[risks] Risks Digest 22.24

From: RISKS List Owner (riskoat_private)
Date: Wed Sep 11 2002 - 07:36:40 PDT

  • Next message: RISKS List Owner: "[risks] Risks Digest 22.25"

    RISKS-LIST: Risks-Forum Digest  Weds 11 September 2002  Volume 22 : Issue 24
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/22.24.html>
    and by anonymous ftp at ftp.sri.com, cd risks .
    
      Contents:
    Florida Primary 2002: Back to the Future (Rebecca Mercuri)
    Nurses refuse to wear locator devices (Duane Thompson)
    Computer-Assisted Passenger Screening System defeated (Max)
    The Underground Web (Monty Solomon)
    Missed phone connections (Robert Kuttner via Monty Solomon)
    Microsoft says Win 2000 hacking outbreak subsides (PGN)
    Greek court finds Government ban on electronic games unconstitutional
      (Giorgos Epitidios)
    The pinnacle of chutzpah in spam filtering  (Przemek Klosowski)
    REVIEW: "Computer Forensics and Privacy", Michael A. Caloyannides (Rob Slade)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Wed, 11 Sep 2002 03:14:39 -0400
    From: "Rebecca Mercuri" <notableat_private>
    Subject: Florida Primary 2002: Back to the Future
    
    Well, Florida's done it again.
    
    Tuesday's Florida primary election marked its first large-scale roll-out of
    tens of thousands of brand-new voting machines that were promised to resolve
    the problems of the 2000 Presidential election.  Instead, from the very
    moment the polls were supposed to open, problems emerged throughout the
    state, especially in counties that had spent millions of dollars to purchase
    touchscreen electronic balloting devices.
    
    Florida voters, including Gubernatorial candidate Janet Reno, experienced
    delays (ranging from minutes to hours) due to touchscreen machines not
    working properly or at all.  Reno, and others (including Duval County
    officials) reportedly sought court orders requesting additional time for the
    day's voting session. Governor Jeb Bush granted a two hour extension, but
    some of the polling places did not receive notice and shut down their
    machines at 7PM, only to discover that restart was impossible because of the
    way the machines had been designed.
    
    In addition to polls and machines that opened late, many precincts reported
    problems with some electronic cards voters used to activate their ballots.
    A few machines in Miami-Dade County reset themselves while voters were
    trying to vote.  Even the mark-sense ballots proved troublesome -- in Orange
    County many votes will have to be hand-counted because defects made them
    unreadable by the optical scanners.
    
    Lest readers think that Florida is alone with these election problems, other
    states, including Georgia and Maryland, have also reported similar
    difficulties with touchscreens.  Problems in MD led 4 counties there to
    commission a report from UMD, which revealed serious reliability concerns,
    due to "catastrophic failure," "malfunction," and "unusability" of one of
    the two machines they were given for testing.  The Association of Computing
    Machinery's Special Interest Group on Computer Human Interaction (ACM
    SIGCHI) offered to perform similar evaluations on Palm Beach's new voting
    equipment, urged by U.S. Representative Robert Wexler, but the offer was
    declined by the County's Board of Elections.
    
    Florida was forewarned about problems with some of their new machines when,
    in local municipal elections held back in March 2002, anomalies surfaced in
    Palm Beach County.  Some voters submitted sworn affidavits to the state's
    15th Circuit Court, attesting to problems ranging from a lack of privacy at
    the voting booth, to machines "freezing up" until rebooted or reset, and
    voter cards being rejected.
    
    During this past summer, as part of an investigation into Emil Danciu's
    contest (one of two lawsuits for the March Palm Beach County election), the
    court permitted me to perform a "walk through inspection" of the County's
    Board of Election warehouse where the machines were being stored and
    prepared for this Fall's primary.  To my amazement, I learned that the
    devices would not be tested to see whether they would register a vote for
    each candidate that appeared on the ballot face.  Rather, the tallying
    system was checked by transferring data between cartridges, (circumventing
    the ballot face on each machine) and only one vote, for the first candidate
    in each race, was cast using the touchscreen. This essentially meant that
    most of the new machines would get their first real use only at the actual
    election. (Not only does this testing lack rigour, but it only marginally
    complies with Florida election law.)
    
