precedence: bulk Subject: RISKS DIGEST 19.72 RISKS-LIST: Risks-Forum Digest Thursday 7 May 1998 Volume 19 : Issue 72 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at http://catless.ncl.ac.uk/Risks/19.72.html Contents: Risks of Internet kiosks (Nick Brown) Glitch delays 85,000 transactions (Mich Kabay) Lightning strike threatens public safety (Paul Gittins) Y2K bug in IE4? (Andre Srinivasan) Single point of failure makes town disappear for a day (Matt Curtin) AT&T Announces Cause of Frame Relay Network Outage (Steve Bellovin) Re: Inaccurate study quoting (Carl Ellison) Crypto paranoia has its advantages (Nat Gertler) Forgery when buying Pentium 2 computers -- failure is often only sign (Kriston J. Rehberg) Risks of state interference (Name withheld by request) Re: "Beyond Calculation" - seeing the forest for the trees (John R. Levine) REVIEW: "Privacy on the Line", Whitfield Diffie/Susan Landau (Rob Slade) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 23 Apr 1998 09:45:22 +0200 From: BROWN Nick Subject: Risks of Internet kiosks Last week I had my first look at a public access Internet kiosk, in a motorway restaurant in Germany. The results were not encouraging - the Internet is a long way from being a consumer product. At first sight the setup looked rather neat. You insert 1 DM (about 50c US) in an old-fashioned parking meter, which then appears to activate some device while allows the keyboard and mouse to talk to the PC for ten minutes. However, that was about the only impressive feature of the setup. The PC was running Windows 95, and Microsoft Internet Explorer v3. And the designers of the system obviously had no experience of designing anything for the general public to use. I watched in amusement as a boy of about 15 decided to show his grandparents how cool the Internet was. The instant he deposited his coin and touched the mouse, the screen saver cleared to reveal that the previous user of the system had decided to visit what I believe is termed an 'adult' site. The user quickly closed Internet Explorer, only to find another picture from that site had been set as the Windows desktop wallpaper. On restarting Internet Explorer, he found that the home page had been set to yet another page which he probably wasn't looking forward to explaining to his elderly relatives. When the family left in embarrassment, I set the home page to something more suitable, and put a picture of one of my children as the wallpaper. To do this I had to log on (the boy had rebooted the PC in an attempt to clear the pictures from the screen), which in itself would not be trivial for many members of the public unfamiliar with computers - I had to type a username and password, both of which contained the letter O and the number 0. (I don't think I need to mention that during the reboot process, I could have entered the machine's BIOS setup and made it unbootable - which might have been interesting if I had been working for the other local Internet company.) At our site we are often required to set up this kind of Internet kiosk for exhibitions. We use the following setup to prevent this kind of problem (many of which can happen inadvertently - for example, setting the wallpaper can be done with a click on the right mouse button and a slight drag): - use Windows NT - use automatic logon to a restricted account - put Internet Explorer (or Netscape) in the startup group, and remove everything else from the desktop - disable the right mouse button in the Start menu - protect the Internet settings (home page, etc), and the desktop parameters (wallpaper file, etc) in the registry with REGEDT32 security - log the user off after 5 minutes idleness using the LOGOFF screen saver. The auto-logon will then restart Internet Explorer at its home page. This is useful because we have observed that many people walk away from the PC without returning from an obscure site back to the home page, and other people are reluctant to start using it if they think someone has just walked away for a moment. The only alternative to this is to supervise the PC, but at 6 DM = $3 per hour, the people building the kiosks won't make a lot of money that way. Nick Brown, Strasbourg, France ------------------------------ Date: Sun, 3 May 1998 21:19:21 -0400 From: "Mich Kabay [ICSA]" Subject: Glitch delays 85,000 transactions According to Canada's _Globe and Mail_ 1998.05.02 p. A9, > Can't bank on chips, CIBC finds > By Suzanne Craig, Financial services reporter > > Toronto--A computer glitch that has wreaked havoc with Canadian Imperial > Bank of Commerce's computer system this week will be fixed by Monday, the > bank