[risks] Risks Digest 22.80

From: RISKS List Owner (riskoat_private)
Date: Wed Jul 16 2003 - 15:58:50 PDT

  • Next message: RISKS List Owner: "[risks] Risks Digest 22.81"

    RISKS-LIST: Risks-Forum Digest  Wednesday 16 July 2003  Volume 22 : Issue 80
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at http://www.risks.org as
      http://catless.ncl.ac.uk/Risks/22.80.html
    The current issue can be found at
      http://www.csl.sri.com/users/risko/risks.txt
    
      Contents:
    Helios loss (Peter B. Ladkin)
    Error In e-mini Dow Futures creates havoc at CBOT, CME (Conrad Heiney)
    A Virginia law aids identity theft victims (Michael D. Shear via
      Monty Solomon)
    David Nelson and CAPPS II? (Rob Slade)
    Man charged in e-mail stalking of anchor (Rick Jervis via Monty Solomon)
    Has your PC been hijacked to spread pornography? (NewsScan)
    Remotely disabling PCs as an anti-theft measure (Nick Brown)
    Walk-By Hacking (Erik Sherman via Monty Solomon)
    Secure eBay password changes (Scott Ehrlich)
    Adobe Acrobat and PDF security: no improvements for 2 years (Monty Solomon)
    Bank advises ActiveX is a security product (Charles Williams)
    "Complex" security -- what hope mere mortals? (Ben Low)
    New Kind of Snooping Arrives at the Office (Marci Alboher Nusbaum via 
      Monty Solomon)
    Canada and the FTC Do Not Call list (Tony Harminc)
    Washing machine does the right thing after power outage (Erik Klavon)
    Sony recalling some Vaio laptops for shock risk (Monty Solomon)
    Re: "Soft walls" = dangerous avionics? (Thomas Wicklund, Robert Woodhead)
    Re: RFID Site Security Gaffe ... (Crispin Cowan)
    Re: The risks of assuming things: German payrolls (Josef Janko)
    REVIEW: "Computer and Intrusion Forensics", George Mohay et al. (Rob Slade)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Wed, 16 Jul 2003 22:28:22 +0200
    From: "Peter B. Ladkin" <ladkinat_private-bielefeld.de>
    Subject: Helios loss
    
    The Helios solar-powered flying wing was lost in June in the Pacific just
    west of the Hawaiian Islands, whence it was flying, due to "control
    difficulties that resulted in severe oscillations" at about 3,000 ft
    altitude [1]. The craft set an altitude record for propeller-driven craft of
    nearly 100,000 ft in its previous set of flights for NASA.
    
    Helios is (rather, was) extremely lightweight and remote-piloted. Lots of it
    has been recovered from the ocean, but the fuel-cell system, reported to
    cost $10m, sank in about 1,800m of water and is unlikely to be recovered.
    
    The National Research Council Committee on the Effects of Aircraft-Pilot
    Coupling [APC] on Flight Safety reported in 1997 that, although APC events
    are rare, they occur "at some point during the development of almost all FBW
    [Fly-By-Wire] aircraft" and notes that they are often associated with the
    introduction of new technologies [2, p6], of which the Helios is one of the
    more remarkable.
    
    [1] Guy Norris, Helios board looks at cause of `severe oscillations´,
    Flight International, 15-21 July, 2003, p26.
    
    [2] National Research Council, Committee on the Effects of Aircraft-Pilot
    Coupling, "Aviation Safety and Pilot Control", National Academy Press, 1997.
    
    Peter B. Ladkin, University of Bielefeld, Germany
    http://www.rvs.uni-bielefeld.de
    
    ------------------------------
    
    Date: Thu, 3 Jul 2003 14:16:01 -0700
    From: "Conrad Heiney" <conradat_private>
    Subject: Error In e-mini Dow Futures creates havoc at CBOT, CME
    
    The *Wall Street Journal* reported today that a mistaken order on the
    Chicago Board of Trade's "e-mini Dow Jones Industrial Average Futures"
    caused wild market swings today.
    
