Subject: RISKS DIGEST 13.86 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Saturday 24 October 1992 Volume 13 : Issue 86 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Software Bombs Out -- Ark Royal revisited (Simon Marshall) Erased Disk used against Brazilian President (Geraldo Xexeo) The NSF Net cable-cut story (Steve Martin via Alan Wexelblat) Risks in Banking, Translation, etc. (Paul M. Wexelblat) Re: 15th National Computer Security Conference (Dorothy Denning) Re: Vote Early, Vote Often (Louis B. Moore) T*p S*cr*t (Berry Kercheval) Book Review: The Hacker Crackdown (David Barker-Plummer) Filling station POS terminals: credit card users beware! (Steve Summit) Int Workshop on Fault and Error Models of Failures in Comp Sys (Ram Chillarege) Computer Security Foundations Workshop VI call for papers (Catherine A. Meadows) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 13, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. For information regarding delivery of RISKS by FAX, phone 310-455-9300 (or send FAX to RISKS at 310-455-2364, or EMail to risks-fax@cv.vortex.com). ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Sat, 24 Oct 1992 10:55:28 +0000 From: Simon Marshall Subject: Software Bombs Out -- Ark Royal revisited (Re:RISKS-13.44) From Sat 24 Oct 1992 `Guardian', no author given. It is perhaps not too surprising that this has not received the attention that it deserves, given the political situation in the UK at the moment. The British Government is currently in the process of lurching from one crisis to the next. [See Brian Randell's contribution in RISKS-13.44 for background. PGN] Computer software blamed as RAF pilot bombs Ark Royal. An RAF Harrier jump-jet pilot on exchange with the Royal Navy bombed the carrier Ark Royal, injuring five crew, because of a computer software anomaly, it was disclosed yesterday. Four of the injured have returned to work following the [20 April 1992] incident when the 28lb practice bomb tore through the flight deck and exploded in one of the mess decks. The fifth ... is still receiving medical treatment. The incident happened when four Sea Harriers were practicing dropping bombs on a target towed 600 yards behind Ark Royal during training .... The RAF Flight Lieutenant, described as highly experienced, lost radar contact twice with the ship. He `locked on' for a third time just seconds before going into the loft manoeuvre. He did not know that the automatic aim-off was not programmed to cut in within such a short period of time because of an anomaly in the computer software. The bomb was aimed at the ship and not the target. The pilot will receive a formal warning and training using loft-mode attacks has been `put into abeyance'.'' What interested me in particular was that, in a roundabout way, the pilot is being faulted, even though the software is blamed. It is worrying that the evaluation of the software (which I assume took place) did not pick this up. Of course, it could well be that the real problem was much more complicated than the article suggests. It would not be the first time the press has simplified a story involving modern technology. Does anyone know more on this? It does, however, bring home the reality that computers control life and death situations. Simon Marshall, Dept. of Computer Science, University of Hull, Hull HU6 7RX, UK Email: S.Marshall@Hull.ac.uk Phone: +44 482 465181 Fax: 466666 ------------------------------ Date: Thu, 22 Oct 1992 18:58:52 GMT From: xexeo@dxcern.cern.ch (Geraldo Xexeo) Subject: Erased Disk used against Brazilian President In the investigation of the process against the Brazilian President (Fernando Collor de Mello), the Federal Police found (and confiscated) an IBM-PC clone in the enterprises of Paulo Cesar Farias. In the hard disk of this computer were found dozens of indications of the corruption of Collor de Mello and P.C. Farias. The "folklore" that runs in Brazil now is that the disks were actually erased, but the FP bought in USA a software that allowed the examination of the disk and the recovery of the files. It seems that this tale is true. I would like to know which software was used, and what kind of work the FP did. Jerry / Xexeo Geraldo Xexeo, CERN - PPE Division, 1211 Geneve 23, Switzerland FAX: (41)(22)785-0207 xexeo@dxcern.cern.ch gxexeo@cernvm.bitnet ------------------------------ Date: Tue, 20 Oct 92 00:15:02 -0400 From: Alan Wexelblat Subject: The NSF Net cable-cut story Date: Mon, 19 Oct 92 23:49:18 -0400 From: Doug Humphrey Subject: .0045 mbits/sec Article <7610172337.AA19083@nisc.jnvc.net> Oct 