Subject: RISKS DIGEST 11.27 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Wednesday 13 March 1991 Volume 11 : Issue 27 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Incredible backlog of RISKS contributions -- Risks of RISKS again (RISKS) New Utility to Unlock Passwords (Martin Minow) Medical image compromise (Roy Smith) MCI's Computer Said It Is NOT OK (Li Gong) Examinations by Phone (James K. Huggins) Confident Extrapolation of Worst-Case Failures (Anthony E. Siegman) Re: A pulsar repulsed! (Matti Aarnio) EM solution for new buildings - risk solved? (Olivier M.J. Crepin-Leblond) Cellular surveillance (Les Earnest) Cellular phone usage (anonymous, Ed Hall) Secret Service Foils Cellular Phone Fraud (P.J. Karafiol) Telephone risks revisited (W.A. Simon) Re: Apathy and viral spread (Steven King) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 11, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Wed, 13 Mar 1991 17:21:44 PST From: RISKS Forum Subject: Incredible backlog of RISKS contributions -- Risks of RISKS again OK, folks, I have never before asked you to slow down in your contributions, and am not about to do so now. Perhaps the evident lag time will help to do that naturally. But the recent volume of mail to RISKS is horrendous -- on droids, dumbing-down, qwertyuiop, EMI (as of 2 March), warranties and free software (as of 28 Feb, with a double-size issue's worth of stuff still backlogged waiting for my immoderation), etc., all under consideration. (And BARFmail is on the increase again, for no apparent reasons, just the usual net flakiness, people moving, host names changing, FROM: addresses TO which I cannot even answer your mail, especially unregistered portions of UUCP, etc.). I was away most of today and noticed that my backlog of UNSEEN NEW messages was over 100, and the backlog of UNSEEN messages was about almost twice that, just over the past few days. Thanks for all your enthusiasm! On an old subject, I get complaints from some of you when I do NOT use draconian pruning shears, because you would like to rely on my moderation to be incisively oriented toward exciting and really interesting material, so that you do not have to wade through the less interesting stuff. But what is interesting to some may not be interesting to others. I also get queries from some of you when your message has not appeared after a while. I know I cannot please everyone, but I'll continue to try to do the best I can. I am currently batching heavy-response items together into self-contained issues, so that if you are bored with the topic you may simply ignore the entire issue. I long ago gave up trying to acknowledge every message. If you really want to make sure a particular message got through or try to wedge it out of the queueueueueueue, please feel free to do so. Otherwise, please just have patience. Thanks. PGN ------------------------------ Date: Tue, 12 Mar 91 08:45:47 PST From: "Martin Minow moved to LJO2-A2, RANGER::MINOW" Subject: New Utility to Unlock Passwords >From MacWeek, Mar 12, 1991: [edited for space]. "New Visions Limited Partnership last month shipped a new [Macintosh] password- recovery utility called MasterKey. "MasterKey comes in three versions [for WingZ, Excel, and WordPerfect 1.0]. ... MasterKey is intended for use by law-enforcement agencies to access files belonging to drug criminals, embezzlers and terrorists; by companies to access files that disgruntled or terminated employees have locked; and by users to access their own files. "Features ... include the ability to rever passwords from MS-DOS files, [and] an access code to prevent use by unauthorized users...." I rather like the fact that they decided to password-protect their utility: maybe I should write a utility to break their password scheme! Martin Minow minow@ranger.enet.dec.com ------------------------------ Date: Tue, 12 Mar 91 11:56:07 EST From: Roy Smith Subject: Medical image compromise Slightly off the original subject, but I noticed in a recent visit to a hospital that in the public hallway outside of the CAT/MRI scan area were open rack upon open rack of magtapes, no doubt containing images of patients. It struck me that anybody could just pick up a tape and walk off with it. Surely they would not be so sloppy with "official medical records". My guess is that it never really occurred to them that these tapes are part of the medical records, just as surely as the bit of paper charts the doctors scribble in are. -- Roy Smith, Public Health Research Institute 455 First Avenue, New York, NY 10016 roy@alanine.phri.nyu.edu -OR- {att,cmcl2,rutgers,hombre}!phri!roy [Clearly not an integrity concern, but it could be a privacy concern if some eager journalist stole a tape, or a denial of service concern if the tape goes astray. PGN] ------------------------------ Date: Tue, 12 Mar 91 17:56:09 EST From: li@oracorp.COM (Li Gong) Subject: MCI's Computer Said It Is NOT OK I wanted to subscribe to MCI's three major calling packages: Prime Time, Call Europe, and Call Pacific. I was told by MCI representatives that I couldn't do so because their computer couldn't handle the complicated billing computation. The maximum is two packages per account. Li Gong, ORA Corp, 675 Mass Ave, Cambridge, MA ------------------------------ Date: Wed, 13 Mar 91 11:32:53 EST From: James K. Huggins Subject: Examinations by Phone With the recent discussion on voting-by-phone in RISKS, I thought the following (excerpted) article, taken from "U.: The National College Newspaper" might be of interest to readers. "Test Taking Goes Touch-Tone": Seema Desai, _The_Daily_Pennsylvanian_ (student newspaper of the University of Pennsylvania) At Governors State U., a wrong number can cost students more than a quarter. It can cost them their grade point averages. The small university near Chicago recently adopted a telephone system that lets students take multiple-choice exams over a touch-tone telephone. Donald Fricker, a management professor who spent about two years developing the application, said students call a special number and respond to recorded multiple choice questions by pressing digits on their phones. The system, named Big Mouth, has been in operation since this fall, and four professor currently use it to administer exams. Fricker said more than 100 students in classes ranging from psychology to management have taken exams on the system, adding that most students have responded positively to the new technology. [student and faculty testimonial deleted] Some students and faculty have raised concerns about abuse of the system. Currently, students have to enter their social security number to access the system. Students are on their honor not to cheat, Fricker said. And because students have only five seconds to answer, Scherzinger said cheating is difficult. [quote deleted] In the near future, Big Mouth will have the ability to repeat questions and accept short essay answers. Fricker said he also plans to add more security measures to the system, including offering multiple versions of exams and giving each student a special security code. [...] Despite some of the system's drawbacks, Scherzinger said he thinks it will gain wide acceptance in the academic community. "I personally believe that the system will come to every college within the next 10 years." The RISKS here are abundant: students hiring other students to take their exams for them (a risk that is somewhat minimized by an in-person exam) using their identification number, students deliberately using someone else's Social Security number to flunk the exam for them, and students recording the exam as it is being given in order to distribute copies to their friends. I hope Big Mouth never comes to Michigan. Jim Huggins, Univ. of Michigan (huggins@zip.eecs.umich.edu) [This is getting to be an old-hat topic. But it will recur. PGN] ------------------------------ Date: Tue, 12 Mar 91 11:39:51 PST From: Anthony E. Siegman Subject: Confident Extrapolation of Worst-Case Failures >From Henry Spencer at U of Toronto Zoology ... > because we must rely on such extrapolation and we already do; > the questions are how best to do such extrapolation and what > form of testing must be done to permit confident extrapolation. Surely it's also very important to assess the magnitude of the damage that could be done by overconfident extrapolation. Failure of a large airliner due to some unanticipated worst-case behavior (e.g., the early Comets) will kill at most a few thousands (in the air and on the ground). (I suppose a really worst-case failure in which an airliner comes down in Yankee stadium could kill several tens of thousands; but one can at least estimate with fair confidence the probability that a falling airline will hit Yankee Stadium.) [Shea, Hey, Willie?] In any event one can accept this level of tragedy and then use it to improve the system. Indeed that's more or less how large-scale civil aviation has made progress. The ``confident extrapolation'' in this instance, based on several decades of experience, is really that unanticipated worst-case behavior probably WILL happen; and one is nonetheless willing to accept this risk. Worst-case failure of a nuclear power plant in Sacramento, California, on the other hand, could render the entire San Francisco Bay Area uninhabitable for generations if not centuries (perhaps I'm exaggerating here, but it's hard to be certain). In any event, an really ``confident extrapolation'' that this worst-case event can't happen may be near to impossible; and past performance (Browns Ferry, Three Mile Island, Chernobyl) may lead one to have doubts about the ability (or wisdom?) of those who put such forth confident extrapolations. This is NOT an anti-nuclear message; I merely wish to make the points that: 1) The conservative confident extrapolation, based on past experience, may be that in most cases a worst case failure IS LIKELY to happen. 