Subject: RISKS DIGEST 14.86 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Monday 23 August 1993 Volume 14 : Issue 86 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Everyone gets a 'A' for Welsh exam (Richard Clayton) Medicare checks for $0.01 (Bear Giles) E-mail privacy (Mich Kabay) Re: Child-Prodigy (Ed Ravin, Jeffrey I. Schiller) AT&T Security Authenticators (thomp962) Re: Remotely accessible answering machines (Mark A Biggar) Worrying about online education (Steve Talbott) NCSC 16 Announcement (Louise Reiner) The RISKS Forum is a moderated digest discussing risks; comp.risks is its USENET counterpart. Undigestifiers are available throughout the Internet, but not from RISKS. Contributions should be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to risks@csl.sri.com, with appropriate, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. PLEASE SEND REQUESTS FOR SUBSCRIPTIONS, archive problems, and other information to risks-request@csl.sri.com (not automated). BITNET users may subscribe via your favorite LISTSERV: "SUBSCRIBE RISKS". Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 14, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. If you are interested in receiving RISKS via fax, please send E-mail to risks-fax@vortex.com, phone +1 (310) 455-9300, or fax +1 (310) 455-2364 for information regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; instead, as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Mon, 23 Aug 93 17:32:02 GMT From: richard@locomotive.com (Richard Clayton) Subject: Everyone gets a 'A' for Welsh exam >From the 'The Guardian' (UK National paper) 23 Aug 1993 Exam blunder A computer blunder was blamed yesterday for wrongly awarding A grades to all 84 students who sat a Welsh Language exam. Corrected results with apologies were sent out by the Welsh Joint Education Committee after the error was discovered. [[ I assume these would be 'A Level' exams for 18 year olds because these results came out last week. Grade A is the highest level of pass. They are vital for University entrance, and the papers have been full of stories about the necessity to get good grades in order to get on a course this year because of cutbacks. There must be 84 rather worried kids out there whose plans may have to be changed! ]] Richard Clayton, Locomotive Software tel: +44 306 740606 Dorking Business Park, DORKING, Surrey, UK. RH4 1YL fax: +44 306 885529 ------------------------------ Date: Mon, 23 Aug 93 17:06:10 GMT From: bear@eagle.fsl.noaa.gov (Bear Giles) Subject: Medicare checks for $0.01 The 23 August issue of the _Rocky Mountain News_ (Denver) reports that numerous people (>100) have received Medicare reimbursement checks for $0.01. No, it was not a design error where no lower limit on checks was defined. It seems that Blue Cross and Blue Shield, Medicare provider for Colorado, recently changed software packages and the previous version had used a sum of "$0.01" to indicate that claims should be sent to review. The new software doesn't use "in-band" signaling and simply cut checks for the apparent amount. At least they used a *small* amount to use as signals. Imagine the consequences of choosing a large amount. Say, $9,999,999.99. Bear Giles bear@fsl.noaa.gov ------------------------------ Date: 07 Aug 93 09:04:09 EDT From: "Mich Kabay / JINBU Corp." <75300.3232@compuserve.com> Subject: E-mail privacy From UPI (United Press International) newswire (08/06 1259 Virginia News Briefs): City employee booted for snooping NEWPORT NEWS, Va. (UPI) -- A computer programmer employed by Newport News was fired for snooping on electronic mail between colleagues. The brief note says that the fired computer programmer admits having printed electronic mail between her colleagues, including "backbiting comments about coworkers ... [and]... sexually explicit love notes." She was fired for invasion of privacy and gross misconduct. Moral: (user version) email is no more private than snail mail. Act accordingly. Moral: (administrator version) email is as private as snail mail. Act accordingly. Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn ------------------------------ Date: Mon, 23 Aug 1993 16:54:03 -0400 From: Ed Ravin Subject: Re: Child-Prodigy -- clarification In RISKS-14.85, harrison@cs.ubc.ca writes: > As a supposed joke, a 14-year-old Seattle-area girl sent a Prodigy message > to her boyfriend in New Jersey containing a phony death threat ... > Known for its monitoring of messages, Prodigy alerted the police ... It should be pointed out that the "monitored message" that contained the phony death threat was NOT a person-to-person email message on Prodigy, but a public bulletin board post. Although Prodigy has a well-deserved reputation for controlling content on their bulletin boards, they do not monitor or interfere with private email. Federal law (ECPA 1986) also prohibits monitoring of email, and all responsible online services providers (including Prodigy :-) abide by the law. The occasional inability of police departments to distinguish between a joke and an actual threat is well-known -- one famous example is the Secret Services' assertion that Steve Jackson's GURPS Cyberpunk fantasy roleplaying game was really a "handbook for computer crime". One wonders what will happen if the police ever start reading bulletin boards like the average unmoderated Usenet newsgroup -- "Um, yes Officer, I know I posted on alt.flame.computers that all MS-DOS users deserved to die, but, er, I was only kidding around..." Disclaimer: I work for Prodigy as a telecommunications programmer, and these are my opinions only, not those of my employer. Ed Ravin, Prodigy Services Company, 445 Hamilton Avenue, White Plains NY 10601 elr@wp.prodigy.com eravin@panix.com +1 914 993 4737 ------------------------------ Date: Sun, 22 Aug 93 16:26:18 -800 From: jis@MIT.EDU (Jeffrey I. Schiller) Subject: Re: Child-Prodigy or Prodigy-Child? 