Subject: RISKS DIGEST 16.54 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Monday 7 November 1994 Volume 16 : Issue 54 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for information on RISKS (comp.risks), disclaimers ***** Contents: [NOTE: "September 31" typo (30), Ravin, RISKS-16.53 fixed in archive copy.] Fall time change and the usual computer system havoc (L. Scott Emmons) Ottawa Library fines people using unreliable automatic calling system (Michael Slavitch) Tele-Phoney (John Vilkaitis) Risks of assumption (Tom Swiss) Re: CMU blocks access to nasty newsgroups (Bob Frankston, Arthur Hicks, Jim Huggins, Harry Rockefeller) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: 02 Nov 1994 20:51:57 GMT From: scotte@center.uscs.com (L. Scott Emmons) Subject: Fall time change and the usual computer system havoc With the recent change back from daylight savings time, we can always expect the usual havoc caused by lousy operating systems that aren't smart enough to know how to switch time automatically. Of course, this issue has been discussed here before, so what happens at this location here may or may not be of particularly exciting news. Anyway, there is a card-key system that locks up a certain development facility between 5pm amd 8am. The system is run by one of the aforementioned lousy operating systems that is not smart enough to change the time automatically. So, for a few days each fall the facility is unlocked and locked early, and for a few days each spring the opposite occurs; until somebody bothers to report it to the right person who has control over the system. I'm not sure which is worse -- the security risk of having an unlocked facility, or the annoyance factor in being unable to get into the building without the right key-card. Fortunately, most of the systems I have to deal with are Unix boxes, which do set the time correctly. I wonder why other operating systems are so far behind? L. Scott Emmons, U.S. Computer Services/CableData R&D Center (916) 939-6088 scotte@center.uscs.com ------------------------------ Date: Mon, 7 Nov 94 15:45:50 -0500 From: "Michael Slavitch, Consultant, (613) 781-9824" Subject: Ottawa Library fines people using unreliable automatic calling system About two months ago I reserved a book at my local library. The library has gone electronic in its reservation system. You reserve a book, and when your turn to receive it comes due a computer dials your home phone number. If an answer occurs, it assumes you heard the message; if you do not pick up the book in three days, you are fined $2.00. Basically, this is what happened to me. Their computer called my number and the phone went off hook, starting the meter running. For some reason my answering machine did not pick up the message (I have an answering machine and a fax modem hanging off the same line, but the fax modem is outgoing only). The RISK here is obvious, and I consider it nontrivial. The librarian insisted that the "system" is "reliable" and "almost always" works. Well, my knowledge of datacomm says that if it does not always work it is not reliable, and that they are fining people based on an assumption that the message was received. What's scary was the attitude of the librarian. Because she was told by someone that the system works, she insisted that I had received the call. I asked her for proof of that and she said that "the system said you got the call, it must be true". My attempt to describe the essence of data communications and reliable communication fell on deaf ears, and she refused to give me the name of her superior because "the system works and nobody should complain about it." Well, I am. I know that it is only two bucks, but the implications that arise from misuse or overly trusting such a system are worrysome. What if the government started issuing parking tickets or summonses in this manner, or banks warning you of surcharges on financial transactions? What if my wife answered the phone and the book was "how to handle infidelity in you marriage" :) (it wasn't). So how do you handle two things: [One] An unreliable delivery system being assumed to be reliable. [Two] People placing trust in such a system. Michael Slavitch, Software Design & Analysis Consultant, assigned to: Bell SYGMA, Suite 250, 150 Elgin St., Ottawa, Ontario K2P 2C4, (613) 781-9824 ------------------------------ Date: Mon, 7 Nov 1994 01:48:00 -0800 (PST) From: javilk@netcom.com (Javilk) Subject: Tele-Phoney Troubles with Tele-Phoney Systems Getting a wrong-number call in the middle of the night from another human can be irritating. We may hope that future telephone numbers incorporate a check digit to reduce these errors, but I doubt they will. But let us first look at our "Telephone Neighborhood". Do you have any idea who or what exists in the 62 or so valid telephone numbers only a slip of the digit away from yours? (Area codes brings it up to about 80, but they are less often dialed. Another problem.) Apparently I have several interesting entities in my telephone neighborhood. And with most calls being dialed by embedded microprocessors and computers these days... What prompts this observation? Funny you should ask