RISKS-LIST: Risks-Forum Digest Tuesday 6 January 2004 Volume 23 : Issue 11 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at http://www.risks.org as http://catless.ncl.ac.uk/Risks/23.11.html The current issue can be found at http://www.csl.sri.com/users/risko/risks.txt Contents: Bank of England falls victim as e-mail scams rise by 400% (Keith A Rhodes) Get ready for SPIM (NewsScan) Israeli government suspends purchases of Microsoft software (NewsScan) Input data error on tag transfer causes driver's arrest (Stanley A. Klein) Forget your bank balance? It's available on the Internet (Monty Solomon) Inadvertent use of wireless network (Ben Rosengart) Car-monitoring service allows you to be your own Big Brother (Monty Solomon) Secret ballots the Tel-Aviv University way... (Yaron Davidson) Electronic voting: computer reliability aspects (Bob Axtell) Re: Why have electronic voting machines at all? (Mark Newton) Re: Loss of bus braking due to nearby illegally modified transceivers (Kenji Rikitake) REVIEW: "Disaster Recovery Planning", Jon William Toigo (Rob Slade) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 05 Jan 2004 10:41:28 -0500 From: "Keith A Rhodes" <RhodesK@private> Subject: Bank of England falls victim as e-mail scams rise by 400% The Bank of England became the latest victim of e-mail fraudsters yesterday when many hundreds of thousands of people were sent hoax messages from admin@private, a nonexistent bank address, urging them to open an attachment that would help prevent credit card fraud. This was reportedly the first time BoE was victimized by a "phishing" expedition that apparently fooled about 5% of their Visa customers into divulging their card and PIN numbers. The scam was detected when the Bank received over 100,000 automated replies mostly from corporate mailsites whose employees were on holiday! Halifax, NatWest, Barclays, Lloyds TSB, and Nationwide Building Society have also been previously subjected to similar attacks. [Source: James Moore and Robert Uhlig, *The Daily Telegraph*, 31 Dec 2003, PGN-ed] http://www.telegraph.co.uk/connected/main.jhtml?xml=/connected/ 2003/12/31/ecntbofe31.xml&sSheet=/connected/2003/12/31/ixconnrite.html ------------------------------ Date: Wed, 31 Dec 2003 08:48:41 -0700 From: "NewsScan" <newsscan@private> Subject: Get ready for SPIM Instant messenger spam, dubbed "spim," is increasingly clogging users' computers, popping up with the real-time regularity of instant messages and annoying users who complain they're now receiving several messages a day. Users can either accept or decline the spim, which often contains a link to -- what else? -- a pornography site. Ferris Research estimates about 500 million spim messages were sent in 2003, double the number sent in the previous year. And while instant-messenger spam "isn't nearly the industry that e-mail spam is, it's starting to increase," says the CEO of an antispam consulting firm. Experts warn that the recent crackdown on conventional spam may push illicit marketers to explore new avenues, including instant messaging. "The irony is that focusing like a laser on our No. 1 concern -- spam -- has painted e-mail spammers into a corner like never before and incited them to find other ways to try and reach our membership online," says an AOL spokesman. [*Wall Street Journal*, 31 Dec 2003; NewsScan Daily, 31 Dec 2003] http://online.wsj.com/article/0,,SB107228175621944800,00.html (sub req'd) ------------------------------ Date: Wed, 31 Dec 2003 08:48:41 -0700 From: "NewsScan" <newsscan@private> Subject: Israeli government suspends purchases of Microsoft software The Israeli government has become the latest national government to seek open-source alternatives to Microsoft's productivity software, citing cost as a major motivating factor. "The move with Microsoft was a purely economic decision," says a Finance Ministry spokeswoman. "The Israeli government will not be purchasing new products from Microsoft, but will implement its contract to secure existing systems. On a policy level, the government is committed to expanding computer use. We want open source technology to spread, so more people will be able to afford computers." The Finance Ministry has been working with Sun Microsystems and IBM to create a Hebrew language version of OpenOffice software, an open-source alternative to Microsoft Office. Some federal agencies in France, China and Germany, as well as the city government in Munich, have switched over to Linux-based servers and individual workstations. Other governments exploring open source alternatives include those in Britain, Brazil, Japan, South