* Forwarded (from: netmail) by Roy J. Tellason using timEd 1.10.y2k.



Date: Mon, 25 Aug 2003 15:51:55 -0400
From: "Ng, Kenneth (US)" 
Subject: Chips that can self-destruct

Michael Sailor and colleagues at the University of California at San Diego
have developed a self-destruct mechanism that can be activated (with a
warning) if a machine detects that it has been stolen.  The first thought I
had was "program bug".  The second was "virus".  The
third was "cyber denial
of service attack".  Personally, it wouldn't be the same without the "this
chip will self destruct in 5 seconds, good luck, Jim" followed by the
standard white smoke from Mission Impossible.
  http://www.newscientist.com/news/news.jsp?id=ns99991795 
    [The technique involves adding gadolinium nitrate to silicon.  PGN]



Date: Thu, 28 Aug 2003 10:03:58 -0700
From: Henry Baker 
Subject: A new approach to roller coasters

  [FYI -- Note the use of Windows OS to run this thing.  HB]
     [Could give new meaning to the Blue Screen of Death. PGN]

``Roller coasters are boring. ...  But a new two-seat ride called
RoboCoaster is different.  Its 4,400-pound, 22-foot-long mechanical arm
provides a much wider array of twists and turns than any single traditional
coaster can, its makers say.  And because those whipping motions are just
about infinitely programmable, riders can have radically different
experiences on the same RoboCoaster, and can even customize their own
thrills. ...  Made by the German robotics company Kuka Roboter, the $350,000
RoboCoaster became available last November.  Fourteen have been installed,
two of them in the United States - at American World Resort in Wisconsin
Dells, Wis., and at C.J. Barrymore's, 30 miles north of Detroit.  Ten are
housed in a vast hall at the Legoland theme park in Billund, Denmark, where
they are called Power Builders.

Riders use a Windows-based touch-screen computer to program their own
RoboCoaster experience.  There are seven levels of difficulty, and within
each level are 14 movements -- dips, falls, rocket starts, butterfly rolls
and loops - lasting 5 to 15 seconds.  According to Legoland, more than 1.4
million combinations are possible.  With six axes, the robot can throw
riders in any number of directions, turning them upside down, spinning them
side to side, or making them swoop as if they were in a jet fighter -- all
at 1.9 G's, nearly twice the normal gravitational pull.  Optical sensors
attached to a motor in each axis calculate the position of the coaster's arm
every 32 milliseconds.  [Source: Taking Roller Coaster Limits for a Ride, 
Noah Shachtman, *The New York Times*, 28 Aug 2003; PGN-abridged]
  http://www.nytimes.com/2003/08/28/technology/circuits/28roll.html
  ?pagewanted=print&position=

--

Date: Fri, 29 Aug 2003 09:35:18 -0700
From: "NewsScan" 
Subject: Battling the threat of data extinction (NewsScan)

Because most digital files are dependent on the operating systems in which
they're stored and the software applications used to create and access them,
would-be archivists are faced with the task of retaining and maintaining the
digital hardware necessary to read digital files as well as the files
themselves. "With each passing day, the reservoir of digital documents
grows," says Eastman Kodak manager Andrew Lawrence. "Often, there is no
associated hard-copy output to archive via conventional means. Over time,
the problem is that media decays and hardware and software platforms evolve,
placing the electronically stored information at risk." Lawrence suggests
the best approach to digital preservation is a dual track. For short-term
needs, users can maintain structured electronic archives in their native
formats. But for longer-term purposes, Lawrence suggests creating a
referenced archive of permanent document images in analog format, such as
microfilm, that could provide a technology-proof repository. Glenn Widener,
director of Internet technology at Swiftview, has a different solution. He
recommends using the Printer Control Language (PCL) format, invented by
Hewlett-Packard for its LaserJet family of printers, as an easy way to
preserve documents. "Many PCL viewers can view 15 to 20 years back. There
will always be commercial tools readily available to read it." Meanwhile,
Dan Schonfeld, director of products for Artesia, says his company's digital
asset management software enables users to archive viewers, readers and
players along with files. "Because we can store any type of media, we can
actually store applications as well as the media files themselves."
[TechNewsWorld 28 Aug 2003; NewsScan Daily, 29 Aug 2003
http://www.ecommercetimes.com/perl/story/31436.html

