Subject: RISKS DIGEST 14.84 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 17 August 1993 Volume 14 : Issue 84 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Re: BARFmail and other list headaches (Dennis G. Rears) Prototype voice-operated ATM (Malcolm Butler) Filling Station Ripoff (Matt Healy) President Clinton's Tax Plan (Richard Schroeppel) Terminal Consternation (A. Padgett Peterson) Preserving electronic memos -- a serious problem (Bob Frankston) Call for Clipper Comments (Dave Banisar) Call for papers -- 2nd Workshop on Feature Interactions (Nancy Griffeth) Call for papers IFIP SEC'94 Caribbean (F. Bertil Fortrie) The RISKS Forum is a moderated digest discussing risks; comp.risks is its USENET counterpart. Undigestifiers are available throughout the Internet, but not from RISKS. Contributions should be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to risks@csl.sri.com, with appropriate, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. PLEASE SEND REQUESTS FOR SUBSCRIPTIONS, archive problems, and other information to risks-request@csl.sri.com (not automated). BITNET users may subscribe via your favorite LISTSERV: "SUBSCRIBE RISKS". Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 14, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. If you are interested in receiving RISKS via fax, please send E-mail to risks-fax@vortex.com, phone +1 (310) 455-9300, or fax +1 (310) 455-2364 for information regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; instead, as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Tue, 17 Aug 93 15:46:22 EDT From: "Dennis G. Rears" Subject: Re: BARFmail and other list headaches (PGN in RISKS-14.82) I guess you can say that one risks of BARFmail is that if it gets to a certain point, volunteers will just say no. I run an exploder list for RISKS for all U.S. military and government sites. I also run the mail list for the Computer Privacy Digest. In each case I have seen an increasing amount of BARFmail, broken mailers, people with improper addresses, and general incompetence among many postmasters. I use to spend 15-45 minutes a week in mail list maintenance. Now it is close to three hours a week. With every Risks Digest that is sent out I get back 3-4 error messages; with the Computer Privacy Digest, I get about 10. As a subscriber, o You should ensure that you have enough space in your mailbox for the lists that you subscribe to. o If you domain address changes, please let us know. o If your account is canceled, please let us know. The system administrator as part of his job should ensure that: o All outgoing mail is stamped properly so that replies can be sent back. - Several times a month I get add requests from as opposed to . I have to go through the received lines to get a valid email address. o Send rejected mail to the right place: - It should go to the Errors-To, Reply-to, List-request address. I had to stop my notification service front the CPD thanks to a badly configured mailer. o There are military machines that use subhosts, which is in violation of RFC 822. I have to source route these (name%subhost@realhost) in the mail list. I am talking about the Sperry hosts that a lot of military sites use. These STILL DON'T use DNS aka nameservers. dennis [I am exceedingly grateful to Dennis, who handles .mil and .gov RISKS traffic for me, and also to Lindsay.Marshall@newcastle.ac.uk who provides a similar indirection service for RISKS readers in the U.K. Anything you can do to make their lives and mine simpler with respect to E-mail addresses would be greatly appreciated. PGN] ------------------------------ Date: Mon, 16 Aug 93 1:25:39 EST From: malb@ee.uts.edu.au (Malcolm Butler) Subject: Prototype voice-operated ATM [RISKS readers may be interested in the following report from The Sydney Morning Herald, August 13, 1993). Malcolm Butler (malb@ee.uts.edu.au)] Your word is my command: ATM Researchers at the University of Queensland unveiled yesterday a prototype of what they say is the first voice-activated automatic teller machine (ATM). But in an embarrassing moment during a media demonstration, a mock ATM incorrectly accepted the voice od a female journalist and allowed her to gain access to the "funds" of a male researcher. It was quickly pointed out that the machines accuracy would improve with fine-tuning and that security was the opposite of convenience. A second imposter who tried to con the machine was unsuccessful. All he could extract from it was a wicked cackle. The system uses the new technology of artificial neural networks ... It verifies customers' identities by comparing their voices with samples that have been stored on a computer. This aural equivalent of a fingerprint is good news for those who have trouble remembering