[risks] Risks Digest 22.87

From: RISKS List Owner (riskoat_private)
Date: Thu Aug 21 2003 - 14:48:26 PDT

  • Next message: RISKS List Owner: "[risks] Risks Digest 22.88"

    RISKS-LIST: Risks-Forum Digest  Thursday 21 August 2003  Volume 22 : Issue 87
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at http://www.risks.org as
      http://catless.ncl.ac.uk/Risks/22.87.html
    The current issue can be found at
      http://www.csl.sri.com/users/risko/risks.txt
    
      Contents:
    Nasty elevator death at Houston hospital
    Missing full-stop halts NZX trading (Gavin Treadgold)
    Safe! until the 22st century? (Wendell Cochran)
    Of course, it couldn't happen again!/The Road to Vulnerability (H.L.Hausen)
    Tampa Police disband face-recognition software (PGN)
    Botched 911 call led to man's death (Ben Moore)
    Blackout: definitely not terrorists! (Martin Ward)
    Robert X. Cringely on India, outsourcing, and IT productivity (PGN)
    Lots of railroad traffic affected by so-big (Danny Burstein)
    Increase in bounces from forgeries due to virus (PGN)
    Sobig.F (Rob Slade)
    Sobig side effects (Jim Griffith)
    Firewall reject rates (Mike Hogsett)
    "Good" Worm Fixes Infected Computers (Jim Schindler)
    Send PIF files in ZIP attachment to avoid virus detectors? (Olivier Dagenais)
    Do-Not-Spam list effort will be futile (NewsScan)
    The Risks of Miniaturisation (Gene Wirchenko)
    Update on NZ payphone failures (Don Mackie)
    Out of context numbers: It wasn't quite THAT bad... (Andrew Greene)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Mon, 18 Aug 2003 09:15:19 -0700 (PDT)
    From: "Peter G. Neumann" <neumannat_private>
    Subject: Nasty elevator death at Houston hospital
    
    More for the "THIS CAN'T POSSIBLY HAPPEN" file:
    
    Hitoshi Kikaidow, a surgical resident at Christus St. Joseph Hospital in
    Houston, was caught by a hospital elevator door as he stepped in, and was
    decapitated as the elevator ascended.  A female hospital employee was in
    malfunctioning the elevator at the time, and was trapped until rescued by
    firefighters.  Incidents with elevators and escalators kill about 30 people
    and injure about 17,000 each year, according to the U.S. Bureau of Labor
    Statistics' Census of Fatal Occupational Injuries and more recent Consumer
    Product Safety Commission data.  [PGN-ed from two sources]
    
    *Houston Chron*:
    http://www.chron.com/cs/CDA/ssistory.mpl/metropolitan/2053346
    
    *Newsday* AP item:
    http://www.newsday.com/news/nationworld/wire/
    sns-ap-brf-doctor-decapitated,0,5206582.story?coll=sns-ap-nationworld-headlines
    
    And don't forget the "THIS CAN'T POSSIBLY HAPPEN AGAIN" file.
    
    RISKS reported the earlier cases in Ottawa in which, following the first
    death in Apr 1989 (RISKS-8.48,49,50,52,54), a second death in Jun 1989
    (RISKS-8.77) occurred; the known flaw in the 1954 Otis elevator door
    interlock logic causing the first death had remained uncorrected
    (RISKS-9.01).  We also previously reported the Houston elevator that failed
    in the floods caused by Tropical Storm Allison and by default went down to
    the BOTTOM, drowning its occupant (RISKS-21.47).  I recall another case in
    which elevator power failed because of a fire on the top floor, and the
    elevator by default went to the TOP floor, roasting its occupants, but I
    cannot find that case in our archives.
    