--

Date: Mon, 1 Sep 2003 08:56:43 -0700 (PDT)
From: "Peter G. Neumann" 
Subject: Man steals tracking device, which tracks him down

A man stole a $2500 GPS-based computerized home-detention tracking device
that had been temporarily left outside the home of the woman who was
supposed to be wearing it.  By the time she reported the loss, prison 
officials had already rounded up the thief.  [Source: AP item 1 Sep 2003;
PGN-ed]
  http://www.newsday.com/news/nationworld/wire/
  sns-ap-tracking-device,0,4015374.story?coll=sns-ap-nationworld-headlines

--

Date: Wed, 27 Aug 2003 15:19:13 -0600
From: zowie{at}euterpe.boulder.swri.edu (Craig DeForest)
Subject: Careful typography in the CAIB report

I'm sure that many are reading and will contribute about the recent Columbia
Accident Investigation report:

  http://www.caib.us  

A rare amusing moment occurs on p. 191, where noted communication expert
Edward Tufte analyses the horrific viewgraph layout used within NASA.

One of Tufte's points is that even a simple unit measurement ("cubic
inches") is laid out three different ways in a single viewgraph, making it
difficult to recognize that the three units are directly comparable (in this
case an analytical model that was designed for foam chunks up to 3 cubic
inches was used for a foam chunk that was over 300 times larger).  But a
diligent copy editor has regularized the three layouts in the corresponding
figure caption, obscuring Tufte's argument.

Tufte analysed the Challenger explosion in his fabulous book, "Visual
Explanations".  He convincingly argued that poor communication (caused in
part by bad charting of the relevant risk factors) played a significant role
in the loss of Challenger.  The same arguments seem to hold about Columbia.



Date: Wed, 27 Aug 2003 15:41:08 +1200
From: "Dr Richard A. O'Keefe" 
Subject: Can't catch it?  A virus can still hurt you.

I thought I was safe.  My mail machine is an Alpha running OSF/1.  I use
mailx, which not only doesn't do anything in particular with attachments, it
wouldn't know an attachment if one bit it in the backside.  I suppose it's
theoretically possible to write a virus or worm for the Alpha, but there's
not that much thrill in persecuting orphans; the bad guys much prefer going
after idiot boxes.  So I thought no virus could possibly pose a threat to
*my* mail.

Wrong.

My mail comes through the University's Information Technology Services.
Quoting their recent "ITS Incident Report: E-Mail Services #2", 

  E-Mail from off-campus destinations were lost by the University e-mail
  system from approximately 5:00 am until 4:45 pm on August 23.  People will
  have received an e-mail from the sender that contained no subject line or
  content.

In fact I received a couple of hundred such messages.  How could that be?
Continuing the quote:

  Since Wednesday August 20 [to Monday August 25] the University has
  received over 120,000 copies of the Sobig-F virus. ...  The University
  e-mail hubs scan all e-mail messages for viruses.  Any e-mail that
  contains a virus is quarantined and no further delivery attempts are made.
  The quarantined e-mail messages are occasionally analysed in order to
  trace the origins of viruses, with old e-mail messages purged as required.

So far so good.  They try hard to stop viruses getting through, and they
monitor the bad stuff so they can do a better job.  BUT

  With the advent of Sobig-F, the number of e-mail messages quarantined grew
  dramatically.  The file system on the mailhubs only permits 32,000 files
  per directory.  On Thursday last week one of the mailhubs hit this limit.
  At this time it was thought that the large number of quarantined e-mail
  messages was due to historical data not being purged.  However, another
  32,000 virus infected e-mail messages were intercepted by each of the
  mailhubs over the next 36 hours which caused similar failures to the one
  on Thursday.

  As a result of these failures, incoming e-mail messages could not be
  written to disk for virus and spam scanning.  When the system went to send
  on the e-mail to its destination, only the sender data was retained.

OOPS.  In hindsight, it was a bad idea to store quarantined messages and
good ones on the same file system, and it might not have been such a good
idea to store each quarantined message as a separate file.  However, I'm
pretty sure I wouldn't have thought of that without the benefit of
hindsight.

  The e-mail messages that have had their content lost are not recoverable.
  The only way for you to know the contents of those e-mail messages is to
  ask for the sender to resend the message(s).  You are urged to take care
  to only request a resend from known senders.  In the event that a request
  for a resent message is made to a spammer, you are likely to receive
  greater volumes of spam in the future.