that... On Friday, after the close of business for the weekend, (as in, when else?!) I began receiving a strange series of persistent wrong number calls from one gentleman in my area code. As I answered, I would hear the "musique de telephon" of another ten-digit number being dialed. Although apologetic, the caller insisted he was trying to reach several very different numbers in two adjacent area codes. Soon others joined him in reaching out and touching me with a number of different touchy toney loony tunes, complaining that I was not the party of their choice; then retrying the process with more diligence, and sometimes more stridence. But no matter the area code or number they dialed, they all rang my phone. Some investigation on my part revealed they all originated from the same place, an apartment complex in a nearby city with a new PBX (Private Branch Exchange,) telephone system. To save the dwellers money, (or to line their coffers some more,) management had contracted with a private (discount) telephone and cable company called "Western Telephone and Television" (WTT) for a PBX with a feature called "least cost call routing." The physical PBX is a 6 x 4 x 2.5-foot box containing twin 680x0 processors for redundancy, each with its own hard drive, and each running a proprietary operating system called CORTELCO. The box can handle up to 500 telephone lines, although only approximately 300 lines were hooked up at that particular site. Under normal circumstances, this PBX is programmed to quietly intercept the dialed number, dial a five-digit access code (a 10-xxx number) on one of several outgoing lines, and when the access number goes off hook (answers), echo the number that the customer dialed; whereupon the long distance service provider takes over. However at this particular location, a five-digit access code was not available, and so a full seven-digit access code had to be used. In other words, the system simply forwarded all calls to another ordinary-looking phone number. Unfortunately, the technician inadvertently entered _my_ phone number while correcting a previously(!) erroneous number. Hence, all long distance calls placed from that apartment complex rang through to my number starting at 6pm Friday evening. This prompts some interesting observations: 1. No caller ID is transmitted with the call, 2. There is no handshaking between PBX and the service provider. 3. Audio is immediately enabled upon completion of number dialed. Speculations: 1. All accounting probably resides in the PBX 2. Most billing info and programming is done via modem. 3. Anyone with the seven digit access code... ...has unlimited free telephone service. Kind of makes you wonder what the fraud rate is in this industry, and how much is added to the average telephone bill to offset it. (No, I did not ask what number the computers were trying to call or I'd be their prime suspect!) Of course, once awakened, Murphy did not stop there. WTT's emergency pager number had been _Disconnected_. Nor could Pacific Bell Information find any local phone number for WTT. When I finally got the correct number from the apartment manager and called WTT, their automated attendant / voice mail system kept telling me to dial 0 for their operator (receptionist), then complained this and other automatically suggested extension numbers, were not valid. Whereupon the default error message, of course, again instructed me to dial 0 for the operator. (This kind of looping appears rather common in corporate automated attendant systems.) Eventually some error count was exceeded and at least _this_ computer had the sense to hang up. The RISK of not checking your telephony systems for message loops, old numbers, etc. is looking like a corporation of idiots. Not to mention a telephone company not having a publicly listed telephone number! [I think we now might understand WHY! PGN] (My favorite ploy in the case of such loops and lockouts, is to look for a Smith or Jones in their audio telephone directory, and inform him that his company is losing thousands of dollars in sales because the telephone system will not let callers speak to a human being; then ask he pass my number on to an appropriate party. Few ever bother. They must think it's not their job to help their company be profitable.) Finally, The local Bell Systems affiliate repair service (good old 611) told me that the RISK of harassing innocent telephone subscribers, as they agreed WTT's automated equipment was clearly doing, was having telephone service to their equipment, and thus the entire apartment complex, disconnected. (Probably by Monday...) But of course, Murphy being who he is, Repair could do nothing right now. And in retrospect, they really could not do much. Repair directed me to several different Pacific Bell departments, each with its own 800 number, but all of which had an identical automated voice issuing identical instructions. The RISK of using identical messages (computer voice screens?) is having customers think they are reaching the SAME number. For all I know, I may have been! Eventually, the chain of "if you have... then call 1-800-..." messages, which are heard after one finds