Subject: RISKS DIGEST 16.90 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 14 March 1995 Volume 16 : Issue 90 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, etc. ***** Contents: E-Mail Apology from Prodigy (Edupage) Kiosk prototype fails to deliver in trial run (Bob Frankston) Automatic return fire (Michael J Zehr) Internet providers raided (Kevin Yeung) Internet-Finland Privacy (Lars Arnkil via Bruce Baker) Re: Consumer Electronics Problems (Willie Smith) Mitnick Stole "SATAN" Security Software (Edupage) Re: PGP Moose (Jerry Leichter) Re: Microsoft and Lotus spreadsheet errors (Steve Bellovin, Ken Tindell) The source of semantic content: followup (Erann Gat) Re: Can Pakistan Eavesdrop in America? (Laurence R. Brothers, John R. Moore, Marc Horowitz, P.vanMossel) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. (6 Feb) ---------------------------------------------------------------------- Date: Sun, 12 Mar 1995 18:24:47 -0500 From: info@ivory.educom.edu (Edupage) Subject: E-Mail Apology from Prodigy (Edupage 12 Mar 1995) A software glitch caused Prodigy's mail system to send 473 E-mail messages last Friday to wrong members and to lose 4,901 messages on the Internet. The mail system was shut down for five hours, and Prodigy apologized to its members for the malfunction. (Atlanta Journal-Constitution, 11 Mar 1995, B3) ------------------------------ Date: Sat, 11 Mar 1995 16:49 -0500 From: Bob_Frankston@frankston.com Subject: Kiosk prototype fails to deliver in trial run This is a short piece from *The Boston Globe*, 11 Mar 1995, by Michael Putzel. Apparently the Post Office is planning to deploy Iway kiosks. The prototype appears to be a quick hack, a Silicon Graphics Indy (do I hear, overkill?) with a touch scree and, apparently, a web browser for getting around. The article itself didn't tell which technology was being deployed. This is a basic simple approach which I approve of. One of the problems was a standard touch screen problem of having to position one's finger correctly. More interesting was the attempt to get information from the Social Security computer. "It seems that the agency had changed the name of its computer without telling the Postal Service". This fits my assumption that it is a web browser. The risk is a standard one of deploying a new technology while it is evolving. Many of the initial web pages are going to fade from the lack of interest in supporting them. This will disappoint those who expect a reliable mature service. Beyond disappointing, however, it doesn't seem much of a risk and can be handled by setting appropriate expectations. It will be more of an issue if (a standard problem with the regulations limiting the Post Office) the technology is widely deployed. ------------------------------ Date: Tue, 31 Jan 95 18:06:20 -0500 From: tada@MIT.EDU Subject: Automatic return fire >From CIO (February 1995): Lawrence Livermore Laboratory is working on a system called Lifeguard to help police (and who knows who else) identify from what direction they are being fired upon. The system was apparently developed in response to school shootings where it isn't always easy to spot the shooter visually. As described in 'Government Technology' the system uses a special sensor that emits "ammunition-identifying" signals and attaches to a rifle like a scope. A computer tracks incoming bullets and locates the source. "Anybody who shoots at you from any direction would be immediately located and subject to return fire," says Thomas Karr, head of the Lab team. I'll leave to everyone's imaginations the risks of hooking a computer to the trigger of a loaded weapon and using it near civilians. -michael j zehr [This Lifeguard is completely different from the noneponymous McIntosh program noted in RISKS-16.72. PGN] ------------------------------ Date: Sun, 12 Mar 1995 13:57:57 +0800 From: keviny@hk.super.net Subject: Internet providers raided Seven Internet providers in Hong Kong were raided by the Hong Kong Royal Police, alleged to be operating without required licence and "hacking" other computer systems. All computer equipment was seized, and it was reported that police was able to look at any file on the systems - all people's private email and even commercial documents were at risk. Police may close down and check any Internet provider out again at anytime, and companies' information is at risk if someone in police sells the information secretly. ------------------------------ Date: 13 Mar 1995 08:21:19 U From: spryhma.samlink.arnkila@elvi.vtkk.fi Subject: Internet-Finland Privacy [Edited and submitted to RISKS by "Bruce Baker" , with Lars' permission. PGN] Funny creature this Internet, and the people associated with it, especially "journalist-researchers", as they call themselves. Adding to the unusual mixture recently here in Scandanavia have been the Scientologists and the Police. It would be funny to follow the intrigues