    Apparently an order to sell 10,000 contracts instead of 100 was put in by
    mistake. This caused the market, which had been on the upswing htat day, to
    plunge downwards in both the Chicago Board of Trade and the Chicago
    Mercantile Exchange. Several traders reported assuming that some bad news
    such as a terrorist attack had sparked the sell-off.
    
    The RISK of a typo on an electronic system causing financial havoc is
    once again made clear.
    
    Conrad Heiney  conradat_private  http://fringehead.org
    
    ------------------------------
    
    Date: Sun, 13 Jul 2003 22:25:39 -0400
    From: Monty Solomon <montyat_private>
    Subject: A Virginia law aids identity theft victims
    
    By Michael D. Shear, *The Washington Post*, 13 Jul 2003
    
    Federal and state police put the handcuffs on 32-year-old Angel Gonzales in
    front of his wife and two young children just as the neighborhood school bus
    pulled up. ''We're taking your father to jail,'' they told his 6-year-old
    daughter, walking Gonzales to the cruiser as his neighbors gawked.  The
    police had nabbed Gonzales, who lives in the Tidewater area of Virginia, on
    a Las Vegas fugitive warrant on cocaine charges. The warrant said he was
    armed and dangerous.
    
    Ambur Daley, 27, was arrested in a North Carolina airport as she returned
    from visiting her grandmother in Canada. The Staunton, Va., resident was
    booked, fingerprinted, and kept overnight in jail, accused of writing bad
    checks.
    
    In fact, neither Daley nor Gonzales had done anything wrong. The crimes they
    were accused of were committed by phantoms -- identity thieves who have
    stolen their names, Social Security numbers, addresses, and telephone
    numbers. Dependent on electronic records in databanks, police across the
    nation were chasing the wrong people.
    
    Both now have a Virginia Identity Theft Passport, the first two victims to
    participate in a program aimed at giving people such as Daley and Gonzales a
    fighting chance in convincing police of their innocence. A state law
    creating the program took effect July 1.  Issued by a judge and bearing the
    seal of Attorney General Jerry W. Kilgore, the passport is intended to aid
    Virginia residents who are the victims of identity theft.  ...
    
      http://www.boston.com:80/dailyglobe2/194/nation/
      A_Virginia_law_aids_identity_theft_victims+.shtml
    
    ------------------------------
    
    Date: Mon, 14 Jul 2003 12:18:20 -0800
    From: Rob Slade <rsladeat_private>
    Subject: David Nelson and CAPPS II?
    
    According to a story in the "This is True" mailing list, based on another
    from the *Los Angeles Daily News*, 6 people in the Los Angeles area, 18 in
    Oregon, and 4 in Alaska, all with the name David Nelson, have been pulled
    from commercial flights even after passing security checks.  The
    Transportation Security Administration is quoted as saying that the name is
    not on any list, but that pattern matching technology is flagging the name.
    Does anyone have any further information on this phenomenon?
    
    rsladeat_private      sladeat_private      rsladeat_private
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    ------------------------------
    
    Date: Wed, 16 Jul 2003 02:39:05 -0400
    From: Monty Solomon <montyat_private>
    Subject: Man charged in e-mail stalking of anchor
    
    Tonny Horne, an Indiana man who thought Chicago WFLD (Channel 32) news
    anchor Tamron Hall was talking to him through his television set, and who
    showered her with affectionate and obscene e-mails for two years, will be
    among the first people charged under Illinois' 2001 cyberstalking law.  A
    grand jury indicted him on charges of cyberstalking and criminal
    trespassing.  He had been arrested on 16 Jun 2003 outside the Chicago Fox
    studios.  If convicted, he could face 2 to 5 years in prison.  [Source:
    article by Rick Jervis, *Chicago Tribute*, 13 Jul 2003; PGN-ed]
      http://www.chicagotribune.com/technology/chi-0307130506jul13,1,2009477.story
    
    ------------------------------
    
    Date: Fri, 11 Jul 2003 09:40:42 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: Has your PC been hijacked to spread pornography?
    
