* Forwarded (from: netmail) by Roy J. Tellason using timEd 1.10.y2k.



Date: Wed, 18 Jun 2003 14:56:12 +0900 (JST)
From: Curt Sampson 
Subject: Cyberterrorists in the U.S. Senate

  The chairman of the Senate Judiciary Committee [Sen. Orrin Hatch, R-Utah]
  said Tuesday he favors developing new technology to remotely destroy the
  computers of people who illegally download music from the Internet.
  http://www.salon.com/tech/wire/2003/06/17/hatch_download/

I don't know that there's much more to be said.

Curt Sampson     +81 90 7737 2974   http://www.netbsd.org

  [There's lots more to be said.  For example, some software vendors would
  like to do that to their competitors, not just to their customers.  PGN]



Date: Wed, 4 Jun 2003 17:08:10 -0600
From: Victor the Cleaner 
Subject: $24-million spreadsheet "boo-boo"

From *The Calgary Sun*, 4 Jun 2003:

  TransAlta Corp said yesterday a "clerical error" was a costly one for the
  power producer -- $24 million US to be exact.  The Calgary-based company
  said a spreadsheet goof by an employee last April caused the company to
  pay higher than intended rates to ship power in New York.  CEO Steve
  Snyder told a conference call yesterday a "cut-and-paste" foul-up in an
  Excel spreadsheet on a bid to New York's power grid operator led TransAlta
  to secure 15 times the capacity of power lines at 10 times the price.  The
  costly human error couldn't be reversed by the grid operator and while
  TransAlta has since tried to recoup the mammoth losses, it was left with a
  $24-million US lesson.  [...]

The RISKS?  Jeez, where do you start?  This sort of thing is becoming so
depressingly common that it barely makes print.  Enormously complicated and
powerful tools that are capable of simultaneously magnifying minor errors
and burying from sight the megabuck consequences?  The apparent "we're
terribly sorry, but our computers aren't programmed to issue refunds"
response of the "New York power grid operator"?

Jonathan Levine, Middle Digital Inc. http://www.realweasel.com
  [Also noted by Morty Ovits.
     http://reddeeradvocate.com/editorials/radB948F.htm
   and George N. White III.  PGN]



Date: Fri, 6 Jun 2003 11:01:37 +0100
From: "Dave Austin" 
Subject: Scotland Yard outage chaos 

I thought that this was of interest, an old risk but surprising to find such
a high profile building vulnerable:

Yard crisis as power fails , 4 Jun 2003 

Scotland Yard was plunged into crisis today by a massive power and
communications failure.  All phones in the building were cut off as all
lines to the Yard were down, while the central system for handling 999 calls
also failed and had to be switched to local police stations.  Computers
which log emergency and other calls to police in London - known as the CAD
system - failed, along with a second system to Hendon which was supposed to
provide an emergency back-up.  Emergency generators restored power to the
building, but officers had to resort to using mobile phones.  A group of
senior officers was called together to handle the crisis. One police source
said the meeting had examined the possibility that the power failure was a
terrorist or a criminal act, though this had been ruled out.  The failure
showed the vulnerability of the Yard's communications network at a time when
London is on alert for a possible terrorist outrage.  The phones and
electricity crashed at about 9.30am and were still out of action two hours
later. A Yard spokesman said the crisis was caused by a single workman
cutting through an electricity cable in the Victoria area, and that the
company's chief executive had personally apologised to senior officers.  As
engineers from the Yard and outside companies were working flat-out to solve
the problem, the police spokesman emphasised that officers were still
responding to 999 calls which had been routed through the main London police
stations.  "We have contingency plans in place which are working well,"
added the spokesman. "We are still able to provide emergency cover for
London.  "This is a serious matter and we are seeking to bring the building
back on-line as quickly as possible."  One employee at the building said:
"We're in the hands of the engineers." Asked if it was causing huge
problems, he said: "You could say that."  Visitors to the Yard's reception
who had fixed appointments were told they couldn't be seen today because of
"internal communication problems".  Staff at reception were unable to make
internal phone calls and unless visitors had the mobile phone numbers of
staff they were due to meet, they were told they would not be able to see
them.  Other buildings in the area were also affected by the blackout.
London Ambulance said its 999 service was still operational but calls were
being handled on paper for about an hour and a half while the power was
disrupted. Scotland Yard has contingency plans to relocate its emergency
systems and senior officers in the event of a massive crisis such as a
terrorist attack.  However, this did not happen this morning.  Another
police source said: "This could come from the plot of a film.  "One wonders
whether there is a massive criminal heist going on somewhere in London.
"The fact that someone can bring the building to a halt by cutting a single
cable is a little alarming.  "I am sure there will be a few internal
inquiries about this."

Police chiefs told to explain blackout 

5 June 2003 

Police chiefs have been ordered to provide a full report into the power
failure which led to computers and telephones at Scotland Yard crashing for
more than seven hours.  Toby Harris, chair of the Metropolitan Police
Authority, said there were "grave concerns" after an engineer blacked out
the HQ yesterday by accidentally cutting a single cable in the street.  He
added it called into question the Met's ability to cope in a crisis.

Source: (London) Evening Standard - also covered in The Times et al.

