| t byfield on Wed, 13 Oct 1999 19:44:25 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| <nettime> (fwd) risks@csl.sri.com: Risks Digest 20.62 {excerpted] |
[<...> = omissions. i'm glad someone finally noticed that this
supposedly 'self-destructing email' from disappearing inc. is
subject to a *very* subtle attack: cut and paste. and then of
course there's that famous security hole that hackers exploit
every day: 'Save As...' ([X] Include headers). must've been a
wily venture capitalist who invested in that one. --cheers, t]
----- Forwarded
From: risks@csl.sri.com
Date: Tue, 12 Oct 1999 14:29:08 -0700 (PDT)
To: risks@csl.sri.com
Subject: Risks Digest 20.62
RISKS-LIST: Risks-Forum Digest Tuesday 12 October 1999 Volume 20 : Issue 62
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/20.62.html>
and by anonymous ftp at ftp.sri.com, cd risks .
Contents:
<...>
GPS rollover *did* cause DoD Problems (Peter B. Ladkin)
<...>
Iraq decides to wait and see on Y2K oil disruption (Keith A Rhodes)
<...>
"Self-destructing e-mail" (Brad Arkin)
Re: Linux banned (Mark Brader)
Where do you want to be *mis*directed today? (Mark Brader)
Maybe Microsoft owns stock in Canada? (Mark Brader)
<...>
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
<...>
Date: Fri, 08 Oct 1999 16:11:47 +0200
From: "Peter B. Ladkin" <ladkin@rvs.uni-bielefeld.de>
Subject: GPS rollover *did* cause DoD Problems
Mike Martin reported on the problems with Tokyo taxicabs caused by the
August GPS rollover (Risks-20.55). Aviation Week reports (Oct 4, p32)
that US DoD systems also had problemswith weapons systems, even though the
situation had been anticipated. "...the fault lay in the way the
Pentagon's two primary mission planning systems, the Air Force Mission
Support System AFMSS) and the Navy's Tactical Aircraft Mission Planning
System, were providing the data to weapons systems."
The mission planning tools provide, amongst other things, the approximate
location of the GPS satellites to a weapons system GPS receiver so that
the receiver can avoid large-sweep searching for the satellites. Some
receivers work with 16-bit week data; the satellites and mission planners
rolled over; and the different formats caused "conflicting data sets" and
thus problems, according to AvWeek.
"Short-term fixes...include editing the missions planning data manually,
having the receivers find the satellites unaided or downloading the
almanac data directly from the satellite, which takes about 13 min. The
likely long-term fix is a software modification to AFMSS and TAMPS, which
is considered cheaper than modifying weapons systems hardware."
Peter Ladkin http://www.rvs.uni-bielefeld.de
University of Bielefeld, Germany
------------------------------
<...>
Date: Fri, 01 Oct 1999 11:21:49 -0400
From: "Keith A Rhodes"<rhodesk.aimd@gao.gov>
Subject: Iraq decides to wait and see on Y2K oil disruption
[Keith sent in a Reuters item noting that Iraq is has decided to avoid the
costs of Y2K upgrades, and may have to shut down production for the new
year instead. Many of their computers are reportedly old process
controllers. Keith comments that with Iraq and Venezuela both lagging in
Y2K fixes, it could be an expensive millennium for many drivers. PGN-ed]
------------------------------
<...>
Date: Fri, 08 Oct 1999 09:25:52 -0400
From: Brad Arkin <barkin@rstcorp.com>
Subject: "Self-destructing e-mail"
Intrigued by the headline "'Self-destruct' e-mail offers virtual privacy"
(http://www.usatoday.com/life/cyber/tech/review/crg441.htm), I did some
more investigating. Disappearing Inc. (http://www.disappearing.com/) has
few technical details on its web site, but the general idea is that by
using their plug-in two people can send and receive encrypted messages
with the added feature that the key is held by Disappearing Inc. Anytime
the recipient wishes to read the message, they must authenticate
themselves to Disappearing Inc. in order to retrieve the key.
Disappearing Inc. logs all accesses to the key and destroys the key at the
end of its life span. Disappearing Inc. claims that once the key is
destroyed the message can never be read again, and thus the message has
effectively self-destructed like a Mission:Impossible assignment.