one's situation is not on the menu, reached a recorded message informing me to call the local police to handle the situation. Is the RISK of having electronic equipment becoming deranged, with no obvious "OFF" switch, having it SHOT by law enforcement officials? Something equipment designers really ought to think about! After numerous complaint calls to the apartment manager, WTT, and Pacific Bell by apartment residents, Pacific Bell, the apartment manager, and myself, a WTT technician entered another set of access codes into the system. The calls ceased shortly before noon, Saturday. I received a long and very apologetic call from the technician. We ended up discussing the operational details of the PBX. The technician also checked the voice-mail looping problem and reports they will have to completely reconfigure their company office's automated attendant system to avoid the "dial operator" loop problem. The RISKS of Busy Telephone Neighborhoods The people at the Misdialing Gardens Apartments were more polite than those involved when Coca Cola published my number as their in-warranty emergency repair number three years back. Now I say that I can fix almost anything (and often do), but those people insisted I fix their Coca Cola machines _Right_NOW_For_FREE since soda was usually spewing forth onto the carpet, etc. Complaints to Coca Cola Corp.'s headquarters met with Persistent Insistence that my number was Indeed _The_Correct_Number_ for their in-warranty repair service. They kept looking it up in their corporate directory and their computers, and telling me it "The computer says that _IS_ The Correct Number, so stop bothering us!" (I couldn't seem to get a VP's secretary to understand the true nature of the problem. And of course, she would NOT pass me on up the line because _I_ was _Obviously_Wrong_.) After a few go-arounds like that with Coca Cola's Headquarters, I just gave up and chanced my number to an unlisted number without a forwarding reference. It only cost me several hundred dollars to change stationary and notify all my clients... ... Some of whom had recently changed their fax numbers... And since I usually set up a computer to send these overnight... Well, I guess I just had all those "favors" returned this past week end! The ADVANTAGE of Call Return I still get calls at all hours, but not as often; the present phoney phone callers all hang up when they hear a human answer, making one think of burglars trying to see who is home, or the odd former acquaintance, ex-spouse, or ex-employee who might have traded a few marbles for some lead pellets. When I ordered call return to investigate this problem, the Pacific Bell representative told me to call these phoney callers back and say "I am working with" (not for) "the telephone company to determine why people call this number." The responses revealed that my current number in the slipped digit neighborhood of a touch-tone-based Automatic Bank Information system. If I politely return those phoney phone calls, I can keep the number of calls down to two or three a month as opposed to the original three or four a week. (Not to mention retain my peace of mind!) I guess people do learn. Don't call me, I won't call you! Please! Several individuals have commented that someone less ethical might have set up one of those $95.99 voice mail cards to ask for the caller's account and PIN numbers, then apologize for the rest of the computers being unavailable. In effect, a telephonic analog of a terminal with a phony login screen. Which reminds me of... The RISK of Borrowing Time Sharing Programs Back in college, some twenty two years back (seems like yesterday!), I had been assigned the task of catching a student who was using a phony log in-screen to steal account numbers on CPS, the time-sharing system which ran on UConn Research Computer Center's IBM 360. CPS (Conversational Programming System) was an interactive PL/1-like variant of BASIC. In one evening, I was able to cobble together parts of a utility program I was writing to create a 1,400-line PL/1 program which performed a brute force search over the CPS saved program hierarchy for the word "login". (Not so easy since CPS used its own file format, saving programs and data in tokenized form; but my utility already scanned comments for expiration dates.) It turned out that the offending programs were saving themselves with the captured login data stored in arrays. As in interactive BASIC, the miscreant could query these arrays without executing the programs themselves. I "de-initialized" the arrays and subtly damaged the programs. An "On Error" statement was used to activate a few new lines near the end of the program to message the main operations console whenever the programs were either run OR the now invalid array elements were queried. Several nights later, I arrived just in time to join two other staff members as they ran across campus to catch an unexpected second miscreant. She later managed to convince the powers that be that she was not The Real Miscreant; but had "merely borrowed a program to see how it worked." I always wondered about that. Did you really do it, Ellen? Or was it really the other