COMPUTER SECURITY ***************** Compiled, edited & written by Ian Douglas InterNet iandoug@aztec.co.za June 1995 edition =================================================================== Major story this month (from my perspective anyway) was the International Federation for Information Processing's Security 1995 conference, held at the Cape Sun, May 9 - 12th. It was the first time that the conference had been held in Africa, so I arranged suitable weather :-) We even got to meet the mayor! One of the invited guest speakers was Fred Cohen, whose doctoral thesis ushered in the era of computer viruses in the 1980's. There were around 220 delegates, including a large contingent from Sweden. The presented papers covered all aspects of computer security, with emphasis on digital signatures and encryption. These techniques provide authenticity and confidentiality when sending mail, files, etc, over networks, especially open networks like the InterNet. Another common theme was using context-based roles to decide who is allowed to do what on a network. This is particularly important for businesses. All in all, I thoroughly enjoyed the conference, and have started scheming how I can get my employer to send me to the next one in Greece... :-) =========================================================================== Some reported problems with McAfee software (and a warning for DOS-based TSR scanners in general. See virus reports later): Newsgroups: comp.virus Subject: Re: Windows & McAfee 2.17 (PC) From: kellogg@netcom.com (Lucas) Date: 26 Apr 1995 10:50:00 -0000 McAfee's TSR, VShield, will not work properly with Windows running in 32 bit access. We are addressing the issue, by writing a VXD driver that will not require a TSR. It should be out sometime this summer. Kelly Lucas McAfee Inc. Iolo Davidson (iolo@mist.demon.co.uk) wrote: : mrowan@coventry.ac.uk "---GEORDIE---" writes: : > Does Mcafee have problems with 32 bit access??? : Windows 32-Bit file access (not disk access) will disconnect many : TSRs that rely on intercepting interrupt 21h. This is because : Windows does not use DOS for disk i/o under 32-Bit file access. =========================================================================== Not sure that I believe this, AFAIK it requires a hardware switch to be set before you can write to the flash ROM... VLAD is an underground filezine. Subject: Re: Virus in Flash ROM??? (PC) Date: 26 Apr 1995 10:50:36 -0000 : Is it possible that a virus attacks flash ROM memory and make : antiviral apps impossible to remove this kind of virus (even with : emergency disks)? After all, if a bios upgrade program can patch ROM : area, so does virus. I did not find this answer in FAQ and never : heard of it. I am planning to use motherboards with flash ROM support : but I don't know the risk of doing so. Any comments/suggestions are : welcome. Yes, it has already been written. Check out VLAD issues #1-3 as code is present with explanation. If you cannot find the VLAD issues, mail me, I'll get you the articles. =========================================================================== The "Good Times" email virus reared its head again in the last few weeks. Sightings were reported from usenet, America On-Line and Compuserve. Please see the seperate FAQ which should be in this issue of Roblist. Follow-up to what Rob Slade says below: there were reports that the underground has released a REAL virus called Good Times. Subject: Virus hoax listing From: "Rob Slade, Social Convener to the Net" Date: 28 Apr 1995 10:20:48 -0000 There is a bit of a problem in listing hoaxes. How do you define the difference between the deliberately malicious fake postings, and rumours that just get out of hand? There was, for example, the "Proto-T" posting, which was probably an attempt by the vx community (or some portion thereof) to rile the AV team. (Once it had been determined that there *was* no Proto-T virus, of course, the vx community wrote one. Several, actually. They didn't match the original announcement, of course ...) Then there was the "Desert Storm" virus, clearly based on an April Fools joke in InfoWorld magazine. But Pentagon "spokespersons" vouched for its authenticity, completely taken in by the rumour. However, while egrep muddles its way through my archives, here are a few notable hoaxes of days gone by. The "Mike RoChenle" modem virus. (Ken identified this with IBM's then new Microchannel architecture.) This one supposedly used a "secret carrier wave" kept hidden by modem manufacturers for testing. (In fact, modems do not use a "carrier" frequency.) Proto-T. This was announced as a super-virus which no AV product could detect. It is not, of course, possible to write a virus which cannot be detected. Good Times and XX-1. Both of these were reported at about the same time. Both seem to have been sincere warnings by clueless newbies. Both reported mail messages which could somehow wipe out your hard disk. Technically this is just barely possible, but it certainly isn't likely. Paul Revere. A few years back, one of the PC mags published a list of joke viral programs, usually with some pun on the name. One was Paul Revere (returns 1 if infected by LAN and 2 if by C). Some time later, a local sysop calling the OS/2 support line with an oddity was told he might have the Paul Revere virus. I was never able to determine if this was just a ticked off support person trying to get rid of a call he couldn't deal with. The Porno GIF virus. A GIF file (uuencoded and) posted on one of the alt.binaries.