[risks] Risks Digest 21.63

From: RISKS List Owner (riskoat_private)
Date: Sat Sep 01 2001 - 11:49:41 PDT

  • Next message: RISKS List Owner: "[risks] Risks Digest 21.64"

    RISKS-LIST: Risks-Forum Digest  Saturday 1 September 2001  Volume 21 : Issue 63
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/21.63.html>
    and by anonymous ftp at ftp.sri.com, cd risks .
    
      Contents:
    The Heavens at War: NMD assessed (Pete Mellor)
    SDI chief says system may not be reliable (PGN)
    Federal tax returns missing in Pennsylvania (PGN)
    Hotmail hackable with one line of code (NewsScan)
    Even dead people use Microsoft software (Jeremy Epstein)
    More interesting MS certificates (Stuart Prescott)
    Directory service based on car license plate (Ulf Lindqvist)
    Re: Air Force office mails confidential information ... (Jay D. Dyson)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Wed, 29 Aug 2001 11:44:20 +0100 (BST)
    From: Pete Mellor <pmat_private>
    Subject: The Heavens at War: NMD assessed 
    
    The Heavens at War: BBC Radio 4, 28th August 2001 
    Reporter and presenter: Jackie Hardgrave.  
    
    Preface 
    
    The following summary is based upon notes made while listening to the first
    broadcast of the programme, together with reference to the web-site (which
    does not include a full transcript).  It is as fair a summary of the content
    of the programme as I could manage.  However, shorthand is not one of my
    many talents, and I cannot claim total accuracy.  I stand to be corrected if
    I have misquoted or wrongly attributed a quotation.  I have indicated
    uncertain spellings of people's names by (sp?).
    
    I have placed my own comments in brackets: [PM: my comments] and added some
    more at the end.
    
    Please see the web site:
    http://www.bbc.co.uk/radio4/atoz/heavens_at_war.shtml, 
    or listen to the repeat broadcast on Sunday 2nd September at 5pm (British
    Summer Time).  
    
    
    Introduction 
    
    The programme concerned the National Missile Defense system (NMD).  [PM: It
    used that name throughout, although the "National" has now been dropped and
    it is known as "Missile Defense System" (MDS), I believe.]  This is also
    known as "Son of Star Wars" after the nickname for the President Reagan's
    earlier Strategic Defense Initiative (SDI).
    
    Main question: Will the technology work or is it doomed to expensive
    failure?
    
    The threat to the US is now perceived to be from "rogue states" and no
    longer an all-out nuclear strike from Russia.  North Korea, Iran and Iraq
    were specifically mentioned.  Also, although China and Russia have
    sophisticated systems, an accidental launch is a possible threat.
    
    In 1972 only 9 nation states had the capability to launch an
    intercontinental ballistic missile.  This number has vastly increased.
    Around 1000 ICBMs were produced last year.  Their range is continually
    increasing (e.g., N. Korea has tested a missile with an intercontinental
    (IC) third stage).  There is also the possibility that the possession of
    intercontinental missiles may be used in diplomatic blackmail to deter the
    USA from some course of action.
    
    Michael O'Hanlon, a Senior Fellow in Foreign Policy Studies at The Brookings
    Institution (a private institution that studies public policy), gave the
    example of Iraq launching a new but limited attack on the Kuwaiti oilfields
    in 10 to 20 years time.  If Iraq was by then capable of launching missiles
    at the USA, and a new "Desert Storm" was on the way, Saddam Hussein (or
    Uday, who might have taken over by then) would see no reason not to "play
    for keeps" and threaten to launch an ICBM attack, or actually attack a small
    city as a demonstration of what they could do.
    