fellow? The RISK of stealing time-sharing programs is stealing Booby Traps. -JVV- ------------------------------ Date: Tue, 1 Nov 94 15:18:19 EST From: Tom Swiss Subject: Risks of assumption (Carasso, RISKS-16.52) First, I'd like to disagree with Mr. Carasso's belief that user confusion due to a lack of standards in control layout is "stupidity". It's very easy for users to develop an automatic patterns for some frequently performed operation, and then repeat that pattern in a circumstance where it is not appropriate. For instance, I've developed a habit of hitting Control-X Control-C y to exit emacs and confirm it's "Save file foo? (y or n)" prompt. Then I went to use an editor that, upon exit, prompted something like "File foo not saved - really quit? (y/n)" My fingers were running the emacs pattern and hit "y", thinking that that meant to perform the save, when in fact it meant to exit without saving. I can very easily imagine a long time PC user whose fingers get ahead of his brain, confuse the floppy eject with the power switch, and shut the machine off. I'd also like to question his assumption that if you made such a mistake, you "obviously just got your Mac, there's little of value on it, and it's unlikely that anything damaging will *really* happen." It seems to me that to properly assess the risks of such a situation, one should always assume a worst-case scenario. So what kind of "what-ifs" can we add to this situation? In the worst case, safety critical equipment might be controlled by that Mac. (Yes, we know that there should be a protective cover over that switch in such a case, but I'll bet you a nickel there's a system out there right now that could hurt someone if such down at the wrong time and is without such a cover.) That's a obvious risk. Less obvious is the possibility of losing very important data. To take an example from my own experience, I was forced to do my first extensive Macintosh work (aside from some light word processing at an old job) for a robotics class Programs were compiled on the Mac and downloaded to the controller board. We saved our work on floppies so we could move the work between any one of several Macs. Much of the work (at least for my team) turned out to be trial-and- error setting of various constants. It might take a dozen compile-download- test cycles to find a good value for one such constant. I can just imagine the horror, the wailing, and the gnashing of teeth had one of us gone to swap floppies to save some bit of work and, operating on auto-pilot (as is known to happen when you're working at some ungodly hour to meet a deadline) hit the power switch and sent that work to the bit bucket. -Tom Swiss / tms@tis.com ------------------------------ Date: Mon, 7 Nov 1994 10:23 -0400 From: Bob_Frankston@frankston.com Subject: Re: CMU blocks access to nasty newsgroups A few months ago I responded to a similar issue on another mailing list. As a parent, I can appreciate the problems with adding to the burden of parental responsibility in presenting one more threat we must shield our children against. The real question is how to prepare children for a world in which censorship is not viable -- how to make them better participants in a world rich in information and sleaze. Which is which is often a matter of personal opinion. Ultimately they will have to make the judgment of how to handle it. I realize that there are lots of issues here and that the mere presence of objectionable materials does open organizations up to harassment suits. But, ultimately, this country has made a bet that open access to information is the better option. Other countries have more or less censorship on various issues and are no longer across a wide ocean. This does mean that one (as a parent, educator, whatever) needs to try to teach that not all information available is valid or representative of the real world. But some information can be real and disturbing. At one point while I was in elementary school, I had a great fear of news -- especially international news. Considering that it was in the 50s and duck and cover was a part of the curriculum and one standard topic was how big an H-bomb it would take to reach our school if it landed (precisely?) at Columbus Circle in New York, this was not totally irrational. But is it better to grow up in a world unprepared, without an immune system? ------------------------------ Date: Mon, 7 Nov 1994 09:13:11 -0800 (PST) From: Arthur Hicks Subject: RE: CMU blocks access to nasty newsgroups "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com> wrote of attempts to resolve the problem of access by children to possibly unsuitable sexual material in certain USENET newsgroups. I would like to respond, as a seemingly responsible parent, with some examples of real parental controls, and real parental concerns about this issue. In our case the family MODEM is hardwired to a separate local-only phone line, somewhat reducing the scope of possible teenage computer activities, but Internet is another matter. I have applied suitable access limitations to my son's AOL sub-account, and my kids are never allowed any visual access to my passwords. My kids have also