* graphics groups had some very weird text in it, somewhat indicative of a virus or trojan. Analysis indicated that it wouldn't do anything. There are possible indications in the GIF89a spec that such a thing might be possible, but it still seems highly unlikely. The JPEG virus. Which we've just seen recently. A lot of hoaxes spout some pretty good technobabble, so unless you are a real expert, it's quite easy to get caught. Look carefully at the source. If you pay attention to VIRUS-L/comp.virus over time, you will quickly find the people who know what they are talking about. Look for specific technical details, particularly how to identify and get rid of the beast. If you don't recognize the name of the person posting the warning, check to see who they say they have sent copies to for study. If they haven't contacted anyone legit, chances are good that they aren't legit either. =========================================================================== Subject: Re: NATAS Background? (PC) From: bontchev@fbihh.informatik.uni-hamburg.de (Vesselin Bontchev) Date: 28 Apr 1995 10:21:06 -0000 > Does anyone know the background of the NATAS virus, > other than it's satan spelled backword? It was written by James Gentilly - a virus writer known also under the handles "Priest" and "Little Loc". He is also the author of other viruses, such as Priest, Jackal, Sat_Bug, etc. He was interviewed by the FBI, but it has been found that he's too young (below 16) to be prosecuted. From: Raul Quintanilla Date: 2 May 1995 00:52:04 -0000 I wonder if the FBI knows the extent of the damage done by Natas in Mexico. Natas is almost under control but after a little more than a year active in this country the loses for all sort of business are more than an infection. Thousands -millions?- of dollars in man/computer time have been lost over the past 15 months. Personally i have a friend who would gladlly go to this "young man" and tell/do him a couple of things after having to redo all his multimedia hard drives and know a lot more companies that would do worst things to him. If this "kid" assults the 7-11 he'll go to juvenile, but if he assults thousands of computers he's too young to go to jail. Regards Raul F-Prot Professional Mexico =========================================================================== More about Good Times: apart from the firms mentioned below, IBM was also taken for a sucker by Good Times. They sent out a warning to clients about it. Clients of course took it seriously, after all, it came from IBM, and used their LANs to warn everyone. Even computer programmers were fooled. A while later, IBM sent a rather sheepish 'sorry we were wrong' message ... ----------------------------------------------------------- Origination: alt.folklore.urban Originator: macfaq@aol.com (MacFAQ) Date: 27 Apr 1995 23:42:33 -0400 ----------------------------------------------------------- Steven C. Slawin wrote: > The bogus "Good Times" virus scare infected my office today. The crew > in charge of our help desk was given the virus warning by an employee > who is a new user on the Internet. Within minutes, all of the more > than 4,000 users on our WAN had a warning message in their e-mail box. > > I nearly fell out of my chair as I clutched my sides, doubled over in > laughter. Amazing, isn't it? Tonight I talked to a friend of mine who works at General Electric. I told him I had written a FAQ about Good Times. "Is it real?" he asked. "Nope," I said, "it's a hoax." I could hear him wince over the phone line. He had gotten the message yesterday, and posted a warning to the hundreds of GE employees under him. The thing is, my friend is extremely computer literate. He makes his living designing quality control and inventory databases for GE. He set up a Linux box to provide an office email system. He's the president of our users group. And he fell for Good Times. The insidious thing about the current hoax -- and the thing that distinguishes it from the original outbreak in December -- is that it's not travelling through the Internet. It's travelling through the fax machines and internal email systems of corporate America, where the collective knowledge of the net can't fight it. * * * * * * * * * * Then Trevor Calder replied: I think I can beat this. A friend of mine works for Telecom (Australia's