Korea, China and Russia. Governments account for about 10% of global information technology spending, according to IDC. [AP/*USA Today*, 31 Dec 2003; NewsScan Daily, 31 Dec 2003] http://www.usatoday.com/tech/world/2003-12-30-israel-vs-microsoft_x.htm ------------------------------ Date: Mon, 05 Jan 2004 13:29:21 From: "Stanley A. Klein" <sklein@private> Subject: Input data error on tag transfer causes driver's arrest I met Ms Reed at the Maryland Technology Showcase and heard this story. I'm cc'ing her so she can correct or update the story if necessary. Ms Paula Reed traded in her minivan for an SUV over a year ago. The dealer told her that because the weight classes of the two cars were the same, she could transfer her tags, and that the dealer would take care of it. Maryland has a two year cycle for tag renewal, and she didn't know the details of what to expect, so she went about her life. She was driving down the street a few months ago when she was stopped by a police officer. The officer told her she was driving on expired tags. She replied that she usually sends in her tag renewals promptly and didn't remember receiving a renewal notice. The officer asked for her registration and all she had was the paperwork given her by the dealer when she bought the car. The officer checked her tag number with the Maryland Motor Vehicle Administration and found that there was no such tag in the system. The officer then accused Ms Reed of obtaining counterfeit tags, arrested her, and took her to the police station. After she was released (with a court date), she checked on her tag situation. It turned out that somewhere in the tag transfer process someone entered the wrong weight class for her new car. Somehow the system rejected the tag transfer but the error was not corrected. When her used minivan was resold by the dealer, her tags were deleted from the system. Either nobody knew that all this was happening, or whoever knew failed to take action to correct the error. As of early December, she had been required to obtain new tags and was still awaiting her court date on the charges growing out of her arrest. ------------------------------ Date: Sun, 4 Jan 2004 01:33:52 -0500 From: Monty Solomon <monty@private> Subject: Forget your bank balance? It's available on the Internet Eric F. Bourassa, a privacy advocate at the Massachusetts Public Interest Research Group, knows how difficult it is to keep personal financial information personal. But even he was surprised at how easy it was for *The Boston Globe* to obtain his private bank account information. Trafficking in confidential financial information is commonplace on the Web, with a quick Google search turning up more than a dozen sites selling everything from Social Security numbers to bank balances. *The Globe* tested one of the sites in September, paying $125 for Governor Mitt Romney's credit report and in the process discovering a major security weakness in the nation's credit reporting network. In November, with Bourassa's blessing, the Globe began to explore the shadowy world of asset search firms, which advertise that they can unlock the financial secrets of virtually anyone. The mystery is where these firms get their information. Does it come directly from financial institutions? Or does it come through more indirect, possibly illegal, methods? The Globe agreed to pay Ohio-based I.C.U. Inc., whose Web address is Tracerservices.com, $475 for Bourassa's bank account information and his stock and bond holdings. Not all of the information the Web site provided was accurate, but the bank account information, with the balance listed right down to the penny, was so close that it made Bourassa feel violated. [Source: Bruce Mohl, *The Boston Globe*, 4 Jan 2004] ------------------------------ Date: Tue, 30 Dec 2003 18:45:00 -0500 From: Ben Rosengart <ben@private> Subject: Inadvertent use of wireless network My brother D., home from college, called me today. D.: I don't want to jinx anything, but it seems that my computer is connected to the Internet. I turned it on and saw that I had two new messages. And they're from *today*. Me: I take it you're at Dad's [where nothing is set up for Internet access]. Do you have a wireless card in there? D.: Um, I don't know. Me: Ok, go to System Preferences ... Network ... what do you see? D.: [...] Connected via Airport. Me: There you go. D.: Are you saying there's a wireless network at Dad's? Me: Wireless doesn't care about walls. [I know, that's not strictly true, but it's what I said.] D.: So I'm on some *neighbor's* wireless network? Me: Yup. D.: [Amazement and then laughter.] I pointed out that all his network traffic is being broadcast on radio frequencies, and counseled him to configure his mail client to use encrypted protocols, and to watch out in general. ------------------------------ Date: Thu, 1 Jan 2004 03:04:56 -0500 From: Monty Solomon <monty@private> Subject: Car-monitoring service allows you to be your own Big Brother Don't trust your teenagers or your spouse? Networkcar can tell you where they've been driving. The way George Orwell imagined Big Brother was as a police state that imposed unrelenting surveillance on an unwilling public. Orwell never imagined that people would actually make nice with Big Brother as a matter of convenience, but that's one way to view the growing stream of data from automobiles that has attracted a lot of interest from the government and, so far, not a lot of suspicion from the public. Some consumers actually are willing to pay for a service that lets the government know your car isn't breaking the law. For about a year, a La Jolla company has offered to provide remote sensing of a car's systems and to post that data to a private Web page, along with verifying to state agencies that the car is in compliance with the emission laws of California and a few other states. ... [Source: Ralph Vartabedian, *Los Angeles Times*, 31 Dec 2003] http://www.latimes.com/classified/automotive/highway1/ la-hy-wheels31dec31,1,1009805.story ------------------------------ Date: Thu, 01 Jan 2004 14:33:29 +0200 From: Yaron Davidson <yarondav@private> Subject: Secret ballots the Tel-Aviv University way... The elections for faculty representatives in the Tel-Aviv University student union were held two days ago. (Now, this may be not as important as votes for government, but many of the representative run for actual political parties, and there are serious sums of money involved higher up, so these votes to have a meaning) In the last couple of years , for all the usual reasons, the voting mechanism was changed to e-voting, namely a temporary PC with custom-made software connected over the university LAN to a server. No paper audit of course, have to match industry leading standards after all. The voting process itself is quite simple. You pass a bar-code reader over the student card to get an ID, select the faculty to vote in if you have more than one, get a list of all available candidates for the faculty, click on small "select" buttons next to those you want (with visual indications being both a check-box next to the names, and a second list containing those you voted for), and press a confirmation button. No problems for me last year, but is seems many students had difficulties with either the bar-code reader or the program interface. So, the delays caused being apparently the most serious problem with the system, this year we had a wonderful solution. Oh, yes, before that, if I forgot to mention, votes of course must be secret, and they place a temporary barrier around the computer preventing anyone from looking in at you while you vote. I got to the computer, and a man with a badge claiming him a "voting supervisor" or some such takes my student's card, pass the bar-code reader in front of it, hands it back to me, motions toward the chair, and tells me to go ahead and vote. But he stays there, and looks at me and at the computer screen with a bored expression. Me:"Eh... The votes are supposed to be secret..." Him:"Yes, so ?" Me:"So you can see who I'm voting for" Him:"Oh, don't worry about that. I'm not related to any of this. See ?" and points to the nice badge. Me:"What do you mean, not related. You're here, and you can see who I vote for. That's not secret!" I get a "Why can't this idiot get it" and again Him:"But it doesn't matter. I'm not even from this faculty. I don't care who you vote for." Me:"But surely I can't know that. I do have a right not to have people seeing who I vote for". Heck, right, officially I'm not even supposed to have a choice, nobody should come in a look even if I want them to. Him:"Look, I'm not here to look at your vote. We had lots of people having trouble understanding how to vote, and the reader couldn't handle about two thirds of the cards, so I'm just here to help students vote and save time. And you're holding up the line. Just vote already" Me:"Fine, but not until you get outside this barrier and don't look in. This won't solve the very serious general problem here, but it will solve my immediate one and let me finish..." So the dear fellow gets out with a bemused expression. I vote. I press the confirmation button (15sec process so