Dave Austin   www.insight.co.uk



Date: Tue, 10 Jun 2003 01:34:38 -0400
From: Monty Solomon 
Subject: Tiny tracking chips surface in retail use

Tom Pounds waved his overflowing grocery basket at the wall and offered a
glimpse of our shopping future.  The coffee cans, razor blades, and other
items in his basket each carried a stowaway -- a tiny chip, the size of a
fleck of black pepper, coupled with an antenna.  Each emitted a short burst
of identifying data that streamed via radio waves to a sensor on the wall.
[...] Within fractions of a second, a computer translated those received
signals onto a monitor as images of each product in the basket.  [...]  In
15 or 20 years, futurists predict, the pervasive RFID tags will link to
massive computer networks, enabling speedy checkout from the grocery store,
medicine cabinets that tell you when to take pills, and milk cartons that
inform your fridge when to add another gallon to the grocery list.  [...]
[Source: Chris Gaither, Radio Frequency Identification Tiny tracking chips
surface in retail use Retail uses for ID chips surfacing, *The Boston
Globe*, 9 Jun 2003]
  http://www.boston.com/dailyglobe2/160/business/
  Tiny_tracking_chips_surface_in_retail_use+.shtml

--

Date: Tue, 17 Jun 2003 11:32:52 -0400
From: Steve Holzworth 
Subject: Smart cellphone would spend your money

  "A consortium of the world's top consumer electronics firms, mobile
  networks and broadcasters are funding the development of cellphones that
  will spend money on your behalf. The consortium, called Mobile VCE,
  includes Nokia, Sony, Vodafone and the BBC.  It might sound like a
  bankruptcy waiting to happen, but software engineer Nick Jennings is
  supremely confident the phones will not mess up anybody's life.  [...]
  The cellphone agents only offer help if triggered by a diary event or if a
  definite pattern of behaviour, such as going to the movies every Friday,
  has been established."  [Source: New Scientist]
    http://www.newscientist.com/news/news.jsp?id=ns99993818

[SCH - how many "supremely confident" software engineers have watched
as their rocket booster exploded, their online store got hacked, etc.?]

What mechanisms will be in place to dispute or refuse purchases that your
cellphone agent makes on your behalf?  Be *sure* that you always want to go
to the movies every Friday...

I own a DirecTivo video recorder, which has a similar agent-like process
that automatically records "suggested" programs for you, based on analyzing
your previous viewing habits.  I'm still often amused by some of the
"suggestions" it makes, which have no obvious relevance whatsoever to my
typical viewing habits.

I suppose that if your life runs on a rigid schedule, this might be useful.
My life certainly doesn't...

Steve Holzworth Senior Systems Developer SAS Institute - Open Systems R&D
VMS/MAC/UNIX, Cary, N.C.  sch{at}unx.sas.com

--

Date: Fri, 6 Jun 2003 11:10:44 -0400 
From: Jeremy Epstein 
Subject: Virginia grievance system online - with a slight problem

Virginia put its workplace grievance system online as a way of improving
responsiveness (the old system typically took a year to process), according
to *The Washington Post* Expected savings are $100,000/year, possibly more.
As a Virginia taxpayer, that's good.... every little bit helps.
  [http://www.washingtonpost.com/wp-dyn/articles/A10481-2003Jun3.html]

"The system is secure from prying eyes, yet those who need to know a case
history can view an entire file by using the employee's Social Security
number."  So... yet another new system that uses the employee's SSN as the
key.  That's bad.  [And we won't even get into how they know that "the
system is secure from prying eyes".]

--

Date: Fri, 13 Jun 2003 22:22:23 +0200
From: Giles Todd 
Subject: Sign someone up to be an organ donor!

Add anyone you like to the UK's NHS Organ Donor Register at:
  https://www.uktransplant.org.uk/odronline/servlet/mydetailsservlet

Apart from trivial address validity checks, the sole attempt to ensure that
the person being signed up is really who he or she says he or she is is an
e-mail message sent to the e-mail address supplied.

  Date: Fri, 13 Jun 2003 21:11:12 +0100 (BST)
  From: odr{at}uktransplant.nhs.uk
  Subject: I want to be a donor

  Thank you for joining the NHS Organ Donor Register.  Your new record will 
  now be downloaded directly to the register.

  If you wish to amend the personal information held on the register at any 
  time you can do so through this website, or by contacting:
    The Organ Donor Line (0845 60 60 400) between 7am and 11pm seven days a 
    week for a form, or by writing to:
      The NHS Organ Donor Register, UK Transplant, PO Box 14, FREEPOST
      Patchway, BRISTOL BS34 8ZZ  UK



Date: Fri, 6 Jun 2003 12:49:02 -0700
From: greep 
Subject: Downloading data can turn your computer into a server

The Register reports
(http://www.theregister.co.uk/content/6/31080.html>) that Joltid is
using "content distribution technology that utilises users' own PCs to
disseminate content for publishers."  According to the article, when
someone loads content (such as software) using the Joltid system, the
computer loading the data then becomes a server for that same data.

There seem to be a number of potential risks to users of such a system:

They could held liable for "publishing" information over which they have no
control.  This liability could include copyright and patent infringement.
If the content is found to contain viruses or material which is illegal, the
liability could be even more severe.

Bugs in the Joltid software could expose their personal files to the outside
world, even if their computers run no other server software.

Their own network throughput, or other computer resources, might be affected
by having their computers act as servers.

They may be subject to additional ISP charges for excessive outbound
traffic.

People who retrieve data from another customer's computer (not from the
original publisher) need to consider the possibility that the data has been
altered.  The article does say: "All files are digitally signed to prevent
tampering, the company claims", but no details are provided.

---