gov't. owned telecommunications company) and he was most anxious to warn me about a new virus that he heard about at work. That's right. The whole of Telecom had just been alerted to the existance of the 'Good Times' virus. This, incidentally, is the company that wants sole rights to provide internet connections for all of Australia. I didn't know whether to laugh or cry. ---- The Independent newspaper (a British national daily) has published in its Network section a reprise of the "Good News" virus hoax, as a serious virus alert to its readers. I think it was the Monday May 1 edition. Yes, they fell for it on its second or third bout of repostings, and now it is perpetuated in the popular press. =========================================================================== For the Macintosh users.. (are there any? :-) ) Subject: Re: annoying problem "welcome datacomp" popping up From: Nick FitzGerald (Nick FitzGerald) Date: 4 May 95 09:46:26 +1200 In article <1995May1.231659.24141@ultb.isc.rit.edu>, rhr0982@vaxb.isc.rit.edu writes: > I have a friend who use mac and he is using zterm .94 version and > WriteNow 3.0 and SimpleText...everytime he use any of this app. the two > word "welcome datacomp" will appear randomly... it looks unharmful..but > annoying... it does not damage anything on his mac... but he said when > he rebuilt the desktop..it went away for while..till it came back > recently...he was wondering what does it cause it to appear... it only > happen in simpletext and zterm .94 and also pacerlink (vt terminal > program for mac supported> by rit.) it doesnt happen in other program > where there is no text editor..and He said he has WriteNow for long time > never had that problem.. he said it could be either simpletext or > zterm... anyone have idea what that is and any fix suggested? This is a known, and very unusual problem--a hardware trojan. A "third-party" Mac keyboard manufacturer has a model whose designers added the "feature" that when the keyboard wasn't used for approx 15-20 minutes it would output the "welcome datacomp" message you are seeing. The only solution is to replace the keyboard. Take it back where it came from and kick up a stink. =========================================================================== Subject: VIRII_FTP_LIST Date: 5 May 1995 22:24:20 -0400 VIRUS/TOJAN/WORM/SOURCE/CREATORS/KITS/ZINES/TEXT/VARIENTS/VIRUS/TOJAN/WORM/ SOURCE/CREATORS/KITS/ZINES/TEXT/VARIENTS/VIRUS/TOJAN/WORM/SOURCE/CREATORS/ KITS/ZINES/TEXT/VARIENTS/VIRUS/TOJAN/WORM/SOURCEVIRUS/TOJAN/WORM/SOURCE/ ___________________________________________________________________________ [This was posted via the anonymous server in Finland.. a rather transparent attempt to get something for nothing... (please excuse the poor English)] I am giving a once-in-a-lifetime offer*!! Send me any 2 virii ftp sites, an recieve my collection of over 19 active virus sites in return.. before i send my list I plan on varify'n your sites, so don't give me a bunch of bullshit.. If you do not have 2 sites you can send me a uuencoded pack of 20+ virii. This offer is only alvalible for 90 days, so if you want to get-in on da action send your sites today!. =========================================================================== A light hearted look at last month's story of Vesselin Bontchev having the InVircible anti-virus package removed from SimTel because of trojan activity: *** WARNING - InVircible causes seizures *** Recently, there have been numerous reports of the anti-virus program, InVircible causing seizures in people with hypochondria and paranoia. Dan Johnson, PH.D., an psychology professor at Brooklyn's highly acclaimed Medical school did several studies in which InVircible anti-virus was used on test computers, and 320 hypochondriacs were requested to start the program and scan for viruses. As Dan Johnson said, "Mass hysteria broke loose. Many of the subjects felt faint and dizzy, sometimes blurting out inappropriate statements concerning their families and in-laws. I have never seen anything like this before" The Federal Communications Commission has released an official statement concerning this new development of InVircible, which follows: *** ---------------------------------------------------- *** WARNING - Any use of InVircible anti-virus has been shown to produce unpredictable mental instability. Dan Johnson, PH.D., a leader in the research of computers and physiological processes has done numerous, replicable studies showing the radical effects of the blue and red screens, and the unpredictable sounds associated with InVircible. Currently, several un-named individuals are suing Mr. Netiv, author of InVircible, based upon complaints of hysteria and schizophrenia associated with using his product. *** ---------------------------------------------------- *** Mr. Netiv is also suspected in the recent McDonald's lawsuit, in which a man spilled hot coffee in his lap while using the