far, mostly spent locating my least worse candidates in the rather long list). Then I have to wait around 20-30 seconds more because the confirmation screen insists on staying there with my name and the candidates regardless of my clicking on it to make to go away. All the while the "supervisor" muttering that it takes too long and that's what he's there for. You want to speed up the process, put an OK button on the confirm screen instead of time delaying it. That's 20 seconds per student times several thousands of student, right there. I go out, someone else gets in, and after he reads his cards and explains what those "select" buttons are for to the poor soul, the "supervisor" turns back to me still trying to figure out what the fuss is about. Him:"You know, I really don't care about those votes. What I see doesn't matter. I don't know who you are or who the candidates are." I see one of our esteemed candidates standing there, points at her and proceed. Me:"And I'm supposed to trust your word for it? How can I know you're not friends with her, or supports the same party that's behind her? Maybe she bribed me to vote for her, and I could see I didn't? Maybe you just nods to her to indicate who voted and who didn't? It doesn't matter if none of these things are true. What matter it that it can theoretically be. You want to say the votes are not secret, take away this barrier, and let anyone see, fine. That's one way to do it. But if you claim the votes are secret, and go through all this trouble, then keep it secret and don't put someone in with me." At this point several other students on the line starts to claim that I'm right, and another one asked him to look outside. A former student representative in the faculty gets there too and tries to mollify me by saying that she'd watch over him. Right. Anyway, than the guy comes up with another brilliant riposte. Him: "Besides, if I wanted to see what you voted, I could just look it up at the server later, I wouldn't have to sit here and watch you" Ah. So he's saying that: 1. It doesn't matter what he does is wrong and forbidden, since he can do the same thing in several different ways. Makes perfect sense to me. 2. He can see at the server not only total vote counts, but WHAT I PERSONALLY HAVE VOTED. WHAT?! Me: "Are you trying to tell me your database doesn't hold an aggregate count of vote and a separate list of who voted, but a list of what every ID has voted ?!" Him: "Ah... Well... See... Err..." Me: "Because that's very bad practices. You should never keep this information in the database in a way that's easily accessible. It would make a mockery of calling these elections secret." Oh, wait, aren't we doing that already? Hmmm... Him: "No, no. Of course we only keep aggregative information. Sure. Certainly. No individual votes. Nope. Not at all." Well, he denies it three times, even more actually, so he must have been convincing. So why didn't I buy it? Well, let's attack on a different front. Me: "So in that case you can't go to the computer later and see what I voted, then. You can only see the totals, but that will be published anyway. If you want to see what I voted, you have to look here" Or put a sniffer on a connected computer, or logging software on this computer, or... Anyway, there went argument #1. I'd felt better to see #2 go but I'd have a hard time buying that now. Unfortunately, by that time the former representative got really insistent about making me stop making a fuss, and the "supervisor" just had to help to current voter, so I left the scene. At least they solved the problem of students not understanding the voting system. It is a biggie. Imagine someone solving that whole butterfly-ballot fiasco at the US by putting someone to help people punch the right hole, and not to worry since he's from a different state so he really doesn't care... ------------------------------ Date: Thu, 01 Jan 2004 13:50:18 -0700 From: Bob Axtell <engineer@private> Subject: Electronic voting: computer reliability aspects I perform electronics analysis on a consulting basis for clients. A few years ago I was asked by a financial services client to verify a design concept which used, as its brain, a Windows-based computer system. Since the application was to maintain the credit-card numbers and transaction records of hundreds of people inside its memory and hard drive, an analysis was required. 