    ------------------------------
    
    Date: Thu, 21 Aug 2003 11:23:19 +1200
    From: "Gavin Treadgold" <gavat_private>
    Subject: Missing full-stop halts NZX trading
    
    A missing full-stop in a piece of code for a trivial change to a software
    program reportedly started the chain of events that brought New Zealand's
    sharemarket to a halt yesterday.
    http://www.nzherald.co.nz/business/businessstorydisplay.cfm?storyID=3519114
    
    Computer glitch halts stock exchange trading
    http://www.stuff.co.nz/stuff/0,2106,2633746a13,00.html
    
    A faulty computer program at New Zealand's biggest share registrar halted
    trading on the stock exchange for more than five hours yesterday.
    
    I guess that's got to be one of the smallest software bugs around :)
    
    ------------------------------
    
    Date: Tue, 19 Aug 2003 15:25:20 -0700
    From: Wendell Cochran <atrypaat_private>
    Subject: Safe! until the 22st century?
    
    `Disaster Plans Get New Scrutiny After Blackout' runs a headline in *The New
    York Times*, 19 Aug 2003, C1.  Alas, some company managers seem to evaluate
    risk in risky ways.
    
    "Some customers learn from experience," reports John Schwartz of *The
    Times*, paraphrasing Don DeMarco, vice president for business continuity &
    recovery services at IBM, `but seem to learn the wrong lesson.  He described
    a corporate client that survived a major flood with the help of his
    company's disaster recovery services, and then declined to renew its
    contract for the following year.
    
    `Mr. DeMarco said he was aghast.  "Are you kidding?" he recalled asking.
    "We just saved your company."
    
    `The client, however, was unmoved.  "We're in a hundred-year flood zone,"
    Mr. DeMarco recalled him saying, "and it just happened."
    
    ------------------------------
    
    Date: Mon, 18 Aug 2003 10:43:40 +0200
    From: "H.L.Hausen" <hausenat_private>
    Subject: Of course, it couldn't happen again!/The Road to Vulnerability
    
    Some years ago I visited the Darlington PowerPlant in Ontario and I was
    surprised that the Power Grid Control System of the Niagara-Mohawk power
    grid did not include a "25% safety reserve" as usual. The software engineers
    there told me that the software has been proven to be safe and reliable and
    so that sort of traditional risk prevention was not necessary.  Is it that
    sometimes software engineers don't like to listen to traditional engineering
    professionals?  Wasn't there a problem with the Darlington control software
    some time ago?  I assume a deeper investigation into the Grid Control is
    necessary.
    
      [For previous RISKS items on Darlington, see RISKS-9.64, 11.08, 11.12,
      11.96, 12.49, 15.13, 15.59, 15.81, 17.47.  PGN]
    
    ------------------------------
    
    Date: Wed, 20 Aug 2003 09:47:51 -0500
    From: "Peter G. Neumann" <neumannat_private>
    Subject: Tampa Police disband face-recognition software
    
    The Tampa Police Department has eliminated the facial-recognition software
    hooked up to cameras scanning crowds in public places in Ybor City, after
    two years, with zero arrests and zero positive identifications, with a
    database of 30,000 mug shots of criminals and runaway children.
    [Source: *Tampa Tribune*, 20 Aug 2003]
      http://www.tampatribune.com/MGA0TF0TKJD.html
    
    ------------------------------
    
    Date: Sun, 17 Aug 2003 19:52:21 GMT
    From: Ben Moore <ben.mooreat_private>
    Subject: Botched 911 call led to man's death
    
    A 911 dispatcher in Buncome County, North Carolina, clicked on a box to
    transfer the house address of a caller into the Computer Aided Dispatch
    system.  But that system, installed in March 2003, did not yet have
    information on all Buncombe County roads, and suggested an incorrect
    alternative (Briarcliff Drive, instead of Lane, in West Asheville), which
    the dispatcher accepted.  As a result, the paramedics were significantly
    delayed and the self-inflicted victim died.  Attempts are now being made to
    complete the database.  [Source: article by Tonya Maxwell, 15 Aug 2003,
    *Citizen-Times*; PGN-ed]
      http://cgi.citizen-times.com/cgi-bin/story/40174
    
    ------------------------------
    
    Date: Mon, 18 Aug 2003 10:29:45 +0100
    From: Martin Ward <Martin.Wardat_private>
    Subject: Blackout: definitely not terrorists!
    
