Subject: RISKS DIGEST 14.69 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Friday 4 June 1993 Volume 14 : Issue 69 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Interference from mobile telephones (Erling Kristiansen) Zapped by the phone? (Richard Wexelblat) Re: Flight control computers to bypass pilots (Erling Kristiansen) WANTED: Article describing 10 Biggest Failures of Technology (Richard J Frost) Cryptic probable cause (Gary Preckshot) Re: Keypad security risks (Sean Matthews, Michael S. Polymenakos) Re: Fake ATM Machine Steals PINs (Phil White, Lars Wirzenius, Bob Frankston, Grant Grundler) Re: Cryptography and the Bill of Rights (Robert I. Eachus) More on the risks of teaching ... (Peter D. Junger) White House Electronic Mail (Steen Hansen) Did they have an address for Hillary? (Paul Robinson) The RISKS Forum is a moderated digest discussing risks; comp.risks is its Usenet counterpart. Undigestifiers are available throughout the Internet, but not from RISKS. Contributions should be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with appropriate, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 14, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. For information regarding delivery of RISKS by FAX, phone 310-455-9300 (or send FAX to RISKS at 310-455-2364, or EMail to risks-fax@vortex.com). ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Fri, 4 Jun 93 09:04:45 +0100 From: erling@wm.estec.esa.nl (Erling Kristiansen) Subject: Interference from mobile telephones Communications Week International, 31 May 1993, brings an article under the headline "Radio Storm Hits GSM", which I paraphrase below. Handsets for the European digital mobile phone system GSM are reported to cause interference with hearing aids as well as car electronics (the latter has been reported in RISKS before). Tests in Australia, Germany, and the Unites States show that the burst transmission mode (TDMA - Time Division Multiple Access) used for GSM and other digital cellular systems causes interference with hearing aids as far away as 30 meters. At a range of 3-5 meters, hearing-aid wearers experience a humming noise. In some cases the noise is painful, according to the report. Car manufacturers are concerned that GSM handsets may interfere with electronic devices, including those that control air bags and ABS brakes. Volkswagen has found interference with several systems, but the article is not specific about which ones. So has Mercedes. BMW say they have done tests but found no interference. The article goes on to discuss the merits of TDMA, as compared to analog and CDMA systems. The conclusion seems to be that TDMA is more prone to causing interference due to its rather high-powered burst mode of transmission. The issue is raised of whether it is up to GSM designers/manufacturers to solve the problem, or whether the manufacturers of those systems that GSM (and other digital phone systems) interferes into, have to take measures to protect themselves against interference. There is no conclusion on this issue, but various views are presented. Finally, commercial issues are addressed. Some manufacturers question the extent of the issue but fear that it may dampen the export of GSM. Erling Kristiansen, ESTEC Noordwijk, The Netherlands. ------------------------------ Date: Wed, 2 Jun 93 15:27:42 EDT From: rlw@ida.org (Richard Wexelblat) Subject: Zapped by the phone? June's Spectrum has an article, "The Cellular Phone Scare" subheaded: Despite the media hype, not one study has shown a link between cellular phones and brain cancer; nonetheless, more research is under way. In spite of a clear anti-danger bias, the article presents a good survey of work-to-date on the effects of non-ionizing radiation. (IEEE _Spectrum_, June 1993, 43-47) ------------------------------ Date: Fri, 4 Jun 93 08:37:31 +0100 From: erling@wm.estec.esa.nl (Erling Kristiansen) Subject: Re: Flight control computers to bypass pilots (RISKS-14.65) The Independent article says > Yesterday the first test demonstration of equipment which will allow pilots > and air traffic controllers to communicate through computers was held. It is not quite true that this was the first demonstration of such capabilities. The European Space Agence (ESA), in cooperation with several organizations and airlines, demonstrated our PRODAT satellite mobile communication system with, among other features, ATC digital communication, starting in 1987. The trials included installations on several aircraft - including the very same BAC 1-11 quoted in the Independent article. One Airbus 310 was flying the equipment for more than a year, and ATC experimenters were collecting flight data on a regular basis, but the system was not actually part of the ATC operations of this aircraft. One dedicated flight, with a private Jetstream aircraft, between Madrid and London, was carried out with the PRODAT link as primary ATC communication channel (and voice as backup) for the part of the flight taking place in Spanish airspace. Admittedly, the scope of the PRODAT trials was more limited than that of the Mode-S. The goal was to demonstrate the feasibility of digital satellite communication for ATC (and airline) purposes. All equipment was to prototype standards, and a possible commercialization would have taken place in a second phase. The trial system incorporated capabilities for the controller to access flight data, but no to down (up?)