Subject: RISKS DIGEST 15.28 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Weds 17 November 1993 Volume 15 : Issue 28 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Power problems stops Milano Stock Exchange for 4 hours (Lorenzo Strigini) Lawyer discovers the RISK of computer efficiency (Martin Minow) Living Will Database (Brian Hawthorne) Review of "Second Contact" by Resnick (Rob Slade) UK government to scrap safety laws (Jonathan Bowen) Tablespoons, or, handwriting recognition may be hazardous to your poem (Mark Brader) Visa introduces transaction UIDs (Bob Frankston) Re: CERT Reports and system breakins (Steve Bellovin) Re: MASS state police confusion (Eric N. Florack) Re: Ada Usage (Harry Erwin, James H. Haynes) Re: Groundhog Day, D-Day, Remembrance Day, and all that (mathew) A Myth is as good as a Smile (PGN) Call-for-Papers for 17th Nat`l Computer Security Conference (Louise Reiner) The RISKS Forum is a moderated digest discussing risks; comp.risks is its USENET counterpart. Undigestifiers are available throughout the Internet, but not from RISKS. Contributions should be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to risks@csl.sri.com, with appropriate, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. PLEASE SEND REQUESTS FOR SUBSCRIPTIONS, archive problems, and other information to risks-request@csl.sri.com (not automated). BITNET users may subscribe via your favorite LISTSERV: "SUBSCRIBE RISKS". Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 15, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. There are also alternative repositories, such as bitftp@pucc.Princeton.EDU . If you are interested in receiving RISKS via fax, please send E-mail to risks-fax@vortex.com, phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for information regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; instead, as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Wed, 17 Nov 93 09:13:26 MET From: Lorenzo Strigini Subject: Power problems stops Milano Stock Exchange for 4 hours Yesterday, 16th of November, trading at the Milano Stock exchange started late at 14:30 because the "telematic" system was down due to a power failure "dating from the previous day" (I am quoting "Il Sole 24 ore", "political economical-financial daily"). The day was bad for the market, with the "Mib" stock index going down 2%. This is attributed to political uncertainties coinciding with a normally bearish period of the year. A morning radio newscast, interviewed an "expert". Excerpts (from memory): the system is undergoing major changes as it will soon handle 100% of the trading vs 70% now (it was not clear whether by number of transactions, of stocks or by value); there is no reason for worry "as this was a hardware, not a software fault"; such problems are unavoidable, as "even satellites and space shuttles, with computers that are not duplicated but _triplicated_, have had their launches aborted due to such problems" (the interviewer sensibly asked "leave satellites alone and tell us about stock exchanges", and the interviewee said that comparable failures have occurred at the London, Paris, New York exchanges. I have no information about the stated availability requirements, the architecture of the system, and the provisions for recovery (if others have such information, I'd appreciate it if they mailed it to me). Lorenzo Strigini IEI-CNR Via Santa Maria 46 I-56126 Pisa - Italy tel. +39 50 593495; fax +39 50 554342 E-mail: strigini@iei.pi.cnr.it ------------------------------ Date: Tue, 16 Nov 93 17:09:40 -0800 From: Martin Minow Subject: Lawyer discovers the RISK of computer efficiency >From the New York Times, Friday November 12, 1993 (page B20): At the Bar. David Margolick. "Court asks a lawyer, if a computer is doing most of the work, why the big fee?" [Abstracted and excerpted] Craig Collins, a lawyer in San Mateo California, used the West CD-ROM library, a system that contains every court opinion published in California in the last 33 years on three compact disks, to research a parental rights case. Under penalty of perjury, he swore that he had devoted 22 hours, ten of them over the Fourth of July weekend, to writing several memorandums concerning the rights of step-parents in custody cases. "At his normal rate of $225 an hour, that worked out to $4,950, part of his