17 23:37 Subject: T3 Cable Cut From: martin@NISC.JNVC.NET (Steve Martin) This is to inform you that Merit (NSF) has experienced a fiber cut in East Orange, New Jersey. As a result of this, JNvCnet's T3 access to the NSF net is temporarily out of service till repairs can be made. All traffic to the NSF net is now being routed through the 9.6k backbone node and will be returned to the T3 as soon as possible. ------------------------------ Date: Thu, 22 Oct 92 23:24:34 EDT From: cent@mc.lcs.mit.edu Subject: Risks in Banking, Translation, etc. [The following message came from Pandora Berman at MIT via Jerry Leichter , John Robinson , Clark M. Baker) , and originally from Paul M. Wexelblat , who noted the original CACM item ... PGN] I stumbled across this little item in the current (October 1992) CACM: BANKS UNDERDRAWN... The banking industry spent over a billion dollars on technology last year, yet they are not even close to employing leading-edge tools. A new survey ... indicates that over 75% of bank computer programs are still written in Cobol and 84% of banking software is designed for mainframes, not PCs. Moreover, 80% of the software used by banks is over six years old and only 37% of their locations are networked. The report reveals most banks are simply not investigating new advances in computer applications. [Communications of the ACM, Vol 35, No 10, NEWSTRACK, p.9] Here is a rough translation: BANKS CONSERVATIVE... The banking industry spent over a billion dollars on technology that works, rather than the latest glitzy play toy. A new survey ... indicates that over 75% of bank computer programs are written in a language appropriate to the task as opposed to trying to force their models into the latest Object Oriented fad and 84% of banking software is designed to run on systems that have low mean time between failures, juggle hundreds of users, handle huge databases, and push megabytes at high rates, not tiny little machines that crash with great regularity, are designed for a single user, if even that, have minuscule disks, and have bandwidth the approximating that of a sclerotic soda straw. Moreover, 80% of the software used by banks has been fairly well debugged and only 37% of their locations are open to attack by thirteen year olds with modems and a lot of time on their hands. The report reveals most banks are simply not chasing the latest fad in confuser science and piddling their money away on recoding working applications unnecessarily. Paul Wexelblat ------------------------------ Date: Tue, 20 Oct 92 14:41:43 EDT From: denning@cs.cosc.georgetown.edu (Dorothy Denning) Subject: Re: 15th National Computer Security Conference (RISKS-13.85) David Willcox said Dorothy Denning suggested that anyone using high-level encryption over a public network be required to register their encryption keys with some agency. This agency would then distribute the keys when an appropriate court order was presented. The risks of this are fairly obvious. I believe this risk can be reduced to about zero. For example, using a public-key system, your key could be encrypted under the public key belonging to, say, the Justice Dept. The encrypted key would be given to and held by an independent agency. But, the key could be decrypted only by Justice. Thus, if somone gains access to a key held by the key agency, they wouldn't be able to decrypt it. To use a key, law enforcers would have to go through these steps: 1. Get a court order. 2. Submit the court order to the key agency and get the encrypted key. 3. Deliver the encrypted key to Justice with the court order; get back the plaintext key. 4. Take the court order to the service provider in order to activate the tap and get the bits. 5. Listen in and decrypt the communications. I believe this scheme is pretty tight. Silvio Micali has evidently invented another method of safeguarding the keys in a registry, called "fair cryptography", but I don't know the details. Dorothy Denning ------------------------------ Date: Tue, 20 Oct 1992 11:09:22 MDT From: "Louis B. Moore" Subject: RE: Vote Early, Vote Often >It took the action of citizens banding together to file a civil lawsuit to halt >the abuses after their complaints were rebuffed by the Colorado secretary of >state's office and the local district attorney. There is an interesting point related to this particular story. The Colorado Secretary of State does not have criminal powers. So in the case of vote fraud like that in Costillo County, the Secretary of State may have to turn the case over to the