: Fri, 18 Jul 1997 14:10:53 -0400 (EDT) From: "Daniel P. B. Smith" Subject: Unique definition of "proof of correctness" *Computer Design*, July 1997, p. 38, describes the IDT-C6, a Pentium-compatible microprocessor designed by Centaur Technology. "IDT claims to have tested the C6 with most modern PC operating systems, including WIndows 95, Windows 3.1, NetWare, and Solaris for Intel. _The complexity and pervasiveness of the Windows operating system generally are considered to make up an exacting proof of correctness..._" [emphasis supplied] Give up, folks... the marketers have won. Once they redefine a term, the engineers _never_ win it back... Daniel P. B. Smith dpbsmith@world.std.com ------------------------------ Date: Wed, 16 Jul 1997 16:55:07 -0700 From: joelga@amber.rossinc.com Subject: Vigilante fallout from the Megan's Law CD-ROM Re: California's Megan's Law CD ROM: Not only is the CD full of incorrect information, but even trying to validate it is a risk. The following is from an AP story in the 12 Jul 1997 *San Diego Union* entitled "Vigilantes suspected in firebombing" with a related story "Covina victim has record of sex crimes": COVINA -- Investigators suspect vigilantes of firebombing the van of a neighbor after it was revealed that he had a record of sex crimes. Willie Lee McAlister's van was burned the morning of July 5, a few days after deputies came to his door and a neighbor verified his identity in a CD-ROM database put out by the state. "It doesn't take a rocket scientist to put two and two together," sheriff's Sgt. Lynn Judes said. However, the Sheriff's Department said in a press release later that investigators had found no evidence that McAlister was targeted because of his past. [...] Sheriff's Sgt. Larry Crookshanks said that once a neighbor learned of McAlister's record "it spread like wildfire." No eyewitnesses have come forward, but vigilantes seemed the logical attackers, he said. "It stands out and hits you between the eyes," Crookshanks said. Sylvia Earles, who lives across the street from McAlister, said she saw deputies at his door July 1, confronted him and learned why they had come: The deputies were checking to make sure that his address was correct before releasing the database. jg ------------------------------ Date: 17 Jul 1997 02:26:38 -0000 From: johnl@iecc.com (John R. Levine) Subject: Re: Website on Spreadsheet Research (Panko, RISKS-19.24) > Every study that has tried to measure spreadsheet error rates has > found them and has found them at levels that are deeply disturbing. Over ten years ago, I was one of the authors of Javelin, a PC time series modelling package. Our main competitor was 1-2-3. Javelin offered a lot more tools than spreadsheets did to build correct models. Variables had names, not just cell locations, and could be time series with definite start, stop, and interval (day, week, month, year, etc.) There was a single internal model regardless of which of several views (formulas, worksheet, graph, etc.) you looked at. Time series were handled automatically, and if you wanted one variable to feed into another with a time shift, you had to say so explicitly. We also had auditing features so for any variable you could see what its inputs or outputs were, displayed in a tree, and walk up and down the trees looking at the values. We figured that this model reliability would be a strong selling point, but in focus groups we consistently found that people didn't want to hear about it. They had their 1-2-3 models, they were using the results, and they weren't inclined to do much debugging. One of the more telling responses we got was "it's up to my manager to verify my spreadsheets." In our limited experiments we found that as a rough approximation, any spreadsheet large enough to be interesting had serious mistakes. I see that a decade later that hasn't changed. John R. Levine, IECC, POB 640 Trumansburg NY 14886 +1 607 387 6869 johnl@iecc.com, Village Trustee and Sewer Commissioner, http://iecc.com/johnl ------------------------------ Date: Fri, 18 Jul 1997 10:09:33 -0400 From: "Gregory F. March" Subject: DEC Alpha Bug, final resolution (Re: RISKS-19.24) So, as it turns out, DEC finally made it to our site and replaced the motherboard. Everything worked fine after that. Unfortunately, I was on vacation at the time and missed the service call (and the opportunity to compare boards / chip batch numbers). I'm kind of bummed about that, but alas, that's life. DEC claimed it was a bad chip on *that* board only. Three questions remain: 1) Was the chip bad, but that aspect of the chip is not tested? 2) Was the chip bad and the failure was missed during testing? 