    Did anyone else notice this?  All the early reports about the blackout said
    that they had *no* idea of the cause, or even in which country it originated
    (with Canada and the USA both pointing the finger at each other).  But
    officials are absolutely certain that it was *not* caused by terrorist
    activity. Some reports were slightly more honest in saying that "we have no
    evidence of terrorist activity": not surprising since they had no evidence
    of *any* cause whatsoever. If "no evidence of terrorist activity" is the
    same as "definitely no terrorist activity", then the blackout definitely did
    not occur (because there is no evidence of *any* cause). Any actual loss of
    electricity you appear to observe is therefore merely the result of a
    deranged imagination...
    
    Martin.Wardat_private http://www.cse.dmu.ac.uk/~mward/
    
    ------------------------------
    
    Date: Sat, 16 Aug 2003 07:45:14 -0400
    From: "Peter G. Neumann" <neumannat_private>
    Subject: Robert X. Cringely on India, outsourcing, and IT productivity
    
    Those of you interested in problems associated with outsourcing might be
    interested in this article:
    
      May the Source Be With You: IT Productivity Doesn't Have to Be an
      Oxymoron, but Outsourcing Isn't the Way to Achieve It, 
      by Robert X. Cringely
        http://www.pbs.org/cringely/pulpit/pulpit20030814.html
    
    Cringely has a fascinating Web site.  He also invites you at that URL to
    send this article to others, but I thought my including it in its entirety
    in a RISKS issue would be a little excessive, so I am merely posting the URL
    here.
    
    ------------------------------
    
    Date: Wed, 20 Aug 2003 19:00:04 -0400 (EDT)
    From: danny burstein <dannybat_private>
    Subject: Lots of railroad traffic affected by so-big
    
    Computer Virus Strikes CSX Transportation Computers
    Freight and Commuter Service Affected, 20 Aug 2003
    
    CSX Transportation's (CSXT) information technology systems experienced
    significant slowdowns early today after a computer virus infected the
    network. The cause was believed to be a worm virus similar to those that
    have infected the systems of other major companies and agencies in recent
    days.  The infection resulted in a slowdown of major applications, including
    dispatching and signal systems. As a result, passenger and freight train
    traffic was halted immediately, including the morning commuter train service
    in the metropolitan Washington, D.C., area. Contrary to initial reports, the
    signal system for train operations was not the source of the
    problem. Rather, the virus disrupted the CSXT telecommunications network
    upon which certain systems rely, including signal, dispatching and other
    operating systems.  [...]
      http://www.csx.com/?fuseaction=company.news_detail&i=45722&news_year=-1
    
    ------------------------------
    
    Date: Tue, 19 Aug 2003 14:49:35 PDT
    From: "Peter G. Neumann" <neumannat_private>
    Subject: Increase in bounces from forgeries due to virus
    
    Incidentally, the number of bounces from messages sent with forged FROM:
    addresses (appearing to come from me and various others of you who are
    remarking thereupon) seems to have taken a huge quantum leap in the past few
    days.  I'm suddenly getting even more bounces than usual, due to the new
    W32.Sobig.F virus.  My regrets if you are getting any such forged e-mail.
    However, it is not coming from my mailer, because I do not use *any*
    Microsoft software.  Just look at the last RECEIVED: line (unless your
    stupid mailer hides it!).
    