their personal identification numbers but, unfortunately, the system, still has a few glitches. It accepts 10 per cent of imposters, rejects 1 per cent of true customers and may not be sympathetic if you have a cold, are drunk, or your voice sounds different. ``It may turn out that it would be a good idea for you to go in sometime and leave a voice sample when you have a cold so that it can recognise you when you are in that situation," said one of the project's researchers, Professor Tom Downs. [...] The researchers say the system could also be used for credit card or banking transactions by telephone and for allowing entry into restricted buildings. Their next project will be to develop a system which allows free conversations between ATMs and customers. Professor Downs said several voice-verification systems had been developed overseas but were relatively unsophisticated. ------------------------------ Date: Fri, 30 Jul 1993 00:45:52 GMT From: matt@wardsgi.med.yale.edu (Matt Healy) Subject: Filling Station Ripoff On Thursday afternoon, 29 July, WCBS Radio (NYC) broadcast an interview with a city official about a new scam: modifying the circuit board of a gas pump controller so the pumps will deliver less gasoline than indicated by the display. He characterized this as "just old fashioned cheating, using new technology." In one case, his inspector discovered that the pump delivered about 5 gallons while indicating 7 gallons. He said his department will be stepping-up inspections, but of course they cannot check every filling station at once! He advised motorists to keep records of gas purchases and odometer readings, and report any suspicious sales immediately. He said several offenders have already been caught in this manner--an alert citizen noticed the short delivery amounts. Matt Healy matt@wardsgi.med.yale.edu Dept of Genetics (WardLab-SHM I-148) 333 Cedar Street NEW HAVEN, CT 06510 ------------------------------ Date: Tue, 17 Aug 1993 11:28:11 MST From: "Richard Schroeppel" Subject: President Clinton's Tax Plan With the passage of the new budget, the IRS has shifted into high gear. One provision of the bill imposes the higher rates retroactively to Jan 1. Last Thursday night (Aug 12) our local TV news did a story about a Tucson small-businessman who received a tax bill for $72G. They showed the bill, it looked real, including low order digits, properly placed commas & decimal point, etc. Apparently the man was a real slacker; about half the amount was for interest & penalties. The IRS had no immediate comment, but apparently this man was not the only recipient of such a bill. Now it seems to me, that if this guy & his five friends would just pay their fair share, instead of whining to the media, we'd have this deficit thing licked in no time. Way to go, Prez! The RISK here should be apparent to all programmers: When laying out your printed forms, be sure to allow extra space in the numeric fields. Always use double precision for money amounts. It's stupid to have a program break just because some intermediate value is unexpectedly large, or to not have room on the form for a big amount. The constants for interest rates & penalties should be specified to high enough precision, so that the cents are calculated accurately. Clearly the IRS hires pros: These guys really know their stuff! All their commas and periods lined up exactly, no extra punctuation, nothing out of place, even a properly placed floating dollar sign. Too often, RISKS concentrates on the failures and screwups. It's high time that we recognized the people who do it right, and celebrate a job well done. The hard working programmers behind the tax bills often go unacknowledged. Let's show them our appreciation. Tax programmers, I take my hat off to you! Rich Schroeppel rcs@cs.arizona.edu ------------------------------ Date: Tue, 17 Aug 93 15:40:21 -0400 From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson) Subject: Terminal Consternation (csvcjld, RISKS-14.82) >If the bytes are uniformly distributed, there is a good chance they >are encrypted. > [But NOT NECESSARILY. ... simplifications are tricky. PGN] The whole subject is tricky. Functionally, there is no real difference between compression and encryption other than degree of difficulty in breaking 8*). Run the compressed file through UUENCODE or a TEKHEX generator and we are back to a non-random string. (BTW XXENCODE permits use of a user-supplied table -- is this Encryption ?). I *suspect* that the telco filter is very simplistic - could just be interrupting the connection on an XOFF (Ctrl-S or 13h). Might not even be deliberate. Point is that it is easy to disguise text as binary, slightly more difficult to make binary look like text, but not impossible, engineers have