says. Any deposits, withdrawals or bill payments made through CIBC > bank machines or bill payments made by telephone and personal computer > between Tuesday afternoon and Thursday morning have been captured by the > bank but not recorded in customer accounts, the bank said. The author makes the following key points: * Details of the problem not made public. * Not related to Y2K fixes. * Transactions logged but not processed. * The name of the CIBC's president of personal and commercial banking is Holger Kluge. Programmers will wonder if Mr Kluge's name reflects on the nature of the software problem. [but only if they pronounce it as Hold(g)yr Kloodge instead of Kloo-ge with a hard g, auf deutsch. PGN] M.E. Kabay, PhD, CISSP (Kirkland, QC), Director of Education, International Computer Security Association (Carlisle, PA) ------------------------------ Date: Sat, 2 May 1998 12:21:36 +0100 (BST) From: Paul Gittins Subject: Lightning strike threatens public safety A lightning strike which partly damaged a public house (bar) in the North of England was extensively reported in national papers and the television this week. The lightning, suspected to be 'ball' or 'spherical lightning' destroyed one wall of the house. When the fire brigade were called they found themselves unable to attend the call as the strike had also affected the automatic level crossing, causing it (I presume) to fall into fail safe mode - closing the gates to the road to allow trains through. This being the only road into the village accessible by a fire engine, there was a significant delay to the emergency service arriving. Fortunately no one was hurt, but this incident shows how extensively a single storm can have cause / effect across a wider plateau. Paul Gittins, Undergraduate, University of York, UK ------------------------------ Date: Sat, 02 May 1998 14:02:47 -0700 From: Andre Srinivasan Subject: Y2K bug in IE4? I happen to have issued myself a certificate that expires in 2008 and, when used with my server via an HTTPS connection, IE warns that the certificate expired in '08. Anyone care to verify this? ------------------------------ Date: 06 May 1998 16:36:24 -0400 From: cmcurtin Subject: Single point of failure makes town disappear for a day With so many "textbook cases" of single points of failure, you'd think that we'd stop building systems to demonstrate the concept. But, as RISKS readers know, that's not the case. About 11:30 a.m. on April 29, 1998, a friend of mine who works in the city of Newark, Ohio, called me from his cell phone to ask if I could reach any of his Internet-connected hosts. Newark is very near Columbus. The area around it probably has a "daytime" population of about 75,000. I confirmed that his entire network was unreachable, and even his ISP's connection between Columbus and Newark was down. He then told me that since 10:30 a.m., no one in Newark had any telephone service whatsoever. No one could take credit cards. Some stores' POS terminals would not work. No ATMs were working. Even the digital cellular network in Newark became unusable--probably due to overload, as a result of picking up some of the slack. There was some restoration of local phone service around 2 p.m., but no long distance service, even "close" long distance, such as to Columbus. At 6:45 p.m., service was finally restored. The problem? One communications tower had been taken out of service due to some sort of accident. Matt Curtin cmcurtin@interhack.net http://www.interhack.net/people/cmcurtin/ ------------------------------ Date: Sat, 2 May 1998 19:15:39 -0400 (EDT) From: Steve Bellovin Subject: AT&T ANNOUNCES CAUSE OF FRAME RELAY NETWORK OUTAGE s233$ catdoc /home/smb/MHN/632.2.msword Jim Byrnes Ruthlyn Newell 908-221-7876 (office) 908-221-2737 (office) 908-689-6040 (home) 908-647-6260 (home) jbyrnes@att.com ruthlyn@att.com FOR RELEASE WEDNESDAY, APRIL 22, 1998 BASKING RIDGE, N.J. - AT&T said today a unique sequence of events triggered software flaws that caused last week's outage on its frame relay network. The flaws were activated by an operating procedure that proved inadequate to the specific configuration of one of the switches in the company's frame relay network. AT&T said the problem began when a computer command was issued to upgrade software code in one of the network switch's circuit cards. This created a faulty communications path that generated a large volume of administrative messages to other network switches. As a result, the other switches quickly became overloaded and stopped routing data from customers' applications for periods ranging from six to 26 hours before the network was fully