Subject: RISKS DIGEST 13.03 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Friday 10 January 1992 Volume 13 : Issue 03 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: CNN Nearly Reported Bush Death, due to rapidly shared computer data Chaos Congress 91 Report (Klaus Brunnstein) Conflicting SSNs and Federal Tax Numbers (Mike Engber) Errant `timed' wreaks havoc (Clay Jackson) PC virus infects UNIX system (Bear Giles) Automated bill collectors, privacy, and accuracy (Bryan MacKinnon) The last (?) word on/from the Honda guy (Adam Gaffin) Re: "Miracle" computer-controlled piano teaching (Scott E. Preece, Ed Nilges) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE INTERNET FROM: ADDRESS, especially .UUCP domain folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 12, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Fri, 10 Jan 92 9:33:56 PST From: "Peter G. Neumann" Subject: CNN Nearly Reported Bush Death, due to rapidly shared computer data The AP reported from Atlanta 09Jan91 that CNN Headline News came within seconds of reporting that President Bush had died at the banquet in Japan at which he had collapsed from stomach flu on 8Jan92. A caller identifying himself as Bush's doctor had telephoned CNN about three hours after Bush's collapse, and said the president was dead. CNN and Headline News are two floors apart but use the same newsroom computer system. A staff member had typed the telephoned report into the computer. CNN executives had determined almost immediately that the report was a fake and pulled it from the computer file. But downstairs at Headline News, it had already been seen on the screen and was nearly broadcast. CNN Headline News anchorman Don Harrison started to read the report on the air at 9:45 a.m. EST during coverage of Bush's collapse, when he was alerted in midsentence by another staff member, said CNN spokesman Steve Haworth. The alleged caller, James Edward Smith, 71, left his number with CNN and was traced to Idaho, where he was arrested and later put in a mental hospital. [Starkly abridged by PGN] ------------------------------ Date: 9 Jan 92 16:37 +0100 From: Klaus Brunnstein Subject: Chaos Congress 91 Report Report: 8th Chaos Computer Congress On occasion of the 10th anniversary of its foundation, Chaos Computer Club (CCC) organised its 8th Congress in Hamburg (Dec.27-29, 1991). To more than 400 participants (largest participation ever, with growing number of students rather than teen-age scholars), a rich diversity of PC and network related themes was offered, with significantly less sessions than before devoted to critical themes, such as phreaking, hacking or malware construction. Changes in the European hacker scene became evident as only few people from Netherlands (see: Hacktick) and Italy had come to this former hackers' Mecca. Consequently, Congress news are only documented in German. As CCC's founding members develop in age and experience, reflection of CCC's role and growing diversity (and sometimes visible alienity between leading members) of opinions indicates that teen-age CCC may produce less spectacular events than ever before. This year's dominating theme covered presentations of communication techniques for PCs, Ataris, Amigas and Unix, the development of a local net (mousenet.txt: 6.9 kByte) as well as description of regional (e.g. CCC's ZERBERUS; zerberus.txt: 3.9 kByte) and international networks (internet.txt: 5.4 kBytes), including a survey (netzwerk.txt: 53.9 kByte). In comparison, CCC'90 documents are more detailed on architectures while sessions and demonstrations in CCC'91 (in "Hacker Center" and other rooms) were more concerned with practical navigation in such nets. Phreaking was covered by the Dutch group HACKTIC which updated its CCC'90 presentation of how to "minimize expenditures for telephone conversations" by using "blue" boxes (simulating specific sounds used in phone systems to transmit switching commands) and "red" boxes (using telecom-internal commands for testing purposes), and describing available software and recent events. Detailed information on phreaking methods in soecific countries and bugs in some telecom systems were discussed (phreaking.txt: 7.3 kByte). More information (in Dutch) was available, including charts of electronic circuits, in several volumes of Dutch "HACKTIC: Tidschrift voor Techno-Anarchisten" (=news for techno-anarchists). Remark #1: recent events (e.g. "Gulf hacks") and material presen ted on Chaos Congress '91 indicate that Netherland emerges as a new European center of malicious attacks on systems and networks. Among other potentially harmful information, HACKTIC #14/15 publishes code of computer viruses (a BAT-virus which does not work properly; "world's shortest virus" of 110 bytes, a primitive non-resident virus significantly longer than the shortest resident Bulgarian virus: 94 Bytes). While many errors in the analysis show that the authors lack deeper insigth into malware technologies (which may change), their criminal energy in publishing such code evidently is related to the fact that Netherland has no adequate computer crime legislation. In