-load data into the aircraft equipment. Pilot-to-controller messaging was also provided. The aeronautical part of PRODAT has been discontinued for a variety of reasons (competing systems, standardization going in other directions). PRODAT still continues, and is on the verge of commercial deployment for land mobiles - but that is another story. The RISK? When the press proclaims a FIRST, do not always believe it. Erling Kristiansen, ESTEC, European Space Agency, Noordwijk, The Netherlands ------------------------------ Date: Fri, 04 Jun 93 11:12:18 +0900 From: Richard J Frost Subject: WANTED: Article describing 10 Biggest Failures of Technology There was an article published in a computer journal back in the 70's with a title similar to "The 10 Biggest Failures of Technology". It described technology failures in America and its effects. It included the famous blackout of America and other major failures that were linked with failing technology. Has anyone heard of it? Does anyone know where I can get this article? Please email replies to the address below. Thanks [CC RISKS also. PGN] Richard Frost, CSIRO, Flinders Joint Research Centre in Information Technology Adelaide, SOUTH AUSTRALIA rfrost@jrc.flinders.edu.au +61 8 201 3651 ------------------------------ Date: 4 Jun 1993 10:01:20 U From: "Gary Preckshot" Subject: Cryptic probable cause Jay Schmidgall writes: > Ok, I guess I must have skimmed over this part. Let me see if I understand > this properly: > If I have got more secure crypto gear, probable > cause exists that I have committed a crime. > Hmmm. Does this include any crypto gear that may have been purchased > before the corresponding CLIPPER-enabled gear became available? There was an interesting article in the June 2 Wall Street Journal to the effect that such a significant proportion of cash in the USA was now contaminated by cocaine that cocaine contamination was becoming non-evidentiary. In Florida, one study found 97% of all bills exhibiting cocaine contamination. In Chicago, another study (by a DEA forensic chemist) found 33% of all bills in circulation had detectable cocaine. To date, about three Federal courts have ruled that evidence seized because of dog sniffs or contaminant detection was illegally seized. It seems unlikely that any presumption could be attached to using secure crypto gear that the Government couldn't break because there are many innocent activities and reasons that people could advance for not wanting the Government or anyone else reading their mail. Consequently, a law prohibiting the use of non-breakable crypto gear seems the only way the Government could declare that such use was de facto incriminating. Such a law already exists in precedent. Ham radio operators are not allowed to use non-standard codes or unrecognized spoken languages. ------------------------------ Date: Wed, 2 Jun 93 14:48:46 +0200 From: sean@mpi-sb.mpg.de (Sean Matthews) Subject: A keypad security risk This weekend I was staying with a friend who works in a secure building, and I went with him one evening so that I could borrow a computer to read my mail, and things. This was in the evening, and there was no-one in the building to let him in, so he had to key in the pass number on the outside door for the first time in months. This number is four digits long, and contains a duplicate. How do I know this? Because of the ten buttons on the key pad, seven were covered in dust, and had clearly not been touched in a long time, and it was easy to see that he entered four digits (also, four is the number you expect). Random four-digit passnumbers do not provide exactly high security, but they do provide some. When the set of passnumbers is reduced to 36, there is not even the vestige of security left. Sean Matthews Max-Planck-Institut fuer Informatik Im Stadtwald, W-6600 Saarbruecken, Germany phone: +49 681 302 5363 ------------------------------ Date: 31 May 1993 12:33:25 -0400 From: mpoly@Panix.Com (Michael S. Polymenakos) Subject: Re: Cash machine keypad risk? (Potts, RISKS-14.65) On a related note, I once approached an ATM that was displaying what was clearly a diagnostic screen of hexadecimal numbers. There were a few numbers shown on top (registers?) and 5-6 rows of long hex strings preceded by what must have been memory addresses. There was no response to the keypad (I tried). Considering what may have happened to the ATM Card and/or the account balance of the person who may have been using the machine when this happened, I decided to look for another bank, rather than risk using the 'sister' machine in the same branch. Michael Polymenakos ------------------------------ Date: Wed, 02 Jun 93 22:03:46 PDT From: Phil White Subject: Re: Fake ATM Machine Steals PINs Another method that might allow you to "authenticate" an ATM machine: Enter an incorrect PIN as your first attempt. Try a balance query if the ATM seems to accept the bad PIN. At least at my bank's ATMs, you are given a second chance to enter the correct PIN after entering