    Computer security expert Richard M. Smith says that in the last month
    network vandals (possibly linked to Russian organized crime) have found ways
    to take over PCs with high-speed connections to the Internet and use them,
    without their owners' knowledge, to send Web pages advertising pornographic
    sites. Smith says that "people are sort of involved in the porno business
    and don't even know it." Most PC owners don't know when their computers have
    been hijacked and the hijacking apparently doesn't damage the computer or
    disrupt its operation. Because so many different machines are hijacked to
    perpetrate this scheme, there's no single computer that be shut down to end
    the problem. Smith adds: "We're dealing with somebody here who is very
    clever." (*The New York Times*, 11 Jul 2003; NewsScan Daily, 11 Jul 2003)
      http://partners.nytimes.com/2003/07/11/technology/11HACK.html
    
    ------------------------------
    
    Date: Fri, 30 May 2003 16:04:59 +0200
    From: BROWN Nick <Nick.BROWNat_private>
    Subject: Remotely disabling PCs as an anti-theft measure
    
    ZDNet reports yet another attempt to "discourage PC theft":
    
    http://zdnet.com.com/2100-1105_2-1009807.html
    
    A short extract:
    
    "Every time a computer outfitted with TheftGuard connects to the Internet,
    it pings the TheftGuard site. A computer-theft victim can register the
    machine at the site. If the stolen machine is brought online, the original
    owner can arrange to have the machine crippled or crippled with all data
    erased, and can determine the Internet Protocol address used--which can help
    in hunting down the thief."
    
    Naturally:
    - The TheftGuard site can and will never, ever be hacked - or even a
      tempting target for hackers;
    - Extensive checks will be put in place to ensure that only the registered
      owner of a PC can call in to say it's been stolen (perhaps they'll ask for
      your SSN ?);
    - The world's law enforcement agencies have thousands of officers just
      standing by reports saying "the person who used IP address A.B.C.D at
      <timestamp> is a thief; go get them !".
    
    Nick Brown, Strasbourg, France
    
      [Now, that is nice sarcasm.  PGN]
    
    ------------------------------
    
    Date: Sun, 13 Jul 2003 12:28:15 -0400
    From: Monty Solomon <montyat_private>
    Subject: Walk-By Hacking
    
    Erik Sherman, *The New York Times*, 13 Jul 2003
    
    ''We've got 12 . . . wait, 13. Another just came in!''
    
    On the hunt for 30 seconds, Gary Morse is jazzed. We've walked about 45 feet
    down Avenue of the Americas in Midtown Manhattan, and he has been counting
    the number of chirrups coming from the speaker of his hand-held
    computer. Each represents potential prey: wireless networks in the offices
    and apartments above us. So far, we have had more than a dozen chances to
    sneak Internet access, reap user ID's and passwords and otherwise peer into
    the private affairs of individuals and businesses.
    
    Morse is an expert -- president of Razorpoint Security Technologies Inc., a
    computer security consulting firm that helps companies find their weak spots
    and fix them -- and a self-described ''professional hacker.'' He knows
    dozens of tricks to ease his way into any of the networks he has found. Most
    users don't realize that left untended, the wireless technology that can
    quickly connect computers will literally broadcast every bit of transmitted
    information to anyone with a computer and a $40 wireless networking card.
    
    The software package running on Morse's hand-held is called Kismet, from a
    Turkish-derived word meaning fate. The program uses the wireless card like a
    police band scanner, noting each wireless network that makes its presence
    known. ''I could put it in my pocket and record all the networks without
    anyone seeing,'' he says. The program is available to security experts and
    would-be hackers for a perfectly legal and free download.  ...
    
    http://www.nytimes.com/2003/07/13/magazine/13HACKING.html
    
    ------------------------------
    
    Date: 15 Jul 2003 19:31:53 -0400
    From: seat_private (Scott Ehrlich)
    Subject: Secure eBay password changes
    
      [Cf. the item by Paul Festa via Monty Solomon in RISKS-22.40.  PGN]
        http://catless.ncl.ac.uk/Risks/22.40.html#subj3
    
    eBay's Web site allows for SSL (https -- i.e., secure) logins, but non-SSL
    (http -- i.e., insecure) password changes.
    