The really sad thing here is that the guys in ITS *do* have a clue or two,
and were trying to do their job.

  ITS has now stopped reaining block e-mail messages containing viruses.

Oh dear.  Retaining messages was a *good* thing.  The sheer volume of bad
stuff has stopped them doing it.  Death of the net?  Oh yes, it's entirely
forgivable that they didn't spend a lot of time thinking about the problem
on Thursday, because tech support people around the campus have been as busy
as one-armed paperhangers trying to clean up after Blaster and Sobig-F.
Yes, they *do* stop those things entering through the network.  Yes, they
*do* provide up-to-date anti-virus software.  However, people _will_ run
Windows on their laptops, take them home, and bring the infection back...

Instead of just deleting all virus messages, I think it would be better to
retain a random sample of (say) 30,000 of them.

So I've learned something:  I can lose a couple of hundred messages because
of a virus my machine didn't catch and cannot catch, because of what the
virus did to a mail hub that didn't and couldn't catch it either.

I've also learned that if I receive e-mail without content or subject
line, I probably shouldn't delete it all, like I did.  Sigh.

  [The quoted text was quite sloppy.  Vastly too many "(sic.)"s have been
  removed, and various garbles fixed to make this message more readable.
  My apologies if I missed a few!  PGN]



Date: Tue, 26 Aug 2003 08:28:20 -0700
From: "NewsScan" 
Subject: More theories about Sobig vandal's motivation

Is money the real motivation for the spread of the Sobig virus? Sobig is 
transmitted as an e-mail attachment and is the sixth variant of the 
malicious code by an unknown attacker. Mikko H. Hypponen, director of 
antivirus research at F-Secure corporation in Finland says: "I think the 
motivation is clear: it's money. Behind Sobig we have a group of hackers 
who have a budget and money." Computer security expert Russ Cooper suggests 
that the vandal is acting out comic book fantasies: "You can liken this guy 
to Lex Luthor and we're all Supermen. Luckily, we've been able to get the 
kryptonite from around our necks each time so far." One popular theory is 
that Sobig is the work of an e-mail spammer who is aggressively trying to 
build a clandestine infrastructure for blitzing the Internet with junk 
e-mail. Antivirus software researcher Joe Hartman of TrendMicro says, "If 
machines remain infected they could be used in any kind of attack. The 
question we ask ourselves is, What is he trying to achieve? We don't think 
it's planned for a specific threat, rather its more likely a money-making 
spam scheme." And Bruce Hughes of Trusecure points out: "There is some 
evidence that he's been tied in with spammers." Sobig spreads further only 
when a computer user selects the attached program that then secretly mails 
itself to e-mail addresses stored in the user's computer. The Computer 
Emergency Response Team at Carnegie Mellon University says, "Our current 
advice is: Don't open an attachment unless you are expecting one."  [*The
New York Times*, 26 Aug 2003; NewsScan Daily, 26 August 2003]
  http://partners.nytimes.com/2003/08/26/technology/26VIRU.html

--

Date: Wed, 27 Aug 2003 22:17:34 -0400
From: Scott Nicol 
Subject: Re: Sobig affects Amtrak trains, Air Canada (Leisner, RISKS-22.88)

According to a technically sparse press release by CSX
http://www.csx.com/?fuseaction=company.news_detail&i=45722&news_year=-1>,
it wasn't the signalling computers that were affected, but rather the
communication lines that the signals are sent on.  One would have to
assume this means that the communication lines that are used for
signalling are also used for other purposes, including sending e-mail.

What happens when somebody inside CSX sends an e-mail to "all", on the
subject of, say, next years health plan choices, with a 20MB powerpoint
presentation attached?  Do the signals get blocked for a few minutes until
the e-mail is dispatched everywhere?

--

Date: Wed, 27 Aug 2003 18:51:16 +0100
From: Neil Youngman 
Subject: Re: "Good" worm fixes infected computers (Schindler, RISKS-22.87)

> Even though the new worm is "good," it can cause plenty of
> trouble for computer users ...  

I remember discussing the topic of "good viruses" and why there
was no such 
thing -- way back in 1989; see 
  http://www.ja.net/CERT/CERT-CC/virus-l/archives/1989/v2i117

Now I know of one company whose network was taken off line for at least 24
hours by this "good virus". A truly destructive "good
virus" may have taken
a long time to arrive but I'm sorry to see that it finally got here.



---