8-Oct-85 00:00:43-PDT,11864;000000000001 Mail-From: NEUMANN created at 7-Oct-85 23:58:58 Date: Mon 7 Oct 85 23:58:57-PDT From: RISKS FORUM (Peter G. Neumann, Coordinator) Subject: RISKS-1.19 Sender: NEUMANN@SRI-CSL.ARPA To: RISKS-LIST@SRI-CSL.ARPA RISKS-LIST: RISKS-FORUM Digest Monday, 7 Oct 1985 Volume 1 : Issue 19 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS Peter G. Neumann, moderator Contents: Emanations and interference in the civil sector (Peter Neumann,Jerry Saltzer) Administrivia -- Escaped Mail and Delays (Mark S. Day) Computer databases (Andy Mondore) Re: Friendly test teams (John Mashey) Re: CRTs again, solution to one eye-problem (Brint Cooper) Summary of Groundrules: The RISKS Forum is a moderated digest. To be distributed, submissions should be relevant to the topic, technically sound, objective, in good taste, and coherent. Others will be rejected. Diversity of viewpoints is welcome. Please try to avoid repetition of earlier discussions. (Contributions to RISKS@SRI-CSL.ARPA, Requests to RISKS-Request@SRI-CSL.ARPA) (FTP Vol 1 : Issue n from SRI-CSL:RISKS-1.n) ---------------------------------------------------------------------- Date: Sun 6 Oct 85 15:16:38-PDT From: Peter G. Neumann Subject: Emanations and interference in the civil sector To: RISKS@SRI-CSLA.ARPA I have had several queries about risks in the civil sector concerning electronic emanations from and electronic interference upon computer systems and networks -- and of course also about what can be done to protect oneself or one's company. For example, Martin Lee Schoffstall wondered along these lines: If you were building a hospital from scratch, would you consider shielding for your computer room, how many electron volts would you shield for, etc.? In general I would like some feedback for us civilians... This subject is generally a technically intricate one, but some guidance is clearly necessary for the civil sector. Thus, it seems worthwhile to note several examples that represent varying degrees of risk to the public. (Since microprocessor-controlled systems are becoming ubiquitous, related problems are likely to recur in other guises. But let us not quibble about whether THESE examples are sufficiently computer-related.) The first three examples involve interference; all but the third involve emanations. Transmit: Microwave oven emanations Receive: "Externally reprogrammable" heart pacemaker -- interference; pacemaker reset by microwaves to 214 beats per minute Result: Dead patient (See Software Engineering Notes vol 5 no 1 Jan 1980.) Transmit: Anti-theft device emanations Receive: Heart pacemaker -- interference Result: Patient OK (See Software Engineering Notes vol 10 no 2 Apr 1985, but I have seen nothing more recent.) Transmit: Active radar jammer (in speeder's auto) Receive: Police radar receiver Result: In one currently popular device, the jammer simulates a fault mode common in the design of many police radars systems. (... a program bug or an electronic interface problem?) Transmit: Police radar transmitters Receive: Radar signals (received by transmitter, and by targetted autos) Result: With passive detector, driver can avoid arrest. Transmit: Microwave telephone transmitters (telephone company) Receive: Capture telephone conversations and data (observer) Result: Compromise Transmit: Radiating CRT or keyboard (unsuspecting computer user) Receive: Recreate screen image or typed input remotely (observer) Result: Compromise (Unclassified technology for doing this has recently been described in a European defense magazine.) [The RISKS Forum has discussed CRT radiation with respect to possible health hazards, so I won't list that again.] The radar detector and jammer are marginally computer-relevant, and are included here primarily because they are illustrative of deeper problems -- fielding a computer system and its surrounding environment that can be defeated in some relatively simple way. [By the way, this forum does not endorse or promote illegal activities -- we merely need to point out their existence.] (I have not included in this list the garage-door openings and closings triggered by the orbiting Sputnik, which happened to be on the right frequency.) Emanations and interference may be accidental or intentional. Passive techniques for detection may require some computing as in the case of unscrambling multiplexed communications. Active techniques (e.g., for intentional jamming) are at this point much less common, but are likely to present greater risks in the future. There are all sorts of more or less relevant laws, but they are probably neither complete enough nor concise enough. There are also all sorts of commonly available devices for those who want to break the laws. This note is intended to help raise the general level of awareness. With pretenses of corporate secrecy being what they are, it would be nice to be able to assess the real risks. In the past, many of these risks have seemed obscure, but that seems to be changing. Suggestions on how to avoid those risks are welcome. (There are of course also nonelectronic forms of emanations; various penetrations are reported to have begun with information -- including passwords -- gained by reading the contents of dumpsters.) The answers to Marty Schoffstall's hospital query, and other such questions, depend on the perceived risks against which you think you are defending. For Marty's example, are you trying to provide survival of the hospital computers and communications against nuclear attack? or