total tab of $9,591.50. The money was to come from the stepfather, who lost the case, provided it was approved by Judge Roderic Duncan of the Alameda County Superior Court." "That was not quite what happened. Indeed, after deconstructing the mechanics of modern computer research, Judge Duncan not only balked, but handed Mr. Collins to the disciplinary enforcement section of the State Bar of California." As it turned out, large portions of Mr. Collins memorandums were copied directly from the court opinions, without attribution. Collins explained that he had quoted the courts at length because "their language ``was better written than I would have composed it myself.''" The court, however, found that 22 hours was rather extreme for cutting and pasting since Mr. Collins was an experienced lawyer. At the hearing, William P. Eppes II, a representative of the West Publishing Company testified that Mr. Collins had used the system for a total of of 9 hours and 33 minutes since he had purchased it. The witness, who was also a lawyer, testified that it seemed entirely plausible that Mr. Collins had put in the time he claimed. The judge was impressed by the witness' reasoning and withdrew his claim that Mr. Collins had not worked as long as he did. "All those hours at the computer, the judge seemed to say, reflected inefficiency rather than dishonesty." Although disciplinary proceedings were dropped, Mr. Collins is still displeased with a judge who, in an interview, he described as "a ``cavalier'' judicial ``maveric'' whose ill-considered opinions had periodically been criticized by the California courts of appeal. How did he know? He consulted his trusty CD-ROM, and plugged in the words ``Duncan'' and ``reversal.''" ["Quotes" are directly from the article. ``Quotes'' are quoted material in the original article. On the same page of the Times, you will also find an interesting article on modern computerized fingerprint systems. The FBI has a database of 30 million unique cards and performs more than 32,000 searches per day. The modern systems can compare a print at rates faster than 1,000 per second. Martin Minow minow@apple.com] ------------------------------ Date: Mon, 15 Nov 1993 10:20:26 +0500 From: Brian.Hawthorne@east.sun.com (Brian Hawthorne - SunSelect) Subject: Living Will Database A recent item on the New York Times newswire described a patent granted to Victor Alan Perry (date: 11-14-93 1811EST/category: Financial/ subject: BC PATENTS/title: PATENTS: FAT SUBSTITUTE COULD BURN UP; LIVING WILL DATABASE/author: TERESA RIORDAN). Apparently, Mr. Perry, et alia, have been granted US patent 5,241,466 for a "system for administering a central depository for living wills". He envisions an '800' number that doctors and hospitals can call. The system will then fax back a copy of the appropriate document (living will, durable power of attorney, etc.) for the patient. He would also like to extend the system to be modem-accessible. The purpose of the system is to save some of $10,000,000,000 which is claimed to be spent "for artificial life support of people who did not wish to be kept alive". [That would make an interesting target for computer break-ins! PGN] ------------------------------ Date: 13 Nov 93 19:46 -0600 From: "Rob Slade, Ed. DECrypt & ComNet, VARUG rep" Subject: "Second Contact" by Resnick BK2NDCNT.RVW 931014 Tor Books 49 West 24th Street New York, NY 10010 "Second Contact", Resnick, 1990, U$3.95/C$4.95 The jacket blurb states that this book is a treat for anyone who likes "computers, science fiction, or just a plain good read." The "good read" part is going to depend on personal preference: the science fiction part seems to be almost a side issue. The computer enthusiasts will be presented alternately with ideas and giggles. The book is set seventy-five years into the future. Neither politics nor technology appears to have advanced very far and, with a publication date just before the "Seven Days That Shook the World" (as CNN would have it), the major national security concern of the US is still "Russian spies". (Interestingly, the book lists the US, Russia, China and Brazil as spacefaring nations, while the cover shows a clear shot of a "NASA/ESA" logo on a rocket-like device.) Computers equipped with voice recognition still cannot deal with more than one speaker. At one point a