Subject: RISKS DIGEST 13.10 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Monday 3 February 1992 Volume 13 : Issue 10 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Ballad of Silicon Slim (Cliff Stoll) IRS quick refund by computer pays off -- like an errant slot machine (PGN) Dutch crackers arrested (Wietse Venema via Cliff Stoll) `Virus' in Lithuanian Atomic Power Plant (Debora Weber-Wulff) ``All Bugs are Viruses'' (Chuck Lins) Supreme Court's mistaken fax (Clifford Johnson) Lack of Integrity in the "real world" (Ted Lee) Historical perspective on fault-tolerant architecture (Paul Eggert) Re: Communication between ATC and pilot (Henry Spencer) Re: Confusing Telephone System Overload Message (Bill Mahoney, Jay Schmidgall, Peter Desnoyers) Re: Computer evidence is Hearsay (Ken Tindell, Robin Fairbairns) Re: Warranties (Irving Chidsey, Charlie Mingo) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP domain folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 13, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Mon, 3 Feb 92 00:53:37 -0800 From: Cliff Stoll Subject: Ballad of Silicon Slim Dr. Demento collects the weirder songs for his nationally syndicated show -- he's one of the best reasons to own a radio. Last week's program featured The Ballad of Silicon Slim, a country & western song by John Forster. It's about a rootin-tootin, home computin' guy who breaks into Chase Manhattan Bank and snags a penny from everyone's account. This salami-slicing thief makes millions, gets caught, tossed in jail, but is popped out by a computer. It's a song praising the thief as being democratic (stealing equally from everyone), and carries several dubious stereotypes (the best programmers break into computers, outsiders are the biggest threat to banking systems, skimming of bank accounts won't be noticed). A ballad about a computing thief. Had to happen sometime! -Cliff Stoll stoll@ocf.berkeley.edu A few excerpts (without permission of copyright holder; I'm trying to reach him) In the dead of night he'd access each depositor's account And from each of them he'd siphon off the teeniest amount. And since no one ever noticed that there'd even been a crime He stole forty million dollars -- a penny at a time! Little Janet was only eight but she had her own account And the seven dollars in it was to her a huge amount. So the day that penny vanished one unhappy little tot Screamed, "Hey, what happened to my penny?" And the teller tried to tell her but could not. Is your whole year's withholding getting to the government? Have you figured out your FICA to the hundredth of a cent? Though the average Joe don't even know how much his FICA was Out there, somewhere, there's a software packin' buckeroo who does! ------------------------------ Date: Mon, 3 Feb 92 17:34:40 PST From: "Peter G. Neumann" Subject: IRS quick refund by computer pays off -- like an errant slot machine If you were one of the 1.1 million people who filed a 1991 tax return electronically between 10Jan1992 and 27Jan1992, you may have gotten a notification that a refund was forthcoming even if one was not. Apparently during that period the IRS computer program ignored all back-tax debts, which would otherwise have offset the refunds. Relying on the refund notification, lenders have been making loans that were (supposedly) secured by the expected refunds. No one knows yet how many such unsecure loans were actually granted. [Source: San Francisco Chronicle, 3Feb1992, p.A3, from the Washington Post] ------------------------------ Date: [missing, BUT BEFORE 3 Feb 92 01:03:32 -0800] From: wietse@wzv.win.tue.nl (Wietse Venema) Subject: Dutch crackers arrested reposted from alt.security and forwarded to Risks by Cliff Stoll [and lightly edited by PGN] This is a revision of an earlier posting carrying the same title. Any inaccuracies are my own responsibility. According to Dutch TV and newspaper reports, the Amsterdam police have arrested two computer crackers and seized their equipment. A press conference was held on Friday 31st. The two made a full confession. The reports state that over the past four months, R.J.N., age 25, computing science engineer, and H.W., age 21, c.s. student, installed so-called Trojan horses on a computer system of the Amsterdam Free University, and used that same system to break into computer systems in the US, Canada, and several European countries. According to a Dutch police spokesman, the two had no intention to damage or to steal information, but were doing it `just for kicks'. Dutch law on computer crime is still in preparation. Apparently, the charges are based on existing law: falsification (corrupting systems files in order to get privileges), destruction of property (rendering a computer system unusable), and fraud (using stolen passwords). Both fidelio and wave were students at my faculty, so I know them personally. The sad thing is, had the police been ready