    The Palm Beach County machines were running new software too, since the
    firmware on each of their 3400 machines was reprogrammed just weeks before
    the Fall primary. (Such firmware reprogrammability represents a major
    security and auditability risk.) A thorough inspection of the machines,
    requested by Danciu's legal team, was denied by the court, on the grounds
    that the purchase contract with Election Supervisor Teresa LaPore made it a
    felony violation (for her) of the vendor's trade secret clause if any
    devices were provided (Danciu had even offered to pay for one) for an
    internal examination.  This trade secrecy also apparently prevents
    disclosure of the program code files and testing reports maintained by the
    state of Florida as part of their certification process.
    
    But there's more.  Further problems may begin to surface after the
    tabulation results are analyzed.  Although if any candidate wishes to seek a
    recount, the only one they will get from the touchscreen machines is a
    printout of the same electronic data residing inside of the machines -- not
    an independent tally from human-readable ballots that were examined by the
    voters who cast them on election day. Even Brazil, where 400,000
    fully-electronic voting machines were first deployed nation-wide in their
    2000 election, deemed it appropriate to retrofit their machines to produce
    recountable voter-verifiable paper ballots, and they will begin to institute
    this by modifying some 3% of their machines for their next election.
    
    Sadly, many US communities seem to feel that it is necessary to rush ahead
    with voting equipment procurements, while reliable systems, appropriate
    testing, usability, security, and auditability procedures, and other
    safeguards, are years away.  Florida 2000 woke us up to what many already
    knew -- our voting systems and laws were flawed.  Florida 2002 lets us know
    that expensive computers can not and will not provide the answer to our
    election troubles.
    
    For the short run, communities that have purchased malfunctioning equipment
    should return it to the manufacturers and request refunds.  There should be
    an immediate moratorium throughout the United States (and world) on the
    procurement of electronic voting systems that do not provide
    voter-verifiable paper ballots.  In other words, if your community is
    thinking of buying touchscreen or other fully-computerized voting equipment,
    don't let them do it!  Candidates and voters who believe they may have
    evidence of ballots being lost or foul-play with voting systems, should
    contact me, as soon as possible, at mercuriat_private in order to learn how
    data could be secured before it may be deleted. Those seeking additional
    information on voting systems can refer to the numerous articles linked on
    Peter Neumann's website and on mine (at www.notablesoftware.com/evote.html).
    Please let your voice and concerns be heard.  Democracy is at stake.
    
    Rebecca Mercuri, Ph.D., Bryn Mawr College
    
    *This article is copyrighted property of Rebecca Mercuri (c) 2002.
    All rights reserved.  Reprint permission is granted only in its entirety,
    with this notice intact.  This article can be distributed but not sold.
    For any other uses, please contact the author for permission.*
    
    ------------------------------
    
    Date: Fri, 6 Sep 2002 16:31:11 -0700 (PDT)
    From: Duane Thompson <dstat_private>
    Subject: Nurses refuse to wear locator devices
    
      [This is interesting.  It was forwarded via a Healthcare Management e-mail
      list to which I subscribe.  DT]
    
    Since Monday, nearly half of the 120 nurses at Castro Valley, Calif.-based
    Eden Medical Center who were assigned to wear personal locator badges as
    part of a program to provide more efficient care have turned in their
    devices to protest a system they say invades their privacy and could be
    misused by managers. The nurse locator system-launched in October on two
    floors with plans to expand to a third-allows hospital administrators to
    locate a nurse or a supervisor anywhere at any time. Although the systems,
    which are used by hospitals across the U.S., can record response times,
    number of nurse visits to a patient room, and length of time of each visit,
    Eden uses its $273,000 system to record only response times. According to
    hospital officials, the system is meant to help nurses answer patient calls
    faster and allow the hospital to track nurses more easily in case of
    emergency. They add that since the installation of the system, patient
    satisfaction ratings have increased and response times have decreased. But
    nurses say the devices invade their privacy, interfere with patient care by
    disrupting conversations between nurses and patients, and contain
    potentially harmful infrared sensors-a charge the hospital's
    radiation-safety officer rejects. The nurses note that the hospital has
    installed the system in the nurses' lounge and kitchen and say that
    supervisors could use the vocal communication feature to listen in on
    conversations; the hospital says it has no intention of using the system to
    listen to nurses. Eden has not taken action against the nurses who refuse to
    wear the badges.   [Reang, *San Jose Mercury News*, 6 Sep 2002; Tate, (Contra
    Costa Times*, 6 Sep 2002.]
    