    President Reagan began the original "Star Wars" -- which failed due to
    financial [PM: and technical?] reasons.  Why is "Son of Star Wars" under
    way now?  1998 was a pivotal year.  India and Pakistan both tested nuclear
    warheads.  The Rumsfeld (sp?) commission reported that a nation could
    easily develop the capability to produce nuclear warheads and then
    surprise the West by suddenly testing them.  China was suspected of having
    obtained the nuclear secrets of the USA by espionage.  
    
    
    The Technical Dimension 
    
    There are three phases in which to destroy an ICBM launched against one's
    territory:-  
    
    1.  On first launch, before the missile has left the atmosphere.  This
    provides a very short window of opportunity, but the missile is relatively
    easily detectable by the plume of exhaust gases from the boosters or first
    stage launch vehicle.  
    
    2.  In mid-course, after the missile has left the atmosphere and is
    following a ballistic trajectory through space.  This offers the easiest
    opportunity, since it is the longest phase.  During this phase the missile
    might break up, and release its warheads and "decoys" (see below) to
    follow their separate paths.  
    
    3.  After reentry into the atmosphere when the missile is minutes away
    from its target.  By this stage, the missile will almost certainly have
    broken up (if it is going to do so), releasing its lethal payload along
    with its decoys.  
    
    Three interception test have been conducted so far.  [PM: I believe these
    were mid-course.]  Two failed, and the third (a few weeks ago) succeeded
    [PM: but this "success" has been questioned!].  
    
    NMD requires long-range interceptor missiles to destroy hostile ICBMs.  The
    interceptor releases a "kill vehicle" which homes in on, and collides with,
    the incoming ICBM.  No explosives are involved.  The concept has been
    described as a "smart rock" or a "bullet to hit a bullet".  [PM: the term
    "smart rock" cropped up in the earlier SDI also.]  A total of 250
    interceptor missiles with kill vehicles are to be deployed in Alaska and
    Florida (?).
    
    Incoming ICBMs will be detected by ground-based radar and by satellite-based
    infrared sensors.  Nine new radar systems will sort warheads from decoys.
    Satellite-based infrared sensors will assist interception in outer space.
    The problem here is that heavy objects (e.g., nuclear warheads) have the
    same trajectory as light objects.  The incoming ICBM could therefore deploy
    light weight decoys in large numbers without sacrificing range.  For
    example, decoys could be mylar balloons with aluminium coating.  Dozens of
    these could be released.
    
    In some cases, it may be necessary to launch several interceptors.  
    
    Philip E. Coyle, an advisor to the Center for Defense Information (an
    independent Military Research Organisation) and until recently the director
    of Operational Test and Evaluation at the Pentagon, with responsibility for
    overseeing NMD testing, gave the "hole in one" analogy.  Hitting an incoming
    ICBM is like trying to score hole in one (you only get one shot!) on a golf
    course where the hole is moving at 15000 mph.  With decoys, this is like
    having a lot of holes with flags to aim at and having to choose the right
    one at the same time!  The problem would be very different in a real
    situation (unlike the tests conducted so far).  Not all eventualities can be
    planned for.
    
    Lisbeth Gronlund, Senior Staff Scientist of the Union of Concerned
    Scientists, pointed out that any nation that was capable of missile
    production would find the production of balloon decoys a trivial problem.  
    
    The tests so far have used decoys, and in the successful test the kill
    vehicle did pick the correct target, but this was not a realistic test,
    since the "warhead" was different in appearance and temperature to the
    decoys [PM: presumably to a degree greater than that which the designers of
    a real attacking ICBM could achieve?].
    
    At least one of Coyle and Gronlund suggested that NMD will never be tested
    in realistic conditions before being deployed, since it would almost
    certainly fail!.
    
    O'Hanlon's views partly agreed with this.  NMD cannot be tested in a totally
    real situation.  However he believes that it is possible to get close to it,
    for example by not telling the "defenders" when the "hostile" missile that
    is their target is to be launched and what decoys it will deploy.  He stated
    that, although it would be a delusion to assume that 100% success could be
    guaranteed, a 95% confidence in a NMD system would be better than no defence
    at all.  [PM: See below!]
    