the wrong one. Come to think of it, this might decrease the odds your PIN will be stolen by someone who observes you keying in the number. Phil White Tektronix, Beaverton, OR USA :: philip.w.white@tek.COM [First entering an incorrect password was also noted by mpoly@Panix.Com (Michael S. Polymenakos), mlf@genrad.com (Matt Fichtenbaum), Bill.Cordan@dundee.ncr.com (Bill Cordan), HOLDEN_PHILIP/HP1600_01@hpopd.pwd.hp.com (Philip Holden), rmehlman%grumpy.decnet@pdsppi.igpp.ucla.edu . THANKS! PGN] ------------------------------ Date: Sun, 16 May 1993 21:44:10 +0300 From: Lars Wirzenius Subject: Re: Fake ATM machines >[New trick? This is one of the oldest scams going, but it still recurs. PGN] In a Swedish novel from 1982, ``Datadyrkarna'' (roughly, `the data lock-picks', or `the data worshippers') by Jan-J"oran Stenhagen (a pseudonym, according to back cover), one part of the plot is about the same scheme (but without giving money). The crooks set up a fake ATM and had it collect the PINs. They did the money collecting part at the end of the month, when most people had just got their salaries (they are usually paid monthly, not weekly as I understand is more common in the US), and had a lot of money on their accounts. The rest of the book and its sequel contain a lot of other interesting issues about data safety, and risks of computerization. The two crooks (the main characters in the book) start with making their employer go bankrupt (after she had angered them), continue with the ATM scam, and then attack the social security system and rob most of the money going through it. The ISBN is 91-46-14287-8, published by Wahlstr"om & Widstrand. I don't have the sequel, although I have read it. Alas, I doubt either has been translated to English. Lars.Wirzenius@helsinki.fi (finger wirzeniu@klaava.helsinki.fi) ------------------------------ Date: Tue, 1 Jun 1993 18:44 -0400 From: Bob_Frankston@frankston.com Subject: Re: Fake ATM Machine Steals PINs The reality is that one cannot be overly careful about ATMs one uses. I use BayBank in the Boston area. One reason (aside from proximity to MIT over 25 years ago) is that they've got zillions of their own ATMs as well as being on a number of worldwide ATM networks. It isn't realistic to be paranoid about every one. The risk of proposing interminable vigilance as a "solution" is that it doesn't solve the problem and only shifts the blame to the poor user who has enough to worry about. And by doing so reduces the pressure to actually solve the problem. In any case, it is worth the $50 exposure (if the bank really presses the issue) on stolen ATM cards to apply my Type A inclinations to other sources of worry. It reminds me that Olmstead (sp?) who created many parks in the 1800's including Central Park in New York was (supposedly) against placing lights in them because it would encourage foolish behavior like walking in the parks at night where one is likely to be mugged. ------------------------------ Date: Wed, 26 May 93 12:26:42 PDT From: grant@oas.olivetti.com (Grant Grundler) Subject: Re: Fake ATM Machine Steals PINs (Peterson, RISKS-14.60) How can a user report fraud within 48 hours if the fraud isn't apparent until an ATM account statement shows up (Normally once a month)? Do I have to report fraud within 48 hours my bank drops my statement in the mail? I know some of this has been discussed before. This is not a new problem. Possible Solutions (and my comments): 1) Enable user to verify the ATM is "real". (technically feasible? too expensive? How secure? will Banks adopt this?) 2) Use the ATM only at your local bank. (Certainly reduces the usefulness of ATM cards) 3) Don't use an ATM - just write personal checks or use credit cards. (Risk is transferred to business to verify personal check. Not accepted everywhere, not anonymous, or transaction costs store about %2) 4) Carry more cash? Grant Grundler voice: +1.408.366.3583 grant@oas.olivetti.com fax: +1.408.366.3606 [Similar comments from Rebecca Walpole walpolr@instruction.cs.orst.edu.] ------------------------------ Date: Wed, 2 Jun 93 12:15:01 EDT From: eachus@spectre.mitre.org (Robert I. Eachus) Subject: Cryptography and the Bill of Rights "David A. Honig" wrote: > While this may amuse some, this actually addresses at a > profound and often overlooked intent of the 'Founding Fathers'. > The People are guaranteed the right to bear arms, not just for > personal defense (which was obvious to them), but also because: > politicians prefer unarmed peasants. An unarmed populace is > much easier to dominate. And so is a populace without the > ability to have privacy. ...and so is a populace without access to reliable news, and to the opinions of other citizens, and... Thomas Jefferson would have been the first to argue that the right of free speech, and to peaceably assemble are more fundamental and more important than the right to bear arms. In fact he did so argue, and that is one of the reasons that the first and second amendments are in that order. Modern cryptography is much more important as a component of free speech than as a weapon in and of itself. (But, a free press is a more important weapon than rifles or cannons, see Tom above.) Peter D. Junger makes it