Subject: RISKS DIGEST 14.74 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 6 July 1993 Volume 14 : Issue 74 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Major New York Telephone outage: cable cut in Mount Vernon (John Hawkinson) Another mobile phone RISK hits "Sunset Boulevard" (Jonathan I. Kamens) German Bundestag microphones STILL not working (Debora Weber-Wulff) Strasbourg A320 crash: "Pilot Error" - Official! (Pete Mellor) The great bancard network breakdown (Bertrand Meyer) UK National Savings "computer problem" (Jonathan Bowen) An extreme risk of poor computer security (Ross Anderson) 2 Men Arrested in Bogus Connecticut ATM Fraud (PGN) Digital Signature Patents (Noah Friedman) The RISKS Forum is a moderated digest discussing risks; comp.risks is its Usenet counterpart. Undigestifiers are available throughout the Internet, but not from RISKS. Contributions should be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with appropriate, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 14, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. For information regarding delivery of RISKS by FAX, phone 310-455-9300 (or send FAX to RISKS at 310-455-2364, or EMail to risks-fax@vortex.com). ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: 1 Jul 1993 00:06:21 -0400 From: jhawk@Panix.Com (John Hawkinson) Subject: Major New York Telephone outage: cable cut in Mount Vernon According to New York Telephone, there has been a cut trunk (cable) in Mount Vernon, NY, causing a major service disruption. The estimated time for completion of repair is 5:00pm Friday! The disruption has the following effects: * A large number (all?) of 914 (Westchester, including Yonkers, White Plains, etc.) numbers are unreachable from 212 (and perhaps other places). You get an ``all circuits busy'' message. * A large number (all?) of 212 numbers are unreachable from most of 914. You just get a fast busy. * At least some 914 numbers are unreachable from 914. Again, just a fast busy. This might be dependent on your switch (my switch, which covers 914-969 and some others, is a 1AESS). * Many phone services are unreachable from 914 (for me, at least), such as 411 and 555-1212 (directory assistance), 0 (the local operator), 211 (automated/manual credit), and in some instances, 611 (repair). I was successful getting through to repair via 890-6611, once, and via 611 once. As I said above, New York Telephone's latest estimate is that the problem will be repaired by 5:00pm Friday. Apparently a construction firm cut a trunk (perhaps more than one) to cause this problem. To go around the problem, you should be able to route your calls through AT&T, MCI, Sprint, or another long distance company, by dialing 10XXX-1-nnn-mmm-mmmm Where 10XXX is a carrier access code, like: 10288 for AT&T 10333 for Sprint 10222 for MCI and 10698 for NYTelephone (ha, ha) nnn is the area code (might not be necessary if you're in the same area code as the number you're trying to reach), and mmm-mmmm is the phone number (exchange and unit #). Followups to ny.general, please. John Hawkinson, jhawk@panix.com ------------------------------ Date: Fri, 2 Jul 93 16:35:44 -0400 From: "Jonathan I. Kamens" Subject: Another mobile phone RISK hits "Sunset Boulevard" (Quoted from the "Names & Faces" column, by Michael Blowen, in the Friday, July 2, 1993 edition of The Boston Globe. I believe this is a short enough excerpt to constitute "fair use.") Moving sets a musical mystery The British opening of Andrew Lloyd Webber's $5 million musical, "Sunset Boulevard," was delayed 13 days because the scenery was mysteriously shifting on its own, as if -- dare we say it? -- there was a Phantom of the Theater. Webber discovered the glitch when he visited the theater. "I made a call on my mobile phone and the set moved," he told The New York Times. "I made a second call and it moved again." Hydraulic valves powering the sets were apparently touched off the the transmissions. [The RISKS Archives include a performance of A Chorus Line attended by President Ford that was plunged into darkness by a Secret Service walkie-talkie, wiping out the lighting board CMOS memory. PGN] (Although it's not exactly a RISK, the following tidbit appears right before the one given above, and is perhaps worth mentioning because many RISKS readers will probably find it amusing: Making a ruckus about silence IBM wants a little credit for a room of quiet. The computer giant has applied to the Guinness Book of Records to get its echoless test chamber that eliminates 99.99 percent of noise listed as the quietest place on Earth. "With the door closed, this place is quieter than a morgue," said Bob Waters, an IBM acoustical engineer. Sound-absorbing fiberglass wedges cover the room's concrete walls, door and ceiling. IBM uses its chamber in Boca Raton for testing computer equipment. The "dead room" at Bell Telephone System laboratory in Murray Hill, N.J., holds the quietest-room record, according to the 1992 Guinness book. It eliminates 99.98 percent of noise. Jonathan Kamens Geer Zolot Associates jik@GZA.COM ------------------------------ Date: Thu, 24 Jun 1993 07:15:24 GMT