    The Ballistic Missile Defense Organization adopts a more bullish position: a
    solution to all of these problems will be found.  One telling quotation
    (unattributed) was: "The United States will do what the United States has to
    do!"  Anyway, the adversary will take time the prepare and test
    counter-measures, and this activity will betray itself to the intelligence
    agencies.
    
    However, there is a more serious problem if the ICBM carries a lethal
    chemical or biological payload.  Unlike a nuclear warhead, which is an
    integrated complex device, the lethal material is just "stuff".  The payload
    could divide up into twenty or more bomblets which would be released and
    would fan out over the target area.  These would all be identical in
    appearance, all real, and all lethal.
    
    Faced with this possibility, the defenders' best tactic is to strike
    immediately after launch, while there is only one target.  This requires an
    interceptor missile close to the point of launch.  In practice, this means
    on board a ship.  President Bush has approved the budget to develop this
    capability.  However, neither the ships nor the missiles they will carry
    have yet been developed, and they will not be ready for service for many
    years.
    
    Tom Colleenor (sp?) pointed out that a strike in the first stage after
    launch would allow only a minute or two to decide whether to launch the
    interceptor, which means that the decision must be taken by a field
    commander.  [PM: This has interesting political and strategic military
    implications!]
    
    For a more "Star Wars" approach the team visited Kirkland Air Force base in
    New Mexico to observe developments in a real "ray gun": the use of a laser
    beam strike against an ICBM.  Undergoing development is the Airborne Laser
    (ABL) on B747 aircraft.  This consists of four lasers, three to track the
    missile and one to kill it with a one million watt bolt of energy.  The
    attack would proceed as follows: the launch of the hostile ICBM is detected
    by infrared sensor detection (IRSD) [PM: on the aircraft or on satellite?].
    The aircraft uses its tracking lasers to get the range and bearing and locks
    on to the exhaust plume.  It then aims its large laser in the nose of the
    aircraft at the plume and tracks up to the nose of the missile and unleashes
    its energy.  The effect is not to destroy the missile in a sudden explosion,
    but to heat the fuel tanks to the extent that they develop cracks and so to
    cause a structural failure.
    
    It will take many years for this to become ready for combat.  In the
    meantime, spin-offs in smaller tactical or space-borne lasers might provide
    some returns.  [PM: Space-borne lasers were a feature of the original SDI.
    These were to be mounted on orbiting robotic "battle stations".  One
    proposal (which was the subject of actual nuclear tests) was that the gamma
    radiation from a nuclear explosion could be harnessed into a single
    collimated beam which would fry everything in its path.  A battle station
    carrying such a weapon would obviously be a "one-shot" device!]
    
    Joe Cirincioni (sp?) pointed out that, also in the meantime, the bad guys
    could develop a few simple counter-measures such as polishing the
    nose-cone to reduce absorption of radiation, spinning the missile (not as
    easy as it sounds) to avoid overheating of any one part of the surface, or
    insulating it with a coating (such as cork!) to avoid things getting too
    hot.  
    
    President Bush is apparently willing to spend, spend, spend his way around
    these minor technical problems.  
    
    
    The Political Dimension 
    
    OK.  So what is there for us to worry about here?  Answer: Lots!  [PM: "Us"
    seemed to mean Europeans.  However, most of the worried voices on the
    programme were American, which could be good news.]
    
    NMD will breach the 1972 Anti-Ballistic Missile (ABM) treaty by end of this
    year if the Bush administration pursues its present course.  The pro-ABM
    argument is that the treaty achieved a stable stalemate between the two
    nuclear superpowers during the cold war by preventing either from developing
    an effective protection system from behind which to launch a pre-emptive
    nuclear strike, and that it still operates to forestall an offensive arms
    race.
    