for this type of action a year earlier, they would probably still be free. Wietse Venema, dept. of Mathematics and Computing Science, Eindhoven University of Technology, The Netherlands ------------------------------ Date: Mon, 3 Feb 1992 07:40:17 GMT From: weberwu@inf.fu-berlin.de (Debora Weber-Wulff) Subject: `Virus' in Lithuanian Atomic Power Plant "Berliner Zeitung", 3Feb1992 ([East] Berlin), translated by DWW. "Sabotage fails - Virus in Power Plant Program for the Lithuanian Atomic Power Plant in Ignalina vaccinated Vilna/Moscow (dpa) This past weekend an act of sabotage against the computer system for the atomic power plant in Ignalina failed. A worker in the computer center of the plant tried on Thursday to plant a virus in a program in the non-nuclear part of the reactor, in order to cause disruption. dpa learned on Saturday from Vilna that the man probably wanted to get money from the reactor managers for repairing the damage he himself causes. The plant engineers managed, however, to repair the damage themselves in a very short time, according to information from the news agency ITAR-TASS, which is based on information from the government press office in Lithuania. A warrant for the arrest of the sabotager has been issued, and officials state that he will be prosecuted. The shutdown of one of the two reactors since Thursday has nothing whatsoever to do with the attempted sabotage, said the deputy Lithuanian energy minister, Saulus Kutas. ["Wer das glaubt, wird seelig." LOOSELY TRANSLATED AS "If you believe that, you'll believe anything." dww] [And goes on to explain about the tiny leak in the cooling system and how the water is not radioactive, and there are no problems, and a team of Swedish specialists looked at the reactor and found no big problems, but they do have a list of 20 little things they want to look at, and the Swedish government is going to pay for it all.]" Debora Weber-Wulff, Institut fuer Informatik, Nestorstr. 8-9, D-W-1000 Berlin 31 +49 30 89691 124 dww@inf.fu-berlin.de ------------------------------ Date: 3 Feb 92 15:01:23 U From: "Chuck Lins" Subject: ``All Bugs are Viruses'' While having dinner I overheard two automobile mechanics discussing a problem one had with one of the fancy automotive diagnostic systems. Apparently, any attempt to 'take a measurement' caused a catastrophic failure in the system (i.e., it 'crashed'). The cause was attributed to a `virus'. While to a computing professional such rationale appears ludicrous, it is quite a logical conclusion for the layperson. Chuck Lins, lins@apple.com ------------------------------ Date: Mon, 3 Feb 92 12:03:51 PST From: "Clifford Johnson" Subject: Supreme Court's mistaken fax From a UPI press release: The Supreme Court's decree topped a roller-coaster day for refugees waiting to learn their fate. Earlier Friday, the clerk's office of the 11th Circuit issued an order allowing the government to send the refugees back to Haiti. But 4 1/2 hours later, it said that order had been made by mistake. ``It was a clerical error,'' said Joyce Larkin, deputy clerk. ``The order was erroneously issued. The motion filed by the government to stay the injunctive order issued by Judge Atkins remains pending before this court.'' Kembra Smith, motions attorney for the 11th Circuit, said a facsimile message between judges apparently was sent by mistake to the clerk's office, and the erroneous order was then issued. ``I think we got an erroneous fax today, directed between the judges. It should not have come here -- it should not have been released,'' Smith said. She said there had been no final decision by the court, and that it should not be assumed that the court necessarily will issue an order similar to the one issued in error. ``They (the clerk's office) received a number of documents after the office received that (erroneous fax),'' she said. ``A decision is probably in the near future. But there's no way to know that. Any time period is totally speculative on my part.'' Smith said the mistake was unusual -- and highly embarrassing to the court because of the magnitude of the case. ``We're aware that it's fairly outrageous,'' she said. ``Hopefully, this will never happen again. Oh my God, especially in a case like this.'' [I can only add that had this been a last-day death penalty case, the error could have caused an unjust killing -- 4.5 hours is a long enough delay, and in a case involving less people, the delay may have been much greater. CJ] ------------------------------ Date: Mon, 3 Feb 92 16:19 EST From: TMPLee@DOCKMASTER.NCSC.MIL Subject: Lack of Integrity in the "real world" There's been a fair amount of writing lately that the "real world" needs protection against loss of integrity, not loss of confidentiality. I'm not sure it even cares about that. Last week I learned something about how Hennepin County (where Minneapolis is located) handles important documents that sort of