Subject: RISKS DIGEST 17.33 RISKS-LIST: Risks-Forum Digest Friday 8 September 1995 Volume 17 : Issue 33 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, etc. ***** Contents: Virtual reality damages vestibular-ocular reflex? (Daniel P. B. Smith) Sony satellite dishes REMOTELY reprogrammable? (Robert L Krawitz) Password cracking 'improves' security (Duncan Booth) Total data loss (T H Pineapple) Viruses Plague Microsoft Programs (Edupage) Word Macro virus, platform crossing, and VBA (Rob Slade) Re: Two Way HOV Lane (Bill Hefley) "Computers Ethics and Social Values" by Johnson/Nissenbaum (Rob Slade) Cybersobriety/new book: Democracy & Technology (R.E. Sclove) Software Assessment: Reliability, Safety, Testability (Friedman and Voas) Network Security '95, final program information (SANS'95) ABRIDGED info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 7 Sep 1995 21:51:25 -0400 From: dpbsmith@world.std.com (Daniel P. B. Smith) Subject: Virtual reality damages vestibular-ocular reflex? Electronic Engineering Times, 14 Aug 95, has an article entitled "Neural VOR predicts illness." According to the article, "A complete model of the vestibular-ocular reflex (VOR) was demonstrated here at the World Congress on Neural Networks. The neural-network-based model accurate mimics not only the behavior of a VOR but the abnormal behavior of damaged VORs. Separately, the author estimates that at least two months' exposure to inaccurate virtual-reality simulations could damage health VORs." Choose your interpretation... does this highlight a RISK of virtual reality, or a RISK of drawing real-world conclusions from computer modelling? Daniel P. B. Smith dpbsmith@world.std.com ------------------------------ Date: Fri, 8 Sep 1995 09:19:21 -0400 From: Robert L Krawitz Subject: Sony satellite dishes REMOTELY reprogrammable? An article in the _Boston Globe_ 8 Sept 1995 mentioned that some Sony miniature satellite dishes have a problem, the nature of which is that the screen freezes and the audio drops for a second or two. What raised my eyebrows was a comment by a Sony official that the company is investigating the possibility of downloading a fix into the dishes (the problem is apparently software in nature, with the result being that the tuner doesn't lock properly). This would require no action on the part of users, and the TV set (in the words of the article) would not need to be on when the fix was downloaded for it to have effect. If the official knew that this kind of remote reprogramming facility exists (as opposed to this person being a PR flack just blowing smoke), well, the possibilities may be left to the imaginations of my fellow RISKS readers. Robert Krawitz , Member of the League for Programming Freedom -- mail lpf@uunet.uu.net Tall Clubs International -- tci-request@think.com ------------------------------ Date: Thu, 07 Sep 1995 09:52:54 +0100 From: Duncan Booth Subject: Password cracking 'improves' security The following extract is from an advertisement for a program called WDPass: Never lose your passwords again. For many organisations the major deterrent to using the security features in programs such as WordPerfect and Lotus 1-2-3 is the fear of rendering crucial files inaccessible by losing or forgetting passwords. It is logical to have an immediate solution to recovering passwords and enhancing security. WDPass can immediately recover lost passwords and, thus access locked files allowing users to feel secure in using passwords to lock confidential files. [Ingram Micro Services advertisement in September 1995 issue of Connectivity (a newsletter published by the PC User Group)] The program claims to work for a variety of Wordperfect, Microsoft, Lotus and Borland file formats. I find it hard to believe that anyone could read this advert and think that buying a program that breaks the passwords on all of their files will make the confidentiality of their data more secure, but the risk is that out there are some senior executives gullible enough to think that this allows them to rely entirely on password protection of documents instead of more traditional locks and keys. Duncan Booth, RCP Consultants Ltd, Didcot, OXON UK duncan@rcp.co.uk ------------------------------ Date: Fri, 8 Sep 95 12:17 BST-1 From: thp@cix.compulink.co.uk (T H Pineapple) Subject: Total data loss If you're returning a hard disk to a data recovery firm, do make sure the couriers don't wind up having their van hijacked... dude://steev@Almathera.Ltd.UK. Netsurf & Opticality. thp@cix.compulink.co.uk http://www.thenet.co.uk/~almat/ [ photogenics ] [ windows '95 companion ] [Yes, in case you are wondering. It REALLY happened. The details are being withheld because of forensics and legal processes. Stay tuned. Maybe we will hear some more later. PGN] ------------------------------ Date: Fri, 1 Sep 1995 04:24:21 -0400 (EDT) From: Educom Subject: Viruses Plague Microsoft Programs (Edupage, 31 Aug 1995) A strange virus is invading documents created with Microsoft's popular Word program. While it doesn't destroy files or cause serious damage, it changes files into templates, which can then be awkward to work with or transfer. Microsoft is distributing a fix that gets rid of the virus and inoculates against future contamination, available though help lines or at < http://www.microsoft.com >. (Wall Street Journal 30 Aug 95 B2) Meanwhile, some would-be Windows 95 users are complaining that they get stuck after the first disk. A Microsoft spokeswoman says that a virus already on the users' computers is at fault -- when it's activated by the first Windows 95 disk, it prevents any other disks from being installed. Details on how to fix the problem will be forthcoming, but meanwhile, users who install the program via floppy disk should use a virus checker to scan their systems first and set the write-protect tab on their program disks before installing them. (Houston Chronicle 31 Aug 95 C1) Edupage is written by John Gehl (gehl@educom.edu) & Suzanne Douglas (douglas@educom.edu). Voice: 404-371-1853, Fax: 404-371-8057. ------------------------------ Date: Wed, 06 Sep 1995 00:34:48 EST From: "Rob Slade" Subject: Word Macro virus, platform crossing, and VBA In regard to the recent postings on the Word.Macro/WinWord.Concept virus by Paul Ducklin, Gene Spafford and others, there are some related developments of note. As the postings have said, the concept of macro or interpreted viral "programs" has been known, experimented with and theorized for some time. A major factor in the success of such a virus is a "critical mass" of compatible systems. For a time the Rexx language appeared to be poised on the brink of "success" as a cross platform macro environment, and currently there is interest in MIME (Multi-purpose Internet Mail Extensions). Neither of those systems, however, has yet become a major player. By a quirk of chance I have recently reviewed a number of books on Microsoft's Visual Basic. All of them have mentioned Microsoft's move towards Visual Basic for Applications, or VBA. This is to be a fully compatible programming/scripting/macro environment replacing and augmenting the various macro functions in Microsoft products. Once VBA is implemented, a macro virus word not merely be able to spread from WinWord to MacWord documents, but to Excel, Access, FoxPro and a host of other applications as well. Indeed, from the information in the books, Microsoft is interested in licensing VBA to other developers for inclusion in non-MS applications. Perhaps it's time to turn off the macro "autoload" capabilities in all your applications? ROBERTS@decus.ca rslade@cln.etc.bc.ca rslade@freenet.vancouver.bc.ca Author "Robert Slade's Guide to Computer Viruses" 0-387-94311-0/3-540-94311-0 [Hey, folks, this is not really a virus. It is a Trojan horse, akin to the letter bombs of yore that contained squirreled nonprinting characters. As a reminder, we had a fine discussion in RISKS-16.55 and 56, begun by Mike Crawford, on the risks of Trojan horses in PostScript files. PGN] ------------------------------ Date: Wed, 30 Aug 95 11:57:49 EDT From: Bill Hefley Subject: Re: Two Way HOV Lane (Weinstock, RISKS-17.30,32) My colleague, Chuck Weinstock, recently reported to this forum a terrible accident that happened here in Pittsburgh, PA, regarding a head-on collision between two vehicles travelling in opposite directions on a high occupancy vehicle (HOV) lane. Several people were killed in this accident, and two individuals remain hospitalized. This HOV lane is supposedly only open in one direction at a time. There are three new developments in this incident, according to last night's news: 1) There have been news reports of at least three other incidents of cars travelling in both directions simultaneously in the HOV lane--three more potential head-on crashes occurring just since the fatal accident last week. 2) An employee of the state department of transportation (PennDoT) who had been responsible for manually opening and closing the gates and turning on/off the signs to control access to the HOV lane was fired yesterday. His attorney reportedly admitted that he had opened the south end of the lane before closing the north end (in violation of procedure) and then lied to investigators by claiming that he had followed procedures. There may be criminal charges filed against the former PennDoT employee. 