t byfield on Wed, 13 Oct 1999 19:44:25 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> (fwd) risks@csl.sri.com: Risks Digest 20.62 {excerpted]


[<...> = omissions. i'm glad someone finally noticed that this
 supposedly 'self-destructing email' from disappearing inc. is
 subject to a *very* subtle attack: cut and paste. and then of
 course there's that famous security hole that hackers exploit
 every day: 'Save As...' ([X] Include headers). must've been a
 wily venture capitalist who invested in that one. --cheers, t]

----- Forwarded 

From: risks@csl.sri.com
Date: Tue, 12 Oct 1999 14:29:08 -0700 (PDT)
To: risks@csl.sri.com
Subject: Risks Digest 20.62

RISKS-LIST: Risks-Forum Digest  Tuesday 12 October 1999  Volume 20 : Issue 62

   FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/20.62.html>
and by anonymous ftp at ftp.sri.com, cd risks .

  Contents:
<...>
GPS rollover *did* cause DoD Problems (Peter B. Ladkin)
<...>
Iraq decides to wait and see on Y2K oil disruption (Keith A Rhodes)
<...>
"Self-destructing e-mail" (Brad Arkin)
Re: Linux banned (Mark Brader)
Where do you want to be *mis*directed today? (Mark Brader)
Maybe Microsoft owns stock in Canada? (Mark Brader)
<...>
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

 <...>

Date: Fri, 08 Oct 1999 16:11:47 +0200
From: "Peter B. Ladkin" <ladkin@rvs.uni-bielefeld.de>
Subject: GPS rollover *did* cause DoD Problems

Mike Martin reported on the problems with Tokyo taxicabs caused by the
August GPS rollover (Risks-20.55). Aviation Week reports (Oct 4, p32) 
that US DoD systems also had problemswith weapons systems, even though the
situation had been anticipated. "...the fault lay in the way the
Pentagon's two primary mission planning systems, the Air Force Mission
Support System AFMSS) and the Navy's Tactical Aircraft Mission Planning
System, were providing the data to weapons systems."

The mission planning tools provide, amongst other things, the approximate
location of the GPS satellites to a weapons system GPS receiver so that
the receiver can avoid large-sweep searching for the satellites.  Some
receivers work with 16-bit week data; the satellites and mission planners
rolled over; and the different formats caused "conflicting data sets" and
thus problems, according to AvWeek. 

"Short-term fixes...include editing the missions planning data manually,
having the receivers find the satellites unaided or downloading the
almanac data directly from the satellite, which takes about 13 min.  The
likely long-term fix is a software modification to AFMSS and TAMPS, which
is considered cheaper than modifying weapons systems hardware." 

Peter Ladkin  		http://www.rvs.uni-bielefeld.de
University of Bielefeld, Germany

------------------------------

<...>

Date: Fri, 01 Oct 1999 11:21:49 -0400
From: "Keith A Rhodes"<rhodesk.aimd@gao.gov>
Subject: Iraq decides to wait and see on Y2K oil disruption

[Keith sent in a Reuters item noting that Iraq is has decided to avoid the
costs of Y2K upgrades, and may have to shut down production for the new
year instead.  Many of their computers are reportedly old process
controllers.  Keith comments that with Iraq and Venezuela both lagging in
Y2K fixes, it could be an expensive millennium for many drivers. PGN-ed]

------------------------------

<...>

Date: Fri, 08 Oct 1999 09:25:52 -0400
From: Brad Arkin <barkin@rstcorp.com>
Subject: "Self-destructing e-mail"

Intrigued by the headline "'Self-destruct' e-mail offers virtual privacy" 
(http://www.usatoday.com/life/cyber/tech/review/crg441.htm), I did some
more investigating.  Disappearing Inc. (http://www.disappearing.com/) has
few technical details on its web site, but the general idea is that by
using their plug-in two people can send and receive encrypted messages
with the added feature that the key is held by Disappearing Inc.  Anytime
the recipient wishes to read the message, they must authenticate
themselves to Disappearing Inc. in order to retrieve the key. 
Disappearing Inc. logs all accesses to the key and destroys the key at the
end of its life span.  Disappearing Inc. claims that once the key is
destroyed the message can never be read again, and thus the message has
effectively self-destructed like a Mission:Impossible assignment. 