computer retailer tells one character that if the modem (what happened to ISDN?) she is trying isn't fast enough, they have one that will transmit at "38,400 baud." (If the author isn't just confusing baud and "bits per second" this indicates some improvement over "voice grade" lines, but hardly enough for the seemingly ubiquitous "vidphones" unless trellis coding has gotten *really* sophisticated.) None of the data security or communication issues raised are terribly sophisticated. The author has apparently never heard of telnet capabilities or the like. As usual in fictional accounts, the "hacker" is not only skilled with computers, but is a phone phreak as well. Two of the security topics are of some interest. One is the account of files being secured by "moving". The concept of "security by obscurity" is justifiably condemned, but it is true that leaving "standard" accounts open or having "standard" directory and file structures is, to a certain extent, a potential security loophole. The next logical step, beyond putting files in a non-standard location, is to keep moving the files. Unfortunately, there must be a way to retrieve the files, so somewhere there must be a pointer to them. The other point regards database security. At one stage of the plot, the heroes are trying to track the identity of an individual who is "classified to the max." By using the database inference problem, they are able to pinpoint his location. The example is somewhat simplistic, but involves generating a number of queries and discarding the ones the computer does *not* reject as classified. The topic of alien contact, suggested by the title, is really of relatively minor importance. A computer security whimsy in sf clothing. copyright Robert M. Slade, 1993 BK2NDCNT.RVW 931014 Permission granted to distribute with unedited copies of the Digest ======================604-984-4067============================== DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 DECUS Symposium '94, Vancouver, BC, Mar 1-3, 1994, contact: rulag@decus.ca ------------------------------ Date: Mon, 15 Nov 93 09:36:30 GMT From: Jonathan.Bowen@prg.ox.ac.uk Subject: UK government to scrap safety laws The following is extracted from the lead article on the front page of the 14 November 1993 issue of The Independent on Sunday: "A RAFT of safety legislation will be scrapped in a Bill that the Government is to announce this week in the name of minimising costs to commerce and industry. It will be the biggest shake-up of health and safety law in 20 years. ... One element will be the abandonment of the longstanding assumption that safety legislation can only be repealed if it is replaced by regulations just as tough. ... Michael Heseltine, President of the Board of Trade, also wants to revoke European regulations safeguarding millions of people who work with computer screens. He plans to play down the risk of repetitive strain injury and abolish the requirement on employers to provide eye tests and glasses if they are needed." As is typical in the UK, details were leaked to the press ahead of the planned Deregulation Bill to be announced in the forthcoming Queen's Speech to Parliament. Jonathan Bowen, Oxford University [Might that imply the demise of DEFSTAN 00-55 and 00-56? PGN] ------------------------------ Date: Wed, 17 Nov 1993 13:35:18 -0500 From: msb@sq.com Subject: Tablespoons, or, handwriting recognition may be hazardous to your poem [This poem was generated by entering Lewis Carroll's poem "Jabberwocky", from "Through The Looking Glass" into an Apple Newton. Nonsense words in the original were each written three times to get the most consistent match.] TABLESPOONS Teas Willis, and the sticky tours Did gym and Gibbs in the wake. All mimes were the borrowers, And the moderate Belgrade. "Beware the tablespoon my son, The teeth that bite, the Claus that catch. Beware the Subjects bird, and shred The serious Bandwidth!" He took his Verbal sword in hand: Long time the monitors fog he sought, So rested he by the Tumbled tree, And stood a while in thought. And as in selfish thought he stood, The tablespoon, with eyes of Flame, Came stifling through the trigger wood, And troubled as it came! One, two! One, two! And through and though, The Verbal blade went thicker shade. He left it dead, and with its head, He went gambling back. "And