    The opposing view was put by Senator Kyle, who argued that the ABM treaty
    was useful only in the cold war when there were only two nuclear superpowers
    and that it is no longer relevant.  He went on to argue that the treaty was
    not a cause of stability, and that the offensive arms race continued with
    the treaty in place.  In fact, it locked the superpowers into a strategy
    based on mutually assured destruction (appropriate acronym: MAD): If you
    wipe us out, we'll wipe you out, and then we'll all be dead!  This no longer
    makes sense, since there is no longer a monolithic enemy on the other side
    of an Iron Curtain.  The rules have changed, and we in the US will act in
    our interests, not Russia's nor anyone else's.  Russia cannot veto NMD, and
    indeed, the only sanction it could threaten is a renewal of an offensive
    arms race which it can no longer afford.
    
    President Putin is less than chuffed about this!  There is some hope that
    a detente might be reached around a trade-off of NMD and nuclear weapons
    reduction, but the USA is currently gung-ho for its impenetrable shield.  
    
    O'Hanlon was worried that NMD might jeopardise attempts to work with Russia
    to control, stabilise, and (eventually) decommission (or at least reduce)
    its nuclear arsenal.  It still holds thousands of nuclear warheads mounted
    on ICBMs.  These constitute a hair-trigger weapon which could be aimed at
    the West in an instant.  [PM: Russia announced several years ago that its
    nuclear missiles were no longer aimed at the West.  Unfortunately, to re-aim
    them would take about as long as it takes to download the software.  How
    long did your last reboot take?  Another small point is that many of the
    weapons are in the territory of (and under the control of?) newly
    independent and politically unstable states which are ex-USSR.]
    
    O'Hanlon said that the fact that the ABM treaty is 30 years old does not
    make it a "relic".  His mortgage is 30 years old, but is still not a relic,
    and the Constitution of the United States is even older, but is still
    regarded as a useful document.
    
    He cited an interesting example.  In 1998 a "sounding" rocket launched from
    Norway was mistaken for a US attack vehicle by the Russian defences.  They
    were minutes from a retaliatory launch when the mistake was discovered.
    
    Ivan Zifrancuk (sp?), a Russian defence expert, was interviewed to give the
    Russian point of view.
    
    America's allies are also worried.  Radar bases and communications in the UK
    are needed for tracking.  The Menwith Hills installation has been the target
    of a Greenpeace protest.  [PM: The compliance of the present British
    government is remarkable, given the likelihood that the presence of tracking
    stations will make Yorkshire a primary target for America's enemies.  France
    and Germany have been more outspoken.]
    
    Phyllis Starkey MP was interviewed and stated that in her opinion NMD was a
    destabilising influence, and that the British Government should look to
    British interests
    
    O'Hanlon cited the problem of China (particularly sensitive since the loss
    of one of its fighter aircraft in collision with a US spy plane earlier this
    year).  The Bush administration has taken pains to reassure the Chinese (as
    it has the Russians) that NMD is not an offensive capability aimed at them.
    
    Unfortunately, there is a long-standing dispute over Taiwan, and in the
    medium term NMD could be capable of neutralising the effect of Chinese
    missiles.  At the last count, China had only 20 missiles capable of reaching
    American soil.  Senator Kyle stated that the USA would never tolerate a
    military take-over of Taiwan by China, and would come to its defence.  The
    existence of NMD would therefore be perceived as a threat by China, and may
    provoke an arms race with China.
    
    
    Conclusion 
    
    The old competition between predator and prey, between defence and
    offence, between the baron in the castle and the besiegers using the siege
    catapult were quoted.  The difference here is that the "castle" in this
    new cycle of competition cannot be built without the expenditure of
    billions of dollars, whereas the "catapult" (the means of penetrating or
    circumventing NMD) are relatively cheap.  So where is the  money to come
    from?  Step forward the loyal, long-suffering (and notoriously
    tight-fisted) US taxpayers!  President Bush has promised to lighten their
    burden.  Is NMD consistent with this?  
    