From: dww@math.fu-berlin.de (Debora Weber-Wulff) Subject: German Bundestag microphones still not working [RISKS-14.19] Hopes that the new chamber for the German parliament, the Bundestag, would be ready before the summer break have not been fulfilled. The computer controlled microphone system did not work as expected. The Tagespiegel in Berlin gleefully printed a picture this morning of the current testing in progress: to simulate a "full house" the company has put empty cardboard boxes at each place. [Can we deduce from this that if they now get it to work, the parliamentarians are analogous to empty boxes :-) ? -dww] It seems a major problem in the previous system was that it was only tested in the empty chamber. Debora Weber-Wulff, Professorin fuer Softwaretechnik, Technische Fachhochschule Berlin, FB Informatik, Luxemburgerstr. 10, 13353 Berlin, ------------------------------ Date: Mon, 28 Jun 93 12:16:47 BST From: Pete Mellor Subject: Strasbourg A320 crash: "Pilot Error" - Official! In France-Soir of Monday 10th May (which was recently sent to me by a friend) there is a report that the Commission of Enquiry into the crash of an A320 near Strasbourg on 20th January 1992 is about to deliver its final report. (Given the date of the report, it has probably already done so.) The conclusion on the cause of the accident is "pilot error". The main error was the confusion of the "flight-path angle" (FPA) and "vertical speed" (V/S) modes of descent, selected on the Flight Management and Guidance System (FMGS) console. The pilots were inadvertently in V/S when they should have been in FPA mode. The error was not noticed on the console itself, due to the similarity of the number format display in the two modes. The other cues on the Primary Flight Display (PFD) screen and elsewhere (e.g., altitude and vertical speed indicator) were not noticed since the pilots were overloaded following a last-minute change of flight plan, and presumably were concentrating on the Navigational Display. The actions of the ATC did not help the situation. The result was that the aircraft descended at a vertical speed of 1100 metres/minute when it was only 1500 metres above the terrain. Following the accident, the rescue teams took 2 hours to find the crash site, which probably led to the deaths of between 6 and 20 passengers who had survived the impact, and could have been saved by prompt attention. This in turn was partly due to chaotic organisation, plus the fact that the emergency radio beacon was destroyed on impact. Further details when I have had time to translate the report properly, or get hold of a copy of the final report. Peter Mellor, Centre for Software Reliability, City University, Northampton Sq., London EC1V 0HB, Tel: +44(0)71-477-8422, JANET: p.mellor@csr.city.ac.uk ------------------------------ Date: Wed, 30 Jun 1993 11:22:28 -0700 From: bertrand@eiffel.com (Bertrand Meyer) Subject: The great bancard network breakdown The following is excerpted from Le Monde dated Tuesday, 29 June 1993, page 18. Translation and ellipses by Bertrand Meyer. A Black Week-End for Automatic Teller Machines THE GREAT BANKCARD NETWORK BREAKDOWN - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Background (from the end of the article) [All bankcards issued in France, but in France only, now have a built-in chip.] The famous [bankcard chip] has suffered many infantile problems. And for several months the Anglo-Saxon press has criticized French merchants, who sometimes reject foreign bankcards under the pretext that they don't have a chip. [Note by BM: I have a ``foreign'' card but have not encountered such a problem.] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Now for the recent incident: Last week-end was tough for many of the 21 million French people who have a bankcard. They had the unpleasant surprise of being almost unable to use it on Saturday the 26th and Sunday the 27th, whether to withdraw money from ATMs or to pay merchants. All because the computers in charge of authorizing payments to close to 40% of current cards were down for almost thirty hours. The loss to businesses, already hurt by the recession, is hard to evaluate; but the French bankcard system, touted as a little marvel of technology and safety, has just shown its limits. [...] The collapse was caused by a breakdown of the Sligos company's computers, which manage withdrawal and payment authorizations for close to half of the cards. Banks such as BNP and Societe Generale, which have their own computer servers for bankcard processing, were not affected. [Several paragraphs describe how various businesses tried to cope with the problem, with examples from Air France, Eurodisney etc.] On an average day transactions amount to five million operations amounting to 2 billion francs. The bankcard system has been presented as a symbol of the edge that French banks have acquired. What characterizes it in principle is both safety, thanks to the built-in chip, and flexibility, thanks to the ability for cardholders to withdraw money from 17,400 ATMs and buy from 520,000 merchants. But the system had already shown worrying signs of fragility. Last