Subject: RISKS DIGEST 16.55 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Weds 9 November 1994 Volume 16 : Issue 55 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for information on RISKS (comp.risks), disclaimers ***** Contents: [Still huge backlog of responses] EMI and construction cranes (Steve Summit) Postscript FAX Security Hole (Mike Crawford) Hardware-borne Trojan Horse programs (Chris Tate) Risks of posting warnings with the wrong time or date (George Swan) Existential risks of computer systems (Ian Horswill) E-Signatures (Benjamin Wright) Re: Suitable for whom? (Jon Green) PBX at Large? [Re: Tele-Phoney] (Stephen Bogner) Re: Parental Responsibility (Mich Kabay) Re: Ottawa Library fines people ... (Erik Jacobsen, Daniel P. B. Smith) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: Tue, 8 Nov 1994 12:31:17 -0800 From: scs@eskimo.com (Steve Summit) Subject: EMI and construction cranes An article in Friday's *Seattle Times* (Nov. 5, 1994) reports that "Microwave interference has stalled crane operations on the $74 million Seattle Center Coliseum renovation project." Broadcast towers on nearby Queen Anne hill and consumer microwave ovens on the same hill are suspected, but "`I don't know if we'll ever be able to pin that down,' said Jack Donovan, construction manager for PCL Construction Services Inc." Continuing from the article: ...when the crane operator tried the [crane's] electronic controls, they didn't respond correctly and haven't worked since, Donovan said. He didn't think the problem would delay the project... "Obviously, it's an inconvenience, but to this point we've been able to use alternate means to work around it," he said. The crane operators are testing filters or shields around the controls to ward off microwaves. Electronic specialists were called in to work on the problem yesterday. Steve Summit scs@eskimo.com ------------------------------ Date: Tue, 8 Nov 1994 21:55:12 -0800 From: Mike Crawford Subject: Postscript FAX Security Hole I recently bought an Apple LaserWriter Select 360. While I wanted a laser printer anyway, I chose that particular model because it can accept a Postscript FAX card. I want to make a FAX/Email gateway that can send high quality faxes - one can mail a postscript file to the gateway, and a high quality fax will be transmitted. If one has the good fortune to be addressing another PS fax, the postscript is transmitted instead of the fax codes, for extra high quality. But there's a big problem: PS is a programming language. This would allow people to program my laser printer via e-mail! People could do such things as change the printer password remotely. If one used a printer with an attached hard disk, one could mail in a command to erase the disk. Oops. Would anyone know whether this has been considered under the postscript FAX standard? It seems to me it would be a problem for just regular PS faxes - one would just hack it over the phone line from another PS fax machine. Can you imagine someone putting letter bombs in public domain clip art? Eek! One could disable certain commands, and do save/restores, of course, but it is possible for postscript to be quite obtuse, and every printer has a number of undocumented postscript operators that would be hard to guard against in any general way. Mike Crawford crawford@scipp.ucsc.edu crawford@maxwell.ucsc.edu ------------------------------ Date: Tue, 8 Nov 1994 12:34:36 -0500 (EST) From: Chris Tate Subject: Hardware-borne Trojan Horse programs I had an unpleasant experience this past weekend, and I imagine some other readers of RISKS will find it interesting. I recently purchased an Apple Macintosh computer at a "computer superstore," as separate components - the Apple CPU, and Apple monitor, and a third-party keyboard billed as coming from a company called Sicon. This past weekend, while trying to get some text-editing work done, I had to leave the computer alone for a while. Upon returning, I found to my horror that the text "welcome datacomp" had been *inserted into the text I was editing*. I was certain that I hadn't typed it, and my wife verified that she hadn't, either. A quick survey showed that the "clipboard" (the repository for information being manipulated via cut/paste operations) wasn't the source of the offending text. As usual, the initial reaction was to suspect a virus. Disinfectant, a leading anti-viral application for Macintoshes, gave the system a clean bill of health; furthermore, its descriptions of the known viruses (as of Disinfectant version 3.5, the latest release) did not mention any symptoms similar to my experiences. I restarted the system in a fully minimal configuration, launched an editor, and waited. Sure enough, after a (rather long) wait, the text "welcome datacomp" once again appeared, all at once, on its own. As a next step, I contacted John Norstad, the author of Disinfectant, and one of the international response team for dealing with new Macintosh virus sightings. Very promptly I received a response, which I shall quote here in its entirity (it's brief): > Yes, we have heard of this. It's a practical joke in the ROM code in