District Attorney. The District Attorney may have been elected with the aid of the vote fraud (s)he is supposed to prosecute. The other choice of prosecuting authority would be the Attorney General (depending on who had jurisdiction), another elected official. It is difficult to see how telephone voting will do anything but further exploit existing problems in authenticating voters and prosecuting vote fraud. Louis B. Moore, Systems Programmer, The Children's Hospital of Denver Denver, Colorado USA 80218 lbmoore@tchden.org +1 303 837 2513 ------------------------------ Date: Wed, 21 Oct 92 15:34:30 PDT From: berry@athos.pei.com (Berry Kercheval) Subject: T*p S*cr*t "Anonymous" mentions in RISKS DIGEST 13.84 that the Department of Defense conducted an investigation when an message marked "T*p S*cr*t" was found on an unclassified computer system. (The asterisks are a way of ensuring that the investigation is not triggered by the words in *his* message, I guess.) I don't think merely putting the words "Top Secret" in a message is the problem; putting it in in such a way that it appears to be classified data *is*. I have, in the past, held both Department of Energy and Department of Defense clearances, and if I learned anything it is that the security personnel of both agencies take their jobs very seriously and do not have much of a sense of humor where security violations are concerned. In my initial briefings for these clearances it was emphasized that classified information must be strictly controlled, and in fact we were given specific procedures for what to do if we found unattended classified documents lying around. It appears that [the author] thinks that the "system wide disclaimers that said systems are not to be used for classified work" should have been sufficient to prevent action. I feel that the exact reverse is true -- the appearance of an APPARENTLY classified message on an insecure* computer is exactly the kind of security violation that needs to be investigated immediately. In fact, I can remember one company that sent out "Top Secret" press releases to their customers -- which included some DoE and DoD sites -- getting an unpleasant visit from men with dark suits and sunglasses that didn't smile much. (The gist was "Don't *do* that".) --berry ------------------------------ Date: Sat, 24 Oct 1992 12:06:23 -0400 From: David Barker-Plummer Subject: Book Review: The Hacker Crackdown "The Hacker Crackdown: Law and Disorder on the Electronic Frontier", Bruce Sterling, Bantam Books, November 1992, ISBN 0-553-08058-X, 328pp, US$23. Book Review by Dave Barker-Plummer (plummer@cs.swarthmore.edu) "The Hacker Crackdown" is Bruce Sterling's term for a series of seizures of computer equipment which took place during the summer of 1990. The circumstances surrounding these raids, the individuals and communities affected by them, and the consequences for the computing community and society at large, are the subjects of this book. Sterling, a cyberpunk author, is at his best when he is telling stories. He adopts a revelatory style and writes in a tone of wonder and bemusement as events take one unexpected turn after another. Particularly intriguing is his telling of the Craig Neidorf/Knight Lightning story. Neidorf was prosecuted for electronically distributing an edited version of a document copied without permission from a BellSouth computer. Sterling documents the history of the document as it was sent across the Internet many times, its publication in the "Phrack" newsletter, the arrest of Neidorf, the charges against him and the eventual collapse of the trial. As the story unfolds, one realises that truth is indeed stranger than even Sterling's bleak cyberpunk fiction. There are many other stories in the book: the story of Steve Jackson, whose legitimate games company was raided under sealed warrant, and all of his computers seized; the story of The Legion of Doom, a group of hackers who assemble in cyberspace to brag about breaking into computers and sharing stolen access codes and credit card numbers; the story of the founding of the Electronic Frontier Foundation by Mitch Kapor, author of Lotus 1-2-3, and John Perry Barlow, sometime lyricist for The Grateful Dead; and closing the book, the story of the Computers, Privacy and Freedom conference of 1992, in which hackers, law enforcement, and civil libertarian groups met to talk about these issues with unprecedented openness. Sterling attempts to make these stories take second place to the culture, or more correctly cultures, of cyberspace. He chooses to