    Typical subject lines include these:
      Re: Details
      Re: Approved
      Re: Re: My details
      Re: Thank you!
      Re: That movie
      Re: Wicked screensaver
      Re: Your application
      Thank you!
      Your details
    and attachments such as:
      application.zip
      details.zip
      document_....zip
      movie....zip
      thank_you.zip
      your_details.zip
      your_document.zip
      wicked_scr.zip
    
    You can read more about this virus online at:
      http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.fat_private
    
    ------------------------------
    
    Date: Thu, 21 Aug 2003 11:05:42 -0800
    From: Rob Slade <rsladeat_private>
    Subject: Sobig.F
    
    Sobig load is increasing: over the past 15 hours I've received 52 copies in
    my inbox, up from yesterday's 47 in 20 hours (and, as previously noted, well
    exceeding the previous record for Klez at its height).  (On the slightly
    bright side, spammers seem to have been affected: other spam seems slightly
    down today :-)
    
    As noted, Sobig uses its own SMTP engine, and spoofs both the From and
    Return-Path headers on a random basis, so that is no indication.  However,
    the message body is always "Please see the attached file for details." so
    that is a reliable indicator.  In addition, I've had a look at more headers,
    and the following two seem to appear in every copy I've received:
    
      X-MailScanner: Found to be clean
      X-Mailer: Microsoft Outlook Express 6.00.2600.0000
    
    *PLEASE* spread the word: DO NOT OPEN ATTACHMENTS.  If in doubt, don't.
    Sobig uses no special technology beyond this rather simplistic social
    engineering.  (Can anyone tell me: is there any content scanner lazy enough
    to be bypassed by the X-MailScanner header?)
    
      http://www.sophos.com/virusinfo/analyses/w32sobigf.html
      http://www.f-secure.com/v-descs/sobig_f.shtml
    
    rsladeat_private      sladeat_private      rsladeat_private
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    ------------------------------
    
    Date: Thu, 21 Aug 2003 13:57:21 -0500
    From: griffithat_private (Jim Griffith)
    Subject: Sobig side effects
    
    Unlike Blaster and other past worms and viruses, the rec.humor.funny
    moderating addresses have been hammered by the Sobig worm.  In the past
    48 hours, I've seen some 3500 worm-related e-mail messages sent to the
    three or four moderating addresses that I use, resulting in a DOS of
    e-mail and submission processing.  As this worm does the "send the worm
    out as if from someone else" trick, and as the RHF addresses have been
    around for years, the worm is apparently masquerading as coming from me
    in a lot of instances, despite the fact that the RHF machines run LINUX
    and are immune to it.  So a fair number of the worm-related pieces of
    e-mail are mail bounces and quarantine messages generated by other sites'
    anti-virus software.
    
    Most annoying is that some of the addresses targeted by the worm are mailing
    list subscription addresses.  While many of them are smart enough to either
    look for keywords like SUBSCRIBE or require confirmation, some of them are
    not.  As a result, I find that the RHF-related addresses are now subscribed
    to mailing lists devoted to jokes, religious and political topics, and one
    which discusses issues important to Raelians.  I've also found that I've
    apparently opened customer support tickets with any number of companies as
    well.
    
    It's disappointing that despite the surge in e-mail viruses in past years,
    many systems still allow actions to be triggered by a single e-mail, with no
    outside confirmation required.
    
    ------------------------------
    
    Date: Tue, 19 Aug 2003 14:07:14 -0700
    From: Mike Hogsett <hogsettat_private>
    Subject: Firewall reject rates
    
    The following are the file sizes for our compressed daily firewall logs.
    There are a few interesting dates.  The spike for 26 Jan 2003 is the SQL
    Slammer worm.  The increase in early March is an exploit for port 445 on MS
    products.  Finally the major spike on Aug 12 is Blaster.
    