14-year-old triggers alarms This note raises many very interesting issues. How did Prodigy know about the threat? Did the recipient (the boyfriend) report the message to them, or am I to read this message to indicate that Prodigy is monitoring personal mail between individuals? Let's assume so... It's a scary world we are entering if our personal communications are being monitored and judged by the "authorities". It's even worse when these "authorities" can misunderstand our words and make us pay for their trouble! Talk about chilling free speech! At MIT I supervise the campus computer network, the MIT portion of the Internet. We have an internal policy that we do *not* monitor messages between individuals. We, however, state that our staff *may* inadvertently encounter personal mail due to our maintenance activities (more then likely because the mail system barfs and the message is delivered to the dead letter bin for manual routing). Consistent with the ECPA of 1986, if we come across a message that indicates that something illegal is going on, we will notify law enforcement. However whatever action we or law enforcement takes is at our mutual risk if there is in fact no crime. I can easily envision a situation where we uncover a message that in part reads: "Tomorrow we will assassinate the leader of [insert your favorite country here]." We will no doubt notify the appropriate authorities. However, it may turn out that the message had to do with a role playing game where the actors were playing agents of various countries (such games do exist). In this context the above message would be quite innocent. However some significant resources may be expended (read: money spent) before this is determined. Who Pays? Does it really make sense to have the innocent message originator pay? That is what it sounds like Prodigy et al. believe! Big Brother is watching us... through our computers! -Jeff P.S. The scariest thing about services like Prodigy monitoring the mail is that People seem to tolerate it!!! ------------------------------ Date: Mon, 23 Aug 1993 09:11:28 -0400 (EDT) From: thomp962@armstrong.edu Subject: AT&T Security Authenticators I agree that AT&T is very willing to use alternate authenticators, but their security overall for Universal Card (MasterCard & Calling Card in one) is poor at best. To defend this assertion, I present the case of my new Universal Card, which, after delivery to a neighbor of mine who was required to eliminate dumping process water on my law, didn't arrive at all. No charges mind you, but AT&T did discuss the account with my neighbor, who phoned up and chatted about my credit line, cash machine PIN number, my age (he claimed I wasn't out of high school...), and best of all, the fact that my car had been repossessed last week (funny, I thought I paid cash for it). Anyway, AT&T's response was to pull three credit bureaus in one day, send me a new card, and not inform me of these little chats. I only found out when I wanted to get a new card air-expressed after I dry-cleaned mine. ------------------------------ Date: Mon, 23 Aug 93 14:56:18 PDT From: mab@wdl.loral.com (Mark A Biggar) Subject: Re: Remotely accessible answering machines (Shimomura, RISKS-14.85) This type of answering machine can become a physical security problem as well. My sister lives in a so called "high security" apartment building. To gain entry to visit someone, you enter their apartment number on a panel at the front door, the system then places a phone call to that apartment and provides a mic and speaker so you can talk to the person you want to visit. If they want to let you into the building, all they have to do is punch a code on their phone (#9 if I remember right). Now, my sister also has one of these smart answering machines, which of course is what answers if no-one is home. My sister was very startled when I showed her that if I knew the access code to her answering machine, I could program it to playback the signal to let me in the front door. Even a simpler machine with just remote playback can be spoofed this way. All you need is a pocket tape machine with a recording of the #9 tones, call the machine once to recorde the tones and call it a second time to play the tones back. Mark Biggar mab@wdl.loral.com ------------------------------ Date: Thu, 12 Aug 1993 17:31:09 GMT From: stevet@ora.com (Steve Talbott) Subject: worrying about online education I am cross-posting the following essay (1670 words) from the Consortium for School Networking discussion list. In this way I hope to find out whether the readership of comp.risks is at all interested in the more "hidden" issues posed by computers and network technology. By this I mean not so much questions of