structure his book in four main parts, each dealing with one of these subcultures. While hacker stories have been told before, this examination of cultures has been neglected, and Sterling is to be praised for attempting it. However, Sterling does not seem to comfortable in his self-appointed role. Try as he might, the events keep overtaking the people, and the book ends up feeling somewhat confused --- but then the whole subject is rife with confusion: cultural, technical and ethical. Although Sterling fails to give it the emphasis it deserves, the main theme of this book is power. In the first part of the book "Crashing the System", Sterling describes the power of the telephone companies. From the fledgling technology of the telephone, through the rise of AT&T, and the significant role that it played in government and industry, to the break up of the Baby Bells. The picture that Sterling paints of the contemporary telcos is that of a power base that is under threat, and which is struggling to preserve its grip on the power that is being threatened by the more widespread availability of technology, not to mention the breaking of the economic monopoly. Lest this sounds like dull reading --- there's not a sentence in this book that can be described as dull --- I should mention that Sterling brings this history to life by taking us in detail through the duties of a switchboard operator, and observing that in the early days of the telephone teenage boys often played this role until they were found to be "hacking", when they were ejected from the system. There are intriguing parallels between the time just after the introduction of the telephone --- which Sterling identifies as the creation of cyberspace --- and the contemporary era, which represents the settling of that "place". The second section of the book, "The Digital Underground", documents the hacker subculture. Sterling steers a journalistic middle course: on the one hand stressing the illegality of hacking and debunking the myth of the talented genius, while at the same time pointing out that the typical hacker is not a hardened criminal but a teenage boy. Sterling explains the feeling of technical power for a hacker when he uses a computer to break into a voice mail PBX, or to break into a password protected system, to gain access to hitherto inaccessible regions of cyberspace. Sterling makes much of the isolation and cultural powerlessness of hackers: they are typically teenage boys who grew up in the Reagan era and have come to believe that all institutions are corrupt, and who see their computer and modem as weapons against those institutions, even if it is only to steal insignificant documents, or do no more than irritate those institutions. He also describes the material available on "underground" BBSs, illustrating the anarchistic stances adopted by these elite children of elite families, and debunks the myth that there are "gangs" of hackers working in concerted effort to bring about the downfall of the technocracy as we know it, but asserts that their's is typically a solitary "game". This isolation leads to their need to brag of their exploits to other hackers, in order to build a reputation, and often thereby to their swift arrest. Isolation also accounts for the fact that almost every hacker arrested cooperated fully and informed on his contacts in cyberspace. There is no hacker community, Sterling implies, and no honour among hackers. In the third section, "Law and Order", Sterling describes the world of the law enforcement officers. If one thing comes through from this picture it is that the law enforcement agencies in this country were/are ill-prepared to investigate and prosecute computer crime. Sterling remarks that he, a not particularly computer-literate, author has more computer power in his home than the typical computer law enforcement officer (of 1990). Sterling describes the modus operandi of a typical hacker bust, the seizure of everything that looks like it might be relevant including CDs (that might store data and be disguised as music CDs), and Sony Walkmen (because they are electronics, I guess). In his article "Crime and Puzzlement", John Perry Barlow writes "In fairness, one can imagine the government's problem. This is all pretty magical stuff to them. If I were trying to terminate the operations of a witch coven, I'd probably seize everything in sight. How would I tell the ordinary household brooms from the getaway vehicles?". While Sterling's description of the problems facing the under-funded, under-equipped and