2) The most crucial question then is not "Will it happen?", but "Can we live with it, if it does?" (or "when it does"). --AES ------------------------------ Date: Tue, 12 Mar 91 23:35:20 EET From: mea@mea.utu.fi (Matti Aarnio) Subject: Re: A pulsar repulsed! (RISKS-11.25) > The 1989 discovery of an apparent supernova-remnant pulsar, blinking 2000 > times per second, has now been attributed to electrical interference from a > closed-circuit television camera used to operate the telescope in Chile. > [Source: an AP item in the San Francisco Chronicle, 11 Mar 91, p.A8] Interesting that this item has now surfaced thru AP. This was news item on Sky & Telescope magazine a few months back when it was debugged. (Reported around August-90?) What your extract doesn't tell is whether or not SFC mentioned it was a suspected OPTICAL pulsar -- which vanished next night. (No radio pulsar has been detected either.) It is very difficult to measure small but fast variations on very low levels of light intensity. Long lags from news to their appearance in newspapers seem to be common, also time lag and amount of errors correlate positively. Maybe feeding some RISKS to papers like Datamation would help? (I doubt they know what ACM is..) > I suppose it would have been much more obvious had it been blinking at 60 > cycles (or is it 50 in Chile?), although certainly less spectacular. A little > like hearing a loud thumping in a quiet room and discovering it the pulse of > your own heart beat? Or faint ticking at 2Hz, and you start to suspect bugs until you notice your watch... Anyway, it tells that while we use complex systems we must be carefull to spot all possible interference sources before we jump to conclusions. (Aren't we always?) About two weeks ago I saw on national TV news something telling that Australian radio astronomers had spotted an "ET" signal (me: immediate frown), but the way it was told on TV (as their "ending joke"), associated picture material etc., gave me conclusion: this is a red herring, forget it. "Hey, lets tell this joke from Down Under about those Radio Astronomers..." (Maybe 15 seconds total.) Today I went to do some UNIX system maintenance at the University of Turku Astronomy departement. Professor asked if I had heard anything about those Aussies, because local commercial radio wanted to make a program about this ET signal, and to interview some local radio astronomer... Our problem? No word about it from verifiable sources, thus do we dare to dip into USENET to fish out POSSIBLE information about it? (I hope there is information, but I doubt it... Good luck for SETI anyway!) /Matti Aarnio ------------------------------ Date: Mon, 11 Mar 91 18:07 BST From: "Olivier M.J. Crepin-Leblond" Subject: EM solution for new buildings - risk solved? I have read in this month's British Airways Business magazine that Pilkington's, the UK's glass manufacturer has attempted to tackle the problem of electromagnetic spying with a new "shielded" glass. The glass sheets are similar to the ones usually mounted on new sky-scrapers, with a shiny surface. However, this metallic film can be tied to earth, thus providing shielding which stops any electromagnetic radiation from leaving the building. It is therefore impossible to hack inside information from outside by picking-up electromagnetic radiation. Solutions were very costly up to now, with actual physical shielding of the building using metallic plates etc. Olivier M.J. Crepin-Leblond, Comms.Sys., Imperial College, London, UK. disclaimer: I am NOT related to Pilkington Glass or British Airways in any way ! ------------------------------ Date: Wed, 13 Mar 91 13:55:56 -0800 From: les@Gang-of-Four.Stanford.EDU (Les Earnest) Subject: Cellular surveillance I am seeking information on current practices and prospects for the use of cellular telephone systems in surveillance of individuals. 