restored. Following an exhaustive examination of the outage, AT&T said it has changed its software upgrade procedures and will install updated software with safeguards that would have prevented the outage. ``This disruption certainly did not meet our customers' expectations for service reliability, or our own, and for that AT&T apologizes,'' said Chairman C. Michael Armstrong. ``The applications that customers run on our frame-relay network are AT&T said last week it would forgo charging frame-relay customers until the company had isolated and confirmed the root cause of the problem and defined a fix. Armstrong said he expects that process to be completed shortly. Praising Cisco for its cooperation in identifying the root cause of the problem and designing a fix, Armstrong said: ``We continue to have confidence in Cisco and its products.'' AT&T will share its analysis of the network outage with the FCC, the industry-wide Network Reliability Council, and other network providers. ``By sharing this information and best practices,'' Armstrong said, ``we will help customers avoid similar network outages no matter which carrier provides their frame-relay service.'' Frame relay is a high-speed, packet-data technology used by thousands of businesses that need to exchange large amounts of computer information in short and frequent bursts. ------------------------------ Date: Mon, 04 May 1998 12:41:39 -0400 From: Carl Ellison Subject: Re: Inaccurate study quoting (Perillo, RISKS-19.65) In RISKS-19.65, Robert Perillo made the mistake of taking seriously the exaggerated, punchy writing style of my posting (19.62), adopted in imitation of the testimony to which I was replying. However, in the process he supplied much information to substantiate my position so I should not complain. There was one glaring misleading conclusion, borrowed from the Denning-Baugh report and repeated twice in his posting. >The report does make clear that encryption could pose problems for law >enforcement in the future. "Our findings suggest that the total number of >criminal cases involving encryption worldwide is at least 500, with an >annual growth rate of 50 to 100 percent." And "Quite a few people are >technically sophisticated." The annual growth rate of 50 to 100 percent is stated as if this were a product of rapid adoption by criminals of technology helpful to their enterprise. If that were true, then we could start with a documented case of organized crime using cryptography too strong for the government to break and extrapolate from there. The case I have in mind is that of rum runners in April of 1927 using codes and ciphers that were custom designed for them and that were reported in 1933 to have been stronger than those in use by governments at that time. With the slower growth rate, we would expect a minimum of 1.5^(1998-1927) = 1.5^(71) = 3180382777245 criminal organizations using crypto too strong for governments to break by April of 1998. That is, strong cryptography, carefully used so that it hinders investigations, should have reached total saturation by the time of the study. By contrast, as Mr. Perillo points out... >Instead, the study's main conclusion was that it was unable to find any >current incident where the use of cryptography significantly hindered an >investigation or prosecution. "Most of the investigators we talked to did >not find that encryption was obstructing a large number of investigations. >When encryption has been encountered, investigators have usually been able >to get the keys from the subject, crack the codes, or use other evidence," >states the report. Why is that? Give that this observation is true, is there any impending threat to law enforcement on a scale that demands drastic measures (such as removing a citizen's right to attempt to achieve privacy from his own government)? What is being done to follow up on this study and learn underlying reasons for this observation? As for the 50-100% annual growth rate, do we have any idea how much this was a side effect of the growth of use of personal computers during the time of the Denning-Baugh study? It clearly was not a result of rapid adoption of strong cryptography by criminals as soon as they saw the benefits of it. Carl M. Ellison, CyberCash, Inc., 207 Grindall Street Baltimore MD 21230-4103 cme@cybercash.com http://www.cybercash.com/ (410) 727-4288 ------------------------------ Date: Fri, 01 May 1998 20:55:05 -0700 From: Nat Gertler Subject: Crypto paranoia has its advantages I recently found myself in an unusual position... I was actually aided by the fact that the government has placed strict controls on the export of