Subject: RISKS DIGEST 11.10 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Thursday 14 February 1991 Volume 11 : Issue 10 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: On-line in Saudi Arabia (Steve Elias via Martin Minow) Serious bug in SVR3.2 gives root access easily (Patrick Wolfe) Risks of large disk drives (Roger H. Goun) Re: The Risks of Having a Sister (David Ruderman, John Sullivan, Charles Meo) Guilty until proven innocent (Andrew Koenig) Parking Ticket Notice (Robert McClenon) Reinterpretation of the term "Computer Security" (Barry Schrager) NCCV: COMPUTING & VALUES CONFERENCE, 12-16 Aug 1991 (Walter Maner) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j (where i=1 to 11, j is always TWO digits. Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Thu, 14 Feb 91 11:47:35 PST From: "Martin Minow, ML3-5/U26 14-Feb-1991 1444" Subject: On-line in Saudi Arabia Date: Fri, 08 Feb 91 16:06:19 -0500 From: Steve Elias Subject: funny sco unix story [...] at sco last week, they told me that their customer service line had received a call from a US Army dude who was calling from inside his M1 tank in the Saudi desert. apparently, SCO Unix runs on one of the computers in the tank. the customer service person pointed him to the SCO BBS system and he dialed it and downloaded the bug fix. Steve Elias, eli@spdcc.com; 617 932 5598 (voicemail), 508 294 7556 (work phone) [Hmm. I wonder if someone could dial up the tank's Unix? PGN] ------------------------------ Date: Wed, 13 Feb 1991 12:19:18 CST From: pwolfe@kailand.kai.com (Patrick Wolfe) Subject: serious bug in SVR3.2 gives root access easily I learned last night that the Esix operating system (really AT&T Unix System V/386 Release 3.2) which I run on my PC at home suffers from the serious security bug recently reported in comp.unix.sysv386. Someone posted a 51 line (commented) program which shows how any user with access to a shell and C compiler can obtain root priviledges with no effort at all. I'm not familiar with all the details, but apparently it has something to do with a bug in the numeric coprocessor emulation library and the os which makes the user page (where uid information is stored) writable to the process. The posted program changes it's own effective uid and gid to zero (becoming root), and changes the permissions on /etc/{passwd,shadow} to 666 (world writable). Apparently the bug exists in Esix 3.2, Interactive Unix version 2.02 and 2.2, and possibly others, but not in SCO Xenix or Unix, nor Intel's Unix 3.2 (these give memory faults). Interactive V2.2 users (and possibly some others - not Esix) can fix the problem by installing a 387, changing the value of one kernel variable (UAREARW) and rebuilding the kernel. In my opinion, the rest of us are probably screwed. I seriously doubt any of these OS vendors will stop working on SVR4 to fix this bug in SVR3.2, except possibly for customers who pay for software maintenance. Many vendors are just about ready to ship their SVR4 release. I suspect most will tell those of us who don't pay for maintenance that we must upgrade to fix the bug. It just goes to show that it was a good idea when I set my bbs up to run in a "chroot" filesystem, where even if a user could break out of the bbs program into a shell, there is no compiler (in fact, there are hardly any useful commands at all) to mess around with. Patrick Wolfe, System Programmer/Operations Manager, Kuck & Associates, 1906 Fox Drive, Champaign IL USA 61820-7334, voice 217-356-2288, kailand!pat ------------------------------ Date: Wed, 13 Feb 91 02:03:05 PST From: "Roger H. Goun 12-Feb-1991 1602" Subject: Risks of large disk drives >From an article in the USENET newsgroup clari.nb.general, announcing a new large-capacity Winchester disk drive from Fujitsu: "You used to have to rely on 8 inch drives for capacity, performance and reliability," added [Mike] Gluck [senior vice president of Fujitsu America's Computer Products Group]. "Now we have put mainframe reliability into a 5.25 inch disk drive. Our MTBF (mean time between failure) is 200,000 hours and the advantage to using one large capacity drive like ours over three smaller drives is that even if the smaller drives have an equal MTBF, there are three chances to have a problem." I see two risks here: - As has recently been beaten to death in RISKS, the proffered MTBF figure is suspect, unless Fujitsu has actually withheld this product from market long enough to test a statistically significant number of samples for nearly 23 years; - Mr. Gluck seems to think that having a single point of failure is less risky than having three separate (though of course not entirely decoupled) points of failure. Roger H. Goun, Digital Equipment Corporation, 110 Spit Brook Road, ZKO2-2/O23, Nashua, NH 03062 USA, +1 603 881 0022, goun@ddif.enet.dec.com or goun%ddif.enet@decwrl.dec.com, {uunet,sun,pyramid}!decwrl!ddif.enet!goun ------------------------------ Date: Thu, 14 Feb 91 16:54:12 