1. Given that the telephone companies have traditionally facilitated the tapping of individual telephones by law enforcement agencies if a court order has been obtained, I would assume that most cellular telephone systems have been instrumented to provide this capability. True? 2. Given that cellular telephone systems must track each individual instrument as it moves between cells (by checking relative signal strengths at cellular receiving stations) and given that phones can be tracked even when they are not in use, it would be a simple task for the cellular computers to record a time log of the movements of any selected phone. Has this capability been included in the software of these systems? 3. By using signal strength information from more than one cellular receiving station it is possible to estimate the location of a given phone more accurately than just which cell it is in. With existing equipment and signal strength accuracy, what is the typical positional accuracy of this estimate? 4. Motorola's planned Iridium system is expected to provide global cellular telephone service via 77 satellites in polar orbits. What kind of positional tracking accuracy will that system be able to provide on individual cellular telephones? Les Earnest, 12769 Dianne Dr., Los Altos Hills, CA 94022 415 941-3984 Internet: Les@cs.Stanford.edu UUCP: . . . decwrl!cs.Stanford.edu!Les ------------------------------ Date: Mon, 11 Mar 91 12:05:23 XST From: [anonymous] Subject: Cellular phone usage A recent poster questioned the cellular phone fraud loss figure mentioned in RISKS. He seemed to feel that 10 minutes/day/person would be a large amount of usage for cellular phones. In fact, this would be a very modest usage! While many cellular phone calls are short, many are VERY long, with individual calls longer than an hour not at all rare. Many people sit on those things all day long, making call after call. Whether the duration and number of calls is related in any way to whether or not the user is paying for the call or committing "cellular fraud" is difficult to determine from the "outside", of course. But persons who have "accidently" tuned in cellular conversations will tell you that it is amazing how many of the calls are such things as long, intimate chats between couples, people with handheld phones chatting with others for hours on end, lawyers talking about cases, etc. Not to mention the drug and prostitution rings (the latter two groups are BIG TIME users of cellular systems--and may well be among the more likely to be operating modified, illegal phones). There also seemed to be some concern that many of the calls would not have been made if the person weren't stealing the service. This is no doubt true, but there aren't many other obvious ways to quantify loss other than the unbillable amounts. The same could be said about toll fraud and intellectual property thefts. ------------------------------ Date: Mon, 11 Mar 91 18:13:24 PST From: Ed Hall Subject: Re: Re: Secret Service Foils Cellular Phone Fraud (RISKS-11.23) Who said anything about long-distance? A $5000 bill for cellular calls wouldn't be that hard to accrue for someone who spent a lot of time on the phone. Remember that you have to pay to *receive* as well as make cellular calls. I can think of one occupation where a person might receive dozens of calls a day, and where the anonymity provided by the counterfeit chips would be a big plus. In fact, this particular occupation might also afford a ready connection to the underground market for such devices, and its practitioners wouldn't be likely to worry about their illegality. You've probably guessed the occupation I'm thinking of: drug dealing. Indeed, cellular phones have replaced pocket pagers as the major technological tool of the "upscale" retail illicit drug trade. Considering the size of the drug trade in a city like New York, $100 million in calls a year sounds like a reasonable estimate to a city-dwelling layperson like me. -Ed Hall ------------------------------ Date: Wed, 13 Mar 91 20:04:56 -0500 From: karafiol@husc8.harvard.edu (P.J. Karafiol) Subject: Secret Service Foils Cellular Phone Fraud (bart, RISKS-11.23) Let's be real for a second. When was the last time you made a phone call to a friend that was less than ten minutes? It's very easy to talk for five minutes at a go. The few people I know who have cellular phones use them for an average of ten minutes a day, if they can afford it. Someone who plunks down $5000 for a modified phone can afford it. Not because he has $5000 to plunk down, but because he has free phone service. I'd make ten minutes of calls a day if they were free. I'd make a couple of hours of calls a day if