been doing it for years - "I didn't know you were *trying* to block binary, it just looked like a faulty design." Padgett ------------------------------ Date: Mon, 16 Aug 1993 21:00 -0400 From: Bob_Frankston@frankston.com Subject: Preserving electronic memos -- a serious problem A recent New York Times featured a policy wherein all electronic correspondence among people at the White House must be preserved. As Oliver North discovered, email can be forever. More to the point is Richard Nixon's experience. Once he recorded all his phone conversations, he exposed himself to having them subpoenaed! Here is an example where the reality of electronic communications and our legal systems are seriously out of step. Essentially all business records and, I wouldn't be surprised, all personal records, can be subpoenaed. In the government, many of the records must be supplied upon request. (A reader with more expertise can clarify the legal aspects of this). It can be quite disconcerting to discover that a private memo citing the possibility that a chemical might cause cancer surfaces twenty years later to prove that your company knew about the danger and failed to act. On the other hand, such exposure is often necessary to uncover criminal behavior. Let's assume that a balance has been struck over the year between the publics need to know and the requirements of privacy for classic paper documents. While this might be a big assumption, it is the status quo. One develops defenses such as a paperless office (i.e., never write anything down, just discuss it in person or on the phone) or shredding memos upon reading them. These aren't perfect as the Nixon experience shows and when participates choose to, or accidentally preserve information. This all changes when the normal means of conversations leaves an indelible trail. While this policy cites email, bits is bits and as we shift to digital PBXes in which text, voice, images are all stored in the same pool, we have lost all privacy. Unfortunately, this issue was not explicitly faced in the 1700's and thus there was no provision in the constitution. There are those that argue that there is no right to privacy in a commercial setting, that an employer has a right to tape all conversations on premises and install video cameras in every nook and cranny. And some have. After all, who knows how many rest room visits were just a way to take a break without accomplishing anything. But it also means a world that doesn't allow tentative thinking, questioning of the norm, diplomacy or correction. It is a world where all ones inner thoughts are exposed to analysis and criticism without a chance to refute or comment. It is a world where innocuous behavior might resurface twenty years later and be judged in an entirely different world. It is a world that guarantees mediocrity since any behavior that doesn't reinforce the popular images of the majority (even if it is not a real majority) will result in disgrace. Sadly, the problem is not easy to solve. The opposite extreme of a world with no paper trail can be a conspiratorial world where all behavior is hidden and thus is suspect, if not corrupt. I don't have easy answers but am concerned that people should be aware that while email might be the successor to the paper memo, it is much more than that and extending an old policy can have serious, and unexpected, ramifications. Is a world with perfect memory better than one without history? ------------------------------ Date: Tue, 17 Aug 1993 14:23:16 EST From: Dave Banisar Subject: Call for Clipper Comments The National Institute of Standards and Technology (NIST) has issued a request for public comments on its proposal to establish the "Skipjack" key-escrow system as a Federal Information Processing Standard (FIPS). The deadline for the submission of comments is September 28, 1993. The full text of the NIST notice follows. CPSR is urging all interested individuals and organizations to express their views on the proposal and to submit comments directly to NIST. Comments need not be lengthy or very detailed; all thoughtful statements addressing a particular concern will likely contribute to NIST's evaluation of the key-escrow proposal. The following points could be raised about the NIST proposal (additional materials on Clipper and the key escrow proposal may be found at the CPSR ftp site, cpsr.org): * The potential risks of the proposal have not been assessed and many questions about the implementation remain unanswered. The NIST notice states that the current proposal "does not include identification of key escrow agents who will hold the keys for the key escrow microcircuits or the procedures for access to the keys." The key escrow configuration may also create a dangerous