    So, we have gone from about 2Mbytes/day of compressed log data at the
    beginning of the year to about 20Mbytes/day now.  There is no end in sight.
    [There is no site to end.  PGN]
    
     1-Jan-2003	 2M	**
     2-Jan-2003	 2M	**
     3-Jan-2003	 2M	**
     4-Jan-2003	 3M	***
     5-Jan-2003	 1M	*
     6-Jan-2003	 2M	**
     7-Jan-2003	 2M	**
     8-Jan-2003	 3M	***
     9-Jan-2003	 3M	***
    10-Jan-2003	 3M	***
    11-Jan-2003	 3M	***
    12-Jan-2003	 3M	***
    13-Jan-2003	 3M	***
    14-Jan-2003	 3M	***
    15-Jan-2003	 3M	***
    16-Jan-2003	 3M	***
    17-Jan-2003	 2M	**
    18-Jan-2003	 3M	***
    19-Jan-2003	 3M	***
    20-Jan-2003	 3M	***
    21-Jan-2003	 2M	**
    22-Jan-2003	 2M	**
    23-Jan-2003	 3M	***
    24-Jan-2003	 3M	***
    25-Jan-2003	 9M	*********
    26-Jan-2003	24M	************************
    27-Jan-2003	 8M	********
    28-Jan-2003	 5M	*****
    29-Jan-2003	 4M	****
    30-Jan-2003	 3M	***
    31-Jan-2003	 2M	**
     1-Feb-2003	 3M	***
     2-Feb-2003	 3M	***
     3-Feb-2003	 2M	**
     4-Feb-2003	 3M	***
     5-Feb-2003	 2M	**
     6-Feb-2003	 3M	***
     7-Feb-2003	 3M	***
     8-Feb-2003	 4M	****
     9-Feb-2003	 3M	***
    10-Feb-2003	 4M	****
    11-Feb-2003	 3M	***
    12-Feb-2003	 3M	***
    13-Feb-2003	 3M	***
    14-Feb-2003	 3M	***
    15-Feb-2003	 3M	***
    16-Feb-2003	 3M	***
    17-Feb-2003	 3M	***
    18-Feb-2003	 3M	***
    19-Feb-2003	 3M	***
    20-Feb-2003	 3M	***
    21-Feb-2003	 2M	**
    22-Feb-2003	 3M	***
    23-Feb-2003	 3M	***
    24-Feb-2003	 3M	***
    25-Feb-2003	 3M	***
    26-Feb-2003	 4M	****
    27-Feb-2003	 3M	***
    28-Feb-2003	 3M	***
     1-Mar-2003	 3M	***
     2-Mar-2003	 2M	**
     3-Mar-2003	 3M	***
     4-Mar-2003	 4M	****
     5-Mar-2003	 4M	****
     6-Mar-2003	 4M	****
     7-Mar-2003	 5M	*****
     8-Mar-2003	 6M	******
     9-Mar-2003	11M	***********
    10-Mar-2003	12M	************
    11-Mar-2003	11M	***********
    12-Mar-2003	10M	**********
    13-Mar-2003	11M	***********
    14-Mar-2003	12M	************
    15-Mar-2003	10M	**********
    16-Mar-2003	10M	**********
    17-Mar-2003	 9M	*********
    18-Mar-2003	 9M	*********
    19-Mar-2003	10M	**********
    20-Mar-2003	11M	***********
    21-Mar-2003	12M	************
    22-Mar-2003	10M	**********
    23-Mar-2003	11M	***********
    24-Mar-2003	 6M	******
    25-Mar-2003	10M	**********
    26-Mar-2003	10M	**********
    27-Mar-2003	10M	**********
    28-Mar-2003	12M	************
    29-Mar-2003	11M	***********
    30-Mar-2003	10M	**********
    31-Mar-2003	 9M	*********
     1-Apr-2003	12M	************
     2-Apr-2003	13M	*************
     3-Apr-2003	11M	***********
     4-Apr-2003	10M	**********
     5-Apr-2003	10M	**********
     6-Apr-2003	13M	*************
     7-Apr-2003	 9M	*********
     8-Apr-2003	11M	***********
     9-Apr-2003	11M	***********
    10-Apr-2003	11M	***********
    11-Apr-2003	11M	***********
    12-Apr-2003	12M	************
    13-Apr-2003	12M	************
    14-Apr-2003	11M	***********
    15-Apr-2003	12M	************
    16-Apr-2003	12M	************
    17-Apr-2003	10M	**********
    18-Apr-2003	11M	***********
    19-Apr-2003	11M	***********
    20-Apr-2003	10M	**********
    21-Apr-2003	10M	**********
    22-Apr-2003	11M	***********
    23-Apr-2003	13M	*************
    24-Apr-2003	13M	*************
    25-Apr-2003	13M	*************
    26-Apr-2003	12M	************
    27-Apr-2003	10M	**********
    28-Apr-2003	11M	***********
    29-Apr-2003	15M	***************
    30-Apr-2003	11M	***********
