|
Risks Digest 16.40
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
RISKS-LIST: RISKS-FORUM Digest Monday 12 September 1994 Volume 16 : Issue 40
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for information on RISKS (comp.risks) *****
Contents:
Highest Quality Company Logos for Inclusion in Software (Dennis Lawrence)
German Parking Violators Accused of War Crimes (Scott Mincey)
Enola Gay: Another text substitution (from alt.folklore.urban) (Henry Troup)
More daring tales of address disasters! (Peter Ladkin)
Risks of duality in electronic media (Bob Mehlman)
Unique way to find bugs: be investigated for breaking the rules [McLaren
Peugot Formula One] (Bjorn Freeman-Benson)
Neural Redlining == Plausible Deniability ? (Fred Baube)
Reply to New indecency rules proposed for all online services (Julian Meadow)
CPSR Annual Meeting (Phil Agre)
Proceedings on Assurance and Trustworthiness (Marshall D. Abrams)
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
----------------------------------------------------------------------
Date: Wed, 7 Sep 1994 08:05 PST
From: Dennis Lawrence <[email protected]>
Subject: Highest Quality Company Logos for Inclusion in Software
I received an ad from TigerDirect, Florida, offering a set of "650
High-Quality Logos" of major corporations. The ad suggests using "these logos
in newspaper and yellow page ads, brochures and cross-promotions." It goes on
to say "all images displayed are the registered trademarks or trademarks of
their respective companies." Can be used by Macintoshes or Windows
applications.
What a wonderful gift for con artists!
-- Dennis Lawrence
------------------------------
Date: Sat, 10 Sep 1994 22:47:31 -0400 (edt)
From: Scott_Mincey <[email protected]>
Subject: German Parking Violators Accused of War Crimes
Bayreuth, Germany - Three violators of the municipal parking code became war
criminals when an official entered the wrong code number. According to the
"Nordbayerischen Kurier" the three Bayreuth residents received summonses for
"Conspiracy to prepare agressive warfare," when they should have only received
citations for parking violations. According to the paper, the official, who
had just served ten hours on the night shift, filled out the forms relating to
the minor offenses and incorrectly entered the code number of the violation.
(Deutsche Presse Agentur)
------------------------------
Date: Wed, 7 Sep 1994 11:55:00 -0400
From: "henry (h.w.) troup" <[email protected]>
Subject: Enola Gay: Another text substitution (found in alt.folklore.urban)
(amusing, not very new)
The Dragon De Monsyne ([email protected]) wrote:
...
:Well, I can vouch fer it REALLY happening. In today's (Sept. 5, 1994, Final
:Edition) Northwest Herald (a local paper in ithe far northwest Chicago Suburbs
:(McHenry County, fer those who know where that is), on pg 3, bottom, left hand
:corner, I found this gem.
: "Atomic bombers criticize Enola homosexual exhibit"
Nicely documented, for UL hunters.
Henry Troup - [email protected] (Canada)
------------------------------
Date: Thu, 8 Sep 1994 18:32:55 +0200
From: Peter Ladkin <[email protected]>
Subject: More daring tales of address disasters!
A colleague, Paul Gibson, arrived at INRIA Lorraine in France from Scotland at
the beginning of July. He set up an account with a local branch of the Banque
Populaire de Lorraine in Haussonville, a district of Villers in the Nancy
conurbation. The address on his account is that of our host, who lives in a
tiny village 75km from here. The bank put a false postal code on his address,
consequently his mail from the bank arrives either very late or, in the case
of important items such as his bankcard PIN code and checkbook, not at all (I
wonder if the important mail has a `Do Not Forward' instruction on the
envelope?). However, whenever he notifies the branch and they check, the
correct postal code appears with his account information. The bank employees
claim not to understand how the two addresses can be different and seem to be
at a loss to rectify the situation, even though he's been physically to see
them about it three times in the last two months.
There's an easy fix. Close the account and open another one. But there should
be an easier fix - ensure the right address. Either way, the bank lacks
effective procedures for troubleshooting. He still has no checkbook and no
functioning cash card.
Peter Ladkin
------------------------------
Date: Sat, 10 Sep 1994 14:29:50 PDT
From: rmehlman%[email protected]
Subject: Risks of duality in electronic media
A new teleconferencing system installed at JPL still has some bugs.
Participants are told to dial into the telecon themselves. Two numbers are
provided: an area 818 local number, and an 800 number for distant callers. I
dialed the local number for a NASA/Galileo project telecon which turned out to
be seriously depleted; half the expected participants, including the convener,
were missing. Attempts to reach the convener by phone failed; the line was
always busy. We went ahead and had our discussion anyway, only to learn later
that a dual telecon, among the people who had dialed the 800 number, had taken
place simultaneously.