privacy, physical health, computer error, and so on, as those relating to the more subtle and intimate interrelationships between ourselves and the patterns of intelligence we have been embodying in our machines. I'm also curious whether there's any possibility for a discussion of these issues that does not degenerate into the worthless shouting matches so common in the "philosophy" groups. The sobriety of comp.risks gives one hope. I'll welcome all critical response. (Feel free to say "not interested" as well.) Many thanks for your attention. (I am not an educator, although I home-taught two of my children for a few years. I have worked in the software and technical writing field for some 12 years, and am currently an editor at O'Reilly and Associates. We publish books related to computers--including the immensely popular Whole Internet User's Guide and Catalog. This essay is one of a collection of short, Internet-related pieces I am currently working on.) Steve Talbott stevet@ora.com ########################################################################## Copyright 1993 Stephen L. Talbott. You may freely redistribute these remarks on a not-for-profit basis so long as this notice and the remarks themselves are left fully intact and unedited. ########################################################################## Net-based Learning Communities Entering a classroom, the sixth-grade girl sits down at her terminal and composes an email message to her "net pal" in India. The two of them are comparing notes about efforts to save endangered species in their separate localities, as part of a class project. (During the afternoon, a reply comes back.) In later years, these children may even chance to meet, and their email exchanges will have prepared them to accept each other on equal terms, rather than to be put off by cultural barriers. An attractive picture? Very much so. This sort of thing is one of the bright promises of the net. Personally, however, I doubt we will see its broad realization any time soon. Why? Because the promise is being overwhelmed by sentimentality, uncritical futurism, and the worship of technology. We're seeing an unhealthy romanticization of the net. Allow me a brief flanking movement here. It's now routine for social critics to bemoan the artificial, fantasy-laden, overstimulating (yet passive) environments in which our children grow up. I'm not sure the bemoaning helps any, but I believe the concerns are largely justified. The problem is that they too rarely strike through to the heart of the matter. For if the child must fill up his existence with "virtual" realities and artificial stimulation, is it not because we have systematically deprived him--not to mention ourselves--of the real world? Link together in your mind a few simple facts, many of them common- places: Schools have become ghettos for the young. Perhaps for the first time in history, our century has seen children strictly cut off from meaningful connection to the world of adult work. That work is hidden away behind the walls of the industrial park. Likewise, all the once-local functions of government have become distant, invisible abstractions, wholly disconnected from what the child observes going on around him. As to the evening news, it concerns events that he must find hard to distinguish from last night's movie. (And when he grows up and hears the screaming on the city street, will he know to do anything but *watch*?) The ubiquitous television serves in addition to cut him off from meaningful interaction with his own family. Even the eternal necessities have become invisible; sickness and death are but the rumors of a sanitized mystery enacted behind closed doors in the hospital--grandmother will not utter her last groans and die untidily on the couch in the living room. And perhaps most importantly (but this we do not pay attention to), the science he encounters at school is increasingly a science of abstractions -- forces and vectors, atoms and equations. And so he is deprived also of his living connection to trees, rain, and stars. The world recedes behind a screen, a veil of unreality. I do not pine for the particular forms of a lost past. The question, rather, is how to replace what needs replacing, and with what. As things stand, the picture cited above leads to to a crushing conclusion, first elaborated so far as I know by the Dutch psychologist, Jan Hendrik van den Berg, at mid-century. Can we rightly complain, van den Berg asked, when the child grows up and somehow fails to "adjust"? Adjust to what? Nothing is there--everything is abstract, distant, invisible! And so the modern conclusion of the matter seems inevitable: we force the child to live within an inner fantasyland, cut off from the nurturing, reassuring matrix of visible, tangible, accessible structures and authorities that once constituted "community." No wonder the surreal world of the video game is his natural habitat. Nor will it do any good to trash the video games, if we find no way to replace them with real-world involvement. To turn such a child over to the net for learning purposes is not a simple and automatic good. Can we structure the bewildering, abstract, game-like maze of possibilities into healthy learning experiences, appropriate to the child's age? Or will he be much