contrast, the advent of German computer crime legislation (1989) may be one reason for CCC's less devotion to potentially harmful themes. Remark #2: while few Netherland universities devote research and teaching to in/security, Delft university at least offers introductory courses into data protection (an issue of large public interest in NL) and security. Professors Herschberg and Aalders also analyse the "robustness" of networks and systems, in the sense that students may try to access connected systems if the adressed organisations agree. According to Prof. Aalders (in a recent telephone conversation), they never encourage students to attack systems but they also do not punish students who report on such attacks which they undertook on their own. (Herschberg and Alpers deliberately have no email connection.) Different from recent years, a seminar on Computer viruses (presented by Morton Swimmer of Virus Test Center, Univ. Hamburg) as deliberately devoted to disseminate non-destructive information (avoiding any presentation of virus programming). A survey of legal aspects of inadequate software quality (including viruses and program errors) was presented by lawyer Freiherr von Gravenreuth (fehlvir.txt: 5.6 kByte). Some public attention was drawn to the fact that the "city-call" telephone system radio-transmits information essentially as ASCII. A demonstration proved that such transmitted texts may easily be intercepted, analysed and even manipulated on a PC. CCC publicly warned that "profiles" of such texts (and those adressed) may easily be collected, and asked Telecom to inform users about this insecurity (radioarm.txt: 1.6 kByte); German Telecom did not follow this advice. Besides discussions of emerging voice mailboxes (voicebox.txt: 2.8 kBytes), an interesting session presented a C64-based chipcard analysis systems (chipcard.txt: 3.3 kBytes). Two students have built a simple mechanism to analyse (from systematic IO analysis) the protocol of a German telephone card communicating with the public telephone box; they described, in some detail (including an elctronmicroscopic photo) the architecture and the system behaviour, including 100 bytes of communication data stored (for each call, for 80 days!) in a central German Telecom computer. Asked for legal implications of their work, they argued that they just wanted to understand this technology, and they were not aware of any legal constraint. They have not analysed possibilities to reload the telephone account (which is generally possible, due to the architecture), and they didnot analyse architectures or procedures of other chipcards (bank cards etc). Following CCC's (10-year old charta), essential discussions were devoted to social themes. The "Feminine computer handling" workshop deliberately excluded men (about 25 women participating), to avoid last year's experience of male dominancy in related discussions (femin.txt: 4.2 kBytes). A session (mainly attended by informatics students) was devoted to "Informatics and Ethics" (ethik.txt: 3.7 kByte), introducing the international state-of-discussion, and discussing the value of professional standards in the German case. A discussion about "techno-terrorism" became somewhat symptomatic for CCC's actual state. While external participants (von Gravenreuth, Brunnstein) were invited to this theme, CCC-internal controversies presented the panel discussion under the technical title "definition questions". While one fraction (Wernery, Wieckmann/terror.txt: 7.2 kByte) wanted to discuss possibilities, examples and dangers of techno-terrorism openly, others (CCC "ol'man" Wau Holland) wanted to generally define "terrorism" somehow academically, and some undertook to describe "government repression" as some sort of terrorism. In the controversial debate (wau_ter.txt: 9.7 kByte), few examples of technoterrorism (WANK worm, development of virus techniques for economic competition and warfare) were given. More texts are available on: new German games in Multi-User Domain/Cyberspace (mud.txt: 3.8 kByte), and Wernery's "Btx documentation" (btx.txt: 6.2 kByte); not all topics have been reported. All German texts are available from the author (in self-extracting file: ccc91.exe, about 90 kByte), or from CCC (e-mail: SYSOP@CHAOS-HH.ZER, fax: +49-40-4917689). Klaus Brunnstein, University of Hamburg (Jan.8, 1991) ------------------------------ Date: Fri, 10 Jan 92 14:22:17 CST From: engber@aristotle.ils.nwu.edu (Mike Engber) Subject: Conflicting SSNs and Federal Tax Numbers If your Social Security Number = FedTaxNumber of some business, you could be in for problems. It turns out that both SSNs and Federal Tax number are 9 digits and the government does issue Fed Tax numbers that match SSNs. I recently tried to open an account at Savings of America, they did a credit check with ChexSystems and my SSN flagged a problem. After 3 months, and much aggravation it turns out that some business has a Federal Tax number that is the same as my Social Security number and that business did something to get reported to ChexSystems. I'm not sure there is anything I can do. Assuming the business really did