    A recent visit to half.com, and eBay company, provides for SSL logins,
    and, to my surprise, an SSL password change screen.  I promptly changed my
    password using half's ssl form, logged out, then logged into eBay via SSL
    using my new password from half.com, and it took.
    
    So, even if eBay doesn't change their 'Change Password' form [back] to
    SSL, we can still use half.com's form and do it securely.
    
    Now watch - I say this and half.com will magically remove SSL capability
    from its password change form.
    
    ------------------------------
    
    Date: Tue, 8 Jul 2003 11:58:00 -0400
    From: "monty solomon" <montyat_private>
    Subject: Adobe Acrobat and PDF security: no improvements for 2 years
    
    Software released in 2003 contains vulnerabilities disclosed in 2001
    8 Jul 2003
    
    Summary:
    In early 2001, we have discovered a serious security flaw in Adobe Acrobat
    and Adobe Acrobat Reader. In July'2001, we've briefly described it in "eBook
    Security: Theory and Practice" speech on DefCon security conference. Since
    there was no reaction from Adobe (though Adobe representative has attended
    the conference), we have reported this vulnerability to CERT in
    September'2002 (after more than a year), still not disclosing technical
    details to the public. Only in March'2003, CERT Vulnerability Note
    (VU#549913) has been published, and after a week, Adobe has responded
    officially (for the first time) issuing the Vendor Statement (JSHA-5EZQGZ),
    promising to fix the problem in new versions of Adobe Acrobat and Adobe
    Reader software expected in the second quarter of 2003. When these versions
    became available, we have found that though some minor improvements have
    been made, the whole Adobe security model is still very vulnerable, and so
    sent a follow-up to both CERT and Adobe. Both parties failed to respond.
    Full story:
      http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0011.html
    
    ------------------------------
    
    Date: Tue, 8 Jul 2003 19:26:56 +0100
    From: Charles Williams <C.D.H.Williamsat_private>
    Subject: Bank advises ActiveX is a security product
    
    The Internet bank Egg <http://www.egg.com/> has just sent me an
    unsolicited leaflet (EP1996 06/03) trying to induce me to sign up for 
    its account aggregation service. Step 2 of its four-step procedure 
    says:
    
    "Read and accept the terms and conditions. Then download a piece of 
    software from Microsoft, called ActiveX. This acts like a digital 
    safe and sits on your PC protecting your password and log in details."
    
    How many of Egg's customers have now installed ActiveX in the belief 
    that it is a security product?
    
    ------------------------------
    
    Date: Tue, 15 Jul 2003 14:18:36 +1000
    From: Ben Low <benat_private>
    Subject: "Complex" security -- what hope mere mortals?
    
    The Center for the Study of Complex Systems (CSCS) at the University of
    Michigan appears to be staffed with competent, knowledgeable people who
    study "complex systems".
    
    Yet their Computer Lab Security page at
    http://www.pscs.umich.edu/lab/security.html advises the user, when faced
    with a ssh host key change warning (potential "man in the middle" attack) to
    essentially ignore the warning, and to simply delete the offending key.
    
    When a group studying "complex systems" has difficulty dealing with the
    issues of computer security, what hope to mere mortals hold?
    
    ------------------------------
    
    Date: Mon, 14 Jul 2003 21:57:44 -0400
    From: Monty Solomon <montyat_private>
    Subject: New Kind of Snooping Arrives at the Office (Marci Alboher Nusbaum)
    
    Corporate executives are becoming increasingly aggressive about spying on
    their employees, and with good reason: now, in addition to job shirkers and
    office-supply thieves, they have to worry about being held accountable for
    the misconduct of their subordinates.  Even one offensive e-mail message
    circulated around the office by a single employee can pose a liability risk
    for a company. Not only that, but a wave of laws - including the federal
    Health Insurance Portability and Accountability Act of 1996 and the
    anticorruption and corporate-governance Sarbanes-Oxley Act of 2002 - have
    imposed new record-keeping and investigative burdens on companies. Not
    complying with some laws can result in the personal liability of officers
    and directors.
    