freely discussed these issues with me, and can be expected to understand them to the degree that they are willing to understand them. To that extent I don't worry about my kids and their activities. I am concerned however, with the very real problem of adult human "predators" who seek out congregating kids, whether it be outside the neighborhood convenience store or on the Net. It is a mistake to think that "good", intelligent kids can necessarily resist or even be aware of the attempts of an experienced adult "predator" to do them harm. This is why I remain concerned about the issue of suitable Net access for kids. The article by Mich Kabay appears to trivialize the real concerns of parents who are trying to be responsible about giving their kids access to contemporary tools, but also wish to avoid unreasonable risks to the well-being of their children. Art Hicks ------------------------------ Date: Mon, 7 Nov 1994 15:21:20 -0500 From: Jim Huggins Subject: CMU and Newsgroups (Kabay, RISKS-16.53) Mitch Kabay comments at length about CMU's decision to block access to alt.sex.* et. al. on its computer systems. Mitch's comments focus mostly upon access, calling for finer grains of access to the Internet rather than total vs. no access. While Mitch raises good points, they really don't address CMU's dilemma. The following is an excerpt from the official on-campus announcement of the change: Pennsylvania laws prohibits us from carrying bulletin boards that are known to be used for the distribution of sexually explicit or obscene material. It is against the law for anybody to knowingly distribute sexually explicit materials to people under the age of 18, or obscene materials to people of any age. [...] [T]he only criterion that will be used when considering the withdrawal of a bulletin board is that either the intended purpose for which it was established or its primary use (majority of the posts) makes it illegal for Computing Services to provide access to the bulletin board. (N.B. Usenet groups at CMU are usually called bulletin boards.) This isn't really an issue of whether minors can get access -- the vast majority of students at CMU are over 18, anyways. The problem is that obscene material cannot be distributed in PA, regardless of the age of the recipient. And so CMU needs to find a way to obey the law. In some ways, this is already the finer-grain access that Kabay suggests. CMU isn't going to monitor every newsgroup for obscene materials; it simply will eliminate those newsgroups where such material is the most prominent. Of course, whether or not local definitions of obscenity make sense anymore in a global infobahn is another question entirely, and one in which I'm still undecided. Jim Huggins (huggins@umich.edu) ------------------------------ Date: Mon, 7 Nov 94 13:41:33 -0600 From: harryr@ssd.fsi.com (Harry Rockefeller) Subject: Re: CMU blocks access to nasty newsgroups (Kabay, RISKS-16.53) Mich seems to discuss only one of three problems here. He notes that there is material suitable for adults but not for children. He correctly notes that it is the parent's responsibility to build a suitable barrier. The other two issues of "censorship" he did not discuss are: 1) Highly offensive material not suitable for anyone, and 2) Any material offensive to a payer. In category 1) may be child pornography, or bestiality pornography. The material (at a state or more local level IMO) may be simply ruled illegal. In category 2) Realizing that CMU receives tax funds we should ask if any of these tax funds pay for Internet? If yes, then a case may be made to eliminate several newsgroups because they are offensive to some segment of the taxpaying public. Harry Rockefeller FlightSafety International, Simulation Systems Division Broken Arrow, OK 74012 harryr@ssd.fsi.com (918) 251-0500 ------------------------------ Date: 20 October 1994 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S. users on .mil or .gov domains should contact (Dennis Rears ). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, THEN please send requests to (which is not automated). CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. All other reuses of RISKS material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using RISKS material should obtain permission from the contributors. ARCHIVES: "ftp crvax.sri.comlogin anonymousYourName cd risks: or cwd risks:, depending on your particular FTP. Issue j of volume 16 is in that directory: "get risks-16.j". For issues of earlier volumes, "get [.i]risks-i.j" (where i=1 to 15, j always TWO digits) for Vol i Issue j. Vol i summaries in j=00, in both main directory and [.i] subdirectory; "dir" (or "dir [.i]") lists (sub)directory; "bye" logs out. CRVAX.SRI.COM = [128.18.30.65]; =CarriageReturn; FTPs may differ; UNIX prompts for username, password; bitftp@pucc.Princeton.EDU and WAIS are alternative repositories. See risks-15.75 for WAIS info. To search back issues with WAIS, use risks-digest.src. With Mosaic, use http://www.wais.com/wais-dbs/risks-digest.html. FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ------------------------------ End of RISKS-FORUM Digest 16.54 ************************