     1-May-2003	11M	***********
     2-May-2003	10M	**********
     3-May-2003	11M	***********
     4-May-2003	10M	**********
     5-May-2003	 9M	*********
     6-May-2003	12M	************
     7-May-2003	11M	***********
     8-May-2003	10M	**********
     9-May-2003	 9M	*********
    10-May-2003	10M	**********
    11-May-2003	 9M	*********
    12-May-2003	 9M	*********
    13-May-2003	13M	*************
    14-May-2003	10M	**********
    15-May-2003	10M	**********
    16-May-2003	10M	**********
    17-May-2003	11M	***********
    18-May-2003	 9M	*********
    19-May-2003	10M	**********
    20-May-2003	10M	**********
    21-May-2003	11M	***********
    22-May-2003	 9M	*********
    23-May-2003	10M	**********
    24-May-2003	12M	************
    25-May-2003	10M	**********
    26-May-2003	11M	***********
    27-May-2003	10M	**********
    28-May-2003	13M	*************
    29-May-2003	10M	**********
    30-May-2003	11M	***********
    31-May-2003	10M	**********
     1-Jun-2003	 7M	*******
     2-Jun-2003	 8M	********
     3-Jun-2003	11M	***********
     4-Jun-2003	10M	**********
     5-Jun-2003	11M	***********
     6-Jun-2003	10M	**********
     7-Jun-2003	12M	************
     8-Jun-2003	12M	************
     9-Jun-2003	12M	************
    10-Jun-2003	14M	**************
    11-Jun-2003	12M	************
    12-Jun-2003	13M	*************
    13-Jun-2003	10M	**********
    14-Jun-2003	11M	***********
    15-Jun-2003	 9M	*********
    16-Jun-2003	10M	**********
    17-Jun-2003	14M	**************
    18-Jun-2003	13M	*************
    19-Jun-2003	13M	*************
    20-Jun-2003	11M	***********
    21-Jun-2003	11M	***********
    22-Jun-2003	 9M	*********
    23-Jun-2003	 9M	*********
    24-Jun-2003	11M	***********
    25-Jun-2003	12M	************
    26-Jun-2003	10M	**********
    27-Jun-2003	12M	************
    28-Jun-2003	14M	**************
    29-Jun-2003	11M	***********
    30-Jun-2003	10M	**********
     1-Jul-2003	14M	**************
     2-Jul-2003	 9M	*********
     3-Jul-2003	10M	**********
     4-Jul-2003	11M	***********
     5-Jul-2003	11M	***********
     6-Jul-2003	 8M	********
     7-Jul-2003	 9M	*********
     8-Jul-2003	14M	**************
     9-Jul-2003	10M	**********
    10-Jul-2003	 8M	********
    11-Jul-2003	 9M	*********
    12-Jul-2003	10M	**********
    13-Jul-2003	 7M	*******
    14-Jul-2003	 8M	********
    15-Jul-2003	12M	************
    16-Jul-2003	10M	**********
    17-Jul-2003	 9M	*********
    18-Jul-2003	10M	**********
    19-Jul-2003	 8M	********
    20-Jul-2003	 9M	*********
    21-Jul-2003	 8M	********
    22-Jul-2003	11M	***********
    23-Jul-2003	 9M	*********
    24-Jul-2003	 8M	********
    25-Jul-2003	 9M	*********
    26-Jul-2003	 8M	********
    27-Jul-2003	 8M	********
    28-Jul-2003	 7M	*******
    29-Jul-2003	12M	************
    30-Jul-2003	 9M	*********
    31-Jul-2003	 9M	*********
     1-Aug-2003	 9M	*********
     2-Aug-2003	 8M	********
     3-Aug-2003	 7M	*******
     4-Aug-2003	 7M	*******
     5-Aug-2003	11M	***********
     6-Aug-2003	 8M	********
     7-Aug-2003	 7M	*******
     8-Aug-2003	 8M	********
     9-Aug-2003	 6M	******
    10-Aug-2003	 7M	*******
    11-Aug-2003	 7M	*******
    12-Aug-2003	44M	********************************************
    13-Aug-2003	35M	***********************************
    14-Aug-2003	24M	************************
    15-Aug-2003	20M	********************
    16-Aug-2003	15M	***************
    17-Aug-2003	11M	***********
    18-Aug-2003	12M	************
    19-Aug-2003	26M	**************************
    