    As a result, employers have stepped up their surveillance of employees,
    often using stealth techniques to peer deep into their computer use. As of
    2001, more than a third of all American workers with access to computers, or
    14 million in all, were being monitored in one way or another, according to
    the Privacy Foundation, a Denver research group; with added pressure on
    executives to oversee their employees' electronic activities, experts
    predict that those numbers will grow.  ...
    
    [Source: Marci Alboher Nusbaum, *The New York Times*, 13 Jul 2003]
      http://www.nytimes.com/2003/07/13/business/yourmoney/13EXLI.html
    
    ------------------------------
    
    Date: Tue, 8 Jul 2003 19:54:58 -0400
    From: "Tony Harminc" <tonyat_private>
    Subject: Canada and the FTC Do Not Call list
    
    Curious, I went to the FTC site and tried to register my Canadian home phone
    number. It was rejected with an uninformative error message. However the
    site was quite happy to accept my (also Canadian) 800 number. This raises a
    blend of techno-legal issues, because it is not possible to distinguish
    syntactically or in any simple way between a US and Canadian 800 number, and
    indeed one number can terminate in multiple locations based on the caller's
    location, the time of day, load, etc. So what's the legal situation if I get
    a junk call at this number from a US telemarketer? From a non-US one? US
    legislators have not been shy in the past about extending the reach of their
    laws outside their borders. Is this legislation written clearly enough to
    provide a definitive answer?
    
    The Canadian telecom regulator (the CRTC) has been mumbling about Do Not
    Call for some years. Perhaps they should get together with their southern
    counterparts and arrange a common site and database. On second thought,
    maybe they should just go for a friendlier message.
    
    ------------------------------
    
    Date: Tue, 15 Jul 2003 10:11:13 -0700
    From: Erik Klavon <erikat_private>
    Subject: Washing machine does the right thing after power outage
    
    Readers of RISKS are now doubt familiar with some of the less then graceful
    ways in which technology fails in the event of a brown or black out. When
    the electricity to my apartment building went out recently, I thought I
    might experience just such a failure.
    
    Five minutes prior to losing power, I had started a load of laundry in the
    shared washing machine on my floor. The laundry machines in my complex use a
    smart card system for payment as opposed to coins. The machines have a
    digital control system that displays the remaining time and the cycle on an
    LCD display. After power was lost I checked the machine to verify that it
    had lost power. No display, not noise and no overhead light in the laundry
    room. I figured I was out US$1.25, good for the recently increased bus fare
    in San Francisco.
    
    When power was restored, I returned to the laundry room to find that the
    machine had restarted and was prompting me to select a cycle. It appears the
    designers had thought about the problem of losing power mid cycle and
    decided to start the cycle over after user input once power had been
    restored. This is the right thing when you consider a repair person who
    wouldn't want the machine starting by itself unexpectedly when power is
    restored after electrical work.
    
    ------------------------------
    
    Date: Wed, 9 Jul 2003 22:06:16 -0400
    From: Monty Solomon <montyat_private>
    Subject: Sony recalling some Vaio laptops for shock risk
    
    Sony is recalling some Vaio FRV laptops because of a static-electric shock
    hazard, which can occur if and your phone rings whenever the laptop is
    plugged in and and connected to a grounded peripheral, the phone line is
    disabled, and you are touching a metal part of the laptop.  No injuries have
    been recorded, and fewer than 10 complaints.  (PGN-ed from 9 Jul 2003
    Reuters item)
      http://finance.lycos.com/home/news/story.asp?story=34798831
    
    ------------------------------
    
    Date: Fri, 11 Jul 2003 09:43:19 -0600
    From: Thomas Wicklund <wicklundat_private>
    Subject: Re: "Soft walls" = dangerous avionics? (DeForest, RISKS-22.79)
    
    The "soft walls" idea of steering planes away from restricted airspace
    leaves the question of what constitutes "restricted" airspace? After
    adding all possible terrorist targets, I can imagine a flight into a
    large east coast city weaving through the narrow "safe" course to the 
    airport but leaving the airlines bankrupt paying for air sickness bags.
    