50 hardware CPU's were used as engineering samples, using two Windows operating systems, and over a 3-month period, the results were clearly known, and the project dropped. The results (still confidential), were eye-opening. In a nutshell: 1. Only ONE CPU ran without error for a continuous 96-hr period. In essence, it was determined that Windows O/Ss were too "buggy" to perform such a sensitive task. 2. Sensitive data could NOT be protected from an unknown trojan or virus attack. The other day, I learned, to my astonishment, that some new "voting machines" use Windows O/S as their core! Why is it that my financial client saw fit to verify hardware security, yet States don't seem to see a need... [Because they were protecting MONEY. Votes don't count. (Joke) PGN] Bob Axtell PIC Hardware & Firmware Dev http://beam.to/baxtell 1-520-219-2363 ------------------------------ Date: Wed, 31 Dec 2003 10:54:17 +1030 From: Mark Newton <newton@private> Subject: Re: Why have electronic voting machines at all? (Williams, R-23.06) > If you don't vote, you get fined about $20, unless you have a very good > reason. Before the Yanks get too upset about that, it's best to clarify. Voting isn't compulsory. Registering to vote at least two weeks prior to the first election after your 18th birthday is compulsory. If you are a registered voter, it is compulsory to attend a polling place. Once you have attended the polling place, it is not compulsory to vote (i.e., if you have some reason for not voting after you've gone to the trouble of locating yourself 50 feet from a ballot box on election day, there's no reason why you can't just leave after having your name checked off). Mark Newton, Network Engineer, Internode Systems Pty Ltd +61-8-82282999 ------------------------------ Date: Wed, 31 Dec 2003 09:04:02 +0900 From: Kenji Rikitake <kenji.rikitake@private> Subject: Re: Loss of bus braking due to nearby illegally modified transceivers RF Interference issues are getting much complicated these days. Many of them are caused by lack of understanding on using proper preventive methods, such as installing RF common-mode filters (or Ferrite cores) or decoupling the circuits with proper amount of capacitors on the power and input/output lines. I once had to troubleshoot the interference to 100BASE-TX line from a legal 50W ERP (Effective Radiated Power) 1.9-to-28MHz amateur radio transceiver, simply because the antenna and the Ethernet link was too close, less than 2-meter distance. Two Ferrite cores at the each end of a long Ethernet cable solved the problem. I also observed a common-mode loop problem when you tried to connect a notebook PC to the transceiver. Even a optocoupled device such as MIDI patchbays are prone to the RF interference because the optocoupling junction between the LED and phototransistor has certain amount of capacitance (a few picofarads), which a strong RF energy could pass through. Truck drivers are unfortunately one of the major sources of illegal radio operators here in Japan, occupying most of V/UHF amateur radio frequencies and CB bands. They tend to raise the output of the transmitters to the maximum, typically in a few hundred watts, so many of car devices could be affected. So you've got to be very careful. Your RFID card could be erratically activated. Kenji Rikitake, JJ1BDX/3, JQ2KST and K1BDX ------------------------------ Date: Mon, 5 Jan 2004 12:47:56 -0800 From: Rob Slade <rslade@private> Subject: REVIEW: "Disaster Recovery Planning", Jon William Toigo BKDIREPL.RVW 20031105 "Disaster Recovery Planning", Jon William Toigo, 2003, 0-13-046282-9, U$54.99/C$85.99 %A Jon William Toigo www.drplanning.org %C One Lake St., Upper Saddle River, NJ 07458 %D 2003 %G 0-13-046282-9 %I Prentice Hall %O U$54.99/C$85.99 +1-201-236-7139 fax: +1-201-236-7131 %O http://www.amazon.com/exec/obidos/ASIN/0130462829/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0130462829/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0130462829/robsladesin03-20 %P 482 p. %T "Disaster Recovery Planning" Toigo's first edition outshone almost all later DRP (Disaster Recovery Planning) and BCP (Business Continuity Planning) works. This edition vastly expands the resources and thinking on the topic. In the preface, Toigo examines the question of whether people will see this new edition as simply an exercise in opportunistic marketing, using the events of September 11, 2001 to promote a fresh work. He concludes that changes in technology do justify another edition. In addition, the new pieces giving post-9/11 perspectives from various parties (generally vendors) do provide some additional insights. The leading foreword, a first-hand account of the evacuation of one of the World Trade Center towers, offers interesting observations such as the fact that the tens of thousands of people