if they were fiction, but these are all too real: Case #1 A Swedish journalist-researcher "reveals" that an Anonymous Finnish Internet server has been spreading pedophiliac pictures. It sounds like a big Issue, but it is not true. The addresses within the pedophiliac-picture files were in fact forged, and they didn't come via the anonymous Finnish server (owned by Johan Helsingius). This part of the news wasn't much publicized. It seems that the real pedophiliac-picture distributing server was a British one. Case #2 Finnish Police receive a request from U.S. law enforcement authorities to confiscate (real) user information from the Finnish Anonymous Server. About the same time, Scientologists claimed that someone had broken into their system and was revealing "highly confidential" information via the Finnish anonymous server. Well, of course, the Finnish Police carried out a house search and seizure to obtain real user information from the anonymous server. Then they promptly gave the information to the Scientologists!!! Lessons, if any: o Negative stories receive more press coverage than positive ones. o Corrections are rarely seen by the reader, especially readers in other countries. o People, even Police officers, will act as if "The Party Which Brings Up Some Claim/Issue" has been harmed and must be right. They cannot see, that some issues might be brought up under "legitimate cover" to serve other purposes. This "legitimate" cover should be verified etc...and during this process the Police shouldn't give information to the complainant. Other thoughts: Can this affect us? Most definitely. What if the Scientologists had made the same charges against our banking system and had asked the Police to reveal user information in our files? And what if we had asked the police to determine who has tried to break into our systems from this or that address? Should we have a right to obtain this information directly from the Police (similar to your Procter and Gamble case several years ago)? Lars Arnkil ------------------------------ Date: Sun, 12 Mar 1995 12:09:03 -0500 (EST) From: wpns@roadrunner.pictel.com (Willie Smith) Subject: Re: Consumer Electronics Problems (Hatton, RISKS-16.89) >Has anybody heard of consumer electronic stuff being recalled because >of software problems yet? Typically they tend not to be acknowledged or recalled, as it would be prohibitively expensive for the manufacturers, and they are used to walking all over the consumers. A couple of examples: An older Sony 5-disk CD player had a shuffle play with a poor random number generator and no memory of what songs it had played, it merely chose a disk at 'random' and then a track at 'random' from that disk. It would, for instance, play disk 3 track 5, disk 2 track 8, disk 3 track 5, "rinse, lather, repeat". The "solution" was to ignore that function and (5 years later) check carefully that Sony had fixed that bug before buying a new model. Volkswagen had a bug in their Digifant-II electronic engine management computer for a couple of _years_ that caused cold-start problems on hot days. It appeared that the computer was reading the engine temperature sensor as "hot", so it didn't "put on the choke". I actually had the service manager at a VW dealer tell me that I had to keep my foot on the gas of a fuel injected, computer controlled car for a minute or two after starting to keep it from stalling[!]. The first-level fix was, after a year and a half of so called 'service', replacing the computer. The second-level fix was switching car brands. 8*| In both cases, the manufacturer was highly motivated to ignore the problem. I would guess that a fair amount of the development of the CD player was writing the software, and producing new CPUs, recalling the players, and repairing them would have cost Sony more than developing a new player from scratch and giving new ones to folks who complained about the old ones. Volkswagen would have spent a small fortune recalling cars and putting new computers in each, if only in the currency of opportunity cost (what they spent in customer good will isn't really a subject for Risks). When a software company produces a new product, they test it and run it thru beta testing and such to ensure that it works properly. When a hardware company puts software into their product, they may not understand the software, and take the developers word for it's quality. Willie Smith wpns@pictel.com N1JBJ@amsat.org ------------------------------ Date: Sun, 12 Mar 1995 18:24:47 -0500 From: info@ivory.educom.edu (Edupage) Subject: Mitnick Stole "SATAN" Security Software (Edupage, 12 Mar 1995) SATAN software (an acronym standing for Security Administrator Tool for Analyzing Networks), which was developed by Dan Farmer of Silicon Graphics to scan thousands of host computers on the Internet for security vulnerabilities, was stolen by Kevin Mitnick, the computer cracker who