vulnerability in a communications network. The risks of misuse of this feature should be weighed against any perceived benefit. * The classification of the Skipjack algorithm as a "national security" matter is inappropriate for technology that will be used primarily in civilian and commercial applications. Classification of technical information also limits the computing community's ability to evaluate fully the proposal and the general public's right to know about the activities of government. * The proposal was not developed in response to a public concern or a business request. It was put forward by the National Security Agency and the Federal Bureau of Investigation so that these two agencies could continue surveillance of electronic communications. It has not been established that is necessary for crime prevention. The number of arrests resulting from wiretaps has remained essentially unchanged since the federal wiretap law was enacted in 1968. * The NIST proposal states that the escrow agents will provide the key components to a government agency that "properly demonstrates legal authorization to conduct electronic surveillance of communications which are encrypted." The crucial term "legal authorization" has not been defined. The vagueness of the term "legal authorization" leaves open the possibility that court-issued warrants may not be required in some circumstances. This issue must be squarely addressed and clarified. * Adoption of the proposed key escrow standard may have an adverse impact upon the ability of U.S. manufacturers to market cryptographic products abroad. It is unlikely that non-U.S. users would purchase communication security products to which the U.S. government holds keys. Comments on the NIST proposal should be sent to: Director, Computer Systems Laboratory ATTN: Proposed FIPS for Escrowed Encryption Standard Technology Building, Room B-154 National Institute of Standards and Technology Gaithersburg, MD 20899 Submissions must be received by September 28, 1993. CPSR has asked NIST that provisions be made to allow for electronic submission of comments. Please also send copies of your comments on the key escrow proposal to CPSR for inclusion in the CPSR Internet Library, our ftp site. Copies should be sent to . [Federal Register Vol 58 No 145, NIST, Docket No. 930659-3159, RIN 0693-AB19, "A Proposed Federal Information Processing Standard for an Escrowed Encryption Standard (EES)", 58 FR 40791, Friday, July 30, 1993 is available for anonymous FTP on CRVAX.SRI.COM in the RISKS: archive directory, with file name RISKS-14.84N, of from Dave Banisar . PGN] ------------------------------ Date: Wed, 11 Aug 93 16:22:54 GMT From: nancyg@banshee.bellcore.com (Nancy Griffeth) Subject: Call for papers -- 2nd Workshop on Feature Interactions Feature interactions can create security loopholes or even bring the public telephone network down. Since various critical systems -- emergency services and airport control towers -- depend on the telephone network, the subject is relevant to RISKS. For more information, I would refer readers to the August 1993 issues of Computer and Communications magazines, especially the introductory articles and the paper by Kuhn et. al., ``Improving Public Switched Network Security in an Open Environment'' in Computer, pp. 32-35. Also, Cameron and Lin published a paper in the Proceedings of the 1991 SIGSOFT Conference on Software for Critical Systems, ``A Real-Time Transition Model for Analyzing Behavioral Compatibility of Telecommunications Services''. Otherwise, little work has been published on approaches that can protect the network and its users from potential effects of feature interactions, so responses from people who have worked on other critical systems would be most welcome. CALL FOR PARTICIPATION Second International Workshop on Feature Interactions in Telecommunications Software Systems Amsterdam, The Netherlands May 9-10, 1994 This workshop is the second in a series, whose mission is to encourage researchers from a variety of computer science specialties (software engineering, protocol engineering, distributed artificial intelligence, formal techniques, software testing, and distributed systems, among others) to apply their techniques to the feature interaction problem that arises in building telecommunications software systems (see the back page for a description of the problem). We welcome papers on avoiding, detecting, and/or resolving feature interactions using either analytical or structural approaches. Submissions are encouraged in (but are not limited to) the following topic areas: - Classification of feature interactions. - Modeling, reasoning, and testing techniques for detecting feature interactions. - Software platforms and architecture designs