    ------------------------------
    
    Date: Mon, 18 Aug 2003 20:10:24 -0700
    From: Jim Schindler <Jimschinat_private>
    Subject: "Good" Worm Fixes Infected Computers
    
    A new Internet worm emerged today that is designed to seek out and fix any
    computer that remains vulnerable to "Blaster," the worm that attacked more
    than 500,000 computers worldwide last week.  The new worm scours the
    Internet for computers already infected with Blaster and deletes the "bad"
    worm, according to two anti-virus software vendors.  The worm then fixes the
    computers with one of eight software patches developed by Microsoft Corp,
    and it uses infected computers as a base for searching the Internet for
    other vulnerable systems.  Blaster and the new worm both target
    vulnerabilities in recent versions of Windows XP, Windows 2000 and Windows
    NT 4.0.  Even though the new worm is "good," it can cause plenty of trouble
    for computer users ...  Buried within the code of the new worm is the
    message: "I love my wife & baby :-) ~~ Welcome Chian ~~ Notice: 2004 will
    remove myself:-)~~ sorry."  [From the titled article by Brian Krebs, *The
    Washington Post*, 18 Aug 2003]
    
    ------------------------------
    
    Date: Wed, 20 Aug 2003 21:52:15 -0400
    From: "Olivier Dagenais" <olivier_dagenaisat_private>
    Subject: Send PIF files in ZIP attachment to avoid virus detectors?
    
    With the recent rebirth of the Sobig virus/worm, I have found myself on the
    receiving end of many messages being bounced back, saying I reached accounts
    that do not exist, are over quota or that do not allow certain attachments
    to come through, such as in the following response:
    
      This message has been rejected because it has a potentially executable
      attachment "thank_you.pif" This form of attachment has been used by recent
      viruses or other malware.  If you meant to send this file then please
      package it up as a zip file and resend it.
    
    The RISKS?  How long until a virus sends itself in a ZIP file attachment,
    thereby bypassing traditional virus detection routines and people implicitly
    trusting said attachments and their contents?  (doesn't most ZIP software
    make ZIPs transparent to the users, anyway?)
    
    Oh, and did I mention that the bounced message also included said
    "potentially executable attachment"?  What a great virus re-distribution
    mechanism!
    
    (IIRC) PIF files were the precursors to shortcuts and never were meant to
    contain executable code, so why EVER trust them as executable code?
    (although banning them is a risk in itself, if some unfortunate soul were to
    write a program to manage, say, personal information files...)
    