was arrested last month by the FBI and is now under indictment for 23 counts of fraud involving computer use. Mitnick broke into Farmer's account on the WELL, a California Internet service provider. Farmer says he has no way of knowing whether Mitnick shared copies of SATAN over the Internet. (The New York Times, 12 Mar 1995, [City edition?] Sec.3, p.11; 11 Mar 1995, p.30) ------------------------------ Date: Fri, 10 Mar 95 15:19:57 EDT From: Jerry Leichter Subject: Re: PGP Moose Given the prevalence of Unix (aka broken) mail forwarders out there that believe any occurrence of "From" at the beginning of a line can be "wedged" as >From (did that arrive at your location as >From? It left here unwedged.), we are likely to soon have a new risk on the net: The risk of automatic cancellation of all messages that happen to have the wrong four characters at the beginning of some line. People forwarding messages complete with headers -- beware! Any "From:" lines you include are likely Moosebait! Oh, yes, there are also some mail forwarders out there that will change any line consisting only of a single "." to one containing "..". There are no doubt some that will make the reverse substitution. There also appear to be gateways around that will replace empty lines with lines containing a single space, as well as gateways that do strange and wondrous things with spaces at the end of lines. Finally, there appear to be an increasing number of programs that, under certain unclear conditions, use MIME's BASE64 encoding in the midst of otherwise simple ASCII text - you'll see things like =20 at the end of a line. I suppose the underlying idea here is fine, but unfortunately an attempt to build such a thing on top of the very chaotic and unpredictable world of today's mail systems is to impose many non-obvious risks on users. -- Jerry ------------------------------ Date: Sat, 11 Mar 95 19:09:03 EST From: smb@research.att.com Subject: Re: Microsoft and Lotus spreadsheet errors (Lauck, RISKS-16.89) Errors in financial calculations are not new. When I worked at Autex, Inc. in the early 70's I wrote a program to calculate bond tables. I was told that my calculations, right or wrong, had to agree with a certain book that all the traders used. Such problems are even older. Fred Brooks tells a similar story from the mid-1950's. He was assigned to write a program to do billing for petroleum delivered through a pipeline. Now -- the actual volume occupied by a given mass of petroleum varies with the temperature, and there was a standard book listing the correction factor for each grade and temperature. To comply with various contractual and legal provisions, the program had to produce the same answers. Today, we might use an array; back then, there wasn't enough memory to hold such a large table. No problem, right -- the expansion had to be a matter of simple physical laws, so they could just calculate it. It turned out to be a simple equation. But whoever had drawn up the table in the first place hadn't rounded consistently -- and the program *had* to match. They ended up doing the calculation, and storing a compressed table giving the difference between the calculated values and the legal ones. Never mind reality -- custom ruled. ------------------------------ Date: Mon, 13 Mar 95 11:39:34 +0100 From: Ken Tindell Subject: Re: Microsoft and Lotus spreadsheet errors (Margolin, Risks 16.88) >>Barry Ward, ... `I've been in the computer business for 19 years and >>have never come across this problem before. ... > >I find it difficult to imagine someone who's been in the computer business >for two decades and has never heard of floating point round-off errors. >This should be part of any computer science curriculum. It's not difficult to imagine at all: just take a look at Ross Anderson's contribution in RISKS-15.54 ("Card Fraud and Computer Evidence"), where the bank claimed that it's software was 100% correct because it used assembler and the "ABEND" statement! (see also CACM November 1994) Not for nothing is ``Banker'' cockney rhyming slang... Ken Tindell, Dept. Computer Systems, Uppsala University, PO Box 325 S-751 05, Uppsala, Sweden +46-18-183172 ken@docs.uu.se http://www.docs.uu.se/~ken ------------------------------ Date: Thu, 9 Mar 95 11:57:59 PST From: gat@aig.jpl.nasa.gov (Erann Gat) Subject: The source of semantic content: followup Some of the replies to my article on the source of semantic content indicate that I have not made myself clear. I did not mean to suggest that we should sit back and do nothing, secure in the knowledge that there are technological tricks that can be played to circumvent the law. I am well aware that once the witch hunt for net.pornographers begins in earnest that logic will provide precious little protection, and the "I only sent random bits" defense probably won't hold up in court. That should scare the pants off you; if it doesn't then you