bothers me. I needed to get a certified copy of a power of attorney that we had filed with the county's title registry a couple of years ago. I walked into a 30' x 30' room that had a clerk, a copying machine, a half dozen microfilm readers/printers and maybe half the room filled with racks of microfilm. A quite visible sign at the entrance said something like "please have the clerk retrieve printed documents; microfilm is self-service." Several lawyer-looking people appeared in fact to have done that -- they were sitting in front of the viewers just like one does at a public library. Not wanting to wade through the film I just gave the clerk the document number. She went over to the appropriate rack, got the film, and made a print of what I had asked for, which she then duly certified with the date and embossed county seal as being a true and accurate copy of the original that had been filed on such and such a date. All true scam artists and system penetrators by now ought to be asking themselves the question that came to my mind as I drove home. After having done a little reconnaissance to find out what kind of film was used, what would have prevented me from going to view a film, pretend to re-file it, but actually slip it in my pocket and remove it? (I saw no signs of any alarms like they have in stores.) I could then take it to a lab and temporarily or permanently replace any image of a document with the image of one I had forged up on a laser printer. I'd return, put it back in the files, and then ask for a certified copy of the forged image. (I'd pick either a very recent document or a very old one so the chances of the film's being missed while it was being doctored would be slight.) I would think that if one could forge a legally-certified power of attorney giving himself power over, say, the affairs of the president of 3M, or perhaps, the deed to a downtown office building one could make a lot of mischief and probably a lot of money. (You'd have to be careful, but the possibilities are, as they say, intriguing.) (Two additional points to note: nowhere was I asked for identification, although I did have to sign for the certified copy. Also, the registrar does NOT keep any originals -- all they have are the microfilm copies; we didn't have the original of what I needed because that had in fact to be deposited at a different state office.) ------------------------------ Date: Mon, 3 Feb 92 11:39:30 PST From: eggert@bi.twinsun.com (Paul Eggert) Subject: Historical perspective on fault-tolerant architecture I'd like to draw RISKS readers' attention to Daniel P Siewiorek's recent survey of fault tolerant computer design: Daniel P Siewiorek, Architecture of Fault-Tolerant Computers: An Historical Perspective, Proceedings of the IEEE 79, 12 (Dec 1991), 1710-1734 Siewiorek proposes a 3D design space and classifies two dozen well known systems ranging from the Univac I to the Galileo mission. There's a wealth of juicy tidbits with a broad historical perspective. For example, I didn't know that the Univac I contained more error detection circuitry than most contemporary microprocessors -- the circuitry was essential because they couldn't simulate the machine in advance! Although I highly recommend the survey, I have two reservations. First, publication delays have dated it a bit -- e.g. surely the new CM-5 deserves a place in Siewiorek's pantheon. Also, there's a frustrating lack of coverage of software fault tolerance, despite hints scattered throughout that software is a big problem area. Perhaps we'll have to wait for the book. ------------------------------ Date: Mon, 3 Feb 92 14:55:12 EST From: henry@zoo.toronto.edu Subject: Re: Communication between ATC and pilot > [direct message transmission from ATC to aircraft] > How the message was displayed: Headup display, voice, or another console > display There was a piece in a recent Aviation Week (Jan 6, I think) on NASA experiments with a digital data-transmission system. The pilots who tried it generally liked it, with reservations. They wanted to see voice used during high-workload times like landing approaches, because they didn't want to have their heads down inside the cockpit reading a screen at such times. For communication at less busy times, though, they liked it a lot. Messages generally did not need repeating, which was needed for a significant fraction of voice messages. There was less room for misunderstanding, and more time to think about complex messages. Being able to scroll back and look at earlier messages was something they liked very much. They particularly liked digital transmission and scrolling back to earlier messages for weather data, since this gave them some sense of how weather was changing. Henry Spencer at U of Toronto Zoology henry@zoo.toronto.edu utzoo!henry ------------------------------ Date: Sun, 2 Feb 92 10:40:50 -0600 From: news@tyr.unomaha.edu (UNO Network News