cryptography programs. For a book that I recently completed writing (_Easy PCs_), I needed to install Internet Explorer 4 (not something I'm happy about; applications that take over OSes do not strike me as a good idea.) This would let my system look much like Windows 98, or at least OSR2 (which I am unable to buy for my system, as the OEMs around here are requiring complete system purchases to get it.) So what do I do? Download it, of course! Except you don't just go download ie4. You download a program designed specially to download it. That way, you have a downloading system that can restart a download in the middle, should it get cut off for some reason. That's reasonable, when one is talking about tens of megs of files. It's a sane way to handle things. At least, it would be a sane way, if the downloading program actually worked. It does not. For some reason, in the midst of downloading a file, it will suddenly go from having downloaded, say, 908K of the file to having downloaded some small fraction of that. Constantly restarting the download, it would never reach the end. I lost several hours of precious time trying to get this program to do what it was designed to do. I threw in the towel. I went out to try to buy a copy of just ie4 at local stores. No luck. For whatever reason, they didn't have the Special Edition CD. I did try picking up an on-line service package that had ie bundled with it, but that turned out to be revision 3. So I'm stuck. The book, already in trouble, is getting later and later. I could order a CD from Microsoft, but that would take days to get here. I probe the Microsoft web site a little more, and what do I find? A special link for downloading the 128-bit crypto version of ie4. I chase down the link, and find that instead of needing a special download program, this is just one 13 meg file one can directly get! Why? Because if they went through the standard program, there would be no way to prevent foreign agents from downloading the 128-bit version and using it to commit acts of banking! It's a bad law, to be sure. But it's done me some good. (Of course, once I started running the browser, the dang thing crashed. And I don't mean one of those cute little Internet Explorer Is Not Responding crashes, I mean one of those Windows Has Become Unstable crashes. Has become?) Nat Gertler ------------------------------ Date: Sun, 03 May 1998 23:10:38 -0400 From: "Kriston J. Rehberg" Subject: Forgery when buying Pentium 2 computers -- failure is often only sign Hi, here's a message I sent to my friends after I bought a forged Pentium 2 machine. If you're thinking of buying or have bought a Pentium 2 computer recently, I hope this message will save you some grief with forged clock speeds and unreputable dealers. Perhaps those store-brand computers should not be as fast as their labels state. I recently purchased two Pentium 2 MMX-based computers from a very large, local computer department store (in VA). One of them was sold as a P2 300 MHz with ECC Cache, the other a P2 266 MHz with identical features. In reality, after close inspection of the chip and the output of a diagnostics program on the 300 MHz model, I found that computer to contain forged components. I found evidence that the original serial number had been rubbed off the CPU module. Around the "new" serial number was evidence of tampering and the faint outline of what looked like the old serial number. The typeface didn't even match the old serial number and the new number was easy to wipe off. The final proof was the indisputable fact that this Pentium chip did not feature an "ECC Cache". According to Intel's documentation, *all* 300 MHz Pentium 2 chips must have this feature. The faked serial number had "EC" which indicates that the chip must have this feature. However, diagnostics proved that the ECC Cache feature was definitely not present on this chip. Therefore, the processor speed and serial number turned out to be forged and what I had purchased instead was most likely an overclocked P266 or P233 processor in a motherboard jumpered to run it at 300 MHz. Intel explains that as an artifact of their manufacturing process, there is nothing inside any Intel processor that can be used to identify its proper clock speed. The only evidence would be unexplained, intermittent failures, or accidental discoveries such as mine. So much for quality control from the world's largest CPU manufacturer. When I went back to the large computer department store to return the two computers, they did eventually return my money with no restocking charge. The service department claimed to never have heard of this