ACM Panel on Computer systems and General public Policy, Philip G. Neumann, moderator
Make sure you try the particular URL personal privacy information function enabled simply by clicking the particular flashlight symbol above. This can reveal 2 icons right after each hyperlink the body from the digest. The particular shield goes to a break down of Conditions of Company for the web site – nevertheless only a few sites are usually covered right now. The torch take you to definitely an evaluation of the different trackers and so forth that the connected site provides. Please allow website maintainer know if you discover this helpful or not. Like a RISKS viewer, you will probably not have to get surprised in what is revealedâŚ
Contents
Read more about Star Battles 2: “Letter from America”
The Heavens at Battle: NMD evaluated
Sun, two Sep i b?rjan p? tv?tusentalet 05: thirty-one: 10 PST I’m simply going to speak about a few samples of a major danger here, the particular arguments getting advanced concerning possible counter-measures against lasers show the *fundamental* misconception of the strategies which weaponry lasers harm targets. Imply *burn* through the surface, these people deposit *huge* amounts of power (kilojoules in order to megajoules) in to the surface levels of the focus on in *microseconds*. The time size makes revolving the vehicle an undesirable joke. As well as the energy levels create reflective films an similarly bad scam. At these types of energy levels, the prospective spot *explodes* into flat screen with impact equivalent to a good sized portion of TNT. And this offers pointed out when SDI had been worked on. However these *same* “problems” continue to be being stated. There are likewise disingenuous elements to the dialogue of decoys. Given that non-e of this has been mentioned within the program, I must conclude it wasn’t actually *remotely* goal in evaluating the generally program. In other words, from the thing that was reported in order to RISKS, this program was terribly slanted. Plus hardly anything in order to base the risk assessment on. Various other aspects of the particular post ensure it is seem unacceptable for DANGERS as well. Like a counter, allow me to just remember that there are dangers to *not* trying to create a defense. And also to spreading grossly inaccurate “risk assessments” concerning something that is within it’s earlier testing phases. There are possible problems. Yet bringing up “problems” like the types I point out above is not really eliminating dangers, it’s growing propaganda. Some other items raised may be legitimate risks or even invalid types, depending on their assessment from the relative dangers of simply no missile defense vs one that is not really 100% efficient. But *that* aspect of elements is *not* a valid subject for *this* list! Not really unless there has been a major plan change that will I’m unacquainted with. Leonard Erickson (aka shadowG) shadow@krypton. rainfall. comObtaining the Facts Out there – Launching “FACT SQUAD”
Thu, six Sep i b?rjan p? tv?tusentalet 19: twenty six: 50 -0700 (PDT) PFIR – Individuals For Web Responsibility — http://www.pfir.org [ To subscribe or unsubscribe to/from this list, please send the command “subscribe” or “unsubscribe” respectively (without the quotes) in the body of an e-mail to “pfir-request@pfir.org”. ] Getting the Information Out — Announcing “FACT SQUAD” Sept 6, i b?rjan p? tv?tusentalet http://www.pfir.org/factsquad-announce Hey there. Immediately following the particular recent Individuals For Web Responsibility “Future of the Internet” Workshop, technologies columnist Serta Gillmor documented on the occasion within their widely-read line. He specifically noted among the key points associated with agreement in the meeting — there’s a severe need for matched information resources and specialists to counter-top the usually skewed details provided by lobbyists and other vested interests concerning technology problems. As it appears, it’s usually these well-heeled passions who have effectively organized, for his or her own enhancement, to provide information regarding technical issues to press, politicians, and many more. Dan used term “fact squad” to explain the need for the coordinated energy to provide a few balance during these matters. PFIR has now setup a framework that we wish can provide support in filling up this reality gap. Coming from created “Fact Squad” : its homepage, which