InVircible program. When asked for a statement, the man said, "Ouch". Such a obvious and blatant flaw in InVircible has caused many individuals to avoid the program. Previously, the author admitted a bug in the program, in which various temporary files were created, overwriting any previously existing such files. Even though the author has fixed that particular problem, the contraversy heats up as these seizure activity caused by his program is exposed. The conspiracy does not stop there. Recently, reports are circulating concerning an undocumented switch in InVircible: -ELVIS which has unknown origin, and could also cause Elvis hallucinations in some subjects. Various medical doctors throughout the country have been flown in to a central location (undisclosed) in California to research this new switch: -ELVIS >From a reporter's viewpoint, what could this mean? Clearly, Mr. Netiv is involved in the Elvis cover-up and probably knows the location of Elvis currently, and could possibly be involved in more conspiracies. The San Francisco Police Department were unable to comment in this matter, and refused to disclose the location of this special task force that has been formed. This conspiracy must stop. I urge you to write Mr. Netiv immediately, and contact Mr. Vessilin Bontchev about getting the InVircible product banned. We must stand up and protest this outrageous event. (By the way - in case you got lost above, this is a joke) Happy Virus Hunting =========================================================================== The following is from the on-line hacker Jargon File, version 3.0.0, 27 JUL 1993. "Ken Thompson's 1983 Turing Award lecture to the ACM revealed the existence of a back door in early UNIX versions that may have qualified as the most fiendishly clever security hack of all time. The C compiler contained code that would recognize when the `login' command was being recompiled and insert some code recognizing a password chosen by Thompson, giving him entry to the system whether or not an account had been created for him. "Normally such a back door could be removed by removing it from the source code for the compiler and recompiling the compiler. But to recompile the compiler, you have to *use* the compiler --- so Thompson also arranged that the compiler would *recognize when it was compiling a version of itself*, and insert into the recompiled compiler the code to insert into the recompiled `login' the code to allow Thompson entry --- and, of course, the code to recognize itself and do the whole thing again the next time around! And having done this once, he was then able to recompile the compiler from the original sources; the hack perpetuated itself invisibly, leaving the back door in place and active but with no trace in the sources. "The talk that revealed this truly moby hack was published as "Reflections on Trusting Trust", "Communications of the ACM 27", 8 (August 1984), pp. 761--763." =========================================================================== michael@karlsberg.usask.ca (Michael Craggs) wrote: > However, whenever I exit Windows, my disk drive accesses > for approximately 2 minutes. You probably don't have a virus; try this (the following information is coming directly from Microsoft support database and is (c) Microsoft Corp): PSS ID Number: Q82763 Article last modified on 11-30-1994 3.10 3.11 WINDOWS - ---------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows operating system versions 3.1, 3.11 - ---------------------------------------------------------------------- SYMPTOMS -------- Some IBM PS/2 models may appear to stop responding (hang) when you exit Windows version 3.1. The computer eventually restarts; however, it remains frozen for up to a minute while the mouse port is reinitialized. This problem is most severe on PS/2 models 56 and 57. It also occurs on models 50z, 55sx, 70, 80, 90, and 95. CAUSE ----- This behavior is caused by a problem in the IBM PS/2 mouse BIOS. WORKAROUND ---------- The problem can be corrected by adding the following line to the [386Enh] section of SYSTEM.INI: InitPS2MouseAtExit=3DFALSE This prevents Windows from attempting to reinitialize the PS/2-style mouse port prior to exiting to MS-DOS. This may cause problems when you run some mouse-aware, MS-DOS-based applications after exiting Windows. PS/2 products included here are manufactured by a vendor independent of Microsoft; we make no warranty, implied or otherwise, regarding these products' performance or reliability. KBCategory: kbhw kb3rdparty kbenv KBSubcategory: win31 Additional reference words: 3.10 3.11 InitPS2MouseAtExit ps2 hangs init slow Initps2mouseportatexit Copyright Microsoft Corporation 1994. =========================================================================== Subject: Big Caibua (PC) From: bill.lambdin@woodybbs.com (Bill Lambdin) Date: 16 May 1995 10:24:57 -0000 "David M. Chess" writes >This is a relatively unsophisticated