problem, but offered to replace the CPU on a repair call. They could give me no assurance that I could get a non-forged CPU. I offered that they replace it with a retail-packaged Pentium from the do-it-yourself department, but he declined. So, he lost a big sale of two top-of-the-line computers and the business of a frequent, regular customer. However, I went to the sales floor to discuss this with the salesman who sold me the two computers and he readily admitted that P333's and P300's are nothing more than overclocked P266's or P233's and didn't see a problem with the relabeled processor module. He then tried to sell me a 333 MHz system! I'm not making this up! I will leave you to draw your own conclusions. So, be careful out there. There was some news about forged Pentium 2 processors and how to identify them at http://www.news.com/ this past week. Nitty-gritty details: There is no way to identify a forged 266 or 233 MHz processor. The fact that you can identify most 300 MHz P2's is an accident because Intel decided to make all 300 MHz chips and higher contain the ECC feature. The price difference between non-ECC 266 MHz P2's and ECC 300 MHz CPU's is about $160, which is a lucrative temptation (by comparison, ECC 266 MHz P2's are only $100 away from ECC 300 MHz P2's, making it hardly worth the labor cost for the forgeries). Note that there is also no way to identify a forged 330 MHz or 350 MHz P2 processor. It makes me wonder who the processor manufacturer cares more about protecting -- the customers, the resellers, or the manufacturers themselves. In any case, the safest way to purchase Pentium 2 CPU's is directly from Intel in the "retail" package. These CPU's are typically $20-$30 more and are sealed in the box and come with a three-year warranty direct from Intel. That warranty is much longer than the forged chips will actually last, so Intel is actually giving you a good deal. Non-retail, or "OEM" chips are sold in bulk through resellers and are only warranted with the system, but the rub is that the processor is likely to burn out from heat damage shortly after the warranty has expired on the system. Caveat emptor, Kris Rehberg PS...These forgeries are very rarely done with the knowledge of the store. It's usually one of the resellers of the CPU's that do it. Some even pry open the module and replace a fast CPU board with a much slower CPU, believe it or not. Kriston J. Rehberg http://kriston.net/ ------------------------------ Date: Wed, 6 May 1998 18:49:20 +0200 From: Name withheld by request Subject: Risks of state interference Here is an unofficial English translation of a decree from the President of the former Soviet republic of Ukraine. It would appear that freedom of information is not yet fully understood in that nation - the intention is presumably to monitor all Internet traffic entering and leaving the country. The futility of doing this will be familiar to most RISKS readers, of course, but apparently not to at the Ukraine government. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - EDICT OF THE PRESIDENT OF UKRAINE ON SOME MEASURES CONCERNING PROTECTION OF STATE INTERESTS IN THE INFORMATION SPHERE For further ordering the operation of information networks and forming conditions that will provide information security of the state and control over the development of information networks and data transmitting networks in Ukraine, according to Section 1 of Article 106 of the Constitution of Ukraine, I rule the following: 1. The State Committee of communications of Ukraine shall procure the exit to foreign networks only from the networks of the enterprises (operators) 'Ukrtelekom', 'Ukrkosmos', Infokom'. 2. Ministries, other central and local agencies of the executive power, as well as enterprises, offices and organizations that include secret regime subunits shall transmit their date only through the enterprises (operators) listed in Article 1 of the present Edict. The bodies of the local self-administration are recommended to transmit their data according to the procedure used by the executive power agencies. 