to aid in avoiding, detecting, and resolving feature interactions. - Tools and methodologies for promoting software compatibility and extensibility. - Mechanisms for managing feature interactions throughout the service life-cyle. - Management of feature interactions in PCS, ISDN, and Broadband services, as well as IN services. - Management of feature interactions in various of the operations support functions such as Service Negotiation, Service Management, and Service Assurance. - Feature Interactions and their potential impact on system Security and Safety. - Environments and automated tools for related problems in other software systems. - Management of Feature Interactions in various proposed architectures such as TMN, INA, ROSA, CASSIOPEIA, SERENITE, or PLATINA. FORMAT We hope to promote a dialogue among researchers in various related areas, as well as the designers and builders of telecommunications software. To this end, the workshop will have sessions for paper presentations, including relatively long discussion periods. Panel discussions and tool demonstrations are also planned. ATTENDANCE Workshop attendance will be limited to 90 people. Attendance will be by invitation only. Prospective attendees are asked to submit either a paper (maximum 5000 words) or a single page description of their interests and how they relate to the workshop. About 16-20 of the attendees will be asked to present talks. We will strive for an equal mix of theoretical results and practical experiences. Papers will be published in a conference proceedings. SUBMISSIONS Please send five copies of your full original paper or interest description to: Wiet Bouma PTT Research, Dr. Neher Laboratories PO Box 421 or St. Paulusstraat 4 2260 AK Leidschendam 2264 XZ Leidschendam The Netherlands The Netherlands E-mail: L.G.Bouma@research.ptt.nl Tel: +31 70 332 5457 FAX: +31 70 332 6477 IMPORTANT DATES: November 15, 1993: Submission of contributions. January 15, 1993: Notification of acceptance. February 15, 1993: Submission of camera-ready versions. WORKSHOP CO-CHAIRPERSONS Wiet Bouma & Hugo Velthuijsen (PTT, The Netherlands) PROGRAM COMMITTEE Chair: E. Jane Cameron (Bellcore, USA) [Rest deleted. Request it. PGN] ------------------------------ Date: Wed, 11 Aug 1993 01:49 +0100 From: fortrie@cipher.nl Subject: Call for papers IFIP SEC'94 Caribbean Sender: "Dr. F. Bertil Fortrie" Call for Papers IFIP SEC'94 - updated information August 1993 Technical Committee 11 - Security and Protection in Information Processing Systems - of the UNESCO affiliated INTERNATIONAL FEDERATION FOR INFORMATION PROCESSING - IFIP, announces: Its TENTH INTERNATIONAL INFORMATION SECURITY CONFERENCE, IFIP SEC'94 TO BE HELD IN THE NETHERLANDS ANTILLES (CARIBBEAN), FROM MAY 23 THROUGH MAY 27, 1994. Organized by Technical Committee 11 of IFIP, in close cooperation with the Special Interest Group on Information Security of the Dutch Computer Society and hosted by the Caribbean Computer Society, the TENTH International Information Security Conference IFIP SEC'94 will be devoted to advances in data, computer and communications security management, planning and control. The conference will encompass developments in both theory and practise, envisioning a broad perspective of the future of information security. The event will be lead by its main theme "Dynamic Views on Information Security in Progress". Papers are invited and may be practical, conceptual, theoretical, tutorial or descriptive in nature, addressing any issue, aspect or topic of information security. Submitted papers will be refereed, and those presented at the conference, will be included in the formal conference proceedings. Submissions must not have been previously published and must be the original work of the author(s). Both the conference and the five tutorial expert workshops are open for refereed presentations. The purpose of IFIP SEC'94 is to provide the most comprehensive international forum and platform, sharing experiences and interchanging ideas, research results, development activities and applications amongst academics, practitioners, manufacturers and other professionals, directly or indirectly involved with information security. The conference is intended for computer security researchers, security managers, advisors, consultants, accountants, lawyers, edp auditors, IT, adminiatration and system managers from government, industry and the academia, as well as individuals interested and/or involved in information security and protection. IFIP SEC'94 will consist of a FIVE DAY - FIVE PARALLEL STREAM - enhanced conference, including a cluster of SIX FULL DAY expert tutorial workshops. In total over 120 presentations will be held. During the event the second Kristian Beckman award will be