more inclined to find here simply a yet more glorious video game landscape? The "interface" between the young girl and her net pal is undeniably thin, one-dimensional, remote. As valuable as it may nevertheless be, it is not the missing key for redeeming the learning community. Even as a tool for promoting global understanding, it scarcely counts beside the much more fundamental--and deeply threatened--sources of social understanding. The girl, of course, will learn whatever she does of friendship from peers who sweat, bleed, taunt, curse, tantalize, steal, console, and so on. If I need to find out whether she will become a good world citizen, don't show me a file of her email correspondence. Just let me observe her behavior on the playground for a few minutes. (This assumes, of course, that she spends her class breaks on the playground, not at her terminal playing video games.) Unfortunately, the assessment is not likely to turn out positive so long as the schoolyard is hermetically isolated from any surrounding, multi-dimensioned community. And to see the net as an easy remedy for *this* kind of isolation is, at best, simplistic. The danger of the net, then, is the very opposite of the romantic picture: it invites further de-emphasis of the single, most important learning community--the one consisting of people who are fully present--in favor of a continuing retreat into communal abstractions -- in particular, retreat into a community of others whose odor, unpleasant habits, physical and spiritual needs, and even whose challenging ideas, a student doesn't have to reckon with in quite the same way his neighbor demands. The most bothersome thing here is our tendency to leap rather too easily from raw technology, or from simple images of its use, to far-reaching conclusions about extraordinary complex sociological issues. There is, after all, one absolutely unavoidable fact: technologies for "bringing people together" do not necessarily *bring people together*. Before the news media went gaga about the information superhighway, there were asphalt superhighways. Didn't these bring us all closer together? In many ways they certainly did. The whole transportation revolution was no puny thing, even beside the computer revolution. It re-made society. We now brush up against each other in ways unimaginable in earlier eras. Few of us would want to give up all the new possibilities. But, still, the uncomfortable question remains: is that the spirit of "community" I feel as I peer over the edge of the superhighway at the dilapidated tenements below? And when I turn to the net for my commuting, will I lose even the view from the asphalt? Actually, the rhetorical question is unnecessary. For the answer, in my case, is already given: I telecommute from my suburban basement, and rarely have occasion to venture very far out. I blame no one else--nor any technology--for this; the choices are my own. But one still needs to ask: how will technology play into the kinds of choices society (that is, we) are already tending to make? *Here* is the sort of question we should be asking when we gaze into the future. Some technologies naturally tend to support our virtues, while others give play most easily to our vices. I am dumbfounded that so many fail to see how the spreading computer technologies--in education as in many other arenas--not only offer distinct hopes but also tempt us with seductive overtures at a most vulnerable moment. It would be much easier to welcome the truly exciting things computers promise us, if one didn't see so many eyes firmly closed to already existing tendencies. Perhaps my single greatest fear about the growing interest in networked learning communities is the fear that we will further undermine the human teacher. The most critical element in the classroom is the immediate presence and vision of the teacher, his ability to inspire, his devotion to truth and reverence for beauty, his moral dignity--all of which the child observes and absorbs in a way impossible through electronic correspondence. Combine this with the excitement of a discovery shared among peers in the presence of the actual phenomena occasioning the discovery (a worm transforming itself into a butterfly, a lightning bolt in a jar), and you have the priceless matrix of human growth and learning. The email exchange between the young girl and her Indian counterpart, added to *such* an environment, could be a fine thing. (Actually, it is happening already, here and there.) But let's keep our balance. Surely the problems in modern education stem much more from the rarity of the aforementioned classroom milieu than from lack of student access to such net "resources" as overseas pen pals. Many people in our society are extremely upset--justifiably so, in my opinion--with the current educational system. That gives some hope. But a dramatic and ill-advised movement toward online education may well be the one smoke screen fully capable of preventing an aroused public's focus upon the issues that really count. Yes, the student will have to acquire net skills, just as he had to learn about word processors and the organization of reference materials in the library. But this is not a new model of learning. The most evident new model--not a very desirable one--lies still half-understood in