using the exit stairwells created potential problems with respect to condensation on the stairs and walls of the structure. Chapter one, an introduction to the topic, is no longer as incisive as it once was. However, there are still striking items, such as the mention of the Bank of New York information technology outage (lasting twenty seven hours) which led to a requirement to borrow twenty two billion dollars, cascading into destabilization of the federal reserve fund and interest rate fluctuations. The advice is still practical, pointing out legislation that may indirectly support disaster recovery planning (although there is no mention of the widely used Americans with Disabilities Act), a detailed assessment of the uselessness of disaster recovery certifications and related groups, and suggestions for dealing with political realities. Various perspectives and disputes over risk are reviewed in chapter two, although the material becomes a bit disjointed when it ends with policy development. There is an excellent overview of fire protection and power problems, but the rest of the facility management material in chapter three is quite limited. A detailed examination of the options, products, and vendors related to data recovery (well beyond the usual discussion of full, incremental, and differential backups) is given in chapter four. Chapter five deals with strategies for the recovery of centralized systems. This is the standard view of disaster recovery, but Toigo offers good, quality advice. Recovering decentralized systems is analysed in chapter six, although most of the solutions seem to rely on recentralising. End-user requirements, touching on remote computing, virtual private networks, and so forth, are discussed in chapter seven. Examination of network recovery, in chapter eight, is useful, although many solutions (such as wireless LANs) are not perused for problems (such as security), while, at the same time, they are not pushed far enough (groups in many locations are now planning city-wide wireless networks which should be available in the event of the collapse of major telecommunications carriers). Emergency decision making, in chapter nine, concentrates on teams, functions, and flowcharts. References and resources for recovery management, mostly in the US, are in chapter ten. There is an odd inclusion of a story about vendor versus reseller infighting in the plan maintenance material in chapter eleven. The book concludes in chapter twelve. While the later edition is sometimes too verbose, this work is definitely worthwhile for anyone in the security or disaster recovery planning field. Even if you have the first edition, continuity and recovery professionals will probably find that this latest work has fresh insights that justify its purchase. copyright Robert M. Slade, 2003 BKDIREPL.RVW 20031105 rslade@private slade@private rslade@private http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade ------------------------------ Date: 7 Oct 2003 (LAST-MODIFIED) From: RISKS-request@private Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, send e-mail requests to <risks-request@private> with one-line body subscribe [OR unsubscribe] which requires your ANSWERing confirmation to majordomo@private . If Majordomo balks when you send your accept, please forward to risks. [If E-mail address differs from FROM: subscribe "other-address <x@y>" ; this requires PGN's intervention -- but hinders spamming subscriptions, etc.] Lower-case only in address may get around a confirmation match glitch. INFO [for unabridged version of RISKS information] There seems to be an occasional glitch in the confirmation process, in which case send mail to RISKS with a suitable SUBJECT and we'll do it manually. .UK users should contact <Lindsay.Marshall@private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@private with meaningful SUBJECT: line. *** NEW: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: http://www.sri.com/risks http://www.risks.org redirects you to the Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue] Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r http://the.wiretapped.net/security/info/textfiles/risks-digest/ . http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/ ==> PGN's comprehensive historical Illustrative Risks summary of one liners: http://www.csl.sri.com/illustrative.html for browsing, http://www.csl.sri.com/illustrative.pdf or .ps for printing ------------------------------ End of RISKS-FORUM Digest 23.11 ************************
This archive was generated by hypermail 2b30 : Tue Jan 06 2004 - 17:26:23 PST