details the task in more details, is at: http://www.factsquad.org Fact Team is focused specifically in the direction of folks who require straightforward, immediate, and generally “jargon-free” details about these subjects. It is a matched resource for mass media, researchers, or even anyone else — cutting with the hype and achieving to the details. Fact Team by itself certainly cannot be the whole solution to the particular long-festering plus worsening difficulties of altered information plus propaganda in relation to technical problems and their particular impact on modern society. But good it’s possibly an important part of the right path. In addition to the Reality Squad homepage listed above, 3 new get in touch with e-mail tackles have been set up relating to this hard work: – Queries or information regarding specific subjects or problems: facts@factsquad. org – Common inquiries: general@factsquad. org : Information about taking part in Fact Team: participate@factsquad. org We anticipate your questions, remarks, and involvement. Thanks completely. Lauren Weinstein lauren@pfir. org or lauren@vortex. com or even lauren@privacyforum. org Tel: plus one (818) 225-2800 Co-Founder, PFIR – Individuals For Web Responsibility — http://www.pfir.org Pemandu, PRIVACY Community forum – http://www.vortex.com Member, ACM Committee upon Computers plus Public Plan Peter Gary the gadget guy. Neumann neumann@pfir. org or even neumann@csl. sri. com or even neumann@risks. org Tel: plus1 (650) 859-2375 Co-Founder, PFIR – Individuals For Web Responsibility : http://www.pfir.org Pemandu, RISKS Discussion board – http://catless.ncl.ac.uk/Risks Chairman, ACM Committee upon Computers plus Public Plan http://www.csl.sri.com/neumannCitibank ATM system outage
<"Joshua L. Weinberg" >
Wed, 05 Sep i b?rjan p? tv?tusentalet 09: sixteen: 25 -0700 Citibank’s system of 2k automated teller machines took place on the night of four Sep i b?rjan p? tv?tusentalet, due to software program problems. It had been still over the next day. Citibank’s online Web system furthermore crashed simultaneously. Basic assistance was refurbished about 2 hours later on, but different problems persisted. [Source: Reuters item, 5 Sep 2001; PGN-ed] http://dailynews.yahoo.com/h/nm/20010905/bs/financial_citibank_dc_2.html Joshua T. Weinberg, two Townsend St, Apt 1-905, San Francisco, CALIFORNIA 94107 1-415-777-3339 joshua@theWeinbergs. possuindo
France Phone system inadvertent disclosure blamed upon “computer error”
<"Peter Campbell" >
Thu, 6 Sep 2001 twenty: 28: nineteen -0500 The variant to the risk associated with leaving info you don’t would like disclosed within ‘comments’ a part of a MICROSOFT Office record, except that will instead of the effects being simply egg-on-face, you will find selective disclosure issues as well as the potential for claims of unfairness. In the US, course action legal cases have been tried for less. http://public.wsj.com/sn/y/SB999174259870751856.html http://biz.yahoo.com/prnews/010830/nyth052.html For that uninitiated, picky disclosure associated with material details is a human sin within the investment planet. The underlying rule of economic markets any of justness to all investors – share in a corporation is not known as “equity” for free. Executing deals based on details to which every shareholders are deprived of access is known as insider investing, though systems do exist that will allow reporters to industry in a properly legitimate plus legal style, and is the grave criminal offense in most nations with created financial marketplaces. Of course , many large traders have more period, resources plus expertise in order to devote to making decisions than many small types, so their own advantage can be undeniable. However the basis to make investment choices, so-called materials information, should be available to all of the investors, huge and little. A broadly discussed rules, dubbed Reg FD (for Fair Disclosure) was followed by the SECURITIES AND EXCHANGE COMMISSION’S in Oct of 2k: more information upon that right here: http://www.sec.gov/rules/final/33-7881.htm To the subject as well as the risk: the particular error is actually human as well as the risks associated with email exponentially boosted with the notes/comments/change-tracking features have already been discussed often in Dangers. Indeed the business I work with released the PR record with the modification history unchanged… I can occur to the best people!