    ------------------------------
    
    Date: Sat, 07 Sep 2002 11:06:14 -0700
    From: Max <max7531at_private>
    Subject: Computer-Assisted Passenger Screening System defeated
    
    I just read an excellent paper on the inequities of the Computer-Assisted
    Passenger Screening System (CAPS) for airline travelers (thank you
    Crypto-Gram), and thought it would add some quantitative analysis to the
    Homeland Insecurity RISKS debate. Here's the abstract:
    
      To improve the efficiency of airport security screening, the FAA deployed
      the Computer Assisted Passenger Screening system (CAPS) in 1999. CAPS
      attempts to identify potential terrorists through the use of profiles so
      that security personnel can focus the bulk of their attention on high-risk
      individuals. In this paper, we show that since CAPS uses profiles to
      select passengers for increased scrutiny, it is actually less secure than
      systems that employ random searches. In particular, we present an
      algorithm called Carnival Booth that demonstrates how a terrorist cell can
      defeat the CAPS system. Using a combination of statistical analysis and
      computer simulation, we evaluate the efficacy of Carnival Booth and
      illustrate that CAPS is an ineffective security measure. Based on these
      findings, we argue that CAPS should not be legally permissible since it
      does not satisfy court-interpreted exemptions to the Fourth
      Amendment. Finally, based both on our analysis of CAPS and historical case
      studies, we provide policy recommendations on how to improve air
      security.
    
    And here's a link to the whole paper (the formatting is a little off; scroll
    down a bit from the title):
      http://swissnet.ai.mit.edu/6805/student-papers/spring02-papers/caps.htm
    
    ------------------------------
    
    Date: Thu, 29 Aug 2002 04:04:31 -0400
    From: Monty Solomon <montyat_private>
    Subject: The Underground Web
    
    Drugs. Gambling. Terrorism. Child Pornography. How the Internet makes any
    illegal activity more accessible than ever: It's the kind of call everyone
    dreads. For Kristen Bonnett, the daughter of NASCAR race driver Neil
    Bonnett, it came on Feb. 11, 1994--the day her father crashed during a
    practice run at the Daytona International Speedway. A few hours later, he
    died. Bonnett was devastated, but she got on with her life. Then, seven
    years later, came a second call. This time, it was a reporter asking for
    comment on autopsy photos of her father that were posted on the Internet.
    Shocked, she quickly got online. "Forty-eight thumbnail pictures, basically
    of my Dad on the table, butt-naked, gutted like a deer, were staring me
    directly in the face," says Bonnett. Now, when she thinks of her father, she
    pictures him lying atop an autopsy table.
    
    Warning: You are about to enter the dark side of the Internet. It's a place
    where crime is rampant and every twisted urge can be satisfied.  Thousands
    of virtual streets are lined with casinos, porn shops, and drug
    dealers. Scam artists and terrorists skulk behind seemingly lawful Web
    sites. And cops wander through once in a while, mostly looking lost. It's
    the Strip in Las Vegas, the Red Light district in Amsterdam, and New York's
    Times Square at its worst, all rolled into one--and all easily accessible
    from your living room couch.  ...  [*Business Week*, cover story, 2 Sep 2002]
      http://www.businessweek.com/magazine/content/02_35/b3797001.htm
    
    ------------------------------
    
    Date: Wed, 28 Aug 2002 23:24:53 -0400
    From: Monty Solomon <montyat_private>
    Subject: Missed phone connections
    
    By Robert Kuttner, *The Boston Globe*, 28 Aug 2002
    
    OUR LONG-DISTANCE telephone service stopped functioning yesterday.  For the
    magazine I edit, it was a pretty big inconvenience.  For several hours we
    pooled cellphones.
    
    My first call was to our bookkeeper. Were we current on our bills? We were.
    