host Thai slash the tablespoon? Come to my arms my bearish boy. Oh various day! Cartoon! Cathay!" He charted in his joy. Teas Willis, and the sticky tours Did gym and Gibbs in the wake. All mimes were the borrowers, And the moderate Belgrade. Lewis Carrol's JABBERWOCKY as "recognized" by the Apple Newton, (c) 1993 Robert McNally. Permission is granted to reproduce this if the copyright remains intact. ["It seems very pretty," she said when she had finished it, "but it's rather hard to understand!" (You see she didn't like to confess even to herself, that she couldn't make it out at all.) --Lewis Carroll] Forwarded to rec.humor.funny and comp.risks by Mark Brader ------------------------------ Date: Sun, 14 Nov 1993 16:07 -0400 From: Bob_Frankston@frankston.com Subject: Visa introduces transaction UIDs There is an article in The New York Times of 14 Nov 1993, Page F9, about how Visa is (finally!!!) introducing transaction-unique IDs into its system as a way of tracking transactions and, of course, reducing fraud. They also use the term "digital signature", but, I presume, they are simply corrupting a technical term by misappropriating it for another function. They seem to mean "unique ID", but perhaps they are also worried about spoofed transactions. Can someone provide more information on this? ------------------------------ Date: Mon, 15 Nov 93 11:41:38 EST From: smb@research.att.com Subject: Re: CERT Reports and system breakins (Karn, RISKS-15.22) We need strong security mechanisms based on good cryptography and well thought out protocols. They're underway, but they will take time to develop. In RISKS-15.22, Phil Karn suggests that the major network security issue is the lack of good protocols. While that's certainly a problem, I don't think cryptographic authentication will do that much to solve the network security problem. Cryptography does two things: it provides secrecy if you want it, it it provides authentication, either explicitly or implicitly, since a packet encrypted with the wrong key will decipher to garbage. Both will help somewhat; properly-targeted encryption will eliminate password-sniffing, and cryptographic authentication will allow more hosts to extend trust to users or other hosts on a more rational basis. However, cryptography does nothing to solve the *host* security problem. My incoming mail traffic could be protected by triple DES composed with quadruple IDEA -- and it will do me no good if the mailer has bugs in its implementation of good old RFC821 and RFC822. Nor will Kerberos and my one-time password help against an opponent who has sabotaged my shell, so that he or she will get back-door access to my account and my cryptographic credentials. After all, the privileges that let intruders monitor Ethernets and install boobytrapped login and telnet commands will let them change anything else on my system. Fixing network protocols will do nothing to guard against buggy specifications or buggy implementations. The real issue is one of software engineering. At the last USENIX UNIX Security Conference, Robert H. Morris gave the keynote address. Its title was on the order of ``If your software is full of bugs, what does that say about its security?'' That's the real issue -- learning how to get *host* security right. --Steve Bellovin ------------------------------ Date: Mon, 15 Nov 1993 07:08:40 PST From: Eric_N._Florack.cru-mc@xerox.com Subject: Re: MASS state police confusion (Garfinkel, RISKS-15.26) >>"It wasn't actually a tape of vehicle owners. They got stickers confused with people who were supposed to get food stamps. So the people [who were supposed to get] the food stamp books got the gun permits, and the people who were supposed to get gun permits got food stamps. But it wasn't the Registry this time."<< Gee, I know /I/ feel better, now.... NOT!!!!! I mean, we`re not supposed to be concerned that gun permits were issued to food-stamp recipients.... a group that has been traditionally prone to living in high-crime areas? As much as I`m against gun control, issuing permits to untested people would seem to present a very clear RISK. His screams of `It`s not our fault /this time/` suggests that there is a bit of history, here, for this kind of error. Gee, I feel REAL secure, knowing our all powerful, and deeply caring government is so able and willing to help us. And there`s a big government type in the Kremli..