Photo seat tickets dismissed within San Diego
Tue, four Sep i b?rjan p? tv?tusentalet 18: twenty two: 57 -0500 (CDT) The judge within San Diego terminated 290 seat tickets issued with a new crimson light digital camera system. The problem was a $70 contingency charge paid for each ticket to the particular private organization operating the device, which provided that corporation a clear financial incentive in order to issue a lot more tickets. The situation in question might impact the particular fifty some other cities within the nation which usually also make use of Red Dog casino 100 free spins gentle camera techniques. The determine did not issue the precision of the technologies itself. http://abcnews.go.com/wire/US/reuters20010904_522.html
Web filtration system considered dangerous
Comes to an end, 7 Sep 2001 twelve: 42: eleven +0200 Nowadays, I had in order to call Hand Support Philippines about a few problems came across with certainly one of their brand new models (insert m500 in to the USB holder, and the PERSONAL COMPUTER will from time to time reboot). The particular call-center man I had for the phone had not heard about the issue. However , My spouse and i done an internet search prior to, and had discovered some subscriber list discussions where someone documented that Palm’s US second-tier support understood the problem very well. So I provided the list archive’s URL towards the guy, requesting that he investigates the problem. “Sorry, I can’t access this via our internet proxy. They would like to be sure that all of us don’t browse for personal purposes throughout work hrs. ” The chance should be apparent: Filtering assistance employees’ internet access intended for security or even whatever some other reasons can significantly damage these types of employees’ capability to do their job. Jones Roessler http://log.does-not-exist.org/
Early morning telephone call angers residents
<"Barry in Indy" >
Sunlight, 2 Sep 2001 summer: 49: fifty two -0500 The lightning hit caused a pc to begin giving an automatic phone information in the middle of the night time. The conference announcement, planned to be shipped during the day upon Friday, Aug 31, unfortunately he sent beginning after nine PM Thursday night night, plus continued till 3: thirty AM Fri. There were regarding 50 problems. http://www.indystar.com/print/citystate/sat/articles/badcall01.html The potential risks? Political committing suicide, at the least. Craig Hurwitz
Brand new software enables managers lookup e-mail
Wed, five Sep i b?rjan p? tv?tusentalet 12: forty-nine: 04 -0700 (PDT) Notice from *Computerworld*: Managers almost everywhere will shortly have the capacity to remotely verify employee email boxes, look for common phrases and even remove e-mail with out notification, because of new software program. http://computerworld.com/nlt/0%2C3590%2CNAV47_STO63417_NLTDM%2C00.html [JL: The risks of abuse seem legion. And accidental abuse could occur; what if that deleted email was actually important?] Jonathan Leffler (Jonathan. Leffler@Informix. com) Protector of DBD:: Informix v1. 00. PC1 – http://www.perl.com/CPAN
Consumer Reviews password plan risks
Wed, 05 Sep 2001 17:40:57 -0400 My family regularly uses *Consumer Reports* to evaluate various products before we make a purchasing decision. The enclosed e-mail is the culmination of a rather round-about discussion. The original problem was that I could not log into my CR account [paid subscription] because it kept claiming the password is incorrect. Eventually, I discovered that I could log in if I claimed that I had forgotten my password and forced the site to send me a “click here to change your password” URL via email (in plain text, of course). Along the click trail of “click here to change your password”, the user enters a new password twice, verifies the two passwords matches, logs the user in (to the edit the account page– ugh), and presents the user with the site as if they had successfully logged in. If the user happens to choose a password containing an exclamation point (!), the site silently drops the exclamation point without giving the user any feedback that it has done so. Subsequent login attempts, of course, fail (unless the user happens to forget to type the (!)). Risk #1: Silently modifying the user’s entered password, claiming successful entry, and storing the modified (and likely insecure password) Risk #2: Limiting passwords to just letters/numbers. Most good password crackers will brute force through all the various ‘dog’, ‘d0g’, d)g’ possibilities. Risk #3: Having a “forgot your password” click path that leads directly to all of the pertinent account information. Thankfully, it does not display your FULL credit card– but does give the last five digits and does allow the user to modify various bits of critical information. Risk #4: Sending the “forgot your password” URL in a plain text email. A dead horse. Risk #5: Having nice, responsive customer support that had *no clue* that this problem existed (or even that it was a problem) when, in fact, the problem has been an issue for nearly a year (maybe longer). I’m sure there are others… b.bum (enjoying a ‘Fisher & Paykel’ as a result of information found on the above site…. talk about killer engineering. Drop a couple of wet sneakers in it, set it to spin dry at 7,000 RPM and it actually balances the drum to keep the thing from tearing itself apart!) Begin forwarded message: > From: customerservice@customerrelations.consumer.org > Date: Wed Sep 05, 2001 05:14:24 PM America/Montreal > To: “Mr. Bill Bumgarner” > Subject: Message from Consumer Reports Online – Ref:382442 > > Dear Mr. Bumgarner: > > Thank you for your recent e-mail. It was a pleasure to hear from you. > > After reading your e-mail, I’m sorry to say that your password cannot have > an exclamation point (!). However, please be assured that your password > can indeed consist of letters and numbers. If you have any questions, > please feel free to contact our Online Subscription Department toll-free > at > (800) 633-0663. A representative will be more than happy to assist you. > > Again, thanks for your e-mail. I hope you continue to enjoy the benefits > of Consumer Reports OnlineĂ. > > Sincerely, > > Jenny Manzueta > Customer Relations > 382442 In cyberspace, nobody can hear a person laugh.