    As the programme concluded:  "The world awaits your decision!"    
    
    
      = = = = = = = = Peter Mellor:  Personal Comments = = = = = = = =
         The Missing Dimension:  Safety, Reliability, and Software 
    
    When President Reagan launched the Strategic Defense Initiative (SDI, aka
    "Star Wars"), it was intended to provide an absolutely impregnable defence
    for the USA against ICBM attack.
    
    It was widely regarded as utterly fantastical in conception, absurdly
    expensive to design and construct, impossible to test, and ineffective for
    its intended purpose.  
    
    An impregnable defence must have a negligible probability of letting one
    attacking missile through.  O'Hanlon states that a "95%" confidence is
    better than no defence at all.  Where thermonuclear devices are concerned, a
    1% failure rate under mass attack means that you might as well not have
    bothered.  (I saw a bumper-sticker in California which read: "A single
    nuclear device can really spoil your day".  I agree!)  To destroy the USA,
    only four devices are required, one at each corner, in the stratosphere,
    outside US territory.  The electromagnetic pulse would cause an electrical
    potential spike which would zap every non-hardened semiconductor device in
    the country.  Eight out of every ten dollars would disappear in an instant.
    (Think about it!)  Hitler gave up on the air assault on Britain since he
    realised he could not cope with a 10% attrition rate on the raiding forces.
    Now we need a 99.9999% (or higher) attrition rate.
    
    The NMD is a cut-down version of SDI.  At least we no longer have to contend
    with the spectre of a world patrolled by ever-alert robot battle stations in
    orbit armed with thermonuclear devices to deliver collimated gigawatt doses
    of energy to anything which ascends above 50,000 feet and rail-guns firing
    several thousands of rounds per second of hypersonic projectiles at any
    suspect object in orbit.
    
    The NMD proposals are less fantastic, but perhaps the more dangerous for
    being slightly more plausible.  
    
    What SDI and NMD have in common is that they are both crucially dependent
    on software for command and control.  
    
    The head of software development for SDI was David L. Parnas.  Once he
    became aware that the current software development methods could not yield
    the impossibly high reliability required for SDI, he did the decent thing
    and resigned.  He did so very publicly and published his reasons for
    becoming totally disillusioned with the farcical SDI enterprise in a
    brilliant essay in which he stacked up each one of the then popular methods
    and showed why it was doomed to fail.  [As I recall, David was merely on a
    review panel, not head of development.  PGN]
    
    His resignation and essay probably did as much to scupper SDI as its
    ludicrous and exponentially increasing cost.
    
    Now, either we have solved all of the problems with developing
    high-integrity real-time embedded software in the few years since SDI was
    abandoned (and I don't believe it for a nanosecond), or we are into another
    technically infeasible and ultimately farcical project.
    
    I have seen no discussion of NMD in the safety-critical systems list
    recently, and no criticism anywhere from the reliability and safety
    viewpoint.  (It was not even mentioned in the BBC Radio 4 programme "The
    Heavens at War" that I have summarised above.)
    
    The silence is deafening!  
    
    Peter Mellor, Centre for Software Reliability, City University, 
    Northampton Square, London EC1V 0HB
    Tel.: +44 (0)20 7040 8422  ) NOTE: Code recently changed from 
    Fax.: +44 (0)20 7040 8585  )       7477 to 7040 
    e-mail: Pete Mellor <p.mellorat_private> 
    
    ------------------------------
    
    Date: Wed, 15 Aug 2001 18:31:22 PDT
    From: "Peter G. Neumann" <neumannat_private>
    Subject: SDI chief says system may not be reliable
    