EST From: ruderman@sbcs.sunysb.edu (David Ruderman) Subject: The Risks of Having a Sister (Any well informed sibling will do) A few years ago, I encountered virtually the same problem with my driving record. I went to motor vehicles for my routine license renewal (every three years), when I noticed on the bottom line a small comment that read "Last Conviction Speed In Zone $50". I was directed to the violations department, where they quickly consulted my records on a terminal. They told me that one year earlier I had gotten a speeding ticket and evidently paid it. They told me that I had other tickets as well. I was told that if I wanted a list of 'my' violations I would have to send $5 or so to Albany (NY) and they would send me a printout. I discovered that my brother had simply told the police that he was me, and he did not have his license with him (his was nearly suspended). He then paid the tickets. The Risks are clear: - There was no confirmation of my brother's identity. - He was able to plead me guilty by mail. - I was not provided with a routine way to review my driving record for possible errors. - The last risk is that I was not able to clean up my record, since the only way would be to turn in my brother to the authorities. David Ruderman, Department of Computer Science, SUNY at Stony Brook, Stony Brook, NY 11794-4400 ruderman@sbcs.sunysb.edu (516) 632-7675 ------------------------------ Date: Thu, 14 Feb 91 04:02:13 CST From: sullivan@poincare.geom.umn.edu Subject: Re: risks of having a sister In the states of the USA with which I'm familiar, one must be a licensed driver to register a car. This allows a driver's license number to be associated with, say, unpaid parking tickets. I don't think that moving violations (say in the case of a hit&run driver whose plates are observed) can be ascribed to the owner of the car without other evidence. But it does seem that such a rule might be useful in Australia to discourage unlicensed drivers. John Sullivan sullivan@geom.umn.edu ------------------------------ Date: 13 Feb 91 04:17:20 GMT From: cm@yarra.oz.au (Charles Meo) Subject: Re: Risks of having a sister For non-Australians it is worth pointing out that under unique (and unsuccess- fully opposed) legislation, the burden of proof has been reversed and police are empowered to record a conviction _without_ any judicial process whatever and the driver is then obliged to prove his or her _innocence_ in the matter. This has enabled local police to generate enormous government revenues as many traffic infringements are now handled in this way. I do not know of any other civilised country that would allow this (the spirits of the old prison governors are alive and well in our seats of government!) and of course, when this law is translated into computer systems with _no_ safe guards the situation Robyn has described can happen easily. C. Meo ------------------------------ Date: Thu, 14 Feb 91 16:46:32 EST From: ark@research.att.com Original-From: Andrew Koenig (ark@europa.att.com) Subject: guilty until proven innocent C. Meo says he `does not know of any other civilised country' that would allow the burden of proof to be reversed in the event of traffic violations. Unfortunately, that is becoming more common here as well -- several states have empowered police to seize licenses of people tho fail breath alcohol tests. It then becomes the problem of the accursed -- um, accused, to prove innocence. Yeah, right. I know a guy who was stopped for speeding once. They looked him up and discovered his license had been revoked, so they carted him off to the police station and booked him for driving while on the revoked list. He protested that (a) he had never been informed that his licence had been revoked, and (b) he had not done anything that should have caused his license to be revoked. When his case came to trial, the state readily admitted that both (a) and (b) above were true. However, his name was indeed on the revoked list, albeit erroneously, and he was accused of driving while his name was on the revoked list, so he should be found guilty. The judge agreed and found him guilty. Afterwards, he asked what he might have done to avoid this. The answer was that it was his responsibility to check the revoked list to see if his name turns up there. He left the state shortly thereafter, and I don't suppose he has been back since. ------------------------------ Date: 14 Feb 91 00:46:16 EST From: Robert McClenon <76476.337@compuserve.com> Subject: Parking Ticket Notice I received from the District of Columbia Government Bureau of Traffic Adjudication a Notice of Delinquent Parking Tickets today for three tickets issued in December 1990. The tickets were all issued to a Volkswagen with plate number 457-143 in a section of Washington that I have not visited. I do not own a Volkswagen. Prior to October 1987 I owned a Ford Fiesta with plate 457- 143. Shortly before October 1987 I lost the front plate. Since I