autumn [...] some operations were charged twice. The history of bankcards in France goes back to the beginning of the seventies with the creation of the GIE [consortium] ``Carte Bleue'', followed in 1984 by another GIE called Carte Bancaire [Bank Card]. [...] In ten years of constant investments amounting to several billion francs, the little plastic card has acquired a hologram and a chip and [...] has become indispensable. It seems incredible, then, that safety and relay mechanisms, as present in all sensitive computer systems, were not able to prevent last weekend's giant breakdown. Aside from a few isolated cases [DETAILS PLEASE! BM] the 30-hour service interruption has not had any really tragic consequences; it could have if the system's functioning had been interrupted for a longer period. One may indeed wonder whether the forced-march development of electronic money, ``monetics'', does not put a country's economy at the mercy of a breakdown. Last year more than two billion operations were performed in France with bankcards, for a total amount of 718 billion francs, 475 billion for payments and 243 billion for withdrawals. ------------------------------ Date: Thu, 24 Jun 93 15:55:22 BST From: Jonathan.Bowen@prg.ox.ac.uk Subject: UK National Savings "computer problem" Yesterday I received a printed letter from the UK government National Savings Deposit Bonds centre: Dear Customer, I am sorry to tell you that the most recent Anniversary Certificate you received for this bond is incorrect. The Deposit Bond interest rate changed from 8% to 7% on 26 December 1992. But because of a computer problem this change was not reflected on your certificate. So the amount of interest and the bond value shown are higher than they should be. I enclose a replacement certificate ... I suspect this letter and replacement certificates must have been sent to a great many people. As usual the computer rather than the programmer is blamed for the error. It's a hard life with not much redress being a computer! Jonathan Bowen, Oxford University ------------------------------ Date: Tue, 22 Jun 1993 16:11:19 +0100 From: Ross.Anderson@cl.cam.ac.uk Subject: An extreme risk of poor computer security A couple of weeks ago, Michelle and Lisa Taylor were acquitted (on appeal) of the murder of Alison Shaughnessy. This judgment freed them from serving life imprisonment. An automatic teller machine transaction (since believed to have been a fraud or a processing error) placed the sisters near the scene of this murder. The police did the rest; the appeal court found that they had framed the sisters, and had deliberately suppressed a witness statement which cleared them (this witness had stated that one of the two suspects seen leaving the scene of the crime was black, while the Taylors are white). Thus Michelle and Lisa ended up being convicted of murder in the lower court. During the appeal, their counsel did not raise the issue of the bogus ATM transaction which caused the trouble, as he was already accusing the police of lying about the evidence and did not want to complicate matters by accusing the banking industry of lying too. Nonetheless the story is now out, and it shows that the risk of poor computer security at your bank is not just a financial one. Ross Anderson, University Computer Laboratory Pembroke Street, Cambridge CB2 3QG, England rja14@cl.cam.ac.uk ------------------------------ Date: Tue, 6 Jul 93 11:34:29 PDT From: "Peter G. Neumann" Subject: 2 Men Arrested in Bogus Connecticut ATM Fraud (RISKS-14.59 et seq.) Alan Scott Pace, 30, and Gerald Harvey Greenfield, 50, were arrested on charges of credit card fraud, wire fraud, interstate transportation of stolen property, and conspiracy to commit a felony. Mr. Greenfield was also charged with bank fraud. (The planting of a bogus ATM in the Buckland Hills Mall in Manchester, Connecticut, was reported in RISKS-14.59.) Their arrest on 29 June was based on routine films of their having used genuine ATMs from which they allegedly withdrew more than $100,000, from the accounts whose numbers and PINs their Trojan-horse ATM had captured. Also seized were software, three handguns, bank-network stickers, a police scanner, and equipment to make phony bank cards, credit cards and passports. [Source: Article by Ari L. Goldman, N.Y. Times, 30 June 1993, B6.] New Hampshire subsequently informed Connecticut that Pace was wanted in New Hampshire for a string of nine jewelry scams in 1987. He had been under indictment in 1989 for running a fake jewelry store, but never showed up for arraignment. [From an AP item in the Boston Globe, 2 Jul 1993, p. 19.] ------------------------------ Date: Mon, 28 Jun 1993 07:48:33 GMT From: friedman@gnu.ai.mit.edu (Noah Friedman) Subject: Digital Signature Scandal Organization: Free Software Foundation, 675 Mass Ave. Cambridge, MA 02139 [The following is an official announcement from the League for Programming Freedom. Please redistribute this as widely as possible. [NF]] [Taking Noah at his word, several of you forwarded Noah's message to RISKS, including Paul Robinson , Roland B Roberts , and Sarah_M._Elkins.Wbst139@xerox.com. PGN] Digital