    Of course, the airport itself is a terrorist target and should be
    restricted, right?
    
    ------------------------------
    
    Date: Wed, 9 Jul 2003 19:23:05 -0400
    From: Robert Woodhead <treborat_private>
    Subject: Re: "Soft walls" = dangerous avionics? (DeForest, RISKS-22.79)
    
    > ... and it only takes one airplane with the soft-wall avionics missing or
    > disabled, to defeat the purpose of the whole system.
    
    Not to mention subverting the code so that at a particular date and 
    time, the logic inverted and the exclusion zones became the only 
    place where the airplanes would fly...
    
    ------------------------------
    
    Date: Tue, 08 Jul 2003 22:53:41 -0700
    From: Crispin Cowan <crispinat_private>
    Subject: Re: RFID Site Security Gaffe ... (Solomon, RISKS-22.79)
    
    Hmmm ... How well do RFID embedded chips survive exposure to stun guns, 
    cattle prods or other colorful toys? 
    http://www.violetwands.com/entrance.html
    
    I'm not above wanding my groceries with some high voltage to preserve some
    privacy. Chips can be hardened, but radio chips would seem to be more
    difficult to harden against high voltage.
    
    Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
    Chief Scientist, Immunix  http://immunix.com  http://www.immunix.com/shop/
    
    ------------------------------
    
    Date: Sun, 13 Jul 2003 15:26:31 +0200
    From: "Josef Janko" <josef.jankoat_private>
    Subject: Re: The risks of assuming things: German payrolls (DWW, RISKS-22.79)
    
    It must be a wonderful picture imagining how thousands of software
    developers delay their vacations to provide a poor public servant like DWW
    with her paycheck in time... However, recalling my experience with the
    Berlin local government, the reality is not so dramatic. The payment system
    now is not more "wacky" than it was 28 years ago, when I first came into
    contact with it. Every year the government and the unions have "concocted"
    changes like these, and without a word the additional money has been paid
    one, two, or even three months later. So where is the problem, the reason
    for this outburst? The problem is, that for the first time after WW II in
    Germany public servants have to work more and get less for that - from my
    point of view only a fair deal under the circumstance that their jobs
    guaranteed. It is not a problem of IT: it is a problem of perception - being
    forced to face the reality outside the ivory tower.
    
    ------------------------------
    
    Date: Tue, 15 Jul 2003 07:59:12 -0800
    From: Rob Slade <rsladeat_private>
    Subject: REVIEW: "Computer and Intrusion Forensics", George Mohay et al.
    
    BKCMINFO.RVW   20030605
    
    "Computer and Intrusion Forensics", George Mohay et al., 2003,
    1-58053-369-8, U$79.00
    %A   George Mohay
    %A   Alison Anderson
    %A   Byron Collie
    %A   Olivier de Vel
    %A   Rodney McKemmish
    %C   685 Canton St., Norwood, MA   02062
    %D   2003
    %G   1-58053-369-8
    %I   Artech House/Horizon
    %O   U$79.00 800-225-9977 fax: +1-617-769-6334 artech@artech-house.com
    %O  http://www.amazon.com/exec/obidos/ASIN/1580533698/robsladesinterne
        http://www.amazon.co.uk/exec/obidos/ASIN/1580533698/robsladesinte-21
    %O   http://www.amazon.ca/exec/obidos/ASIN/1580533698/robsladesin03-20
    %P   395 p.
    %T   "Computer and Intrusion Forensics"
    