This reminds me of a curiously similar situation on Telemail about ten years
ago. A user complained of often missing important mail. Months later,
investigation showed him to have two accounts, differing only by the appended
organization. His default login went to one of these, but the group mail
distribution list went to the other. About a hundred messages were there
waiting for him. "The Black Hole of Telemail", we always called it.
Bob Mehlman, UCLA/IGPP
------------------------------
Date: Fri, 9 Sep 94 13:04:45 EDT
From: [email protected] (Bjorn Freeman-Benson)
Subject: Unique way to find bugs: be investigated for breaking the rules
Here's an interesting positive-risk (rather than negative-risk)...
The McLaren Peugot Formula One racing team was investigated for breaking
the rule against computerized driver aids. During the investigation, the
governing body (FIA) contracted with LDRA Ltd to decode MacLaren's software
and determine if the rules were broken. According to the press release:
PRESS RELEASE FROM THE FEDERATION INTERNATIONALE DE L'AUTOMOBILE (FIA)
...lots of stuff...and then the interesting paragraph...
The World Council noted that during the course of the
investigation, LDRA Ltd discovered a bug (fault) in the McLaren
software which was producing a power loss in the engine (due to a
faulty signal from the gearbox control unit to the engine control
unit). McLaren will now be able to correct this problem.
Paris 7 September 1994
Bjorn N. Freeman-Benson
------------------------------
Date: Sun, 11 Sep 94 18:15:52 EET
From: [email protected] (F.Baube[tm])
Subject: Neural Redlining == Plausible Deniability ?
My understanding of neural nets is hazy, so someone please correct me if I'm
way off-base.
Neural nets are being used more and more in commercial applications, for
example in evaluating mortgage applications.
It occurs to me that since the internal state of a neural net, and its
decision-making "process", is essentially opaque, a lender could depend on a
neural net to implement redlining in a manner such that, if the bank were in
fact to be accused of redlining, the bank could reply, "We don't redline, we
rely on objective computer programs to evaluate applications."
The training set for the net could itself contain redlining, and the net would
learn it. Then the training set is discarded, and there is no proof of intent
to evade the law.
Any applications receives a final yes/no from a live human being, but how easy
is it for the lending officer to let a neural net do his or her "dirty work" ?
* Fred Baube(tm) GU/MSFS/88 [email protected]
------------------------------
Date: Wed, 07 Sep 1994 17:17:42 +0000 (GMT)
From: Julian Meadow <[email protected]>
Subject: Reply to New indecency rules proposed for all online services
Don't you just love it when you read about something that might happen,
happens! After reading Daniel J. Weitzner's comments about the proposed new
indecency rules, I read the following article on the front page of this
weeks New Zealand COMPUTERWORLD (dated Sept 5, 1994):
INTERNET SEX GOES OFF-LINE, by Rob Hosking
The prospect of being the target of an indecency test case has caused
Internet service provider ICONZ (Internet Company of New Zealand) to pull
its pornographic news groups and bulletin boards off line.
"We've pumped hundreds of thousands of dollars into ICONZ and I'm not going
to see that go in a test case," says systems administrator Jon Clarke. The
company pre-empted the impending litigation after hearing "through the
grapevine" that an Auckland religious group was planning a lawsuit following
an item on television news about the Internet. Approximately 20 news groups
were taken off the wire, out of about 440, and only two users had complained
since their removal, says Clarke. "To put it into some sort of perspective,
it's effectively stopped us transmitting 100Kb out of 150Mb a day," he says.
The action would have been under the Films, Videos and Publications
Classifications Act, passed earlier this year. There is some doubt as to
whether the Internet is covered by the act, and the issue has yet to be
decided in court.
Clarke says the material being carried is tamer than that available over
the counter in most dairies <JM comment - read cornerstore, newsagent, etc.),
and he queries what he sees as a double standard involved. Network users in
the US have formed a group to lobby against restrictive legislation and, with
the Howick MP Trevour Rogers' Technology and Crimes private members bill
currently before Parliament, Clarke says it could be time for the information
of such a group here.
The material is still coming into New Zealand but is now "being put in the
great big bit bin", as far as ICONZ is concerned. Clarke believes the
material will be available - "there are millions of sites worldwide you can go
to for this kind of stuff, the only thing is you'll have to pay for it".
<<< JM's comments follow >>>
This article raises several interesting questions:
1. Do we really want local network providers to become our censors?
2. How does the network provider filter 150Mb of data a day, especially
when he doesn't know what the law states is and isn't allowed?
3. If a network provider, whilst censoring the days 150Mb of information,
reads that a "religious group" was planning a lawsuit against him because
they didn't agree with one of his services, what should he do?
The internet provider doesn't lose either way, since as Jon Clarke points out
himself, his users just have to go further afield, and I'm sure he'll be happy
to charge for this.