the net's undoubted potential for dispersing energies, distracting attention, reducing education to entertainment, and--above all else--leading the television-adapted student ever further from human community toward a world of fantasies and abstractions, a world too artificially plastic and manipulable, a world desperately removed from those concrete contexts where he might have forged a sturdy, enduring character. Let's give our teachers a realistic sense for the possibilities and the challenges of the net, so they can soberly assess how it might further this or that teaching goal. Let's *not* subject them to a tidal wave of blind, coercive enthusiasm that adds up to the message: "connect as soon as possible, or be left behind." Stephen L. Talbott ------------------------------ Date: Thu, 19 Aug 93 12:32 EDT From: Reiner@DOCKMASTER.NCSC.MIL Subject: NCSC 16 Announcement for RISKS 16TH NATIONAL COMPUTER SECURITY CONFERENCE Dates: 20-23 September 1993 Location: Baltimore Convention Center Baltimore, Maryland Registration fee: $275 The National Computer Security Center and the National Institute of Standards and Technology will present the 16th National Computer Security Conference from 20-23 September at the Baltimore Convention Center. This year's three and one-half day program features tracks in : Research & Development; System Implementation; Management & Administration; Criteria & Evaluation; Tutorials & Other Presentations. aA summary of the technical program follows. To obtain more information about the technical program send a message to NCS_Conference at DOCKMASTER.NCSC.MIL or call the NCSC on 410-859-4371. To obtain a registration form, call the Conference Registrar at 301-975-2775 or send a message to NCS_Conference at DOCKMASTER.NCSC.MIL TECHNICAL PROGRAM SUMMARY: R&D TRACK PANELS - Strategies for Integrating Evaluated Products Chair: J. Williams, MITRE - Multilevel Information System Security Initiative Chair: G. Secrest, NSA - Trusted Applications Chair: J. Cugini, NIST - Best of the New Security Paradigms Workshop II Chair: H. Hosmer, Data Security Inc. - Enterprise Security Solutions Chair: P. Lambert, Motorola PAPER SESSIONS - Honesty Mechanisms Chair: E. Boebert, SCTC - Database Research Chair: M. Schaefer, CTA - Access Control Chair: P. Neumann, SRI SYSTEM IMPLEMENTATION TRACK Panels: - Perspectives on MLS System Solution Acquisition Chair: J. Sachs, ARCA - Network Management -- The Harder Problem Chair: R. Henning, Harris Corp. - Application of INFOSEC Products on WANs Chair: J. Capell, Lockheed - Security for the Securities Industry Chair: S. Meglathery, NYSE Paper Sessions: - Access Control Topics Chair: D. Balenson, TIS - Network Risks & Responses Chair: B. Burnham, NSA - Software Engineering Chair: V. Gibson, Grumman - System Engineering with OTS Products Chair: M. Tinto, NSA - Network Implementation Chair: F. Mayer, Aerospace Corp MANAGEMENT & ADMINISTRATION TRACK PANELS - Virus Attacks & Counterattacks: Real World Experiences Chair: J. Litchko, TIS - Terror at the World Trade Center Chair: S. Meglathery, NYSE - Contingency Planning in the 90s Chair: I. Gilbert-Perry, NIST - On a Better Understanding of Risk Management Techniques Chair: S. Katzke, NIST - Security Awareness, Training & Professionalization Chair: D. Gilbert, NIST - Accreditor's Perspective - How Much is Enough? Chair: J. Litchko, TIS - Security & Auditability of Electronic Voting Systems Chair: R. Mercuri, U. of Penn. - Protection of Intellectual Property Chair: G. Lang, Harrison Ave. Corp. - The Privacy Impact pof technology in the 90s Chair: W. Madsen, CSC - Electronic Crime Prevention & Investigation Chair: R. Lau, NSA PAPER SESSION - Managing & Promoting INFOSEC Programs Chair: D. Parker, SRI TUTORIALS & PRESENTATIONS TRACK Tutorials: - Threats & Security Overview A. Liddle, IRMC - Trusted Systems Concepts C. Abzug, IRMC - Trusted Networks R. Bauer, E. Schultz, ARCA - Trusted Databases G. Smith, W. Wilson, ARCA - Trusted Integration & System Certification J. Sachs, ARCA Panel Presentations: - CLIPPER Chip Chair: L. McNulty, NIST - Getting Your Work Published Chair: J. Holleran, NSA - INFOSEC Standards: The DISA Process Chair: W. Smith, DISA - Security Requirements for Cryptographic Modules; Chair: L. Carnahan, NIST CRITERIA & EVALUATION TRACK Presentations: - Introduction to the Federal Criteria G. Troy, NIST; D. Campbell, NSA - Federal Criteria: Protection Profile Development J. Cugini, NIST; M. DelVilbiss, NSA - Federal Criteria: Registration of Protection Profiles D. Ferraiool, NIST; L. Ambuel, NSA Panels - Federal Criteria: Protection Profiles for the 90s Chair: R. Dobry, NSA - Federal Criteria: Vetting & Registration of Protection Profiles Chair: L Ambuel, NSA - Evaluation Paradigms: Update on TPEP and TTAP Chair: S Nardone, NSA - European National Evaluation Schemes Chair: E. Flahavin, NIST - The European Evaluation Process Chair: P. Toth, NIST - International Harmonization I Chair: Y. Klein, SCSSI, France - Goals & Progress Toward the Common Criteria Chair: G. Troy, NIST - Federal Criteria User Forum Chair: C. Wichers NSA Plenary: "Information System Security Strategies for the Future" Chair: Stephen Walker Panel: James P. Anderson Dr. Willis Ware Dr. Roger Schell ------------------------------ End of RISKS-FORUM Digest 14.86 ************************