    My second call was to Qwest, the offending long-distance company. Its lines
    were jammed. A company spokeswoman said she didn't know how many customers
    had lost service, but Qwest's own filing with the Federal Communications
    Commission yesterday, as required by law, indicated that 500,000 calls per
    hour didn't get through.  ...
    
    http://www.boston.com/dailyglobe2/240/oped/Missed_phone_connections+.shtml
    
    ------------------------------
    
    Date: Tue, 10 Sep 2002 11:19:08 PDT
    From: "Peter G. Neumann" <neumannat_private>
    Subject: Microsoft says Win 2000 hacking outbreak subsides
    
    On 30 Aug, Microsoft warned customers of an increase in reported hacker
    attacks against Windows 2000, but offered few details about the root of the
    problem.  On 6 Sep 2002, MS said the malicious activity has "lessened
    significantly" -- claiming that the attacks probably did not result from new
    vulnerabilities in its operating system, but rather from administrators not
    following standard procedures to secure their servers.  "By analyzing
    computers that have been compromised, Microsoft has determined that these
    attacks do not appear to exploit any new product-related security
    vulnerabilities and do not appear to be viral or worm-like in nature," the
    company stated in its advisory, available online at
    http://support.microsoft.com/default.aspx?scid=kb;en-us;q328691.  "Instead,
    the attacks seek to take advantage of situations where standard precautions
    have not been taken," the advisory said. "The activity appears to be
    associated with a coordinated series of individual attempts to compromise
    Windows 2000-based servers."  MS urges us to take preventive measures to
    protect themselves against future attacks: eliminate blank or weak
    administrator passwords, disable guest accounts, run up-to-date antivirus
    software, use firewalls to protect internal servers, and stay up to date on
    all security patches.  [Source: article by Matt Berger, *Info World*, 9 Sep
    2002; PGN-ed, TNX to Lillie Coney]
      http://www.infoworld.com/articles/hn/xml/02/09/09/020909hnmshack.xml
    
       [So, it's all OUR fault, even if I don't even use MS software!  PGN]
    
    ------------------------------
    
    Date: Wed, 11 Sep 2002 15:56:05 +0300
    From: "Giorgos Epitidios" <gepitiat_private>
    Subject: Greek court finds Government ban on electronic games unconstitutional
    
    (Re: Pareas via Max, RISKS-22.23)
    
    One of the advantages of Greek law is that every court (no just special ones
    as in many countries) can decide on the constitutionality of a law. This has
    it's own risks - inconveniences but, I am glad to report that in this case
    it worked well. The stupid law banning electronic games has been found
    unconstitutional by the court that was judging the "criminals".
    
    Giorgos Epitidios, Athens, Greece  gepitiat_private
    
    ------------------------------
    
    Date: Wed, 11 Sep 2002 01:24:09 -0400
    From: Przemek Klosowski <przemekat_private>
    Subject: The pinnacle of chutzpah in spam filtering 
    
    Recently, I got a piece of spam, which I forwarded to the 'abuse' at the
    sending ISP (a large, national carrier). I quickly got a reply:
    
    	************* Content Filter Notification **************
    
    	The following mail was blocked since it contains sensitive content.
    
    	Source mailbox: <przemekat_private>
    	Destination mailbox(es): <abuse@....>
    	Policy: Prohibited Word Filter
    
    I wrote back, without much hope for any effect:
    
        Well, sure the mail contains offending material.. 
    
          IT WAS SENT TO ME FROM YOU GUYS---THAT'S WHY I AM COMPLAINING
    
        [Why you'd have a content filter on an 'abuse@...' is beyond me.]
           [Because they get lots of spam also?  PGN]
    
    ------------------------------
    
    Date: Mon, 9 Sep 2002 19:56:41 -0800
    From: Rob Slade <rsladeat_private>
    Subject: REVIEW: "Computer Forensics and Privacy", Michael A. Caloyannides
    
    BKCMFRPR.RVW   20020604
    
    "Computer Forensics and Privacy", Michael A. Caloyannides, 2001,
    1-58053-283-7, U$79.00
    %A   Michael A. Caloyannides mickyat_private
    %C   685 Canton St., Norwood, MA   02062
    %D   2001
    %G   1-58053-283-7
    %I   Artech House/Horizon
    %O   U$79.00 800-225-9977 fax: 617-769-6334 artech@artech-house.com
    %P   392 p.
    %T   "Computer Forensics and Privacy"
    
    This book occupies a unique place in the literature of computer
    forensics.  Most works in the field, such as Kruse and Heiser's
    "Computer Forensics" (cf. BKCMPFRN.RVW), concentrate on documentation
    of the investigation with a view to presentation in court.  The actual
    mechanics of data recovery tend to be left to commercial tools. 
    Caloyannides demonstrates how to delve into corners of the computer in
    order to actually get the data out.
    