was preparing to trade it in for a new van I did not replace the plate, and did not report it as lost. I simply requested a new plate rather than transferring an old plate. The plate expired in March 1988. Either the plate number was reissued, or someone found the lost plate and is using it illegally. If it was reissued, the problem is that the database shows the wrong name as the owner. If it was lost and found and is being used illegally, then the system should have shown that the registration is no longer valid. Besides, if that old plate is being used, tickets should also have been issued for using an expired license plate without renewal stickers. The specific RISK here is: "D.C. motor vehicle registration will not be renewed if you have outstanding parking tickets." The notice doesn't say that it only restricts the renewal of this Volkswagen with plate 457-143. They also have my name, and presumably know that I now own a 1988 van. A more serious risk could arise with a system with this vulnerability in a state where parking tickets are considered to be petty crimes, in that an arrest warrant could be issued. (Parking tickets in the District of Columbia are civil rather than criminal. That reduces the risk but doesn't eliminate it.) Robert McClenon ------------------------------ Date: 08 Feb 91 23:02:59 EST From: Barry Schrager <71370.2466@compuserve.com> Subject: Reinterpretation of the term "Computer Security" Mr Dixon seems to be perturbed that one of the moguls in his business has determined that all data should be protected rather than just "sensitive data." Just who is going to be so totally aware of what the implications of all data are to make an absolutely correct decision so that all company sensitive information will be protected. It is obviously much more secure and definitely safer to assume that all data has some importance and therefore should has some measure of protection. If this is the case then the data creator/owner or security manager can determine who should have access to share this data. If all data is protected by default then the error of omission is just an inconvenience -- if only "sensitive data" is protected then the error of omission is disclosure of sensitive data and presumably some corporate harm. The security product I designed for large IBM Computer Systems -- ACF2 -- was the first product in that arena to protect all data by default and it was done with less overhead than the products that presumably protected only sensitive data. Given this, there exists no reason to not protect all data and determine who to share it with rather than guess which data should be protected or not protected. Thousands and thousands of computer sites licensed this package so therefore they also felt that this was the correct way to do this. The SHARE Security Project Requirements for future data security in IBM Operating Systems also called for all data to be protected as a default in 1974. Obviously, Mr Dixon's business mogel is not alone with his presumptions -- in fact, I think he's right. ------------------------------ Date: 9 Feb 91 17:35:09 GMT From: maner@bgsuvax.UUCP (Walter Maner) Subject: COMPUTING & VALUES CONFERENCE, N C C V / 91, Aug 12-16 1991 NCCV/91 THE NATIONAL CONFERENCE ON COMPUTING AND VALUES, AUGUST 12-16, 1991, NEW HAVEN, CONNECTICUT FIRST CALL FOR PARTICIPATION The National Conference on Computing and Values will address the broad topic of Computing and Values by focusing attention on six specific areas, each with its own working groups. - Computer Privacy & Confidentiality - Computer Security & Crime - Ownership of Software & Intellectual Property - Equity & Access to Computing Resources - Teaching Computing & Values - Policy Issues in the Campus Computing Environment CONFERENCE HIGHLIGHTS -- Details follow o Active role for all attendees o Free associate membership in the Research Center on Computing and Society o Valuable take-home materials o A user-friendly conference o A family-friendly conference o Unique aspects o Members of the Planning Committee o Partial list of confirmed speakers o Modest cost o Further information and registration ACTIVE ROLE FOR ALL ATTENDEES A special feature of the National Conference on Computing and Values will be the active role of all attendees. Each attendee will belong to a small working group which will "brainstorm" a topic for two mornings, then recommend future research. On the third morning, each group will report the results of its activities to the assembled conference. (Group reports will be incorporated into the published proceedings of the conference.) In addition, each person will be able to attend five keynote addresses, three track addresses, three track panels, two evening kick-off events, two evening enrichment events, and four days of exhibits and demonstrations. FREE ASSOCIATE MEMBERSHIP IN THE RESEARCH CENTER ON COMPUTING AND SOCIETY Every attendee can become an Associate of the Research Center on