    The head of the Pentagon's missile defense programs said he is not fully
    confident in the "basic functionality" of the anti-missile system that
    successfully intercepted a mock warhead in space last month.  That is why
    the next test of the system, scheduled for October, will be a replay of the
    July 14 test, with no additional complexities such as putting more decoys
    aboard the target missile, Air Force Lt. Gen. Ronald Kadish, director of the
    Ballistic Missile Defense Organization, told a group of reporters.  "It is
    still not totally comfortable for me to say that we can make the hit-to-kill
    technology work consistently, even in that simple scenario," Kadish said,
    adding later, "We still need some more reliability in there."  [Source: AP
    item, Missile Defense Chief 'Not Totally Comfortable' With Reliability of
    Anti-Missile System, 15 Aug 2001; and then, there are reports of the
    GPS-aided homing beacon that aided the tests -- even the two that failed!  PGN]
    
    ------------------------------
    
    Date: Wed, 29 Aug 2001 20:00:05 -0700 (PDT)
    From: "Peter G. Neumann" <neumannat_private>
    Subject: Federal tax returns missing in Pennsylvania 
    
    As many as 40,000 federal tax returns [earlier thought to be only 1800] and
    tax payment checks totaling more than $800 million from New England and
    upstate New York have been lost or destroyed at a processing center operated
    by the Mellon Bank in Pittsburgh for the Internal Revenue Service.  One
    source was quoted as saying, "The system was flawed.  It gave them incentive
    to stick the payments in a drawer.  It was almost cost-effective for Mellon
    to do that. There was no reward for timely processing."  (A somewhat similar
    case at the IRS Philadelphia center in the mid-1980s was also noted.)
    [Source: Albert B. Crenshaw, *The Washington Post*, 30 Aug 2001; Page E01]
    
    ------------------------------
    
    Date: Fri, 31 Aug 2001 10:35:17 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: Hotmail hackable with one line of code
    
    Security consultant Jeremiah Grossman was able to break through Microsoft's
    Hotmail and Passport protection schemes with just one line of code.
    Microsoft has patched the code, but Grossman says he could do it again in 8
    hours of work.  His hacking experiment used a "cross-site scripting"
    technique that attaches invasive code onto programs used to make Web pages
    more interactive.  Grossman calls them "a breeding ground for new types of
    Web security vulnerabilities," and Shawn Hernan of the Computer Emergency
    Response Team at Carnegie Mellon University says that "it's easy to dream up
    very, very bad scenarios." 
      [*USA Today*, 31 Aug 2001; NewsScan Daily, 31 August 2001
      http://www.usatoday.com/life/cyber/tech/2001-08-31-hotmail-security.htm]
    
    ------------------------------
    
    Date: Fri, 24 Aug 2001 10:19:27 -0400
    From: "Jeremy Epstein" <jepsteinat_private>
    Subject: Even dead people use Microsoft software
    
    Computerworld reports that a Microsoft letter-writing campaign opposing the
    anti-trust actions used the names of dead people.  The Utah Attorney
    General, who received the letters, was not amused.  Other Attorneys General
    received duplicate letters with similar problems.  MSFT says they didn't do
    it, but pointed to "Citizens Against Government Waste" which is a leading
    the effort.
      (http://www.computerworld.com/storyba/0,4125,NAV47_STO63256,00.html)
    
    The risk is that any sufficiently automated letter writing system is going
    to eventually screw up and get caught.  Dead people don't handwrite letters.
    
    ------------------------------
    
    Date: Fri, 24 Aug 2001 10:32:53 +1000
    From: Stuart Prescott <s.prescottat_private>
    Subject: More interesting MS certificates
    
    I noticed today that the Microsoft WindowsUpdate site was offering a Service
    Pack 2 for Internet Explorer, and since a number of our machines here use
    IE5.5 I decided to have a look at what "functionality" it offered.  As with
    all downloads from WindowsUpdate, they are cryptographically signed;
    however, this time some of the components were signed by "IE Beta Division",
    with a certificate authority of "IE Beta Division"... i.e. (PGN: pardon the
    pun) the certificates are not trustworthy.
    