haven't understood what I am trying to say. At the end of my original article I wrote: "...transmitting random bit streams may soon become a crime." I meant this to be taken quite literally. Once there is precedent for convicting someone for transmitting porn using the xor trick, then anyone who sends out a random bit stream for *any* reason can (and probably will) be convicted for transmitting porn. Here's one possible scenario: Let's say that A sends B a random bit stream F1 for some legitimate reason. (For example, he might be a cryptography researcher sending sample output from his latest cryptanalytically secure random number generator for analysis, or he may be a college student who just wants to thumb his nose at the establishment.) If B wants to transmit a pornographic image P and blame it on A, he uses F1 to encode P into F2, and puts F2 onto his public ftp server. To be extra sure, he changes the last-modified date to a week or so ago. B then calls the authorities (or maybe B *is* the authorities) and says, "I have just discovered that A has used my publicly available random file F2 to encode a pornographic image." Here's another scenario. Let's say that A uses the xor trick to transmit a legitimate file to B in the form of two files F1 and F2. B encodes P with F1 and replaces the content of the legitimate F2 with the result. He then calls the authorities and says, "A sent me these two files, and when I put them together the result was P." More complex scenarios are possible by observing that the xor trick is not limited to two files. An image can be one-time-padded an arbitrary number of times, resulting in an arbitrarily large number of files that must be combined to generate the image. Any combination of these files can be used as a key to encode some other image. If freedom-loving people start to use the xor trick a lot, then there could be a tremendous profusion of random files out there that can be combined in an enormous number of ways to produce an enormous number of images. You might even have pornography on your disk and not even be aware of it. In fact, *any* file is just a one-time-pad encoding away from being a pornographic image. Your copy of Microsoft Word has obscenities in it if you just know how to decode them. This is not at all the same as an undeveloped image on film. In the case of film it is clear that the information content is in the film and not in the developing process. In the case of an encoded file there is literally no way to tell which is film and which is developer, which is encoded image and which is key. As with many things in the cyberworld, fundamental assumptions about the Way Things Work break down here. Erann Gat gat@jpl.nasa.gov ------------------------------ Date: Sat, 11 Mar 95 13:52:56 EST From: quasar@ctt.bellcore.com Subject: Re: Can Pakistan Eavesdrop in America? (Wayner, RISKS-16.89) IMHO: Anyone with the least knowledge of EE (or a subscription to 2600 or Phrack) ought to be able to eavesdrop on cellular telephone conversations without resorting to industrial espionage. It's not like these conversations are encrypted as a matter of course. I suppose it's possible that the Pakistani cellular network uses some form of encryption that requires Motorola technology to solve, but I doubt it. In any event, *our* cellular phone network sends conversations in the clear unless CPE does something special about it. Anyone who thinks radio transmissions of any sort are secure (at least those which don't employ reasonable crypto protocols) deserves whatever happens to them.... I assume that US diplomatic and intelligence personnel abroad do use some form of encryption in their transmissions, but I also assume (hope) that they don't rely on it for really sensitive information. As far as terrorist action goes, unless and until government turns into a 1984-ish police state, terrorists and assassins will always be able to carry out attacks. The freedom of information and action in a democratic society more or less guarantees it. Laurence R. Brothers ~ quasar@bellcore.com ------------------------------ Date: Sun, 12 Mar 1995 09:55:45 LOCAL From: ozone@PrimeNet.Com (John R. Moore) Subject: Re: Can Pakistan Eavesdrop in America Regarding Pakistan's requirement that Motorola provide cellular eavesdropping technology: >1) Can this eavesdropping hardware work in the United States? Probably not. Most likely the system is the new global spread spectrum standard, which the US doesn't use and probably won't. That's the good news. The bad news is that it isn't needed. Anyone can buy a scanner and modify it, or buy a downconverter for it, and then listen in on any analog cellular system today! This is illegal in the US but unenforceable. Recently it has become illegal to manufacture or import a scanner that is "easily modifiable" for cellular reception. However, there are millions of scanners all ready in circulation