(ahem) WHite House? (Sh-sh-sh-shudder) Be afraid., Be very, very afraid. Eric_Florack.CRU-MC@Xerox.COM ------------------------------ Date: 15 Nov 1993 16:04:38 GMT From: erwin@trwacs.fp.trw.com (Harry Erwin) Subject: Re: Ada Usage There are real problems for which Ada is not the best language. 1. Simulation--due to the lack of support for coroutines, Simula-style semaphores, condition queues, call by name, and event lists, 2. Test generation--for similar reasons, 3. Multi-threaded applications with external inputs, where the usual tasking libraries run into problems. What happens is that the OS and the run-time environment sometimes need to enter messages or events into the same queues. Unless the library has been carefully integrated with the operating system, race conditions can occur, losing entries. 4. Object-oriented programming in the full sense, 5. Completion routines for inter-device protocols, and 6. Anything that needs to run close to the bare metal. Cheers, Harry Erwin erwin@trwacs.fp.trw.com herwin@cs.gmu.edu Working on Freeman nets. ------------------------------ Date: 15 Nov 1993 21:46:41 GMT From: haynes@cats.ucsc.edu (James H. Haynes) Subject: Re: No change in Ada policy (anonymous, RISKS-15.26) >If the government really believes in capitalism, and if the government >believes that private industry is in business to make money, then the >government should be willing to allow industry to transition to Ada as that >makes economic good sense. And not sooner. But the defense business is a very peculiar flavor of capitalism. The defense companies may see it as being in their own best interests to program in company-proprietary languages forever. I believe this was part of the justification for Ada. haynes@cats.ucsc.edu haynes@cats.bitnet ------------------------------ Date: Tue, 16 Nov 1993 13:04:43 -0500 From: phydeaux@med.cornell.edu (the person your mother warned you about) Subject: David Brin ==> Vernor Vinge (minor correction) (Hicks, RISKS-15.27) In RISKS-15.27, mc!Brad_Hicks@mhs.attmail.com wrote: >altogether. Not for nothing did David Brin in his novel _Earth_ refer to a >UseNet-like system as "the Net of a million lies." All manner of lies have Only one thing, of course, is that the "Net of a Million Lies" comes from Vernor Vinge's "A Fire Upon the Deep," rather than Brin's Earth. Doesn't really change the validity of the argument however. How is this correction relevant, you ask? Because any piece of wrong information, no matter how slight, is at risk of being spread throughout the world! 73 de Dave Weingart KB2CWF phydeaux@cumc.cornell.edu (212) 746-3638 ------------------------------ Date: 11 Nov 1993 12:13:34 -0000 From: mathew@mantis.co.uk (mathew) Subject: Re: Groundhog Day, D-Day, Remembrance Day, and all that (RISKS-15.25) msb@sq.com writes: >And one day early this month, *I* learned that it's also a good idea >to test a program both during and after the first 9 days of the month. >Gotta watch those 1- and 2-digit numbers! On a related note, a good date to try is the first 2-digit Wednesday in September, if your program produces English language output. mathew [Yes, I noted that very day in RISKS, the first time the masthead line went over 80 characters on that day, truncating the issue number! PGN] ------------------------------ Date: Tue, 16 Nov 93 17:40:13 PST From: "Peter G. Neumann" Subject: A Myth is as good as a Smile I received a lot of out-of-band comments about L.Detweiler's piece in RISKS-15.25, and still more asking why I devoted a whole issue (RISKS-15.27) to the responses. (I tend to do dedicated issues when I get an enormous flurry of follow-ups, so that if you do not appreciate the subject matter, you can disregard it in its entirety.) There were many suggestions that this topic should end immediately, which it will, I hope, with this message. But remember, folks, the lack of E-mail authenticity, message integrity, and personal accountability is a real potential problem throughout the Internet, not only on April Fools' Day. Almost no one commented on the original title, Snakes of Medusa. Someone suggested that the Hydra might have been more appropriate, the serpent that started with nine heads and regenerated two to replace any one that was severed. There is a REAL multiple-identity