    The RISKS? Naturally, there are issues here in verifying that these updates
    are actually from Microsoft. Then there are the RISKS of users saying "No"
    to installing the badly signed bits and possibly ending up with a (more)
    broken IE installation. Or there is the RISK of users becoming used to
    dismissing error messages....
    
    I didn't realise that MS and IE could become even scarier with time...
    
    ------------------------------
    
    Date: Mon, 27 Aug 2001 09:38:03 -0700 (PDT)
    From: Ulf Lindqvist <ulfat_private>
    Subject: Directory service based on car license plate
    
    >From Swedish newspaper *Aftonbladet* Aug 27, 2001,
    http://www.aftonbladet.se/vss/nyheter/story/0,2789,84644,00.html
    
    In Sweden, a new type of directory service will soon be introduced by the
    company Ahhaaa [yes, that actually seems to be their name, see
    http://www.ahhaaa.com/ ]. You will be able to call this service 24-7, give
    the license plate number of a car, and they will immediately tell you the
    name, address and phone number of the person registered as owner of that
    car. If the owner is a business, they will also tell you the number of
    employees and annual revenue.
    
    The article states a number a "benefits", such as calling the driver who
    just cut you off to complain, locate parking violators or notify an owner
    whose car has been broken into. Last but not least, the article suggests
    that if you find another driver attractive, this service would make it
    easier to make contact.
    
    It does not take a criminal mastermind to see ample opportunities for abuse
    - road rage, stalking, fraud etc. One could argue that this information has
    always been available to the public in Sweden, albeit from different sources
    (see http://justitie.regeringen.se/pressinfo/pdf/publicaccess.pdf for an
    explanation of the Swedish Principle of Public Access to
    Information). However, with modern technology, deregulation of
    telecommunication services, and the ubiquitousness of mobile phones, the
    information is instantly available and therefore the opportunities to act on
    impulse are much greater.
    
    Ulf Lindqvist, System Design Lab, SRI International, 333 Ravenswood Ave,
    Menlo Park CA 94025-3493, USA +1 650 859-2351 http://www.sdl.sri.com/
    
    ------------------------------
    
    Date: Sat, 25 Aug 2001 19:30:05 -0700 (PDT)
    From: "Jay D. Dyson" <jdysonat_private>
    Subject: Re: Air Force office mails confidential information ...
    
    Jim Griffith (RISKS-21.62) noted an Air Force Academy officer accidentally
    sent confidential information about some 40 cadets to all 4400 cadets at the
    school.
    
    This incident sounds suspiciously like a Sircam worm infection of the
    officer's system.  First off, I doubt that e-mail is typically utilized to
    send out such reports since such confidential information should never be
    sent in the clear.  Secondly, how else can the Air Force explain the means
    by which the mail was so readily disseminated?
    
    I don't believe we're being told the whole story here.  And I believe an
    officer is being let off the hook when he should be nailed for actions that
    are tantamount to criminal negligence.
    
    ------------------------------
    
    Date: 12 Feb 2001 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) 
     if possible and convenient for you.  Alternatively, via majordomo, 
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe] 
     which requires your ANSWERing confirmation to majordomoat_private .  
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .MIL users should contact <risks-requestat_private> (Dennis Rears).
       .UK users should contact <Lindsay.Marshallat_private>.
    => The INFO file (submissions, default disclaimers, archive sites, 
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All 
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES are available: ftp://ftp.sri.com/risks or
     ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
       [volume-summary issues are in risks-*.00]
       [back volumes have their own subdirectories, e.g., "cd 20" for volume 20]
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
       Lindsay Marshall has also added to the Newcastle catless site a 
       palmtop version of the most recent RISKS issue and a WAP version that
       works for many but not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing, 
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 21.63
    ************************
    



    This archive was generated by hypermail 2b30 : Sat Sep 01 2001 - 12:33:28 PDT