    At the same time, this work is inconsistent, on at least two levels. 
    The perspective flips back and forth between forensics and privacy,
    alternately emphasizing how to find evidence, and how to hide
    evidence.  The technology involved is the same, but the shifts in
    viewpoint can be jarring to the reader.  At the same time, the depth
    of technical detail can vary wildly.  At one point the book stops shy
    of telling you how to undelete files with a sector editor (an activity
    that could be useful to every computer user), while other sections
    list lengthy and extraordinary measures to secure personal computers.
    
    Part one concentrates on the data recovery aspect of computer
    forensics.  Chapter one is entitled an introduction, but seems to be
    more of an editorial on privacy, with the added statement that the
    book is intended both for law enforcement personnel needing details of
    computer forensic techniques and those wishing to preserve the privacy
    of data.  The use of, and factors related to the use of, computer
    forensics is supported by specific cases (rather than vague
    suppositions) in chapter two.  One has to agree with the author's
    statement, in chapter three, that "computer forensics can be done--
    and, sadly, is often done--by persons with a minimal amount of either
    education or experience."  Therefore it is unfortunate that the
    forensic tools list and book structure are both difficult at this
    point, although there is good material and writing, and Caloyannides
    is not afraid to tackle the social and political aspects of the field. 
    Chapter four outlines various places (primarily in Windows) from which
    data may be recovered.  It is an odd mix of little known and very
    valuable information, and extremely poor explanations of basic
    functions like manual undeletion and file overwriting.  A strange and
    terse look at steganography, US and UK surveillance systems,
    cryptography, and anonymity makes up chapter five.  Data acquisition,
    from sources such as key logging and Van Eck radiation, is reviewed in
    chapter six.  Chapter seven debunks a short list of measures falsely
    believed to provide privacy protection.
    
    Part two turns to privacy and security.  Chapter eight is a discussion
    of legal and commercial protections of privacy (mostly in the US) and
    their failings.  Installing and configuring a privacy protected
    configuration of Windows is covered in chapter nine, in considerable
    detail.  Chapter ten's review of basic online privacy is heavy on
    additional software packages.  Intermediate online privacy, in chapter
    eleven, looks at browser and email configurations, more packages, and
    has a section on tracing email that would be helpful in dealing with
    spam.  (An unfortunate typesetting error seems to have deleted what
    might have been valuable information about PGP [Pretty Good Privacy].) 
    Chapter twelve is more advanced, dealing with anonymizing services and
    personal firewalls, but may be beyond the average user.  A general
    opinion piece on cryptography, chapter thirteen nevertheless provides
    a good, basic background, albeit with a social and political emphasis. 
    Chapter fourteen looks at more practical encryption, detailing PGP and
    specialized cryptographic programs, with a detour into biometrics.
    
    Part three is a brief look at legal and other issues.  Chapter fifteen
    is a brief look at laws, mostly in the US.  Chapter sixteen touches on
    security aspects of VoIP (Voice over Internet Protocol) and GSM
    (Global System for Mobility) wireless services.
    
    Despite the ragged organization and style, and some glaring gaps in
    coverage, this book does contain a wealth of information for both the
    computer forensic examiner, and the user concerned with privacy.  For
    anyone beyond the most basic user it is well worth a read.
    
    copyright Robert M. Slade, 2002   BKCMFRPR.RVW   20020604
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    ------------------------------
    
    Date: 29 Mar 2002 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .MIL users should contact <risks-requestat_private> (Dennis Rears).
       .UK users should contact <Lindsay.Marshallat_private>.
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES are available: ftp://ftp.sri.com/risks or
     ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
       [volume-summary issues are in risks-*.00]
       [back volumes have their own subdirectories, e.g., "cd 21" for volume 21]
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
       Lindsay Marshall has also added to the Newcastle catless site a
       palmtop version of the most recent RISKS issue and a WAP version that
       works for many but not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 22.24
    ************************
    



    This archive was generated by hypermail 2b30 : Wed Sep 11 2002 - 08:33:21 PDT