something, the credit ding could be legit. ChexSystems reports that the business does not have my name on it, but from the S&L's point of view it's possible I opened a business account using my SSN under the business's name name. ChexSystems won't even tell me the name of the business. I don't really care about opening up this particular account, but I'd don't want me to come back and haunt me in the future, If anyone has any ideas, please email engber@ils.nwu.edu. ------------------------------ Date: Fri, 10 Jan 92 13:54:36 PST From: cjackso@nv6.uswnvg.com (Clay Jackson) Subject: Errant `timed' wreaks havoc We had an interesting experience this morning with `timed' (a unix Network time daemon). A vendor brought a demonstration machine to a first-time unix user, who let the vendor install it and boot it while it was connected to our network. The machine had a `timed' set up as a master. When the vendor booted the machine, he did not set the time. So, the first time one of our other machines on the net asked for the time, this machine responded. Soon all of our machines thought that the date was 1/1/1970. When this was first noticed, our SysAdmins found the errant machine and shut it down. Unfortunately, the story doesn't end here. It seems that there was also a bug in our 'real' `timed' software, such that any date with more than 1 digit in the day is not handled correctly. So, the date went from 1/1/70 to 10/10/92 instantly. This caused further havoc with things like 'at' and all sorts of other unix utilities. We're still picking up the pieces of our database (which tracks things like work orders and trouble tickets, some of which now have ages of 20+ years!). Needless to say, we're working on a `reasonableness' check for `timed', as well as (more) controls on what gets put on our network! Clay Jackson, US West NewVector Group Inc ------------------------------ Date: Fri, 10 Jan 92 09:40:56 MST From: bear@fsl.noaa.gov (Bear Giles 271 X-6076) Subject: PC virus infects UNIX system We were configuring the ethernet card on our new 486 UNIX (SVR5) box when we determined that we needed to boot and run DOS to run the ethernet configuration program. (Or possibly the EISA configuration -- this happened in my office but I was not involved). No problem: simply create a boot disk from the DOS system across the hall and reboot DOS. Unfortunately, that system had been infected with the 'Stoned' virus. This virus overwrote the UNIX BOOT TRACK when the infected DOS was booted. Result -- no more SVR5. We will probably have to perform a low-level format of the disk and rebuild the UNIX from original media. Morals: 1) don't ignore DOS viruses simply because you run UNIX unless you NEVER need to use DOS. 2) Pound on DOS users to note and report strange behavior because some infections are very costly (several person-days to rebuild this system -- at least it was new and had no work-in-progress on it!) Bear Giles bear@fsl.noaa.gov ------------------------------ Date: Fri, 10 Jan 92 09:27:43 CST From: mackinno@fndaud.fnal.gov (Bryan MacKinnon) Subject: Automated bill collectors, privacy, and accuracy A recent incident that happend to me has called me to question the accuracy and privacy of bill collecting. One evening, I received a phone call at home. When I answered, I was greeted by a synthetic voice stating: "Hello, I have importantant information for Jane Doe, if you are that person, please press 1 now." (I replace the real name here with Jane Doe for privacy.) I was and am not Jane Doe so I hung up. The next night, I received around the same time the same phone call - again I hang up. This went on for five days. Sure enough, on the sixth day, my synthetic friend calls me again. Annoyed and a bit curious, I finally press 1. The voice then begins to tell me that Jane Doe, of address [not mine], had a CaT scan that has not been paid for. It gave me the date, hospital, referring doctor, and reason for the scan. This amazed me for many reasons. I knew some very private things about a complete stranger, including a physical disorder she had (abeit minor), merely because of an incorrect telephone in a database. If the automated bill service did not have her phone number and perhaps her address correct, that could explain why she has not paid her bill. Well, that was the last time I heard from my automated friend. I assume that the autocalling program noted that it delivered its message and it was done with its responsibility. What happened to Jane Doe, I do not know. -- Bryan. ------------------------------ Date: Fri, 10 Jan 92 08:00:00 -0800 From: Adam Gaffin Subject: The last (?) word on/from the Honda guy Note comments from the man himself Adam Gaffin, Middlesex News, Framingham, Mass. adamg@world.std.com Voice: (508) 626-3968. Fred the Middlesex News Computer: (508) 872-8461 Judge pulls the plug on Holliston man's calls, By Lisa LaBanca, Middlesex News, Framingham, Mass., 1/10/92 NEWS STAFF WRITER HOLLISTON - A federal judge has hung up the Honda phone of Holliston resident Daniel Gregory. The American Honda Motor Co. has obtained a permanent injunction in federal court that prohibits him from harassing the company. The injunction was granted in U.S. District Court in Boston this week, according to Bob Butorac, a spokesman for the Torrance, Calif.