Server) From: billzy@odin.unomaha.edu (Bill Mahoney) Subject: Re: Confusing Telephone System Overload Message (McCulley, RISKS-13.09) The Omaha World Herald reported that one problem with this level of calls is that quite a number of them went to an 800 number in Minnesota either by accident or because of other circumstances. The company in Minnesota is asking (unsuccessfully) for CBS to repay them for the several thousand phone calls that they received by accident, and is claiming that at least in some areas the phone number shown on the TV special was their 800 number and not the one for Call Interactive. CBS has decided that it should not have to pay for anyone dialing a wrong number (good point) and denies that the number shown on television was ever the incorrect one. Bill Mahoney ------------------------------ Date: Mon, 3 Feb 1992 07:22:37 -0600 (CST) From: Jay Schmidgall Reply-To: "Jay Schmidgall" Subject: Re: Confusing Telephone System Overload Message ... The owner of the store had been watching the SotU address and recognized his 1-800 number as the one CBS gave. He raced to the store only to find that his answering machine tape was filled to capacity (approx 50 msgs). He said some of the messages were pleasant, but others contained language unfit to print, apparently from frustrated viewers? He estimated the calls had cost him several hundred dollars in lost business. (No mention of any plans to sue CBS for compensation. :) CBS also had some comments but I don't recall what those were; typical apologies for the screw-up and disbelief that it could occur come to mind, though. I don't recall any explanation being given for the screw-up. In light of this article, I wonder how accurate CBS's numbers are: > Shortly afterward, with the display showing about 125,000 calls > processed, Dan Rather reported on the air that AT&T was estimating there > had been about 7,000,000 call attempts! Obviously their throughput was > a little below the capacity requirements... I can't seem to come up with an especially pithy RISK but perhaps our moderator can. To me, it seems either to be one of not very thorough testing of the system (I mean, c'mon, couldn't someone have _dialed_ the number before showing it to the entire nation) or perhaps a typical transcription error, though as I said I don't recall any mention in the article. -- jay ------------------------------ Date: Mon, 3 Feb 92 11:54:04 -0500 From: Peter Desnoyers Subject: Survey bias by equipment failure (McCulley, RISKS-13.09) A less obvious risk - although any phone-in survey is less than scientific, the low call completion rate (1 in 70) could further bias the results. Consider that the probability of success is probably strongly correlated with various factors such as geographic location (e.g. due to blocking systems that allow equal numbers of calls from areas with non-equal populations), population density (rural/urban/suburban), or ownership of a repeat-dial phone. With an extremely high call-blocking probability, it is easy to imagine that these factors could result in a given population sub-group (e.g. residents of New Hampshire and Maine*) being under- or over-represented in the sample by a factor of two or more. Peter Desnoyers * I especially find it hard to believe that no residents of New Hampshire - who are supposed to live and breathe politics every 4 years, with a 70% presidential primary turnout - would have gotten through in the first few minutes if the blocking probability was uniform. ------------------------------ Date: 2 Feb 1992 13:55:39 GMT From: ken@minster.york.ac.uk Subject: Re: Computer evidence is Hearsay (Stock, RISKS-13.09) >... However, the magistrates' courts which should deal with such cases are >refusing to hear them, on the grounds that computer output is hearsay and >therefore not acceptable as evidence. It is a little more complex than this. The law regarding summoning non-payers requires that the Council send a bill (of course) and a reminder before any court action is possible. The computer evidence problem surrounds this. In the UK proof of posting in the Royal Mail is _legally equivalent to proof of delivery_ (a precedent was set in Victorian times - they had a better postal service then*). Reams of computer printout are used to prove that bills and reminders have been sent, but all RISKS readers know that just because a computer prints out that a letter has been sent is no proof that is has. There have been a lot of software errors with Poll Tax systems (See RISKS passim) and I suspect that the Magistrates are so annoyed at having to deal with so many computer errors that they threw the cases out, which has now set a legal precedent. Now, the Government has changed the law for the Poll Tax making computer evidence legal. There are worrying aspects to making computer evidence legal: does the Plaintiff have to prove that the computer system is accurate? Or is it up to