------------------------------
Date: Tue, 6 Sep 1994 19:02:42 -0700
From: Phil Agre <[email protected]>
Subject: CPSR Annual Meeting
The 1994 CPSR Annual Meeting will be held on the weekend of October 8th and
9th at UC San Diego. One focus of the meeting this year is teaching people
how to actually do something about computer-related Risks to privacy and
the like. We'll have a workshop on privacy activism by Christine Harbs from
the Privacy Rights Clearinghouse and Dave Redell from CPSR's Civil Liberties
Working Group. We'll also have a workshop on legal issues for BBS operators
from Mike Godwin of EFF, and a panel discussion on the issues that arise when
protecting privacy and intellectual freedom in various professions. Everyone
is welcome to attend.
The Annual Meeting Web pages are now ready to go. Just aim your Web client at
http://www.cpsr.org/dox/am/program.html and look around. Or, if you prefer,
you can get the program and registration information from an autoresponder by
sending a message to [email protected].
Phil Agre, UCSD
------------------------------
Date: Wed, 7 Sep 1994 10:47:43 -0500
From: [email protected].org (Marshall D. Abrams)
Subject: Proceedings on Assurance and Trustworthiness
Announcing the availability of the Proceedings of an Invitational Workshop on
Information Technology (IT) Assurance and Trustworthiness held March 21-23,
1994 at George Washington Inn Williamsburg, Virginia.
The proceedings are available by FTP as an ASCII document from csrc.nist.gov.
The path is /pub/nistir/assure.txt Hardcopy was published by the National
Institute of Standards and Technology numbered NISTIR 5472.
ABSTRACT
The purpose of the 1994 Invitational Workshop on Information Technology (IT)
Assurance and Trustworthiness was to identify crucial issues on assurance in
IT systems and to provide input into the development of policy guidance on
determining the type and level of assurance appropriate in a given
environment. The readers of these proceedings include those who handle
sensitive information involving national security, privacy, commercial value,
integrity, and availability.
Existing IT security policy guidance is based on computer and communications
architectures of the early 1980s. Technological changes since that time
mandate a review and revision of policy guidance on assurance and
trustworthiness, especially since the changes encompass such technologies as
distributed systems, local area networks, the worldwide Internet,
policy-enforcing applications, and public key cryptography.
1995 WORKSHOP
A call for participation for the 1995 workshop will be available in October.
You may request a copy by sending e-mail to [email protected].
Marshall D. Abrams, Info Systems Security Division, The MITRE Corporation,
7525 Colshire Drive, McLean, VA 22102-3481 703.883.6938 abrams@mitre.org
------------------------------
Date: 31 May 1994 (LAST-MODIFIED)
From: [email protected]
Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
Undigestifiers are available throughout the Internet, but not from RISKS.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S.
users on .mil or .gov domains should contact <[email protected]>
(Dennis Rears <[email protected]>). UK subscribers please contact
<Lindsay.Marshall@newcastle.ac.uk>. Local redistribution services are
provided at many other sites as well. Check FIRST with your local system or
netnews wizards. If that does not work, THEN please send requests to
<[email protected]> (which is not automated).
CONTRIBUTIONS: to [email protected], with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, and nonrepetitious. Diversity is
welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS
MESSAGES in responses to them. Contributions will not be ACKed; the load is
too great. **PLEASE** include your name & legitimate Internet FROM: address,
especially from .UUCP and .BITNET folks. Anonymized mail is not accepted.
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
All other reuses of RISKS material should respect stated copyright notices,
and should cite the sources explicitly; as a courtesy, publications using
RISKS material should obtain permission from the contributors.
ARCHIVES: "ftp crvax.sri.com<CR>login anonymous<CR>YourName<CR> cd risks:<CR>
Issue j of volume 16 is in that directory: "get risks-16.j<CR>". For issues
of earlier volumes, "get [.i]risks-i.j<CR>" (where i=1 to 15, j always TWO
digits) for Vol i Issue j. Vol i summaries in j=00, in both main directory
and [.i] subdirectory; "dir" (or "dir [.i]") lists (sub)directory; "bye<CR>"
logs out. CRVAX.SRI.COM = [128.18.30.65]; <CR>=CarriageReturn; FTPs may
differ; UNIX prompts for username, password; [email protected] and
WAIS are alternative repositories. See risks-15.75 for WAIS info.
To search back issues with WAIS, use risks-digest.src.
With Mosaic, use http://www.wais.com/wais-dbs/risks-digest.html.
FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving
it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info
regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL
RISKS COMMUNICATIONS; as a last resort you may try phone PGN at
+1 (415) 859-2375 if you cannot E-mail [email protected] .
------------------------------
End of RISKS-FORUM Digest 16.40
************************
|
|