under-skilled government agencies is sympathetic, he does not seek to justify the excesses in the events of 1990. He carefully makes and maintains the distinction between hackers from legitimate computer users, and describes how members of both of these groups were equally punished by the Hacker Crackdown. Finally, in "The Civil Libertarians" Sterling describes the response of the Silicon Valley and Austin computer culture to the strange events of the hacker crackdown, which culminated in the formation of the Electronic Frontier Foundation. In this very upbeat section, Sterling describes how the computer elite used their technological power to network and organize, to seize the public relations advantage, to file suit in defense of Steve Jackson and Craig Niedorf and to set themselves up to defend civil liberties in cyberspace. In the view of the civil libertarians, the hacker crackdown was the first skirmish in the battle for control of cyberspace. The Electronic Frontier is a new "place" that is currently being populated and the rules that will govern this place are up for grabs. The civil libertarians are concerned to guarantee important rights for the citizenry of cyberspace, in particular: freedom of expression, freedom of association and privacy: in effect a constitution for cyberspace. "The Hacker Crackdown" taught me much about the events of the early 90s and it is entertaining and provoking by turns. I recommend it highly, for its discussion of the contemporary struggle for technological power, illustrated by unbelievable, but true, stories of law and disorder on the electronic frontier. ------------------------------ Date: Wed, 21 Oct 92 13:08:15 -0400 From: scs@adam.mit.edu (Steve Summit) Subject: filling station POS terminals: credit card users beware! Today I bought gasoline and discovered that the station had some fancy new pumps with credit card readers built right in. You can drive up, insert your card, pump gas, and drive away, without even dealing with a clerk. The pump prints a little receipt when you're finished. The problem is the receipt. It comes out behind a small clear plastic door (presumably the door is to protect the printer from the weather); you have to slide it open so that you can fish the receipt out, slightly awkwardly, with your finger. If you don't notice the receipt at all, or if you're in a hurry, or if you aren't in the habit of saving receipts anyway, you could easily leave it behind. On the receipt is printed not only your credit card number and type of card (VISA, MC, etc.), but also your full name, as retrieved from the magstripe. If Bonnie S. Thomason happens to read this, you forgot your receipt after buying 13.855 gallons of unleaded at 7:59 this morning, but I promise I won't use or disclose your credit card number. Wandering around checking these receipt slots would be reminiscent of wandering around checking pay telephone coin return slots, but potentially much more lucrative. Besides RISKS, I'm writing a letter to the oil company in question today. [This is of course an old problem for RISKS readers, but it is perhaps worth including here as a reminder that it recurs continually. PGN] ------------------------------ Date: Fri, 23 Oct 92 08:51:13 EDT From: "Ram Chillarege (914) 784 7375" Subject: Int Workshop on Fault and Error Models of Failures in Comp Sys. Abstract Submission : NOVEMBER 2, 1992 Deadline Approaching : **************** Call for Participation International Workshop on Fault and Error Models of Failures in Computer Systems January 25 - 26, 1993 o Palm Beach o Florida ------------------------------------------------------------------ Sponsor The IEEE Computer Society and IEEE Technical Committee on Fault-Tolerant Computing Dates Abstract Deadline: November 2, 1992 Acceptance Notification: December 15, 1992 Session Foils/Agenda: January 8, 1993 ------------------------------------------------------------------ Scope The importance of understanding Computer System failures, in terms of their fault and error models, failure patterns, and characteristics cannot be over emphasized. This understanding is critical in influencing the research and practice of fault-tolerant computing. It is the kernel upon which evaluation methods, experimental verification, modeling, algorithms and techniques are developed. In recent years the relative mix in the causes of outage has shifted from what it was a decade ago. Studies indicate the dominance of software as a cause of outage, closely followed by maintenance and environment. However, the industry lacks data and