Signature Scandal Digital signature is a technique whereby one person (call her J. R. Gensym) can produce a specially encrypted number which anyone can verify could only have been produced by her. (Typically a particular signature number encodes additional information such as a date and time or a legal document being signed.) Anyone can decrypt the number because that can be done with information that is published; but producing such a number uses a "key" (a password) that J. R. Gensym does not tell to anyone else. Several years ago, Congress directed the NIST (National Institute of Standards and Technology, formerly the National Bureau of Standards) to choose a single digital signature algorithm as a standard for the US. In 1992, two algorithms were under consideration. One had been developed by NIST with advice from the NSA (National Security Agency), which engages in electronic spying and decoding. There was widespread suspicion that this algorithm had been designed to facilitate some sort of trickery. The fact that NIST had applied for a patent on this algorithm engendered additional suspicion; despite their assurances that this would not be used to interfere with use of the technique, people could imagine no harmless motive for patenting it. The other algorithm was proposed by a company called PKP, Inc., which not coincidentally has patents covering its use. This alternative had a disadvantage that was not just speculation: if this algorithm were adopted as the standard, everyone using the standard would have to pay PKP. (The same patents cover the broader field of public key cryptography, a technique whose use in the US has been mostly inhibited for a decade by PKP's assiduous enforcement of these patents. The patents were licensed exclusively to PKP by the Massachusetts Institute of Technology and Stanford University, and derive from taxpayer-funded research.) PKP, Inc. made much of the suspect nature of the NIST algorithm and portrayed itself as warning the public about this. On June 8, NIST published a new plan which combines the worst of both worlds: to adopt the suspect NIST algorithm, and give PKP, Inc. an *exclusive* license to the patent for it. This plan places digital signature use under the control of PKP through the year 2010. By agreeing to this arrangement, PKP, Inc. shows that its concern to protect the public from possible trickery was a sham. Its real desire was, as one might have guessed, to own an official national standard. Meanwhile, NIST has justified past suspicion about its patent application by proposing to give that patent (in effect) to a private entity. Instead of making a gift to PKP, Inc., of the work all of us have paid for, NIST and Congress ought to protect our access to it--by pursuing all possible means, judicial and legislative, to invalidate or annul the PKP patents. If that fails, even taking them by eminent domain is better (and cheaper in the long run!) than the current plan. You can write to NIST to object to this giveaway. Write to: Michael R. Rubin Active Chief Counsel for Technology Room A-1111, Administration Building, National Institute of Standards and Technology Gaithersburg, Maryland 20899 (301) 975-2803. The deadline for arrival of letters is around August 4. Please send a copy of your letter to: League for Programming Freedom 1 Kendall Square #143 P.O.Box 9171 Cambridge, Massachusetts 02139 (The League for Programming Freedom is an organization which defends the freedom to write software, and opposes monopolies such as patented algorithms and copyrighted languages. It advocates returning to the former legal system under which if you write the program, you are free to use it. Please write to the League if you want more information.) Sending copies to the League will enable us to show them to elected officials if that is useful. This text was transcribed from a fax and may have transcription errors. We believe the text to be correct but some of the numbers may be incorrect or incomplete. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ** The following notice was published in the Federal Register, Vol. 58, No. 108, dated June 8, 1993 under Notices ** National Institute of Standards and Technology Notice of Proposal for Grant of Exclusive Patent License This is to notify the public that the National Institute of Standards and Technology (NIST) intends to grant an exclusive world-wide license to Public Key Partners of Sunnyvale, California to practice the Invention embodied in U.S. Patent Application No. 07/738.431 and entitled "Digital Signature Algorithm." A PCT application has been filed. The rights in the invention have been assigned to the United States of America. The prospective license is a cross-license which would resolve a patent dispute with Public Key Partners and includes the right to sublicense. Notice of availability of this invention for licensing was waived because it was determined that expeditious granting of such license will best serve the interest of the Federal Government and the public. Public Key Partners has provided NIST with the materials contained in Appendix A as part of