    ------------------------------
    
    Date: Wed, 20 Aug 2003 09:16:15 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: Do-Not-Spam list effort will be futile
    
    Federal Trade Commission Chairman Timothy Muris says that even if efforts in
    Congress to establish a "do-not-spam" list succeed, that won't fix the
    problem of unwanted junk mail. "If such a list were established, I'd advise
    customers not to waste their time and effort. Most spam is already so
    clearly illegitimate that the senders are no more likely to comply with new
    regulations than with the laws they now ignore." The drive toward setting up
    a "do-not-spam" list has picked up steam following the popularity of the
    FTC's recently established "do-not-call" registry for people who want to
    stop telemarketing calls. Muris says the magnitude of the problem and the
    fact that "spammers can easily hide their identities and cross international
    borders," makes government regulation extremely difficult.  "In the end,
    spam will be reduced, if at all, through several technological improvements,
    as well as safer computing practices by others."  [AP 19 Aug 2003; NewsScan
    Daily, 20 August 2003]
      http://apnews.excite.com/article/20030819/D7T1A63G3.html
    
    ------------------------------
    
    Date: Sun, 17 Aug 2003 12:30:24 -0700
    From: Gene Wirchenko <genewat_private>
    Subject: The Risks of Miniaturisation
    
    I recently lost some very useful data.  It was on a USB memory stick.  As
    far as I can tell, I forgot to remove the itty-bitty memory stick before
    leaving a college workstation.  I did get the memory stick back, but it
    occurred to me how very unlikely I would be to forget with something bigger.
    I now attach the memory stick to my pants with the cord that came with it.
    
    ------------------------------
    
    Date: Tue, 19 Aug 03 21:42:04 +1200
    From: Don Mackie <donaldat_private>
    Subject: Update on NZ payphone failures (RISKS-22.86)
    
    Some more details in the story at:
    
      http://www.nzherald.co.nz/storydisplay.cfm
      ?storyID=3518759&thesection=business&thesubsection=technology
    
    I had never heard of The Centre for Critical Infrastructure Protection
    before. I work in health and am involved in some disaster preparedness
    committees. Probably my own fault for not asking. They seem to be more
    interested in information systems infrastructure than water/power. 
    
    Don Mackie <www.ccip.govt.nz>
    
      [Error in Subject line in RISKS-22.86 is corrected in archives.  PGN]
    
    ------------------------------
    
    Date: Wed, 20 Aug 2003 12:54:48 -0400
    From: agreeneat_private (Andrew Greene)
    Subject: Out of context numbers: It wasn't quite THAT bad...
    
    PGN's summary in RISKS-22.85 included the sentence: "At least 50 million
    people were affected."  But according to *The New York Times* ("How Many in
    the Dark? Evidently Not 50 Million" by Mike McIntire, 17 Aug 2003, currently
    at http://www.nytimes.com/2003/08/17/nyregion/17NUMB.html), that number was
    actually the total population of the overall geographical areas served by
    utility companies that were affected, and could be taken as a hard upper
    limit on the number of customers affected. However, the number was lifted
    out of context and then got exaggerated by politicians and news reporters
    looking to make a big story sound even more impressive:
    
      "Approximately 61,800 megawatts of customer load was lost in an area that
      covers 50 million people. ... We cannot say with precision how many
      customers were affected at this time."  [...]  For instance, in the New
      York region, where approximately 18 million people live, nearly 20 percent
      of the available electricity remained on, according to the New York
      Independent System Operator, which monitors electrical usage.
    
        [Andrew, Just because someone was not out of power does not mean that
        person was not affected.  But you are quite correct.  The quoted 50
        million number was erroneously qualified.  TNX.  PGN]
    
    ------------------------------
    
    Date: 30 May 2003 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .UK users should contact <Lindsay.Marshallat_private>.
    => SPAM challenge-responses will not be honored.  Instead, use an alternative 
     address from which you NEVER send mail!
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES: http://www.sri.com/risks
     http://www.risks.org redirects you to the Lindsay Marshall's Newcastle archive
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue]
       Lindsay has also added to the Newcastle catless site a palmtop version 
       of the most recent RISKS issue and a WAP version that works for many but 
       not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 22.87
    ************************
    



    This archive was generated by hypermail 2b30 : Thu Aug 21 2003 - 15:49:03 PDT