clear that restrictions implicit in ITAR seriously limit the exercise of free speech. (If a law professor restricts his speech, in particular what he feels free to discuss in class, after carefully reading the ITAR regulations, then there can be no question that those regulations have a chilling effect on free speech.) Is this chilling effect unconstitutional? It depends on whether those regulations reflect the intent of the Senate in signing a treaty, or just the catch-all wording of some bureaucrat issuing regulations to implement and international agreement. IMHO, unless the Senate debate on an international treaty specifically discussed the limitations to freedom of speech involved in limiting the export of crypto gear, the issue does not arise. Everything that I have seen on ITAR specifically recognizes the individual US citizen's right to free non-commercial speech, and severely limits everything else, so I suspect that this reflects congressional intent. (I thought about doing the search after lunch, and realized that the best approach is to ask--in a polite letter--a few of the Senators who were there. I'll post any responses received...) Robert I. Eachus ------------------------------ Date: Fri, 04 Jun 93 11:15:18 EDT From: junger@samsara.law.cwru.edu (Peter D. Junger) Subject: More on the risks of teaching ... I have received a large number of personal responses to my article on the risks of teaching about computers and the law (RISKS-14.65) as well as the responses that appeared in RISKS-14.67. (I am afraid that I lost some of the personal responses, so if you haven't received a reply, please send me another copy of your message.) These have been most interesting and helpful and, for the most part, supportive. I would, however, like to correct some misapprehensions that appear in the response by Jerry Leichter entitled "Re: Peter D. Junger's risks of teaching..." (RISKS-14.67). Mr Leichter writes: While more sophisticated in his writing, what Mr. Junger is really doing is simply repeating an argument we've seen many, many times on the net: 1. Anyone can write cryptographic software, so where is the secrecy? 2. The regulations as written forbid export of such things as - a favorite example that Mr. Junger surely did not re-invent independently - Captain Midnight Decoder rings. But my trouble is that _I_ (not anyone, not anyone else, but just dear old _moi-je_) wrote an encryption program that does not contain anything secret or original and yet the ITAR regulations require me to get a license before I _talk_ about this program with my students, if any of them should happen to be foreign, without first obtaining a license from the State Department, a license, which if it is granted, I could not expect to get before the semester is over. So I am not making the very sensible argument that Mr. Leichter pooh-pools as old hat. (I have no recollection of having ever seen any reference to my old--or any other--Captain Midnight Decoder (which I don't recall was a ring--wasn't it sort of a flat disk with a knob in the center?) during the last several decades, but if Mr. Leichter is sure I did not "reinvent" this example, I won't argue that point with him.) Though I think it is sort of silly to require me to get a license to export my program, since I don't want to export it--I just want to talk about it and publish it and post it on my FTP server, all within the United States--that is not my problem. Once again, what I am concerned with is the requirement that I get a license to talk (or publish) information about my program within the United States, a requirement that is blatantly unconstitutional. Thus Mr. Leichter's example of requiring a license for the exportation of an encryption _chip_ has nothing to do with my problem. (I must admit, however, that I cannot conceive of a case where the export of an encryption chip, that was not developed by or on behalf of the government, could be a serious threat to our national security.) His other example does, however, have some bearing on my problem, if only because it illustrates how unclear, how far from being present, how farfetched, is the danger of allowing information about cryptography to get into the hands of the foreigners, for this example is: "conjectural software, 500 man-years in the making after a large research investment, for breaking cryptosystems used by the US for communicating with its embassies abroad". (Who would spend all that time and money to accomplish such a goal, whether those who did it (were it done) would be deterred by export regulations, and whether a program of such complexity could ever work are exercises that are left to the reader.) Even though we are basically talking about different issues, however, the desire of Mr. Leichter to regulate the export of devices does ultimately collide with the Constitutional right of free speech that is my concern. As he puts the problem: Mr. Junger teaches law. Perhaps he'll take up the challenge of suggesting regulatory wording that covers "significant" cryptographic "equipment" - along the way, perhaps, coming up with a distinction that can be made in some useful way among "equipment", "software", and "specifications". The trouble with