presented. The conference will address virtually all aspects of computer and communications security, ranging from viruses to cryptology, legislation to military trusted systems, safety critical systems to network security, etc. The six expert tutorial workshops, each a full day, will cover the following issues: Tutorial A: Medical Information Security Tutorial B: Information Security in Developing Nations Tutorial C: Modern Cryptology Tutorial D: IT Security Evaluation Criteria Tutorial E: Information Security in the Banking and Financial Industry Tutorial F: Security of Open/Distributed Systems Each of the tutorials will be chaired by a most senior and internationally respected expert. The formal proceedings will be published by Elsevier North Holland Publishers, including all presentations, accepted papers, key-note talks, and invited speeches. The Venue for IFIP SEC'94 is the ITC World Trade Center Convention Facility at Piscadera Bay, Willemstad, Curacao, Netherlands Antilles. A unique social program, including formal banquet, giant 'all you can eat' beach BBQ, island Carnival night, and much more will take care of leisure and relax time. A vast partners program is available, ranging from island hopping, boating, snorkeling and diving to trips to Bonaire, St. Maarten, and Caracas. A special explorers trip up the Venezuela jungle and the Orinoco River is also available. For families a full service kindergarten can take care of youngsters. The conference will be held in the English language. Spanish translation for Latin American delegates will be available. Special arrangements with a wide range of hotels and appartments complexes in all rate categories have been made to accommodate the delegates and accompanying guests. (*) The host organizer has made special exclusive arrangements with KLM Royal Dutch Airlines and ALM Antillean Airlines for worldwide promotional fares in both business and tourist class. (**) (*)(**) Our own IFIP TC11 inhouse TRAVEL DESK will serve from any city on the globe. All authors of papers submitted for the referee process will enjoy special benefits. Authors of papers accepted by the International Referee Committee will enjoy extra benefits. If sufficient proof (written) is provided, students of colleges, universities and science institutes within the academic community, may opt for student enrollment. These include special airfares, appartment accommodations, discounted participation, all in a one packet prepaid price. (Authors' benefits will not be affected) ************************** INSTRUCTIONS FOR AUTHORS ************************** Five copies of the EXTENDED ABSTRACT, consisting of no more than 25 double spaced typewritten pages, including diagrams and illustrations, of approximately 5000 words, must be received by the Program Committee no later than November 15th, 1993. We regret that electronically transmitted papers, papers on diskettes, papers transmitted by fax and handwritten papers are not accepted. Each paper must have a title page, which includes the title of the paper, full names of all author(s) and their title(s), complete address(es), including affiliation(s), employer(s), telephone/fax number(s) and email address(es). To facilitate the blind refereeing process the author(s)' particulars should only appear on the separate title page. The language of the conference papers is English. The first page of the manuscript should include the title, a keyword list and a 50 word introduction. The last page of the manuscript should include the reference work (if any). Authors are invited to express their interest in participating in the contest, providing the Program Committee with the subject or issue that the authors intend to address (e.g. crypto, viruses, legal, privacy, design, access control, etc.) This should be done preferably by email to < TC11@CIPHER.NL >, or alternately sending a faxmessage to +31 43 619449 (Program Committee IFIP SEC'94) The extended abstracts must be received by the Program Committee on or before November 15th, 1993. Notification of acceptance will be mailed to contestants on or before December 31, 1993. This notification will hold particular detailed instructions for the presentation and the preparation of camera ready manuscripts of the full paper. Camera ready manuscripts must be ready and received by the Program Committee on or before February 28, 1994. If you want to submit a paper, or you want particular information on the event, including participation, please write to: IFIP SEC'94 Secretariat, Postoffice Box 1555, 6201 BN MAASTRICHT THE NETHERLANDS - EUROPE or fax to IFIP SEC'94 Secretariat: +31 43 619449 (Netherlands) or email to TC11@CIPHER.NL ------------------------------ End of RISKS-FORUM Digest 14.84 ************************