Computing and Society for two years free of charge. Associates receive the Center newsletter, announcements of Center projects, lower registration fees at Center sponsored events, and access to the Center's research library on computing and values. VALUABLE TAKE-HOME MATERIALS The conference will provide a wealth of materials on computing and values, including articles, government documents, flyers about organizations and publications, a special "Resource Directory on Computing and Society," and a "track portfolio" of materials for each of the six tracks. Every attendee will receive a copy of the resource directory, the track portfolios, plus many other useful materials. A USER-FRIENDLY CONFERENCE The conference will be held on a residential campus at a quiet time between semesters. Adequate time for meals, conversations, and relaxation is scheduled. There will be social events, such as an ice cream social and a conference barbecue. In addition, various lounges will have coffee, tea, juice, and snacks all day to encourage conversation among participants. The conference will include individuals from six different professional groups: Computer Professionals, Philosophers, Social Scientists, Public Policy Makers, Business Leaders, and Academic Computing Administrators. A FAMILY-FRIENDLY CONFERENCE Family members of attendees will be able to use university facilities, such as the swimming pool, playing fields, tennis courts, and TV lounges. In addition, a day-care center, baby sitting service, and bus trips to local tourist attractions will be available. Attendees' spouses will be welcome at conference social events; and both spouses and children may attend the conference barbecue. UNIQUE ASPECTS The National Conference on Computing and Values will be one of most significant assemblies of thinkers on computing and values ever to gather in one place. Among the nearly 50 speakers who will address the 500 conference attendees are philosophers, computer scientists, lawyers, judges, social scientists, researchers in artificial intelligence, and experts in computer security. The conference also will feature one of the most comprehensive exhibits of materials ever assembled on computing and values. The exhibit will including books, journals, articles, government documents, films, videos, software, curriculum materials, etc. Hosted by Southern Connecticut State University, including the Research Center on Computing and Society, Philosophy Department, Computer Science Department, Adaptive Technology Laboratory, and the journal Metaphilosophy. Planned in cooperation with: The American Association of Philosophy Teachers, the American Philosophical Association, the Association for Computing Machinery, the Canadian Philosophical Association, Computer Professionals for Social Responsibility, and the Institute of Electrical and Electronics Engineers. Funded, in part, by grants from the National Science Foundation (DIR-8820595 and DIR-9012492). MEMBERS OF THE PLANNING COMMITTEE Terrell Ward Bynum, Co-chair, Walter Maner, Co-chair Ronald E. Anderson, Gary Chapman, Preston Covey, Gerald Engel, Deborah G. Johnson, John Ladd, Marianne LaFrance, Daniel McCracken, Michael McDonald, James H. Moor, Peter Neumann, John Snapper, Eugene Spafford, Richard A. Wright PARTIAL LIST OF CONFIRMED SPEAKERS Ronald E. Anderson, Chair, A C M Special Interest Group on Computing and Society; Co-Editor, SOCIAL SCIENCE COMPUTER REVIEW Daniel Appelman, Lawyer for the USENIX Association, Specialist in Computer and Telecommunications Law Leslie Burkholder, Staff Member of the Center for the Design of Educational Computing, Carnegie-Mellon University; Editor, COMPUTERS AND PHILOSOPHY David Carey, Author and Speaker on Software Ownership; Doctoral Dissertation on Software Ownership; Assistant Professor, Whitman College, WA Gary Chapman, Executive Director, Computer Professionals for Social Responsibility; Editor, JOURNAL OF COMPUTING AND SOCIETY Marvin Croy, Author and Researcher on Ethical Issues in Academic Computing; Associate Professor of Philosophy, University of North Carolina at Charlotte Gerald Engel, Vice-President of Education, Computer Society of the I E E E; Member, Computing Sciences Accreditation Board; Editor, COMPUTER SCIENCE EDUCATION Batya Friedman, Co-Editor of Computer Professionals for Social Responsibility Anthology of Computer Ethics Syllabi; Teacher of Computer Ethics at Mills College, CA Don Gotterbarn, Researcher and Speaker on Computer Ethics; Associate Professor of Computer and Information Sciences, East Tennessee State University Barbara Heinisch, Co-Director, Adaptive Technology Computer Laboratory, Southern Connecticut State University; Associate Professor of Special Education Deborah G. Johnson, Chair, Committee on Computers and Philosophy of the American Philosophical Association; Author of the textbook COMPUTER ETHICS John Ladd, Professor Emeritus of Philosophy, Brown University; Author of articles on Ethics and Technology