problem. (Medusa was the snaky-haired Gorgon whose glance would turn you into stone. A cheesy biography of stoned individuals might been written by Gorgon Zola.) At any rate, further follow-up messages from Eric Hughes and L.Detweiler can be found in the RISKS archive on CRVAX.SRI.COM in directory RISKS: under the file name RISKS-15.28X. That is the end of it in RISKS. For further discussion, try L.Detweiler or the Cypherpunks newsgroup. ------------------------------ Date: Mon, 15 Nov 93 10:15 EST From: Reiner@DOCKMASTER.NCSC.MIL Subject: Call-for-Papers for 17th Nat`l Computer Security Conference CALL FOR PAPERS & PANELS - 17TH NATIONAL COMPUTER SECURITY CONFERENCE October 11-14, 1994 --- Baltimore, Maryland Co-Sponsors: National Institute of Standards & Technology National Computer Security Center The National Computer Security Conference attendees represent a broad range of information security interests spanning government, industry, commercial, and academic communities. Papers and panel discussions typically cover: - research & development for secure products and systems; - implementation and accreditation of secure systems; - administration & operation of secure systems; - evaluation of products and systems against trust criteria; - international harmonization of security criteria & evaluations; - promotion of computer security: education, awareness and training; - social and legal issues related to computer security. We invite the submission of papers and proposals for panels in any of the above areas and on other topics related to the confidentiality, integrity, and availability of data and resources in information systems. Papers will be selected through an anonymous review process and will be published in the conference proceedings. Panels will be selected by the Program Committee, and panel members will be expected to provide written statements for inclusion in the proceedings. BY 1 MARCH 1994: eight (8) copies of your paper or panel proposal should ARRIVE at the following address: National Computer Security Conference ATTN: NCS Conference Secretary, APS XI National Computer Security Center Fort George G. Meade, MD. 20755-6000 By 1 June, 1994: Authors and panel chairs selected to participate in the conference will be notified and advised when final papers and panel statements are due. PREPARATION OF CONFERENCE SUBMISSIONS: Cover sheet: Type of submission (paper, panel, tutorial) Title or Topic Abstract (not to exceed 250 words) Author(s) Organizational Affiliation(s) Phone numbers (voice and fax if available) Internet address if available Point of contact if more than one author SUBMISSIONS RELATED TO WORK UNDER U.S. GOVERNMENT SPONSORSHIP MUST ALSO INCLUDE THE FOLLOWING: Program Sponsor or Procuring Element Contract Number (if applicable) Government Publication Release Authority Paper preparation: 10-page maximum incl. figures & references; title, abstract, & keywords on first page; no more than 12 char./inch & 6 lines/inch; one-inch margins all around. BECAUSE THE REVIEW PROCESS WILL BE ANONYMOUS, NAMES AND AFFILIATIONS OF AUTHORS SHOULD APPEAR ONLY ON THE SEPARATE COVER SHEET CLASSIFIED MATERIAL OR TOPICS SHOULD NOT BE SUBMITTED RELEASE FOR PUBLICATION & COPYRIGHT: It is the responsibility of the authors to obtain government or corporate releases for publication. Written releases will be required for all papers to be published. Papers developed as part of official U.S. government duties may not be subject to copyright. Papers that are subject to copyright must be accompanied by written assignment to the NCS Conference Committee or written authorization for publication and release at the Committee's discretion. PANEL PROPOSALS: Panels should be geared to a maximum of ninety minutes long, including time for prepared remarks and audience interaction. 2 page maximum. Include chair and proposed panelists or organizations to be represented on first page. Include summary of topic, issues, and/or questions to be addressed by the panel and viewpoints that proposed panelists would bring to the discussion. FOR MORE INFORMATION ON SUBMISSIONS, PLEASE CALL 410-850-0272 OR SEND INTERNET MESSAGES TO: NCS_Conference at DOCKMASTER.NCSC.MIL. For other information about the conference, call 301-975-2775. ------------------------------ End of RISKS-FORUM Digest 15.28 ************************