some > third-party keyboards. The only solution is to get your bad keyboard > replaced. I was furious. Apparently there are hardware products on the market which have embedded "Trojan Horses," programs which affect the operation of the system without the user's consent (or knowledge!). I have returned the keyboard to the store where I purchased it, and I plan to contact Sicon about the problem. The potential for abuses in computer systems here is apparent, especially when the system involves "intelligent" peripherals - such as many popular types of disk drive, Apple Desktop Bus devices (such as the offending keyboard), and so forth. John Norstad informs me that he has little knowledge of the extent of this particular problem, other than the fact that he has received quite a bit of mail from people who have been bitten. What is almost as disturbing as having fallen prey to this particular joke is the lack of information about it - I can't find any mention of such a problem in any of the USENET Mac newsgroups' "Frequently Asked Questions" compilations, although those FAQs *do* mention viruses and how to deal with them. It definitely seems to me that people ought to be made more aware that this sort of thing is happening. Christopher Tate fixer@faxcsl.dcrt.nih.gov eWorld: cTate ------------------------------ Date: Tue, 8 Nov 1994 19:22:50 -0500 From: George Swan Subject: Risks of posting warnings with the wrong time or date In the fall of 1990 a bomb threat was phoned in to the Waterloo (Ontario, Canada) Regional Police. The threat said that a number of bombs had been placed in various buildings on the University of Waterloo campus. There was a recent discussion of this threat in alt.folklore.college. I posted a followup to this discussion. I thought I would post a shorter version for risks readers. The entire campus was evacuated. It took several hours, as the University had no central public address system. The threat turned out to be a hoax. The news was circulated around the campus via a "phone-tree" and word of mouth. I knew a few more details about this incident because the day before the bomb scare I had a long discussion with a young hot-head, who had said something stupid, and I had reported him to the campus police. The young hot-head had been a devoted reader of the newsgroup "alt.sex.bondage". He was furious with the Dean of Computing because he had banned this newsgroup from all the campus computers. During the course of our discussion he said, "If I had a copy of 'The Anarchist Cookbook' I'd use it to bomb Johnny Wong's office!" (Dr. Wong was the Dean of Computing. 'The Anarchist Cookbook' is a how-to book on sabotage techniques, including how to build bombs.) I reported his threat to the campus police. During my discussions with the campus police I learned that the their big lead concerned the rash of news articles that had been posted to the newsgroup "uw.general" the afternoon of the bomb scare. The campus police had arranged for someone to print out the news articles that concerned the bomb scare. One of the posts seemed to have been posted prior to the reception of the phone call that initiated the scare. The risk? I am sure that none of the people posting messages warning others of the scare gave a moment's thought as to whether their system's clock bore the correct time. I am sure they would be quite surprised to learn that they had become suspects. (Fortunately wiser heads within the University's Department of Computing Services were consulted first.) There are some other risks I would like to comment on. When the bombs didn't go off as scheduled, the campus police were asked to check the campus. By the time I had my interview with them, the campus police had had a number of resignations. It seems to me that to do a proper job of checking the campus would require a regiment of combat engineers. In my opinion, a phone-tree is not sufficient to meet this threat. The threat gave about four hours notice, and it took close to three hours to clear the campus. What if it had been a real bomb with only two hours notice? What if it had been a spill of toxic waste? A recent risks digest said that CMU had recently announced bans of various newsgroups. Let's hope that none of CMU's administrators receive any threats. ------------------------------ Date: Tue, 8 Nov 1994 18:12:42 -0500 From: ian@ai.mit.edu (Ian Horswill) Subject: Existential risks of computer systems The hotel I was in last weekend had a nifty video-based message system. They had the standard spectra-vision pay-per-view interactive video hardware in the rooms so they set it up so you could review your bill, check out, and collect your messages using your TV and remote control as a terminal. Pretty nifty. So one night, I get back to my room and press the "check messages" button. After a longish pause, my TV greets me with the message: "We're sorry, but the hotel records indicate that this room does not exist. Please contact the front desk if this is not the case." At first, this caused a sort of Sartrian crisis within me, but then I relaxed. According to the hotel phone directory, the front desk didn't