understanding of faults, errors and failures in these dimensions - severely impacting the progress of fault-tolerant computing as a research discipline and a practice. This workshop is intended to bring together experts from industry, academia, and government. The goal is to develop the needed insight, define and calibrate models, and gain knowledge to guide research and practice in fault-tolerant computing. This workshop will be highly interactive. It will be run as a workshop, and will not have a conference flavor. It is intended that at the end of the two day meeting, there will evolve a substantial accomplishment towards these goals. These results are intended to be the starting point of a sequel to this workshop, on fault-injection. The fault-injection workshop, also sponsored by the Technical Committee on Fault-Tolerant Computing, is planned to be held in Sweden in June 1993. Submission To participate in this workshop, submit seven copies (or use email) of a two page abstract describing the contribution you will make to the workshop. The program committee will review the abstracts and notify you of your acceptance. To enhance interaction the attendance at the workshop will be limited to a maximum of fifty. Workshop Chair Ram Chillarege, IBM Research, USA Program Committee Bob Horst - Tandem Computers, USA Ravi Iyer - University of Illinois, USA Karama Kanoun - LAAS-CNRS, France Dan Siewiorek - Carnegie Mellon, USA Yoshihiro Tohma - Tokyo Institute, Japan Jan Torin - Chalmers University, Sweden Submit Abstracts to Ram Chillarege IBM T. J. Watson Research Center 30 Saw Mill River Road Hawthorne, NY 10532, USA (914) 784-7375 Fax: (914) 784-6201 email: ramchill@watson.ibm.com Important Dates Submission Deadline: November 2, 1992 Acceptance Notification: December 15, 1992 Session Foils/Agenda: January 8, 1993 Ex Officio Jacob Abraham, FTC-TC Chair, University of Texas, Austin, USA ------------------------------ Date: Fri, 23 Oct 92 18:59:51 EDT From: meadows@itd.nrl.navy.mil (Catherine A. Meadows) Subject: Call for papers, Computer Security Foundations Workshop VI CALL FOR PAPERS COMPUTER SECURITY FOUNDATIONS WORKSHOP VI June 15-17, 1993 Franconia, New Hampshire Sponsored by the IEEE Computer Society The purpose of this workshop is to bring together researchers in computer science to examine foundational issues in computer security, with emphasis on formal models that provide a framework for theories of security and techniques for verifying security as defined by these theories. We are interested both in papers that describe new results in the theory of computer security and in papers, panels, and working group exercises that explore open questions and raise fundamental concerns about current theories of security. Possible topics include access control, covert channels, information flow, database security, secure protocols, verification techniques, integrity and availability models, interactions of computer security requirements with other system requirements such as dependability and timing, and the role of formal methods in computer security. The proceedings are published by the IEEE Computer Society and will be available at the workshop. Selected papers will be invited for publication in a special issue of the Journal of Computer Security. Instructions for Participants: Workshop attendance will be limited to thirty-five participants. Prospective participants should send four copies of a paper (limit 7500 words), panel proposal, or working group exercise to Catherine Meadows, Program Chair, at the address below. Please provide email addresses and telephone numbers (voice and fax) for all authors. The contact author should be clearly identified. IMPORTANT DATES: Author's submission: January 29, 1993 Notification of acceptance: March 10, 1993 Camera-ready final papers: April 9, 1993 Program Committee Marshall Abrams, MITRE John Mclean, NRL Simon Foley, University College, Cork Jonathan Millen, MITRE Li Gong, ORA Robert Morris, DoD James Gray, NRL Ravi Sandhu, GMU Jeremy Jacob, Oxford Marv Schaefer, CTA For further information contact: General Chair Ravi S. Sandhu ISSE Department George Mason University Fairfax, VA 22030-4444 +1 703-993-1659 sandhu@sitevax.gmu.edu Program Chair Catherine Meadows Code 5543 Naval Research Laboratory Washington, DC 20375 +1 202-767-3490 meadows@itd.nrl.navy.mil Publications Chair Joshua Guttman The MITRE Corporation Burlington Road Bedford, MA 01730 +1 617-271-2654 guttman@linus.mitre.org ------------------------------ End of RISKS-FORUM Digest 13.86 ************************