the Defendant to prove that it is full of errors? Will the accuracy of computer evidence ever be questioned? This problem will open up a whole can of worms in the English legal system, and I bet we will see non-computerate ill-advised legislators making sweeping changes which will create more problems than they solve. Sounds like a case for the EFF? Ken Tindell * I do not imply that the UK postal system is bad! Computer Science Dept., York University, YO1 5DD UK ..!mcsun!uknet!minster!ken Internet: ken%minster.york.ac.uk@nsfnet-relay.ac.uk Tel.: +44-904-433244 ------------------------------ Date: Mon, 03 Feb 1992 13:06:05 GMT From: Robin Fairbairns Subject: Re: Computer (poll tax) evidence is hearsay (Stock, RISKS-13.09) > [ Unfortunately I don't have a citable source for this as I no longer live > in the UK and so I rely on BBC Radio for this news. ] I had been surprised that no-one else had posted about this matter, and had dug out old newspapers: there were articles in `The Guardian' on Jan 16 and 17. > [ Curiously, in the main criminal courts, computer evidence is acceptable as a > result of specific legislation, but this legislation does not apply to the > lower courts. The government has promised to end this anomaly. ] Actually, the case is a _civil_ one (presumably because the government never believed that the non-payment campaign would get off the ground). The specific legislation that Kevin talks about applies to Crown Courts and up for civil cases (I don't know what the rules are about criminal cases). If there were only small numbers of defaulters, the ruling would presumably not be a problem: a council officer could attend the court for the (trivial) time it takes a magistrate to make an order. In fact, there were (until the ruling) hundreds of defaulters being dealt with in every court. All of this legal activity (and interest charges on loans to cover uncollected tax) is adding massively to the costs of administering local government. The (Labour Party) opposition has claimed that, on average, Poll Tax bills will go up by 50% in the coming financial year. The government's promise to end the anomaly has not taken the form of `rushing legislation through'; the councils have complained that their collection strategy is in a shambles until the new legislation is passed. ------------------------------ Date: 30 Jan 92 13:47:18 GMT From: Irving Chidsey Subject: Re: Warranties (Hollombe, RISKS-13.08) Jerry Hollombe questions the trend to selling things without warranties. Does not the commercial code require that all things offered for sale be merchantable, unless the sellor limit this merchantability in some explicit way? That a program called Taxamatic-91 can be expected to compute my 1991 taxes correctly as long as I answer its questions correctly? That the sole purpose of a warranty is to limit the sellor's liability, and if there is no warranty, there is no limit. Therefore, if it is called Taxamatic, with no 91, and there is no mention of the year in the instructions, I have grounds for suit if it doesn't work correctly for my 92 taxes, and my 93 taxes, etc.. How can lack of a warranty be worse than one that says, more or less, "The sellor makes no claim that this product is error free, will operate correctly, or is merchantable."? Irv Chidsey ------------------------------ Date: 02 Feb 92 23:04:07 From: Charlie.Mingo@p0.f70.n109.z1.fidonet.org (Charlie Mingo) Subject: Re: The Absence of a Warranty (Gilham, RISKS-13.09) Under the Uniform Commercial Code, there are implied warranties, but they are much more limited than you suggest. The basic implied warrenty is that of "merchantability" [UCC 2-314]; that is, the product is good enough to: - pass without objection in the trade under the contract description; and - in the case of fungible goods, are of fair average quality; and - are fit for the ordinary purposes for which such goods are used; and - run, within any agreed variations, of even kind, quality and quantity within each unit and among all units involved; and - are adequately contained, packaged and labelled as the agreement may require; and - conform to the promises or affirmations of fact made on the container or label if any. There is also an "implied warranty of fitness for a particular purpose" when the merchant selects the product for the buyer based on a description of the intended purpose, and the buyer relys on the seller's skill and judgement. [UCC 2-315] Neither of these warranties are perpetual; rather, they describe the condition the product is expected to be in when delivered to the buyer. The buyer has four years from the date of delivery to file a claim against the seller, regardless of when s/he becomes aware of the defect. [UCC 2-725] Charlie Mingo mingo@well.sf.ca.us mingo@cup.portal.com Charlie.Mingo@p4218.f70.n109.z1.fidonet.org ------------------------------ End of RISKS-FORUM Digest 13.10 ************************