exist either, so I was obviously in good company. P.S. It would seem that someone inadvertently checked me out. [Or else the database was inaccessible; your hypothesis suggests that someone checked out the front desk as well. PGN] ------------------------------ Date: Sat, 5 Nov 94 23:28:24 EST From: bwrigh01@reach.com (Benjamin Wright -- Attorney ^ Counselor - Dallas ) Subject: E-Signatures [This is an elaboration of an earlier RISKS item, which also appeared in a revised form in the October 1994 Communications of the ACM. PLEASE contact Ben if you want the entire article. PGN] ALTERNATIVES FOR SIGNING ELECTRONIC DOCUMENTS By Benjamin Wright Hospitals, banks, insurance companies and other organizations are looking to replace paper with electronic documents, but they need a way to "sign" those documents for legal and control purposes. This article considers the practical features of two alternative signing methods: smart-card based public-key cryptography and PenOp, a pen computer technology that captures handwritten autographs. The article argues that PenOp holds certain advantages in that it does not require the signer to * retain a token or smart card; * remember a password; * register with a bureaucratic certification authority; or * depart from the custom of signing with an autograph. PenOp also does not require the receiver of a signature to use technology that is compatible with that used by other people. ------------------------------ Date: Tue, 8 Nov 1994 06:04:01 -0500 (EST) From: Jon Green Subject: Suitable for whom? (Rockefeller, RISKS-16.54) > The other two issues of "censorship" he did not discuss are: 1) Highly > offensive material not suitable for anyone, and 2) Any material > offensive to a payer. [...] The concept of (1) frightens me. There is _no_ material unsuitable for _anyone_, however repulsive a majority might consider it. By definition, _someone_ wants it, otherwise it wouldn't exist. Who decides what's unsuitable? How often do open-minded individuals make the choice? It's usually made by a self-elected "moral majority" type, or a committee afraid of possible legal action initiated by the same. The Internet is, and always has been, self-policing. If someone posts material considered by the vast majority to be utterly offensive, mass action ensures that the poster is effectively put out of business. That, not a "policy decision" made by someone _we_ didn't choose to represent us, is the best way of dealing with socially unacceptable net use. Once we permit certain limits upon our expression, we tacitly accept that further limits can be placed. I'd rather be free to express my opinions. I don't defend child abuse (or indeed animal abuse), but these are emotional arguments used to manipulate us into accepting the first of many serial limitations on our freedom to contribute to, and to enjoy, the Net. Jon S Green ------------------------------ Date: Tue, 8 Nov 1994 14:46:35 GMT From: sbogner@dres.dnd.ca (Stephen Bogner) Subject: PBX at Large? (Re: Tele-Phoney, Vilkaitis, RISKS-16.54) A couple of years ago I checked into a hotel in Mississauga (near Toronto) that had just had its PBX stolen. As I struggled through a week in a strange city without a telephone, I could not for the life of me understand why someone would steal a PBX, but I guess now I know.... Stephen Bogner (DRES/DTD/MES/Vehicle Concepts Group) sbogner@dres.dnd.ca (403) 544-4786 DRE Suffield; Box 4000; Medicine Hat, Alberta; Canada T1A 8K6 ------------------------------ Date: 08 Nov 94 21:53:18 EST From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com> Subject: Parental Responsibility Dan Weinreb wrote: Exactly what does "parental responsibility" mean to you? That the parent should keep the child off CompuServe entirely? That the parent should sit behind the child during every moment that the child uses CompuServe, to supervise what he or she does? That any good parent would have a child so obedient that if the child is told "Do not look at this newsgroup and that newsgroup", the parent can be confident that the child will simply obey? Please enlighten us. What an odd list of possibilities to propose for "Parental Responsibility." What about "That parents should spend time with their children discussing their (both parents'; and children's) interests and activities and exchanging views in a mutually respectful atmosphere?" or "That parents have a right and an obligation to express their love for their children in many ways, one of which is the clear discussion of their values?" Certainly the words "Parental Responsibility" do not by definition imply support for authoritarian personality traits nor do they suggest the exercise of simple-minded credulity as useful parenting skills. As part of the National Computer Ethics Responsibility Campaign, Dr Peter Tippett has prepared the following document which addresses these questions. None of the suggestions, in my opinion, suggests that families become training grounds for a police state . ============================ %<>== =============================== Computer Ethics Campaign Information and Article TEN QUESTIONS PARENTS SHOULD ASK THEIR