their proposal to NIST. Inquiries, comments, and other materials relating to the prospective license shall be submitted to Michael R. Rubin, Active Chief Counsel for Technology, Room A-1111, Administration Building, National Institute of Standards and Technology, Gaithersburg, Maryland 20899. His telephone number is (301) 975-2803. Applications for a license filed in response to this notice will be treated as objections to the grant of the prospective license. Only written comments and/or applications for a license which are received by NIST within sixty (60) days for the publication of this notice will be considered. The prospective license will be granted unless, within sixty (60) days of this notice, NIST receives written evidence and argument which established that the grant of the license would not be consistent with the requirements of 35 U.S.C. 209 and 37 CFR 404.7. Dated: June 2, 1993. Raymond G. Kammer Acting Director, National Institute Standards and Technology. Appendix "A" The National Institute for Standards and Technology ("NIST") has announced its intention to grant Public Key Partners ("PKP") sublicensing rights to NIST's pending patent application on the Digital Signature Algorithm ("DSA"). Subject to NIST's grant of this license, PKP is pleased to declare its support for the proposed Federal Information Processing Standard for Digital Signatures (the "DSS") and the pending availability of licenses to practice the DSA. In addition to the DSA, licenses to practice digital signatures will be offered by PKP under the following patents: Cryptographic Apparatus and Method ("Diffie-Hellman") No. 4,200,770 Public Key Cryptographic Apparatus and Method ("Hellman-Merkle") No. 4,315,552 Exponential Cryptographic Apparatus and Method ("Hellman-Pohlig") No. 4,434,414 Method For Identifying Subscribers And For Generating And Verifying Electronic Signatures In A Data Exchange System ("Schnorr") No. 4,995,082 It is PKP's intent to make practice of the DSA royalty free for personal, noncommercial and U.S. Federal, state and local government use. As explained below, only those parties who enjoy commercial benefit from making or selling products, or certifying digital signatures, will be required to pay royalties to practice the DSA. PKP will also grant a license to practice key management, at no additional fee, for the integrated circuits which will implement both the DSA and the anticipated Federal Information Processing Standard for the "key escrow" system announced by President Clinton on April 16, 1993. Having stated these intentions, PKP now takes this opportunity to publish its guidelines for granting uniform licenses to all parties having a commercial interest in practicing this technology: First, no party will be denied a license for any reason other that the following: (i) Failure to meet its payment obligations, (ii) Outstanding claims of infringement, or (iii) Previous termination due to material breach. Second, licenses will be granted for any embodiment sold by the licensee or made for its use, whether for final products software, or components such as integrated circuits and boards, and regardless of the licensee's channel of distribution. Provided the requisite royalties have been paid by the seller on the enabling component(s), no further royalties will be owned by the buyer for making or selling the final product which incorporates such components. Third, the practice of digital signatures in accordance with the DSS may be licensed separately from any other technical art covered by PKP's patents. Fourth, PKP's royalty rates for the right to make or sell products, subject to uniform minimum fees, will be no more than 2 1/2% for hardware products and 5% for software, with the royalty rate further declining to 1% on any portion of the product price exceeding $1,000. These royalty rates apply only to noninfringing parties and will be uniform without regard to whether the licensed product creates digital signatures, verifies digital signatures or performs both. Fifth, for the next three (3) years, all commercial services which certify a signature's authenticity for a fee may be operated royalty free. Thereafter, all providers of such commercial certification services shall pay a royalty to PKP of $1.00 per certificate for each year the certificate is valid. Sixth, provided the foregoing royalties are paid on such products or services, all other practice of the DSA shall be royalty free. Seventh, PKP invites all of its existing licensees, at their option, to exchange their current licenses for the standard license offered for DSA. Finally, PKP will mediate the concerns of any party regarding the availability of PKP's licenses for the DSA with designated representatives of NIST and PKP. For copies of PKP's license terms, contact Michael R. Rubin, Acting Chief Counsel for Technology, NIST, or Public Key Partners. Dated: June 2, 1993. Robert B. Fougner, Esq., Director of Licensing, Public Key Partners, 310 North Mary Avenue, Sunnyvale, CA 94033 [FR Doc. 93-13473 Filed 8-7-93; 8:45 am] ------------------------------ End of RISKS-FORUM Digest 14.74 ************************