    The traditional data recovery aspect of computer forensics has been covered
    by Kruse and Heiser in "Computer Forensics" (cf. BKCMPFRN.RVW), and by
    Caloyannides in "Computer Forensics and Privacy" (cf. BKCMFRPR.RVW) (and
    somewhat less ably by Casey [cf.  BKCMCRIN.RVW], Kovavish and Boni
    [cf. BKHTCRIH.RVW], Icove, Seger, and VonStorch [cf. BKCMPCRM.RVW], Marcella
    and Greenfield [cf.  BKCYBFOR.RVW], van Wyk and Forna [cf. BKINCRES.RVW],
    and Mandia and Procise [cf. BKINCDRS.RVW]).
    
    So far network forensics has only been specifically dealt with in the
    not-terribly-useful "Hacker's Challenge," by Schiffman (cf. BKHKRCHL.RVW).
    
    "Computer and Intrusion Forensics" is the first attempt to bring both topics
    into a single book.  (It is intriguing to note that Eugene Spafford, who
    wrote the foreword, is a pioneer of the "third leg": software forensics,
    which the book does not cover.)
    
    Chapter one is an introduction to computer and network (intrusion)
    forensics, pointing out the ways that computers can be involved in the
    commission of crimes and the requirements for obtaining and preserving
    evidence in such cases.  While the material provides a good foundation, the
    text is inflated in many places, and could benefit from stricter adherence
    to the topic and more focused writing.  (One illustration shows a pattern of
    concentric rings indicating that the set of productive activities
    encompasses all legal endeavors which, in turn, encompasses all approved
    actions.  I suspect that a great many legal and even approved activities are
    unproductive--while no doubt a number of illegal activities would be
    approved, at times.)  "Current Practice," in chapter two, is a broad
    overview of the concerns, technologies, applications, procedures, and
    legislation bearing on digital evidence recovery from computers.  In fact,
    this single chapter is the equivalent of, and sometimes superior to, a
    number of the computer forensics books mentioned above.  However, the
    breadth of the discussion does come at the expense of depth.  This content
    is quite suitable for the information security, or even legal, professional
    who needs to understand the field of computer forensics, but it does not
    have the detail that a practitioner may require.  Although chapter three is
    supposed to deal with computer forensics in law enforcement (and there is a
    brief section on the rules of evidence), it is primarily a reiteration (and
    some expansion) of the procedures for data recovery and the software tools
    available for this task.  Forensic accounting, and the algorithms that can
    be used to detect fraud, are outlined in chapter four, but very little is
    directly relevant to computer forensics as such.  Case studies,
    demonstrating the techniques discussed earlier and some that are not, are
    described in chapter five.  Intrusion forensics concentrates on intrusion
    detection systems (IDS), although it does not provide a very clear or
    complete explanation of the distinctions in data collection (host- or
    network-based) or analysis engines (rule, signature, anomaly, or
    statistical).  Chapter seven finishes off the book with a list of computer
    forensic research which is being, or should be, undertaken.
    
    While the computer forensic content is sound, and it is heartening to see
    other fields being included, the very limited work on network forensics is
    disappointing.  This text is a useful reference for those needing background
    material on forensic technologies, but breaks no new ground.
    
    copyright Robert M. Slade, 2003   BKCMINFO.RVW   20030605
    rsladeat_private      sladeat_private      rsladeat_private
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    ------------------------------
    
    Date: 30 May 2003 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .UK users should contact <Lindsay.Marshallat_private>.
    => SPAM challenge-responses will not be honored.  Instead, use an alternative 
     address from which you NEVER send mail!
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES: http://www.sri.com/risks
     http://www.risks.org redirects you to the Lindsay Marshall's Newcastle archive
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue]
       Lindsay has also added to the Newcastle catless site a palmtop version 
       of the most recent RISKS issue and a WAP version that works for many but 
       not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 22.80
    ************************
    



    This archive was generated by hypermail 2b30 : Wed Jul 16 2003 - 16:37:56 PDT