virus, of a kind that doesn't >normally spread very well in the wild. My strong suspicion is that >it was planted somewhere by the author in the last couple of weeks >(perhaps in a program uploaded to a popular BBS or Internet >software repository), and the couple of reports we've seen have I can fill some facts in for you. BESTSSVR.ZIP is a VGA screen saver infected with this Big Caibua virus, and distributed to BBSs that use the Satellite service Planet Connect. =========================================================================== More bug reports for McAfee: Subject: Re: Vshield 2.2.221 Test proc (PC) From: gkuijper@inter.nl.net (Gerrold Kuijpers) Date: 16 May 1995 10:25:01 -0000 >I have been testing the latest version of McAfees Vshield (2.2.0 with >2.2.221 data file). >Sofar every virus I tested , Vshield did NOT work. >[Moderator's note: Could you please post your test procedures so that >others can validate this claim?] As requested by the moderator here my test procedure: Test 1: Check protection for 'boot'virusses Installed Version 2.2.221 of Vshield on my PC. First line in Autoexec: VSHIELD. In my WIN.INI LOAD=vshldwin.exe. With the FORM-A infected floppy in drive A. Pressing . VShield warns in time and halts my PC. SUCCESS Test 2: Check protection for infected Programs Installed Vshield as in test 1 'Double-clicked' on a with the 'Tequilla and beer' infected program. My PC halts, but NO warning. Power-off/On and then VShield reports a virus is active in memory. Scanning with VScan tells me my MBR is infected with the Tequilla.mbr virus. FAILURE Test 3: Check protection DOS only. As test 2, but not running Windows. Results are exactly the same. FAILURE Test 4: Check protecion of older McAfee. (2.1.216) Same tests as above. Since my 'test' virusses are pretty old, the strings are known. This version of McAfee protects my PC as it is supposed to do. SUCCESS I also tested with the DOSHunter virus. Since test 2 and 3 also failed for this Virus, I didn't bother to test more virusses. Info about my PC: A Compaq 486/66Mhz. Running DOS 6.20 and Windows 3.1. Regards, Gerrold Subject: V3 virus alert!!!!!! From: onsjhs@earth.cnct.com (onsjhs) Date: 15 May 1995 05:45:55 GMT the most problem is scan program (sure latest 2.2.221) can't recognize sometimes some V3 virus infected files....... polymorpic virus is very dangerous..... =========================================================================== Subject: Virus Autopsy Needed URGENTLY Date: 17 May 1995 13:39:28 GMT HELP..... I think I've just caught a new virus, or a new variant. NONE of my virus checkers help. Tried Win & DOS McAffee 2.2.1 but it returned nothing, DSII wouldn't install. Conv mem is down by 1 maybe 2K and SI definitely shows a degraded disk index. I'd just downloaded a prog from a.b.p.utilities and after unzipping it with WinZip5.6 and trying it while on-line, my modem went offline and locked then when I reset and restarted WFW, I got a text message saying that the 32bit windows disk module wouldn't load as the disk access address had altered & that I may have a virus. WARNING.....DO NOT RUN THE FILE UUEXE533.ZIP =========================================================================== One of the books I picked up gratis at the IFIP/SEC95 conference had some interesting facts in: In 1865, the Boston Post proclaimed that "Well-informed people know it is impossible to transmit the voice over wires and that were it possible to do so, the thing would be of no practical value." [They were, of course, referring to the telephone. Another quote I have came from a journalist who was quite impressed with this new-fangled telephone thing, and he could forsee the day when "every large city will have at least one."] In 1892, the governor of New York warned the president, Andrew Jackson, that the railroads posed a serious threat to the canal system. [Wonder what he said when cars came along...] In 1950, Univac's market research predicted that there would be 1000 computers in use worldwide, by 2000 AD. The initial market for photocopiers was thought to be extremely limited, seeing that carbon paper was so cheap. The microwave oven eventually became a success, but was considered impractical when it was introduced in 1955. The compact disk market skyrocketed after 1983, even though it seemed impossible that consumers would throw out whole record collections.. Du Pont, the company that invented nylon, lycra, (etc etc), came up with Corfam, a synthetic leather. They expected to make a fortune with it, but lost nearly US$ 100 million. The Library of Congress in the USA, which gets a copy of every published book, recently received its 100-millionth item. It already has 535 MILES of bookshelves. They expect to have 5000 - 6000 miles of shelves to house their 200 million items in 2040 AD. Your brain: a 1,36 kg electrochemical device that covers half a cubic foot of space, runs on glucose at 25 Watts, has 100-trillion (or so) transistors, processes information at 100-quadrillion functions per second, and looks like a walnut. In the USA, the average citizen consumes about 62 000 words a day, from all sources, mostly television. Lastly, this gem from the USA Postmaster-General, in 1872: "The probable simplification of a facsimile system of Caselli, by which an exact copy of anything that can be drawn or written may be instantaneously made to appear at a distance of hundreds of miles from the original, and countless other applications of electricity to the transmission of intelligence yet to be made, must sooner or later interfere most seriously with the transportation of letters by the slower means of post." =========================================================================== Snippets from the media: The lawyers have discovered the heated debates on the Internet, and realised that it is a goldmine of potential libel suites. The trend started in USA (where else), and has spread to other English-speaking countries. Already several individuals and firms have been convicted and fined. An American company has done for your memory what Stacker did for your hard disk: they have a Windows program that will compress data in your memory, effectively giving you much more memory. Since Windows won't have to swop to disk so often, your applications should run faster. Retail price: US$69. The UK's computer porn and virus division raided a BBS called "The Farm". They seized 20 computers, and thousands of floppies and CD-ROM's. The BBS, which charged 25 pounds for 3 months access, specialised in computer porn. This is not the type of stuff in Playboy, but rather kiddie porn, beastiality, and other deviant practices. The files on the 7,2 GB hard drive space included 'explicit sex, mutilation and human debasement'. A survey in the USA revealed that computer programmers often feel no guilt about having committed illegal actions in their company: 41% said they would copy software illegally. 7% said they would make changes to a bank account to avoid service charges, if they had access to the system. 10% would not resist the temptation to write a virus program. 1% felt that management could be so unfair at times that they would be justified in erasing files from the computer. Compaq, 3M, and Matsushita are to develop a new super-high-density stiffy, capable of holding 120MB. It will also be backward compatible with existing 720KB and 1,44MB drives. Meanwhile, Iomega Corp is selling their Zip drive, which can handle 100MB. The drives sell for under US$200, the 100MB stiffy for US$20, and the 25MB stiffy for US$10. Seagate and Sony are working together, combining conventional hard drive techology with CD-ROM technology, to produce a disk that can hold three times as much as the best now available, at a much cheaper price. Microsoft announced that Windows 95 will ship on 24 August 1995. We'll see. Microsoft have copyrighted the word 'web'. Sometimes I wonder about the Yanks... Standard Bank is following First National's lead, and investigating the use of biometrics as a means of identification. Possible techniques include finger or hand prints, voice, or retina patterns. A man in Portugal has developed a black box that will let you back up yor hard drive with your VCR. Depending on tape quality, you can expect to get between 600MB and 2GB on a three hour tape. The ratio of females to males on the internet approached 1:2 at the end of last year. That implies that 33% of users are female, which is an awful lot better than the figures for the amateur networks (FidoNet etc). Interested in the Rugby World Cup? Get the latest info via the internet: point your WWW browser to http://www.rwc95.org.za Interested in the new constitution? Point your browser to http://www.constitution.org.za If you have a submission, send it to conassem@iacess.org.za Gas Software, the African agents for F-Prot, organised a petition against computer viruses at the recent Computer Faire. They collected 1350 signatures. The petition has been handed over to the police, who will forward it to the Law Commission, which is preparing legislation in this regard. The erasable CD-ROMs (CD-E) which I mentioned in a previous issue should be available early next year. The firms involved include Philips, Sony, Matsushita, Hewlett-Packard, and 3M. The year 2000 is approaching, however, version 12 (latest) of the BIOS on Intel Plato motherboards don't handle dates after 31 december 1999. Previous versions of the BIOS did... There have been several cases of problems with the electronic systems in airplanes, caused by passengers using electronic devices like tape players, computers, etc. =========================================================================== On the day of the bombing of the federal building in OK, some federal buildings in Boston were evacuated due to bomb scares. At least one of the scares was the result of a prank phone call. The