Norton Personal Firewall
Tue, 04 Sep 2001 twenty: 31: ’08 +0100 Recently i had a issue with a Web site We run. A person complained that will Norton Individual Firewall had been saying the website was “trying to access her bank-account details”. A lot investigation afterwards, we found that the problem has been completely ridiculous. NPF defends the user through sites that will allow them in order to enter delicate information in the form which is not secured simply by SSL. I assume there’s several value on this. However , several factors mix to produce totally unnecessary FUD, not to mention an entire waste associated with everyone’s period. Firstly, customers are advised to defend their credit/debit card quantities by getting into only a few of the digits : the suggested number getting 4. Second of all, the “firewall” objects to some web page becoming served with the server that contains the delicate information when the page includes a form and it is not guaranteed by SSL. However , it will not check whether or not the data offered is during the form. Finally, the information presented towards the user shows that the webserver is for some reason trying to _access_ the delicate data instead of present this (I’m scared I do not need the exact text – determining the problem had been tedious sufficient without seeking to elicit this kind of details from your user). The web effect of all of this is that you obtain hysterical text messages from the consumer (and everybody else on the subscriber list they submit this problem to) saying that you might be trying to grab their charge card numbers. As well as the cause? A web link containing the timestamp within seconds. For just about any 4 number sequence the particular timestamp may match this for one second around 10 moments a day, to get 10 mere seconds once a day, to get 100 mere seconds every week, and so on. This particular lucky consumer happened to possess a number that will recently matched up all the time for any period of twelve days. http://www.apache-ssl.org/ben.html
Solar car parking meters really are a bad concept in moist Britain
Thu, 6 Sep 2001 twenty: 26: fifty five +0200 http://news.telegraph.co.uk/news/main.jhtml?xml=/news/2001/09/06/nmet06.xml Nottingham Authorities (United Kingdom) admitted how the 215 car parking meters run by solar power that they set up didn’t work as expected. They will followed the particular example of various other countries within sunny The southern part of Europe, however even when come early july has been sunnier in Nottingham, several metres have unsuccessful allowing car parking for free throughout periods. Other people didn’t function even in sunlight because they had been under trees and shrubs. The supplier, Metric, is certainly adjusting all of them for wintertime to save power. David Mediavilla EzquibelaSacramento woman refused $2. 7 million jackpot feature
Comes to an end, 07 Sep 2001 fifteen: 28: sixteen -0700 [The RISK: having a failure mode the same as the winning mode. Max] Nevada Video gaming Control Table agents state a Sacramento woman failed to win the $2. 6 million jackpot feature she believed she gained last 30 days at a Sparks casino since the machine malfunctioned. “The initial reel began to spin, and it also touched the maintenance cards, ” mentioned Paul Dix, a Video gaming Control Plank supervisor. “And the machine do what it has been supposed to do. This went into the tilt. inch But Francesca Galea, twenty nine, insists the girl play was obviously a legitimate earn. And she is willing to guard the earnings. [PGN-excerpted from AP report, 7 Sep 2001]
Accidental disclosure
Get married, 5 Sep 2001 ’08: 42: goal -0500 Various recent Dangers Digests have got (once again) illustrated dangers associated with unintentional disclosure of private information on the internet. Readers which do not get the particular Computing Analysis Association Information might want to look into the May problem. I published a cautionary article regarding using on the internet applications plus recommendation notice collection, especially for academia. Discover
Re: Surroundings Force workplace mails private information (RISKS-21. 63)
Get married, 05 Sep 2001 fourteen: 53: eighteen +0000 Lso are: the USAF Academy email foul-up talked about in RISKS-21. 63: the typical e-mail bundle for Atmosphere Force workplaces is MICROSOFT Outlook, which usually lets you set up lists associated with names straight into addressee groupings to avoid the trouble of keying in or reselecting a large listing of names every time you want to distribute a bulk message. Exactly what likely occurred here is the fact that officer accountable simply clicked on the wrong addressee group within haste or even carelessness; for example, instead of choosing “Cadet Team Headquarters” he may have chosen “Cadet Team, ” which may shotgun the particular message to be able to everybody. Obviously there are a variety of other ways this might have occurred, but I actually doubt there are any shenanigans going on. Maj. John Johnson, USAF [Still, it may be SirCam.