this challenge--besides the fact that I have no interest in drafting such regulations--is that the constitution forbids the regulation of speech and that "specifications" fall squarely within the category of speech. What is really interesting is that "software" seems to be both "equipment", which is unprotected, and speech, which is constitutionally protected. (That's why I find computers and the law an interesting subject.) The problem that I face is not how to draft unconstitutional regulations but how to challenge them. The fact that the regulations are not enforced makes it difficult to get their constitutionality before the courts. And the fact is that the regulatory scheme is not enforced by the bureaucrats, despite Mr. Leichter's claim that that is their job; instead, as one who responded to me privately put it, they rely on "FUD (Fear, Uncertainty and Doubt) to dissuade people from using and distributing effective cryptographic software." Peter D. Junger Case Western Reserve University Law School, Cleveland, OH Internet: JUNGER@SAMSARA.LAW.CWRU.Edu -- Bitnet: JUNGER@CWRU ------------------------------ Date: Fri, 4 Jun 93 08:33:15 -0400 From: steen@kiwi.swhs.ohio-state.edu (Steen Hansen) Subject: WHITE HOUSE ELECTRONIC MAIL Forwarded message: > For Immediate Release June 1, 1993 > > LETTER FROM THE PRESIDENT AND VICE PRESIDENT > IN ANNOUNCEMENT OF WHITE HOUSE ELECTRONIC MAIL ACCESS > > Dear Friends: > > Part of our commitment to change is to keep the White House > in step with today's changing technology. As we move ahead into > the twenty-first century, we must have a government that can show > the way and lead by example. Today, we are pleased to announce > that for the first time in history, the White House will be > connected to you via electronic mail. Electronic mail will bring > the Presidency and this Administration closer and make it more > accessible to the people. > > The White House will be connected to the Internet as well as > several on-line commercial vendors, thus making us more > accessible and more in touch with people across this country. We > will not be alone in this venture. Congress is also getting > involved, and an exciting announcement regarding electronic mail > is expected to come from the House of Representatives tomorrow. > > Various government agencies also will be taking part in the > near future. Americans Communicating Electronically is a project > developed by several government agencies to coordinate and > improve access to the nation's educational and information assets > and resources. This will be done through interactive > communications such as electronic mail, and brought to people who > do not have ready access to a computer. > > However, we must be realistic about the limitations and > expectations of the White House electronic mail system. This > experiment is the first-ever e-mail project done on such a large > scale. As we work to reinvent government and streamline our > processes, the e-mail project can help to put us on the leading > edge of progress. > > Initially, your e-mail message will be read and receipt > immediately acknowledged. A careful count will be taken on the > number received as well as the subject of each message. However, > the White House is not yet capable of sending back a tailored > response via electronic mail. We are hoping this will happen by > the end of the year. > > A number of response-based programs which allow technology > to help us read your message more effectively, and, eventually > respond to you electronically in a timely fashion will be tried > out as well. These programs will change periodically as we > experiment with the best way to handle electronic mail from the > public. Since this has never been tried before, it is important > to allow for some flexibility in the system in these first > stages. We welcome your suggestions. > > This is an historic moment in the White House and we look > forward to your participation and enthusiasm for this milestone > event. We eagerly anticipate the day when electronic mail from > the public is an integral and normal part of the White House > communications system. > > President Clinton Vice President Gore > PRESIDENT@WHITEHOUSE.GOV VICE.PRESIDENT@WHITEHOUSE.GOV ------------------------------ Date: Fri, 4 Jun 1993 04:00:00 -0400 (EDT) From: Paul Robinson Subject: Did they have an address for Hillary? Someone wrote me to ask: > Thank you for relaying information concerning the high-tech > White House. Did they have an address for Hillary? I can't > imagine her suffering first.lady@whitehouse.gov. Seriously, > I need to get to her press secretary. I wanted to see if there was anything: % telnet telnet> open whitehouse.gov 25 Trying 198.137.240.100 ... Connected to whitehouse.gov. Escape character is '^]'. 220 SMTP/smap Ready. helo 250 Charmed, Im sure. vrfy hillary 250 "250" in this case, is an "ok" indicating the mail-server receiving the request considers the address to be valid. So try that, then: hillary@whitehouse.gov That will probably go to one of the clerks that handles her correspondence. Paul Robinson -- TDARCOS@MCIMAIL.COM ------------------------------ End of RISKS-FORUM Digest 14.69 ************************