While it is possible (although sadly, unlikely) that Disappearing Inc. 
has implemented this system using an appropriate mix of good
authentication scheme, strong encryption algorithm, secure key generation,
high level of site security, and secure key transmission it doesn't really
matter.  All Disappearing Inc. offers is a variant of third party key
escrow and nothing more.  The problems with key escrow have been well
documented. 

By forcing users to go across the network to retrieve a key (which may
have already expired) every time they want to read a locally stored
message, it is a certainty that users will instead simply cut and paste
any message worth reading again into a plaintext file outside the control
of Disappearing Inc.'s encryption.  The potential problems with this
scheme are too many to list here, and my opinion is that users should cut
out the middle man and use a package like PGP instead. 

Brad Arkin, Software Security Group  Reliable Software Technologies

------------------------------

Date: Mon, 4 Oct 99 8:43:48 PDT
From: Mark Brader <msbrader@interlog.com>
Subject: Re: Linux banned (Fitzpatrick, RISKS-20.61)

By the way, Brian Fitzpatrick's item in RISKS-20.61 about Linux being
banned from a company for silly reasons reminds me of another anecdote in
Feynman's books.  From memory: 

Filing cabinets at Los Alamos were provided with combination locks, but
these were seriously flawed; a person who had physical access to the
cabinet while it was open could subsequently discover the combination and
open it in a few minutes.  Feynman identified this security risk and
informed the people in charge... who responded by ordering all people with
such cabinets *that Feynman had had physical access to* to change their
combinations! 

------------------------------

<...>
Date: Fri, 1 Oct 1999 00:52:38 -0400 (EDT)
From: msbrader@interlog.com
Subject: Where do you want to be *mis*directed today?

  [Erwin Mascardo <mascardo@admin.assurenet.com> posted the
  following to rec.humor.funny.  (It's in their archive at
  <http://www.netfunny.com/rhf/jokes/99/Sep/expedia.html>.)]

My wife recently went on a business trip, and in filling out her expense
report, she noted that she could claim the mileage to and from the
airport. My first attempt at using MapQuest to calculate the distance
failed, so I tried Microsoft Expedia Maps. After the shock wore off, my
only regret was that my wife couldn't really claim this mileage figure, as
we had no way to prove that we'd spent 9 days driving to Newfoundland and
back. Highlights from the Microsoft-generated directions follow: 

Summary
>From: Laurel, Maryland 
To: Baltimore-Washington International Airport, Maryland 
Driving Distance: 5865.1 miles 
Time: 9 day(s) 3 hour(s) 22 minute(s) 

Driving Directions

   Time Instruction
   0:00 Depart Laurel, Maryland 
   1:01 Entering Delaware 
   1:17 Entering New Jersey 
   3:24 Entering New York 
   3:51 Entering Connecticut 
   5:51 Entering Massachusetts 
   7:29 Entering New Hampshire 
   7:44 Entering Maine 
  12:20 Entering New Brunswick 
  20:20 Take the North Sydney-Argentia Ferry
  34:32 Entering Newfoundland 
  36:35 Turn left onto Local road(s) (4543.1 mi)
 219:22 Arrive Baltimore-Washington International Airport, Maryland

I guess when Microsoft asks "Where do you want to go today?" that *how*
you get there isn't always important... 

(A subsequent attempt at MapQuest gave the correct figure of 16.5 miles.)

[Forwarded to Risks by Mark Brader]

------------------------------

Date: Fri, 1 Oct 1999 01:01:24 -0400 (EDT)
From: msbrader@interlog.com
Subject: Maybe Microsoft owns stock in Canada?

 This one was posted to rec.humor.d, the followups-to-jokes group, by Bill
 Seurer <BillSeurer@vnet.ibm.com>.  Some misformatting in his posting is
 fixed in this copy.  --Mark Brader]

X-no-archive: yes

Erwin's wife wasn't the only one to get misdirected.  I wonder if
Microsoft owns that North Sydney-Argentia Ferry? 

Here is the trip Expedia proposed for a brother of one of my buddies.  I
left off the compass directions and mileage parts.  Do note that 14 hour
ferry ride, too! 