CHILDREN Peter S. Tippett, Ph.D., M.D. Symantec's Peter Norton Group Board Member, Computer Ethics Institute 1. Do you legitimately own all of the software, games, and programs you have or use? Software Piracy, Clarifying Questions: Are any of your programs or software bootlegged or pirated copies? Where are the manuals, boxes, license agreements for the programs you have or use? Where did you get that game? (program?, floppy?, software?) When programs first start running on your computer, whose name comes on the screen as the "owner" or "licensed-to." 2. Where did the contents of your report / project / homework come from -- does any of it belong to someone else? Did you write/create/author what you're passing off as your own work? Where did you get the text and images you're using? If you copied text and images from another source, did you have permission? If you didn't need permission from the "owners" of the information you're using, did you credit them for the material? 3. Do you ever use other people's computer, disk-space or processing capability, or look at or copy their files or information, without their knowledge or permission? 4. Do you have any prank programs, computer viruses, worms, trojan horse programs, bombs, or other malicious software? Malicious Software: Clarifying Questions: Do you use bulletin boards or systems that contain these things, or have friends or acquaintances who do? Do you write or create any software like this or deal with people who do? Malicious Software: Explanation of the Problem 5. Do you have any computer graphics files, clips, movies, animations or drawings that you would be embarrassed about? Do you have them legitimately (Piracy) Are they things you would be comfortable showing me? Showing your grandmother? Do you have any pictures, video clips, sound clips, articles, text, or other software or files which contain pornography, violence, dangerous instructions other distasteful material? Do you access or view any of these kinds of things when using the net? 6. Do you have any newsletters, plans, guidelines, or "how-to" documents or files that you would not be comfortable showing to your mother? Making Bombs, breaking into systems, stealing telephone access, stealing computer access, stealing passwords, pornographic or violent text, guides, descriptions, ...... Do you create, contribute to or receive anything like this? 7. Do you ever connect your computer to a telephone, use a modem, or otherwise use a network? Clarifying Questions: Do you use E-Mail (electronic mail)? Do you use Bulletin Boards (BBS) (electronic bulletin board systems)? Is your computer ever connected to other computers? Do you use a Modem? Explanation: There is nothing either unethical or illegal about using networks or connecting computers to telephones. But, you should be aware that when computers are somehow part of a computer network, then they are not just used for "computing," but also for "communication" in a very broad sense of the word. Since "communication," by definition, always includes someone else, and since ethics, or lack of it, relates mainly to our interactions with others, the networking of computers, by any means, leads to many, many more potential ethical dilemmas for a computer user, than non-network computing. The Questions above this one are all possible with both networked or non-networked computers. Whereas the questions below this mostly make sense for people who use networked computers. But, even for those issues related to the questions above, being connected to a network makes it easier to stray into trouble. 8. Who do you associate with when you use the Net? BBS, Internet, CompuServe, Delphi, Fidonet, America On-line... E-Mail, Discussion Groups, Gangs, Influence Just as you would like to steer your children (and friends) away from bad influences in their daily lives, so should you attempt to discern the character of their cyber-friends 9. Do you ever use an assumed name, a handle, or an alias instead of your real name? Do supply a false information about yourself when using a bulletin board, a news group, a message group, or forum, any part of the net, or when using e-mail or when otherwise communicating? Do you use your real age & sex when communicating with your computer? Do you use any false information like addresses, or phone numbers or use someone else's credit card number when using your computer? Do you ever send messages or e-mail in such a way that the recipient cannot tell that you sent it? Have you ever modified data, text, messages, or other computer information so that it looks like someone other than you created it or made the changes? What are you trying to hide by not using your real name? Are you trying to pretend you are something or someone you are not? 10. Do use telephone, video, cable-TV, computer network, bulletin board, or other network services without paying for them? ============================ %<>== =============================== The National Computer Security Association (NCSA) and the Computer Ethics Institute are co-sponsors of the National Computer Ethics and Responsibilities Campaign (NCERC). Information about the NCERC can be obtained in a dedicated display area, GO CETHICS, on the CompuServe Information Service. In addition to the display area, NCSA has established a section within the NCSA InfoSecurity Forum (GO NCSAFORUM) for discussion of issues and concerns relating to ethics and privacy. Your involvement is encouraged! The NCERC Guide to Computer Ethics has been developed to support the campaign. All files within the guide are available as individual files within Library 2 of the NCSA InfoSecurity Forum. In addition, the guide (including 16 informative articles) is available as a paper document. If you are interested in receiving more information about purchasing this document, and providing support for the campaign, send your request via EMail to: 74774.1326@compuserve.com M.E.Kabay,Ph.D./DirEd/Natl Computer Security Assn (Carlisle, PA) ------------------------------ Date: Tue, 8 Nov 94 13:29:49 WET From: ej@dec5102.aarhues.dk (Erik Jacobsen) Subject: Re: Ottawa Library fines people using unreliable ... calling system Michael Slavitch (RISKS-16.54) >About two months ago I reserved a book at my local library. The library has >gone electronic in its reservation system. You reserve a book, and when >your turn to receive it comes due a computer dials your home phone number. >If an answer occurs, it assumes you heard the message; if you do not >pick up the book in three days, you are fined $2.00. There is also the possibility that a child picks up the phone, and before daddy or mommy gets to the phone, the information about the reserved book has been told to the child. If the librarian does not accept a technical explanation (answer machine/faxmodem), this scenario should convince them that there is a problem. Erik Jacobsen, ej@aarhues.dk ------------------------------ Date: Wed, 9 Nov 1994 19:55:26 +0001 (EST) From: "Daniel P. B. Smith" Subject: Risks of misjudging reliability of delivery systems (Slavitch, .16-54) Michael Slavitch asks: >So how do you handle two things: > [One] An unreliable delivery system being assumed to be reliable. > [Two] People placing trust in such a system. I don't know. I have certainly been aware of small problems, ranging from nuisances to misunderstandings to hurt feelings, arising from the following assumptions many people make about the telephone system: a) Each "ring signal" you hear is synchronized with the actual sounding of the bell (or electronic warbler) at the dialed instrument. Corollary: if you have heard four "rings," the party you are calling has heard four rings. Second corollary: if you have heard twenty rings, it cannot possibly be the case that the telephone you're calling did not ring at all; either nobody was there or they heard the bell and decided not to answer. b) A cyclic buzz is a "busy signal" and means the instrument you dialed is off-hook, i.e. there's a strong presumption that somebody is there. Telephone books once described these signals and their meanings. The ones I use today do not. I am sure this because the signals, which once were reliable and informative "error messages," no longer are. When there is no connection, the telephone system does not reliably signal the reason for the failure. Overloaded system may deliver rings ("no answer") rather than busy signals for off-hook phones. They may deliver busy signals for phones that are actually on-hook (and, no, it is NOT always a distinguishable "fast busy.") I'm not aware of serious problems resulting from this, but one could construct scenarios in which the risks were significant. Daniel P. B. Smith dpbsmith@world.std.com [Actually the synchronization is not precise. You may have noticed calling someone and having them answer without your hearing a ring. A slight delay is common on LONG-distance calls. PGN] ------------------------------ Date: 20 October 1994 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S. users on .mil or .gov domains should contact (Dennis Rears ). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, THEN please send requests to (which is not automated). CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. All other reuses of RISKS material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using RISKS material should obtain permission from the contributors. ARCHIVES: "ftp crvax.sri.comlogin anonymousYourName cd risks: or cwd risks:, depending on your particular FTP. Issue j of volume 16 is in that directory: "get risks-16.j". For issues of earlier volumes, "get [.i]risks-i.j" (where i=1 to 15, j always TWO digits) for Vol i Issue j. Vol i summaries in j=00, in both main directory and [.i] subdirectory; "dir" (or "dir [.i]") lists (sub)directory; "bye" logs out. CRVAX.SRI.COM = [128.18.30.65]; =CarriageReturn; FTPs may differ; UNIX prompts for username, password; bitftp@pucc.Princeton.EDU and WAIS are alternative repositories. See risks-15.75 for WAIS info. To search back issues with WAIS, use risks-digest.src. With Mosaic, use http://www.wais.com/wais-dbs/risks-digest.html. FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ------------------------------ End of RISKS-FORUM Digest 16.55 ************************