that can receive cellular or be easily modified for this purpose. Furthermore, many scanners pick up cellular as an image frequency, which means they can be used for cellular monitoring simply by entering a frequency typically 21.4 MHz below the frequency to be monitored. Newer US systems will be digital (spread spectrum or TDMA) and encryptable, and thus should be relatively secure against foreign monitoring. However, it is possible that the US Government will force suppliers to make monitoring equipment and encryption keys available to them, but the US Government also wants those crypto keys unavailable to anyone else. John Moore ozone@primenet.com http://www.primenet.com/~ozone/ ------------------------------ Date: Sun, 12 Mar 1995 22:48:31 EST From: Marc Horowitz Subject: Re: Can Pakistan Eavesdrop in America? >> 1) Can this eavesdropping hardware work in the United States? The cellular phone system in the US uses FM modulation very similar to that in your radio. Scanners which could scan cellular frequencies (along with amateur bands, police, fire, etc) were once available at such underground shops as Radio Shack. Scanning cellular was made illegal, so these devices dried up, to be replaced with scanners which could scan all the frequences above except cellular. These scanners could, with the clip of a wire or the press of a "secret" button combination, begin to scan cellular frequencies, even though this activity is illegal. Early in 1994, equipment which could be "illegally modified" to scan cellular was made illegal (that is, the FCC would no longer license it). Older radios (of which I own two) were grandfathered. There are two RISKS here. One, the US government is deluded enough to believe that these laws prevent cellular scanning. Two, the public is not educated enough to know that this sort of scanning is so easy, Oh, and if all of the above isn't enough, every cellphone I've played with has a diagnostic/repair mode which scans cellular frequences. There is a story of a demo for congress, where someone (who had to be granted immunity for this demo!) took a brand new cellphone out of a box, plugged it in, pushed a few buttons, and 30 seconds after breaking the shrink wrap, scanned through some calls to show how easy it was. The third risk: Our government is as scared as Pakistan's about widespread encryption. This issue has been covered in RISKS and Privacy Digest before. Marc ------------------------------ Date: Tue, 14 Mar 1995 20:35:12 +0100 From: P.vanMossel@telecom.ptt.nl Subject: Drop eavesdropping (Wayner, RISKS-16.89) In RISKS-16.89 (Can Pakistan Eavesdrop in America?) Peter Wayner complains about Pakistan trying to obtain eavesdropping technology. Why do you expect Pakistan to act different from the USA? Think of Clipper and USA export restrictions on encryption technology... Maybe the USA does a better job in covering up and might (or is expected to) be more decent in handling the information. The risk is to use communication technology that can be eavesdropped. Even if we think it's save now to trust the current government. Paul van Mossel. ------------------------------ Date: 6 February 1995 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S. users on .mil or .gov domains should contact (Dennis Rears ). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, THEN please send requests to (which is not yet automated). SUBJECT: SUBSCRIBE or UNSUBSCRIBE; text line (UN)SUBscribe RISKS [address to which RISKS is sent] CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. All other reuses of RISKS material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using RISKS material should obtain permission from the contributors. RISKS can also be read on the web at URL http://catless.ncl.ac.uk/Risks Individual issues can be accessed using a URL of the form http://catless.ncl.ac.uk/Risks/VL.IS.html (Please report any format errors to Lindsay.Marshall@newcastle.ac.uk) RISKS ARCHIVES: "ftp unix.sri.comlogin anonymousYourName cd risks or cwd risks, depending on your particular FTP. Issue J of volume 16 is in that directory: "get risks-16.J". For issues of earlier volumes, "get I/risks-I.J" (where I=1 to 15, J always TWO digits) for Vol I Issue j. Vol I summaries in J=00, in both main directory and I subdirectory; "bye" I and J are dummy variables here. REMEMBER, Unix is case sensitive; file names are lower-case only. =CarriageReturn; UNIX.SRI.COM = [128.18.30.66]; FTPs may differ; Unix prompts for username and password. Also ftp bitftp@pucc.Princeton.EDU. WAIS repository exists at server.wais.com [192.216.46.98], with DB=RISK (E-mail info@wais.com for info) or visit the web wais URL http://www.wais.com/ . Management Analytics Searcher Services (1st item) under http://all.net:8080/ also contains RISKS search services, courtesy of Fred Cohen. Use wisely. ------------------------------ End of RISKS-FORUM Digest 16.90 ************************