they were free. I have friends all over the country. I can't afford to call them. But if I had a modified phone, I could. I would say, "Hey, I wanna talk to mike, let me get in the car ..." Of course, I think using phones like this *is* theft, and not something I would do at all. But I'm trying to get across the salient facts here. == pj karafiol ------------------------------ Date: Tue, 12 Mar 91 18:07:52 EST From: W.A.Simon Subject: Telephone risks revisited (Griffith, RISKS-11.23) All of the listed features really are one: calling phone identifies itself or is identified for us by the telco. This one feature is used to provide n services. [...] > Welcome to the age of Big Brother. Big Brother is a state of mind which belongs to bureaucrats, in government as well as in private enterprises. It was always there. Technology is now such that their particular vice can easily be satisfied. But don't kid yourself, Big Brother was always watching. Instead of fighting it, why not setup social and legal structures which will negate the benefits of snooping? Examples: * Let's make wiretapping legal; this way, we know and we expect our communications are monitored. We can always invest in cryptographic systems. And we can listen to the cellular calls of our politicians (:-). * Our medical files are violated by law enforcers as a matter of routine. Employers are not far behind. Insurance companies are misusing this same information. Government agencies are unable to protect it against leaks. And, big insult, I am not allowed to see the file my own doctor keeps on my subject. Therefore I propose all medical files should be made public. If I am discriminated against by an insurance company for smoking pot, why should their president be sheltered from the public revelation that he is a drunk and a wife abuser? * All of my past employers know about my checkered past. I know nothing about theirs. Why should their resume be confidential? I ask that human resource departments make all resumes public. * Police and politicians keep tabs on our every move through passport controls and credit cards. But politicians travel with diplomatic passports and they use assumed names to protect their privacy. My credit history (yours too) is known by so many people that it would make little difference if it were made public. I ask credit records be made public and that borders be opened. Etc... What makes our privacy so fragile is that we value it; it makes us vulnerable to B.B.: being homosexual is a problem only as long as one has to hide the fact. In the same manner, if all our foibles and weaknesses are made public, right along those of our neighbours and friends, who is to cast the first stone? Who will need to snoop then? In other words, since we can't protect privacy, let's replace it with the right to know. Technology would then work for us peons. Alain Home+Office: (514) 934 6320 UUCP: alain@elevia.UUCP ------------------------------ Date: 12 Mar 91 19:20:55 GMT From: king@motcid.UUCP (Steven King) Subject: Re: Apathy and viral spread (Slade, RISKS-11.26) Your data looks good, but I don't think your conclusions are well-founded. Let's assume that SUZY is a valid cross-section of the computer-using populace. Also, let's ignore the inactive users on the grounds that they're not participating in discussions on *any* topic. You claim this leaves us with only 20% of the active computer-using popluace that cares enough to talk about viri, implying that the remaining 80% are ignorant of the matter. Well, count me in that 80%, though I'm *not* ignorant. I don't use SUZY, but I use other information networks such as Usenet and local BBSs. I'm pretty active on them as well. And I don't subscribe to VIRUS-L or any other anti-viral discussions. Why? Is it that I'm unaware of the threat of viri? Hardly. It's that I have a limited amount of time, and I prefer to spend it in other ways. I pick and choose my discussions carefully, tempering my decisions with real-world affairs like cooking dinner. Yes, I'm aware of the threat of viri. Yes, I care about them. But I don't care enough to devote time to discussing the latest ones, or the latest theories on how to combat them. I suspect that you'll find a large number of people who fall into this category. While it's reasonable to say that only 20% of the populace care enough to discuss matters, it hardly follows that the remaining 80% is apathetic and ignorant. We're just off saving a different corner of the world... Steven King, Motorola Cellular (...uunet!motcid!king) ------------------------------ End of RISKS-FORUM Digest 11.27 ************************