something less serious such as intentional jamming or accidental interference? Might you be worried about compromises of privacy resulting from wire-taps and microwave pickups of computer information? Each threat suggests a variety of possible measures or countermeasures. PGN ------------------------------ Date: Fri, 4 Oct 85 18:02 EDT From: Saltzer@MIT-MULTICS.ARPA Subject: Emanations and interference in the civil sector To: Neumann@SRI-CSL [in response to a query] Concern for Electromagnetic Compatibility is indeed beginning to become an important design consideration in consumer products. These days, TV sets are beginning to clean up their act, but the average FM tuner just can't cope with being in a substantial RF field. As consumers start to collect a walkman, TV, cable converter, FM tuner, stereo amplifier, VCR, CD player, cordless phone, remote control light switches, microwave oven, and garage-door opener under one roof, more and more people are becoming aware of the problems, and discovering that some manufacturers didn't put the right effort in. ------------------------------ Date: Thu 3 Oct 85 20:07:38-EDT From: Mark S. Day Subject: Administrivia -- Escaped Mail and Delays [ Excerpted-From: Soft-Eng Digest Sat, 5 Nov 85 Volume 1 : Issue 34 ] XX was a victim of Hurricane Gloria; it had multiple head crashes when it was restarted after the storm. The heroic efforts of the staff here brought the machine back to life after a marathon of restoring files, which unfortunately left the alias for this list in a strange state. Instead of going into my mailbox, everything sent to "Soft-Eng" was immediately redistributed. Fortunately, only one message got out between the time XX came up and the time I noticed the problem. Anyway, sorry for the difficulties. No doubt this will now appear in the RISKS mailing list as an example of an unreliable computer system... [SURE. WHY NOT??!! Recovery and reinitialization are a vital part of keeping a system running properly. How many times have you put in a patch or fix only to find that it somehow disappeared, e.g., not surviving a crash or not getting propagated back into the source code? But in this case you got left in an unsafe state! PGN] ------------------------------ Date: Sat, 28 Sep 85 16:20:46 EDT From: Andy_Mondore%RPI-MTS.Mailnet@MIT-MULTICS.ARPA To: RISKS@sri-csl.arpa Subject: Computer databases One topic I have not seen discussed here is that of computer databases. I am Systems Coordinator for the Registrar's Office here so I am in charge of a fairly large database containing (obviously) student grade and course information as well as addresses, demographic information, etc. I'd like to see a discussion of the risks of having incorrect information in a database, information being seen or accessed by the unauthorized individuals, etc. Thanks. [Ah, yes. This is a wonderful topic. The state of the art of database management systems that can handle sophisticated privacy/compromise and data integrity problems is rather abysmal. However, the risks of people gleaning information by drawing inferences from a database are considerable. For starters, see Dorothy Denning's book, Cryptography and Data Security, Addison Wesley, 1982. As to risks, Software Engineering Notes has had a bunch of stories on the effects of misuse or mininterpretation of police data. The Air New Zealand catastrophe was an example of what can happen if a change is not propagated properly. As always, contributions are welcome. PGN] ------------------------------ Date: Sat, 28 Sep 85 22:31:18 pdt From: mips!mash@glacier (John Mashey) To: glacier!risks@sri-csl.ARPA Subject: Re: Friendly test teams It might be good to ask for pointers to published data on bug histories, effort levels, robustness in large hardware/software systems. I suspect these may be hard to find for SDI-like systems; I couldn't dig up any old Safeguard info. Although not in the same class of difficulty, ATT's new #5 ESS switch is fairly complex (300+ engineers). A good reference is: H.A. Bauer, L.M. Croxall, E.A. Davis, "System Test, First-Office Application, and Early Field Experience", ATT Technical Journal, vol 64, No 6, Part 2 (Jul-Aug 1985), 1503-1522. ------------------------------ Date: Sun, 6 Oct 85 12:59:18 EDT From: Brint Cooper To: mikemcl@NRL-CSR.ARPA cc: RISKS@SRI-CSL.ARPA Subject: Re: CRTs again, solution to one eye-problem [We started out keeping one eye on this problem, but it does not want to stay out of sight. Will this be the last message? PGN] A cheaper but similar solution was suggested by my opthalmalogist when I attained that stage of life wherein my arms are too short. Since I needed a small, positive correction (about +1.0) in each eye, I purchased, at his suggestion, "reading glasses" from the local pharmacy for about $12.00. Since then, my eyes have worsened a little and I need about +1.25 to +1.5 diopters for reading. But this is too strong for the terminal (an AT&T 5620 with rather small font), so I retained the old +1.0 diopter lenses for the terminal at work. At $12.00 each, I can afford to have a pair at the office, a pair at home, and a pair to carry. Note: This won't work if one has astigmatism or if one needs widely different corrections in each eye. But ask your doc. You can buy a lot of OTC glasses for $200. Oh yes, it is a small nuisance to switch glasses from terminal lenses to reading lenses, but one learns quickly to minimize the hassle. Brint ------------------------------ End of RISKS-FORUM Digest ************************ -------