police very quickly arrested an 18-year-old man, who allegedly placed the call. The police have been waiting for several years for a new phone tracing system. Currently they have to call NYNEX (the local phone company) and initiate a trace while a caller is still on the line. The new system (scheduled to be put into place hopefully this year) will let the police trace the call automatically. While preparing documents for trial, NYNEX discovered that a technical operator had transposed a trunk number during the trace, and thus they had traced the call to the wrong phone number (perhaps traced the wrong call to the right phone number?). The accused was released, NYNEX made lots of apologies including offering a full scholarship with no strings attached, and the person who made the actual call remains at large. Some points to note: The current tracing procedure requires manual entry of trunk numbers and has a very clear failure mode.... ... but NYNEX had enough recorded information to later on determine that a mistake was made. (Well done!) When the new system is installed, the traces will be entirely automatic. They might be more reliable, but it's unclear if there will be an audit trail in the case of failures. (It sounds like just a software system -- if there's a bug in the algorithm, how will the algorithm detect it?) (If there are ways to spoof the system used to identify the phone number, that leads another set of problems.) There's always the risk of "but the computer says" syndrome. =========================================================================== Mobile phones have been banned from hospitals throughout Britain following a police probe into more than 100 deaths in an intensive care unit at Worksop's Bassettlaw General Hospital. A Department of Health circular has been sent to every hospital in the country warning 'The department has received reports of mobile and cellular telephones interfering with the operation of medical devices Portable, cordless and cellular telephones should not be used close to patient monitoring,infusion or life support equipment because interference may affect their normal operation with potentially serious patient consequences....... Patients, contractors and other visitors should be discouraged from using such telephones in hospitals.' =========================================================================== There has been some publicity recently here in the UK about an attempted fraud against the "Instant Win" version of our National Lottery. Whilst the current alleged fraud is very crude and was unlikely to not get spotted it does appear to show are rather classic case of a computerised security checking system designed for *verification* which can be used to *obtain* information as well as simply verifying it. The "Instant Win" lottery makes use of scratch cards, purchased from retail outlets, which when the foil covering is scratched off reveal whether the card is a winner and if so for how much. For smaller amounts the winners can collect their winnings immediately from the retailer. (Larger amounts have to be claimed from the lottery company directly). In order to prevent fraud, as well as the winning amount the card also has on it (again concealed under the foil) a security code number which can be used to verify a winning card is genuine. This is done by the retailer entering the security number into a computerised terminal supplied by the lottery company which apparently not only displays if the ticket is a winner but also the amount of the win. The current alleged scam is said to work by the retailer just scratching off the foil above the security number and then using his terminal to see if the card was a big winner. If not he attempted to sell it to an unsuspecting punter and hope they didn't spot the small bit already scraped off! Now obviously the current scam is rather crude and not very likely to succeed as it only requires one suspicious punter to tip off the lottery company. But it does appear to demonstrate what would seem to be a classic flaw in a security system designed just for verification in that rather than requiring input of both the code number and the winning amount and then simply giving a Good/Bad response it actually gives out information in response to only one input! Whether there are actually any practical ways of exploiting this flaw, it does seem surprising that a lottery system , surely something giving a high priority to effective security should have an obvious flaw like this. After all it is a close parallel to the classic flaw in a computer login system that would tell you that a username was invalid before asking for a password, hence allowing a hacker to identify valid usernames. Surely no-one would dream of implementing such a vulnerable system these days... =========================================================================== BLIND DATE The federal bureaucracy's computers