3. The Cabinet of Ministers of Ukraine shall suggest for adoption to the Supreme Rada the draft of the law 'On controlling security in data transmitting networks of Ukraine' President of Ukraine L. Kuchma 22 April 1998 ------------------------------ Date: 5 May 1998 04:01:03 -0000 From: johnl@iecc.com (John R. Levine) Subject: Re: "Beyond Calculation" - seeing the forest for the trees > "Every few hundred years, throughout Western history, a sharp > transformation has occurred. ... "Our age is such a period of transition." > From memory, Drucker suggested that the current transition can be dated > from around 1950 ... Oh, humph. You want a sharp transformation, look at the period from 1840 to 1860. In 1840, if you wanted to send a message or a package to someone else, you gave it to a guy on a horse or in a sailboat who would proceed at a walking pace in the direction of the recipient. Getting news or goods between New York and San Francisco or London took weeks and was subject to large unpredictable delays. By 1860, there were telegraphs, railroads, and steamships, so messages could go anywhere in the developed world in a few minutes, and goods were delivered on predictable schedules. These were at least as wrenching changes as anything in this century, and we're still getting used to them. John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 johnl@iecc.com, Village Trustee and Sewer Commissioner, http://iecc.com/johnl, ------------------------------ Date: Tue, 5 May 1998 08:35:39 -0800 From: Rob Slade Subject: REVIEW: "Privacy on the Line", Whitfield Diffie/Susan Landau BKPRIVLN.RVW 980301 "Privacy on the Line", Whitfield Diffie/Susan Landau, 1998, 0-262-04167-7, U$25.00 %A Whitfield Diffie %A Susan Landau %C 55 Hayward Street, Cambridge, MA 02142-1399 %D 1998 %G 0-262-04167-7 %I MIT Press %O U$25.00 +1-800-356-0343 fax: +1-617-625-6660 manak@mit.edu %P 342 p. %T "Privacy on the Line: The Politics of Wiretapping and Encryption" This seems to be the year for privacy. Hard on the heels of "Technology and Privacy" (cf. BKTCHPRV.RVW), "The Electronic Privacy Papers" (cf. BKELPRPA.RVW), and the related "Borders in Cyberspace" (cf. BKBRDCYB.RVW) comes this volume. Given the emotional content with which the encryption debate has been loaded in recent years, it is important that the introduction, in chapter one, is a neutral and even-handed look at the background of the discussion, presenting the issues on both sides, although little of the case for either. Specific references may be from the United States, but the arguments made are generic enough to be considered by all audiences. Chapter two gives an overview of cryptography, which is, of course, excellent. Not only does it explain the importance of keys and cryptographic strength, but it also gives insightful analysis into business and social factors in the development of the field. Cryptography and public policy, in chapter three, is restricted to developments within (and related to) the US, but looks at all types of issues, both technical and not. Chapter four discusses national security with a quick but clear and thorough overview of the various aspects of intelligence gathering, particularly communications intelligence. There is also brief mention of information warfare. Much of the heat in the current debate about encryption restrictions involves law enforcement. (References are frequently made to drug and child pornography rings.) Therefore, the brevity of chapter five is disappointing. The content, however, is not. It builds a solid framework for the topic, and notes an instructive difference in effectiveness between wiretaps and other electronic bugs. Chapter six is again specific to US history, reviewing activities both in support, and destructive, of privacy. Chapter seven deals specifically with wiretapping technology, activities, and legality in the US. Much of the material in the chapter has been at least touched on previously, and there is noticeable duplication. There is less duplication in chapter eight's discussion of the current communications scene, although little new material. The same is not the case with current cryptography in chapter nine, providing brief backgrounds of the myriad efforts being made to disseminate and suppress encryption capabilities. The conclusion, in chapter ten, seems to come down on the side of opening encryption development and distribution. An extensive, possibly exhaustive, bibliography is a major resource in the book. The thorough research, even tone, and informed analysis make this work an excellent foundation for discussion. It does not, however, provide much in the way of direction. That the authors should tend to support the dropping of restrictions on cryptography is not surprising, but such support is neither strong nor impassioned. copyright Robert M. Slade, 1998 BKPRIVLN.RVW 980301 ------------------------------ Date: 31 Mar 1998 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, SEND DIRECT E-MAIL REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 18" for volume 18] or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS ------------------------------ End of RISKS-FORUM Digest 19.72 ************************