Summary
>   From:                 Hastings, Minnesota
    To:                   Saint Charles [St. Charles], Minnesota
    Driving Distance:     6758.6 miles
    Time:                 9 day(s) 17 hour(s) 30 minute(s)

   Driving Directions
    Time           Instruction
    0:00           Depart Hastings, Minnesota
    0:03           Entering Wisconsin
    1:47           At I-94 Exit 88, turn right onto I-94
    2:41           Go onto I-90
    4:51           Entering Illinois
    6:40           Entering Indiana
    7:01           At I-80 Exit 16, bear left onto I-94
    7:29           Entering Michigan
    10:42           At I-94 Exit 204A, turn right onto SR-39
    10:46           At I-75 Exit 41, turn left onto I-75
    10:55           At I-75 Exit 47, turn right onto SR-3
    10:56           Turn right onto W Grand Blvd
    10:57           Entering Ontario
    10:57           Bear left onto S-3
    11:04           Turn left onto S-2
    11:06           Bear right onto S-3B
    11:08           Bear left onto S-401
    18:50           Entering Québec
    18:50           Go onto C20
    19:31           Bear left onto C720
    19:37           Turn right onto S-134
    19:40           At Longueuil, turn left onto C20
    23:39           Bear right onto TC-185
    24:39           Entering New Brunswick
    24:41           Bear left onto TC-2
    28:10           Go onto S-695
    28:20           Turn left onto S-710
    28:31           Turn left onto TC-2
    28:35           Turn right onto S-112
    29:17           At Salisbury, turn left onto S-106
    29:46           Bear right onto  TC-2
    30:04           Entering Nova Scotia
    30:06           Turn right onto TC-104
    30:51           At Wentworth Centre, turn left onto S-246
    31:02           Bear right onto S-256
    31:42           Turn right onto S-6
    31:44           At Pictou, bear right onto TC-106
    31:50           Go onto TC-104
    32:03           Bear right onto S-4
    32:05           Go onto TC-104
    32:08           Go onto S-4
    32:14           Bear left onto TC-104
    32:19           Bear left onto S-4
    32:28           Bear left onto TC-104
    33:01           At Mulgrave [Port Mulgrave], go onto TC-105
    34:23           At Sydney Mines [Sidney Mines], bear left onto S-223
    34:27           At North Sydney, turn left onto Local road(s)
    34:29           Take the North Sydney-Argentia Ferry *CHECK TIMETABLE*
    48:40           Take the Local road(s)
    48:41           Entering Newfoundland
    48:44           At Freshwater, go onto S-100
    49:14           Bear right onto TC-1
    49:41           Bear right onto S-13
    49:54           At Bay Bulls, turn right onto S-10
    50:43           Turn left onto Local road(s) (SE 4543.1 miles)
    233:30           Arrive Saint Charles [St. Charles], Minnesota

Bill Seurer, Compiler Development, IBM Rochester, MN
Bill_Seurer AT us.ibm.com  Bill AT seurer.net   http://www.seurer.net/ 

------------------------------

<...>

Date: 23 Sep 1998 (LAST-MODIFIED)
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

 The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) 
 if possible and convenient for you.  Alternatively, via majordomo, 
 SEND DIRECT E-MAIL REQUESTS to <risks-request@csl.sri.com> with one-line, 
   SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or
   INFO     [for unabridged version of RISKS information]
 .MIL users should contact <risks-request@pica.army.mil> (Dennis Rears).
 .UK users should contact <Lindsay.Marshall@newcastle.ac.uk>.
=> The INFO file (submissions, default disclaimers, archive sites, 
 copyright policy, PRIVACY digests, etc.) is also obtainable from
 http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
 The full info file will appear now and then in future issues.  *** All 
 contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line.
=> ARCHIVES are available: ftp://ftp.sri.com/risks or
 ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
   [volume-summary issues are in risks-*.00]
   [back volumes have their own subdirectories, e.g., "cd 19" for volume 19]
 or http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
 PostScript copy of PGN's comprehensive historical summary of one liners:
   illustrative.PS at ftp.sri.com/risks .

------------------------------

End of RISKS-FORUM Digest 20.62 
************************

----- Backwarded

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net