While it is possible (although sadly, unlikely) that Disappearing Inc.
has implemented this system using an appropriate mix of good
authentication scheme, strong encryption algorithm, secure key generation,
high level of site security, and secure key transmission it doesn't really
matter. All Disappearing Inc. offers is a variant of third party key
escrow and nothing more. The problems with key escrow have been well
documented.
By forcing users to go across the network to retrieve a key (which may
have already expired) every time they want to read a locally stored
message, it is a certainty that users will instead simply cut and paste
any message worth reading again into a plaintext file outside the control
of Disappearing Inc.'s encryption. The potential problems with this
scheme are too many to list here, and my opinion is that users should cut
out the middle man and use a package like PGP instead.
Brad Arkin, Software Security Group Reliable Software Technologies
------------------------------
Date: Mon, 4 Oct 99 8:43:48 PDT
From: Mark Brader <msbrader@interlog.com>
Subject: Re: Linux banned (Fitzpatrick, RISKS-20.61)
By the way, Brian Fitzpatrick's item in RISKS-20.61 about Linux being
banned from a company for silly reasons reminds me of another anecdote in
Feynman's books. From memory:
Filing cabinets at Los Alamos were provided with combination locks, but
these were seriously flawed; a person who had physical access to the
cabinet while it was open could subsequently discover the combination and
open it in a few minutes. Feynman identified this security risk and
informed the people in charge... who responded by ordering all people with
such cabinets *that Feynman had had physical access to* to change their
combinations!
------------------------------
<...>
Date: Fri, 1 Oct 1999 00:52:38 -0400 (EDT)
From: msbrader@interlog.com
Subject: Where do you want to be *mis*directed today?
[Erwin Mascardo <mascardo@admin.assurenet.com> posted the
following to rec.humor.funny. (It's in their archive at
<http://www.netfunny.com/rhf/jokes/99/Sep/expedia.html>.)]
My wife recently went on a business trip, and in filling out her expense
report, she noted that she could claim the mileage to and from the
airport. My first attempt at using MapQuest to calculate the distance
failed, so I tried Microsoft Expedia Maps. After the shock wore off, my
only regret was that my wife couldn't really claim this mileage figure, as
we had no way to prove that we'd spent 9 days driving to Newfoundland and
back. Highlights from the Microsoft-generated directions follow:
Summary
>From: Laurel, Maryland
To: Baltimore-Washington International Airport, Maryland
Driving Distance: 5865.1 miles
Time: 9 day(s) 3 hour(s) 22 minute(s)
Driving Directions
Time Instruction
0:00 Depart Laurel, Maryland
1:01 Entering Delaware
1:17 Entering New Jersey
3:24 Entering New York
3:51 Entering Connecticut
5:51 Entering Massachusetts
7:29 Entering New Hampshire
7:44 Entering Maine
12:20 Entering New Brunswick
20:20 Take the North Sydney-Argentia Ferry
34:32 Entering Newfoundland
36:35 Turn left onto Local road(s) (4543.1 mi)
219:22 Arrive Baltimore-Washington International Airport, Maryland
I guess when Microsoft asks "Where do you want to go today?" that *how*
you get there isn't always important...
(A subsequent attempt at MapQuest gave the correct figure of 16.5 miles.)
[Forwarded to Risks by Mark Brader]
------------------------------
Date: Fri, 1 Oct 1999 01:01:24 -0400 (EDT)
From: msbrader@interlog.com
Subject: Maybe Microsoft owns stock in Canada?
This one was posted to rec.humor.d, the followups-to-jokes group, by Bill
Seurer <BillSeurer@vnet.ibm.com>. Some misformatting in his posting is
fixed in this copy. --Mark Brader]
X-no-archive: yes
Erwin's wife wasn't the only one to get misdirected. I wonder if
Microsoft owns that North Sydney-Argentia Ferry?
Here is the trip Expedia proposed for a brother of one of my buddies. I
left off the compass directions and mileage parts. Do note that 14 hour
ferry ride, too!