Marianne LaFrance, Project Director, "Expert Systems: Social Values and Ethical Issues Posed by Advanced Computer Technology"; Associate Professor of Psychology, Boston College Doris Lidtke, Editorial Staff, Communications of the A C M; Professor of Computer and Information Sciences, Towson State University Walter Maner, Director of the Artificial Intelligence Project, Bowling Green State University; Author of Articles on Computer Ethics Dianne Martin, Researcher and Curriculum Developer in Computers and Society; Co-Chair of "Computers and the Quality of Life 1990", A C M / S I G C A S conference Keith Miller, Computer Science, the College of William and Mary; Author and Speaker on Integrating Values into the Computer Science Curriculum James H. Moor, Member, Subcommittee on Computer Technology and Ethics, American Philosophical Association, Author of Articles on Computer Ethics William Hugh Murray, Consultant and Management Trainer in Information Systems Security; Past Fellow on Information Security with Ernst & Young Accountants Peter Neumann, Senior Researcher in Computer Science, S R I International; Chair, A C M Committee on Computers and Public Police; Editor, Software Engineering Notes; Moderator of COMP.RISKS George Nicholson, Judge of the California Superior Court, Head of the "Courthouse of the Future" Project Judith Perolle, Researcher on "Ethical Reasoning about Computers and Society"; Associate Professor of Sociology, Northeastern University John Snapper, Illinois Institute of Technology; Author and Editor in COMPUTER ETHICS; Member of the Center for the Study of Ethics and the Professions Eugene Spafford, Member A C M - I E E E Joint Task Force on Computer Science Curriculum; Author of Articles and Reports on Computer Viruses and Security Willis Ware, Researcher, Author and Speaker on Computers and Privacy Terry Winograd, Past President of Computer Professionals for Social Responsibility; Author and Researcher in Artificial Intelligence Richard A. Wright, Executive Director, American Association of Philosophy Teachers; Director, Biomedical and Healthcare Ethics Program, University of Oklahoma Bryant York, Professor of Computer Science, Boston University; Director of the Programming by Ear Project for visually handicapped individuals MODEST COST Registration Fee Before 7/1/91 After 7/1/91 regular $175.00 $225.00 student $ 50.00 $100.00 Food (entire conference) $90.00 (adult) $50.00 (child) Dormitory Room (entire conference) Before 7/1/91 After 7/1/91 adult (double occupancy) $100.00 $110.00 adult (single occupancy) $150.00 $175.00 child $40.00 $50.00 There are a limited number of single occupancy rooms available. A few Room & Board Scholarships are available. FURTHER INFORMATION AND REGISTRATION Registration for the National Conference on Computing and Values is limited to 500 people (about 85 from each professional group). It is highly recommended that you pre-register well in advance to ensure a place in the conference. To receive a set of registration materials, please supply the requested information (see "coupon" below) to Professor Walter Maner, the conference co-chair: By E-Mail: BITNet MANER@BGSUOPIE.BITNET InterNet maner@andy.bgsu.edu (129.1.1.2) CompuServe [73157,247] By Fax: (419) 372-8061 By Phone: (419) 372-8719 (answering machine) (419) 372-2337 (secretary) By Regular Mail: Professor Walter Maner Dept. of Computer Science Bowling Green State University Bowling Green, OH 43403 USA /------------------------- COUPON ---------------------------\ First Name: Last Name: Job Title: Phone: Institution or Company: Department: Building: Street Address: City: State: Zip: Country: Email Address(s): All attendees will be part of a working group that "brainstorms" a topic and suggests further research for the next five years. PLEASE INDICATE YOUR PREFERENCES BELOW (1 = first choice, 2 = second choice, 3 = third choice): [ ] Privacy & Confidentiality [ ] Equity & Access [ ] Ownership & Intellectual Property [ ] Security & Crime [ ] Teaching Computing & Values [ ] Campus Computing Policies PLEASE MARK *ONE* OF THE FOLLOWING: [ ] Send me registration information ONLY. I'll decide later whether or not to register. [ ] Register me NOW. Enclosed is my check (made payable to "B G S U") for $ to cover all of the following (PLEASE ITEMIZE): Quantity [ ] regular registration(s) [ ] student registration(s) [ ] meal ticket(s) for adult [ ] meal ticket(s) for child [ ] room(s) for adult (double occupancy) [ ] room(s) for adult (single occupancy) [ ] room(s) for child Note that rates change on July 1, 1991. \---------------------- END OF COUPON -----------------------/ InterNet maner@andy.bgsu.edu (129.1.1.2) | BGSU, Comp Science Dept UUCP ... ! osu-cis ! bgsuvax ! maner | Bowling Green, OH 43403 BITNet MANER@BGSUOPIE | 419/372-2337 Secretary Relays @relay.cs.net, @nsfnet-relay.ac.uk | FAX is available - call ------------------------------ End of RISKS-FORUM Digest 11.10 ************************