-based carmaker. Butorac said that the Burnap Road resident signed an agreement to not telephone, send facsimile transmissions or otherwise harass the company. ``It would appear that the issue is now closed,'' Butorac said. Gregory, 31, made national news when American Honda decided to go to court to prevent him from calling or sending facsimile transmissions over the company's telephone lines. The company said Gregory had made more than 100 phone calls in one day last fall and transmitted multi-page letters by fax over four days. American Honda blocked off all calls to its 800 numbers from the 508 area code in order to keep Gregory from tying up the lines. ``His phone calling inconvenienced other customers who were trying to call us,'' Butorac said. Gregory, the owner of a 1990 Honda Civic CRX, said his car did not stop properly in the rain. Gregory said yesterday {Thursday} that he would abide by the consent agreement until he disposes of the car. The agreement did not require Gregory to admit that he had harassed the company. ``In no way have I given up my quest to solve the problem,'' Gregory said. But he said the experience was useful. ``It gave me some interesting insight: I've got to be a lot more careful in not losing my cool,'' he said. ``You can compromise your opportunity to pursue a resolution if you lose your cool.'' Gregory is thinking about initiating a suit of his own: He claims that an American Honda executive contacted an area dealership and notified its management that Gregory might call them. The dealership later refused to service his car, Gregory said. ``As far as I'm concerned, he prejudiced that dealership against me.'' ------------------------------ Date: Fri, 10 Jan 92 09:43:54 -0600 From: preece@urbana.mcd.mot.com (Scott E. Preece) Subject: Re: "Miracle" computer-controlled piano teaching (RISKS-13.02) | This is it could not recognize the slight improvisation represented by grace | notes as an improvement over the music displayed on the screen. In my opinion, | a good piano teacher would give Couric a higher score for the creativity | implicit in grace notes. That depends on whether the teacher had told her to play it as written or to perform it. Playing the instrument involves basic skills that must be mastered; performing compositions involves *both* those skills and aesthetic skills that have to be learned/acquired separately. It makes a lot of sense for a computer training system to grade students on their mastery of playing skills. At the present level of AI, it makes no sense at all for a computer training system to make aesthetic judgements. Think of it as more like a typing teacher than like a music teacher. | More than this, the developers of "The Miracle" seem unaware of the fact that | Playing The Music Exactly As Written (PTMEAW) is (in a global sense) not the | usual practice. Not only is folk music almost completely improvised, Indian | classical music gains much of its richness from being IN PART improvised by | master musicians every time it is performed. Note the phrase "master musicians" in that last sentence. You have to earn your freedom (you're totally free to play whatever you like in your living room and grade yourself, but if you want to submit yourself for public evaluation, you'd better have the technical skills to support your improvisational insight). Back when I lived in a city, I went to a lot of piano recitals. I would say Vladimir Horowitz made more technical mistakes than almost anyone else I heard, but was also the most riveting and persuasive of the lot. My daughter, on the other hand, though better technically and musically than most kids her age, would probably profit a lot from a mechanical grading that would not let her get away with sloppiness. No, it won't make you a musician. That requires insight and experience. A good human teacher will help the student acquire those. But you'll never be able to express your musicianship unless you acquire the mechanical skills that something like the Miracle Keyboard *can* help you with. ------------------------------ Date: Fri, 10 Jan 1992 16:45:26 GMT From: egnilges@phoenix.Princeton.EDU (Ed Nilges) Subject: Re: "Miracle" computer-controlled piano teaching (RISKS-13.02) >instrumentalist in a concerto provided a "coda" in which the soloist could Thanks to Phil Karn of the University of Chicago for correcting this post on a matter of detail. He reminded me that the improvisational section is a "cadenza" rather than a "coda", and of course a "coda" is the section in the concerto towards the end in which the soloist and the orchestra usually play "tutti." A rose by any other name and all that, and the fact remains that in a world-music sense improvisation is the norm rather than the exception (being vestigial in Western classical music through Mozart in the form of the CADENZA) but my apologies to comp.risks for this slip. ------------------------------ End of RISKS-FORUM Digest 13.03 ************************