Summary
> From: Hastings, Minnesota
To: Saint Charles [St. Charles], Minnesota
Driving Distance: 6758.6 miles
Time: 9 day(s) 17 hour(s) 30 minute(s)
Driving Directions
Time Instruction
0:00 Depart Hastings, Minnesota
0:03 Entering Wisconsin
1:47 At I-94 Exit 88, turn right onto I-94
2:41 Go onto I-90
4:51 Entering Illinois
6:40 Entering Indiana
7:01 At I-80 Exit 16, bear left onto I-94
7:29 Entering Michigan
10:42 At I-94 Exit 204A, turn right onto SR-39
10:46 At I-75 Exit 41, turn left onto I-75
10:55 At I-75 Exit 47, turn right onto SR-3
10:56 Turn right onto W Grand Blvd
10:57 Entering Ontario
10:57 Bear left onto S-3
11:04 Turn left onto S-2
11:06 Bear right onto S-3B
11:08 Bear left onto S-401
18:50 Entering Québec
18:50 Go onto C20
19:31 Bear left onto C720
19:37 Turn right onto S-134
19:40 At Longueuil, turn left onto C20
23:39 Bear right onto TC-185
24:39 Entering New Brunswick
24:41 Bear left onto TC-2
28:10 Go onto S-695
28:20 Turn left onto S-710
28:31 Turn left onto TC-2
28:35 Turn right onto S-112
29:17 At Salisbury, turn left onto S-106
29:46 Bear right onto TC-2
30:04 Entering Nova Scotia
30:06 Turn right onto TC-104
30:51 At Wentworth Centre, turn left onto S-246
31:02 Bear right onto S-256
31:42 Turn right onto S-6
31:44 At Pictou, bear right onto TC-106
31:50 Go onto TC-104
32:03 Bear right onto S-4
32:05 Go onto TC-104
32:08 Go onto S-4
32:14 Bear left onto TC-104
32:19 Bear left onto S-4
32:28 Bear left onto TC-104
33:01 At Mulgrave [Port Mulgrave], go onto TC-105
34:23 At Sydney Mines [Sidney Mines], bear left onto S-223
34:27 At North Sydney, turn left onto Local road(s)
34:29 Take the North Sydney-Argentia Ferry *CHECK TIMETABLE*
48:40 Take the Local road(s)
48:41 Entering Newfoundland
48:44 At Freshwater, go onto S-100
49:14 Bear right onto TC-1
49:41 Bear right onto S-13
49:54 At Bay Bulls, turn right onto S-10
50:43 Turn left onto Local road(s) (SE 4543.1 miles)
233:30 Arrive Saint Charles [St. Charles], Minnesota
Bill Seurer, Compiler Development, IBM Rochester, MN
Bill_Seurer AT us.ibm.com Bill AT seurer.net http://www.seurer.net/
------------------------------
<...>
Date: 23 Sep 1998 (LAST-MODIFIED)
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. Alternatively, via majordomo,
SEND DIRECT E-MAIL REQUESTS to <risks-request@csl.sri.com> with one-line,
SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or
INFO [for unabridged version of RISKS information]
.MIL users should contact <risks-request@pica.army.mil> (Dennis Rears).
.UK users should contact <Lindsay.Marshall@newcastle.ac.uk>.
=> The INFO file (submissions, default disclaimers, archive sites,
copyright policy, PRIVACY digests, etc.) is also obtainable from
http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info
The full info file will appear now and then in future issues. *** All
contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line.
=> ARCHIVES are available: ftp://ftp.sri.com/risks or
ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
[volume-summary issues are in risks-*.00]
[back volumes have their own subdirectories, e.g., "cd 19" for volume 19]
or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue].
PostScript copy of PGN's comprehensive historical summary of one liners:
illustrative.PS at ftp.sri.com/risks .
------------------------------
End of RISKS-FORUM Digest 20.62
************************
----- Backwarded
# distributed via <nettime>: no commercial use without permission
# <nettime> is a moderated mailing list for net criticism,
# collaborative text filtering and cultural politics of the nets
# more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
# archive: http://www.nettime.org contact: nettime@bbs.thing.net