2) Did the chip fail after shipping? BTW, not being a real DEC guru, I'm not up on my model numbers. From what I gather this was a "3000 model 900" if that means anything to anyone. It was running "V3.2 148 OSF1" unix. RISKS: How are we to monitor this type of failure in the future? This type of failure in the wrong place at the wrong time can cause serious damage, both financial and more importantly physical. Scary. Should there be a standard (no that will never work :-) set of tests that all chips must go through during start up? Anyway, happy RISKS hunting to all... * Gregory F. March * http://www.gfm.net * march@gfm.net * ------------------------------ Date: 19 Jun 97 22:29:18 +0100 From: Jonathan de Boyne Pollard Subject: Security risks from active usenet articles (RISKS-19.18) atkins@amulek.enet.dec.com writes: > If I don't run a web browser then I'm immune to all the > (java/javascript/activeX) security holes, right? > Well, no. > I was just reading usenet using the Netscape Navigator newsreader, [...] Except, of course, that Netscape Navigator _is_ a web browser. Running Netscape Navigator to read news means that one is "running a web browser" as well. On my machine at least, there is one executable, NETSCAPE.EXE, and one running process in the process list irrespective of the number or type (browser or newsreader) of windows open. Perhaps the risk here should be the risk of assuming that the _apparently_ different and completely separate parts of "integrated" applications (such as a combination web browser and NNTP news reader) actually _are_ different and completely separate, or of not knowing what one actually _is_ running when one uses a program. > JdeBP < Please remove the '$' in the from line before reply via e-mail. Anti-UCE filter in operation. ------------------------------ Date: Thu, 17 Jul 97 9:30:49 PDT From: "Peter G. Neumann" Subject: Re: Faulty lavatory smoke detector lawsuit (RISKS-19.24) Despite its lack of computer relevance, I included the lavatory item in the previous issue because it reminds us once again of (1) the risks of depending on technological solutions, and (2) the fallibility of people. As it turns out, it was a different passenger who was smoking in the adjacent lavatory. The crew apparently eventually recognized they had made a mistake, but still threatened the innocent passenger with arrest if he complained or kept asking for their names. [Perhaps tobacco companies are now developing cigarettes that won't trigger the alarms?] ------------------------------ Date: Wed, 16 Jul 1997 21:31:52 -0600 From: curtis_e._a._karnow@sonnenschein.com Subject: "DA Computer Chief Almost loses Job:" follow-up (Haynes, RISKS-19.24) I was the lawyer that, on behalf of client Ralph Minow, reviewed a print out that supposedly pointed to my client as the perpetrator of a computer sabotage. I then prepared an analysis that finally convinced the authorities to drop the case. The dump of the daily log of the UNIX based suggested that someone had made a very minor modification to a backup file, rerouting the backup back to a on-line drive, with very nasty results. Someone with supervisor privileges, of course... and my client had such privileges. The investigators knew a little, but not enough, about the system and assumed that my client must have been the culprit, not realizing that someone else could have logged on as a supervisor and pretended to be my client. The lesson, we all know on RISKS: when humans have final control over the computer output, then the computer output is no more trustworthy than the human input. Time stamps, user logins, all that and more, can be changed with someone with enough control over the system. An old lesson: GIGO. Curtis Karnow, Sonnenschien Nath & Rosenthal ------------------------------ Date: Thu, 17 Jul 1997 16:43:26 -0400 From: "Simson L. Garfinkel" Subject: Anti-spam redux More time had elapsed between when I did my anti-spam DNS work and when the article appeared in RISKS. During that time, Vineyard.NET decided to abandon our DNS-blocking SMPT server. The reason was that two key Internet sites---AT&T's WorldNet and Dow Jones ---quiet simply refused to set up valid reverse DNS for the mail servers. We have since explored other blocking technology. We are continuing to block mail that does not have a valid From: addresses. We now also allow our users to have their own individual list of domains to block. We are doing this with a modified SMAP, part of the Trusted Information Systems Firewall Toolkit. You can download the modified SMAP from ftp://vineyard.net/simson/smap.c. You can download the rest of the