are about to be dragged kicking and screaming into the 21st century. It seems the original computer program designers, many of whom are now dead or retired, never gave much thought to allowing government software to read dates beyond December 31, 1999. Computers could mistakenly think, for example, that a date entered as "4/15/00" meant April 15, 1900, not the year 2000. Massive accounting errors could therefore become the norm, such as calculating benefit checks based on 100 years of interest instead of just one year. Data Dimensions, a computer consulting firm, estimates that "millennium conversion" could cost the federal government $75 Billion in equipment and labor to implement. A typical federal agency will need to modify up to 100 "applications" (computer programs that use dates), at a labor expenditure of up to 60,000 people-days. So far, the Social Security Administration (SSA) is the only agency to begin the task of "millennium conversion," which is expected to take SSA seven years. Do you want out of the government's costly time-warp? =========================================================================== The two top executives of a Helsinki engineering company have been given 60-day jail sentences and $72,000 fines for knowingly using illegal copies of AutoCAD computer-aided design software. The stiff punishment is a victory for the Business Software Alliance, which says that its member companies suffered $15.2 billion in global losses last year due to software piracy. =========================================================================== BUT DO YOU STILL HAVE TIME TO CALL 911? [abstracted] The Wireless Technology Group says studies show that in some cases cellular phones placed near the chest can cause pacemakers to recalibrate themselves or stop and restart. The advisory group warns that new digital pocket phones are of particular concern -- especially since their numbers are likely to proliferate once personal communications services are widespread. No such effects from the older analog cellular phones have been observed. A spokesman for Medtronic, a pacemaker supplier, says the company is advising patients with pacemakers to turn off their portable phones when the phone is in a shirt pocket, to hold the phone 10 to 12 inches from the chest when using it, and to hold the phone to the ear opposite the side where the pacemaker's implanted. =========================================================================== I recently saw a posting in comp.databases.sybase about another problem. The date/time functions of Sybase won't accept dates before 1753 because most of the English-speaking world changed over to the Gregorian calendar in 1752, and they wanted to avoid all the OldStyle vs NewStyle problems with earlier dates. Well, this guy was in charge of alumni records at an institution that was founded before 1725; for their oldest records they've had to roll their own date/time functions. =========================================================================== Latest versions of popular anti-virus software in SA: McAfee: 2.2.1e F-Prot: 2.17 TBAV: 6.35 Oliver Steudler of Dynamic Solutions reports cases of Die_Hard, Exebug, Jerusalem, and Michelangelo. Mitch Dove of Gas Software, Johannesburg, had the following reports: Various versions of ExeBug (A, C, Hooker) from Johannesburg, Pretoria, Zimbabwe, and Lusaka. Parity.B in Pretoria. Flip.2153.A, Tai-Pan.666, AntiCmos, Form, and Bravo in Johannesburg. The two Tai-Pan's were on a CD-ROM - Doom Mania#1. Multiple infections of Coffeeshop at one site in Port Elizabeth. AntiExe, Greencatapillar.1575, and Dir II from Lusaka. If I remember correctly, Dir II only works under Dos 3.3. Stoned.Manitoba, Junkie, Ice, and Tiso in Nairobi. Joshi in Malawi. He also mentions some 'hype' regarding a new version of ExeBug in the wild, but has not seen a sample yet. Coffeeshop has hit at least two educational institutions, both of whom were using DOS-based TSR scanners. (See article above re TSR scanners under Windows). There is a 'TSR' type scanner for Windows called Gatekeeper, which, unlike normal TSR scanners, is just as effective as the full version scanners. According to a press report, a representative of BSS in the Free State discovered a new virus called Drag.499. It infects .com files, increasing their length by 499 bytes. It displays the following message: "Your PC is overworked: switch off for 24 hours. System error 23455432." However, the same press report has BSS claiming that Michelangelo activates on any day in March, which is nonsense - it only activates on the 6th. I think they are confusing it with ExeBug. Another new virus reported by BSS is 'Unashamed Naked', found in Mozambique. It is a main boot record infector, and displays its name on the screen. They also report cases of Die_Hard and Matura. Sorry, no scanner tests this month. =================================================================== fin