Firewall Toolkit from ftp://ftp.tis.com/. If you are running sendmail, I strongly suggest that you run the Firewall Toolkit's SMAP wrapper. You can find instructions on how to install it in my book Practical UNIX and Internet Security, published by O'Reilly & Associates. I am also told that there is a very nice list of domains to block maintained by J.D. Falk, kept at: ftp://ftp.cybernothing.org/pub/abuse/ There is now also a mailing list of anti-spamming tools. You can find info about it at http://www.abuse.net/spamtools.html ------------------------------ Date: Fri, 18 Jul 97 16:22:10 PDT From: "Peter G. Neumann" Subject: comp.risks was spammed last night Readers of the Risks Forum via comp.risks were spammed last night by a very poorly advised forgery of approval. WARNING: the CompuServe FROM: address could have been the result of an intruder or masquerader -- or simply bogus (I have not heard anything from the ISP yet, and various complaints have been launched); the 1-800 number given could be an attempt to scam responders out of their credit cards or other information; so, USENET readers, BEWARE, and PLEASE IGNORE THE MESSAGE altogether. I am looking into methods of ratcheting up some serious authentication; PGPMoose has been suggested, for example. PGN] ------------------------------ Date: Sun, 13 Jul 1997 14:08:08 -0400 From: Greg Corteville Subject: The truth about Usenet's Psychic Spammers! By now I'm sure we've all seen some of the garbage from the notorious "psychic spammers" on just about every Usenet group. I decided to do a little investigating. I wrote down a few of the 800 numbers listed in the ads and went to a campus telephone that cannot be billed. It has no long distance service. After dialing the number, callers are treated to a very brief and very fake "recorded reading". You are then urged to call a different number for your "personal" reading. The number they want you to call has an 809 area code! For those of you unaware of the 809 area code problem, I'll explain. To make an international phone call, you usually need to dial 011 first. This makes it quite obvious that it is an international phone call and will likely be expensive. However, several foreign countries have been assigned "North American" area codes recently. Among them, area code 809 for the Caribbean. Since these people are not bound by US law, they do not need to disclose the full cost of making the phone call. Callers are usually charged exorbitant amounts of money, similar to a 900 number. Some people have been charged as much as $25 per minute! These people are scam artists and are using the Internet as their latest method of attack. For more information on the area code 809 problem, take a look at these websites: http://www.fraud.org/809alert.htm http://www.oag.state.tx.us/WEBSITE/NEWS/LEGALMAT/9701cpd.htm http://www.ece.orst.edu/~alper/Info/scam.html ------------------------------ Date: Thu, 17 Jul 1997 07:51:16 -0700 (PDT) From: "Rob Slade, doting grandpa of Ryan & Trevor" Subject: "25 Steps to Safe Computing" by Sellers BK25STSC.RVW 970126 "25 Steps to Safe Computing", Don Sellers, 1995, 0-201-88366-X, U$5.95/C$7.95 %A Don Sellers %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8 %D 1995 %G 0-201-88366-X %I Addison-Wesley Publishing Co. %O U$5.95/C$7.95 800-822-6339 617-944-3700 Fax: 617-944-7273 bkexpress@aw.com %P 72 %T "25 Steps to Safe Computing" This brief, cheap booklet should probably be available in every office. As Sellers notes, it should not take the place of professional advice. It can, and does, provide quick alerts and suggestions regarding the common maladies associated with computer use and other office pressures. Much of the book is common sense, and unsurprising. Little of the information is very detailed. However, it does give tips and bits of advice on signs to watch for. In addition, there is valuable resource information included for all twenty five chapters. copyright Robert M. Slade, 1997 BK25STSC.RVW 970126 ====================== roberts@decus.ca rslade@vcn.bc.ca slade@freenet.victoria.bc.ca http://www.freenet.victoria.bc.ca/techrev/rms.html ------------------------------ Date: 1 Apr 1997 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Or use Bitnet LISTSERV. Alternatively, (via majordomo) DIRECT REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] => The INFO file (submissions, default disclaimers, archive sites, .mil/.uk subscribers, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 18" for volume 18] or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS ------------------------------ End of RISKS-FORUM Digest 19.25 ************************