3) PennDoT reportedly is planning to spend a million dollars to upgrade the control system and signage for this HOV lane. According to the news reports, it sounds like they are planning to put into a central location a set of manually-operated switches to control the gates and signs, much as they are manually controlled in the field by a single operator now. IMHO, I'd have serious concerns about this sort of "automated" control system coupled with the use of a manual checklist. The same potential problem for human error or failure to follow the checklist could still exist, if the appropriate safety mechanisms are not built in. The only difference is that the problem has now merely moved from the physical gate and sign devices to a control panel in a central facility. All one needs to do is look at the prior literature on human error in control rooms to validate this concern. For example, in the nuclear power industry, estimates of human error (as a percentage of system failures) range from twenty to sixty-five percent [Moray88]. Within a particular type of system, operating power plants, 15 to 30% of reported events occurring during operation involved a human error component [Griffon-Fouco87]. Of these events: - -- approximately 80% occur during operation and periodic tests - -- about 50% occur in the control room - -- almost 40% of these errors are evidenced by inappropriate user actions [Griffon-Fouco87]. Related studies [Meclot & Griffon-Fouco88] have indicated a number of deep causes of these human failures. Although sixty-two percent of the significant incidents can be attributed to the ergonomics of the workplace and the organization of the work, another fifty-six percent can be attributed to failure to follow procedures (26%), content of procedures (16%), task complexity (11%) and the form of the procedures (3%). Taken from these prior studies, procedure following in a control room is still far from perfect reliability--human error can still occur. I hope that PennDoT does more than just add in switches to manually control the HOV lane, and also incorporates appropriate interlocks into their control room. References: Griffon-Fouco, M., & Ghertman, F. (1987). Data Collection on Human Factors. In J. Rasmussen, K. Duncan, & J. Leplat (eds.), New Technology and Human Error [Chap. 18]. (B. Wilpert, Series Ed.) (New Technologies and Work). (pp. 193-207). Chichester, UK: John Wiley & Sons. Meclot, B., & Griffon-Fouco, M. (1988). L'Analyse des Incidents et L'Interface Homme-Machine. In Man-Machine Interface in the Nuclear Industry [IEAE-CN-49/34]. Tokyo, Japan. (IAEA Proceedings Series). (pp. 51-60). Vienna, Austria: International Atomic Energy Agency. Moray, N. P., & Huey, B. M. (eds). (1988). Human Factors Research and Nuclear Safety. Washington, D. C.: National Academy Press. Bill Hefley - Senior MTS, Software Engineering Institute, Carnegie Mellon Univ. Pittsburgh, PA 15213 +1-412-268-7793 weh@sei.cmu.edu [Note added on 8 Sept 1995: The fired worker has now been charged with involuntary manslaughter and faces as much as 31 years in prison. Not only did he open the gates in the wrong order, but he knew of the accident and failed to radio it in or offer assistance, his fire extinguisher, or any help. BH] ------------------------------ Date: Sat, 02 Sep 1995 00:42:25 EST From: "Rob Slade" Subject: "Computers Ethics and Social Values" by Johnson/Nissenbaum BKCMETSV.RVW 950609 "Computers, Ethics & Social Values", Johnson/Nissenbaum, 1995, 0-13-103110-4 %A Deborah Johnson %A Helen Nissenbaum %C One Lake St., Upper Saddle River, NJ 07458 %D 1995 %G 0-13-103110-4 %I Prentice-Hall, Inc. %O +1-201-236-7139 fax: +1-201-236-7131 beth_hespe@prenhall.com %P 714 %T "Computers, Ethics & Social Values" Johnson's earlier book, "Computer Ethics" (cf. BKCMPETH.RVW), may be considered the preeminent work in the field. This collection of papers, co-edited with Nissenbaum, enhances, but does not extend, that prior work. Ethical problems may be divided into a number of groups in the computer world. Three stand out in particular. Some dilemmas arise from a conflict of agreed "good" values. These are the situations described in moral scenarios: should the poor man steal the medicine necessary to cure his wife from the inventor who will not reduce his price. A second class have to do with unknown or unpredictable situations. In the non-computer world, an example would be megaprojects of unknown environmental impact. The third grouping would include situations where a vast majority hold to a certain standard of behaviour, while a minority act otherwise. Cults and certain brands of terrorism would fall into this category. Most non-computer ethical discussion is directed at the first class of problems, and most works on morality in computing follow suit. The articles in this book go a bit further. Chapter five, and parts of six and seven, raise issues related to group two problems. The ethical analysis is, however, limited and tentative. The inclusion of articles by Stallman, and Dorothy Denning's interview with Frank Drake, would seem to be an attempt to discuss the third type of issues. The bulk of the work, though, speaks with a single voice from the position of conventional morality, yet fails to address realistically the problem of bringing outsiders into the fold. The papers seem to have a fair distribution between academic and popular works. Be forewarned: some of the latter have a Saturday-magazine level of accuracy to the information. Non-American readers should note a heavy reliance on American case and constitutional law, although most discussions are sufficiently detailed as to raise common law issues. copyright Robert M. Slade, 1995 BKCMETSV.RVW 950609 Vancouver Institute for Research into User Security, Canada V7K 2G6 ROBERTS@decus.ca Robert_Slade@sfu.ca Rob.Slade@f733.n153.z1.fidonet.org ------------------------------ Date: Tue, 29 Aug 1995 13:08:17 -0500 (EST) From: RESCLOVE@amherst.edu Subject: Cybersobriety/new book: Democracy & Technology Richard E. Sclove, _Democracy and Technology_ (New York: Guilford Press, 1995). Paperback ISBN 0-89862-861-X; hardcover ISBN 0-89862-860-1. The book develops a constructive agenda for democratizing all domains of technology--ranging from household to workplace, government, urban infrastructure, medicine, farming, etc. [For further information, contact Dick Sclove, Executive Director, The Loka Institute, P.O. Box 355, Amherst, MA 01004-0355, USA 413 253-2828; Fax 413 253-4942 resclove@amherst.edu World Wide Web: http://www.amherst.edu/~loka/ or info@guilford.com. PGN] ------------------------------ Date: 29 Aug 1995 16:52:39 -0800 From: "Friedman, Michael A" Subject: Book: Software Assessment: Reliability, Safety, Testability Book: Software Assessment: Reliability, Safety, Testability Authors: Michael A. Friedman & Jeffrey M. Voas Publisher: John Wiley & Sons, New York (1-800-225-5945) ISBN 0-471-01009-X; Hardbound, $54.95 Is software quality testing really effective or just a waste of time? The skeptics conclude that it is an exercise in futility to try to measure the reliability and safety of these complex systems under all critical circumstances. They contend that quality assurance comes only through a strict adherence to rigorous development process models. In this groundbreaking book, Michael Friedman and Jeffrey Voas dispel that myth. They demonstrate that extremely accurate, cost-effective software quality testing can now be a reality, thanks to powerful new analytical tools. Central to the approach outlined in Software Assessment is an assessment optimization technique called testability analysis. Pioneered at the College of William and Mary and NASA by Jeffrey Voas, testability analysis predicts the likelihood that latent bugs will be detected through testing. Because no test oracle is required, testability analysis can be automated. The book offers a balanced presentation of theory and practice. Featuring exhaustive coverage of the foundations of reliability, safety, and testability, it uses real-world examples, illustrations, and clear descriptions to explore all of the latest techniques for assessing those qualities. Contents Introduction 1. The Balls and Urn View of Software Testing 2. The PIE Assessment Model of Software Testability I 3. The PIE Assessment Model of Software Testability II 4. Designing Toward the Tester's Utopia 5. Software Safety 6. Assessment of Safety-Critical Software Units 7. Software Reliability Modeling 8. Software Reliability Growth Modeling 9. System Modeling 10. Software Reliability Prediction, Allocation and Demonstration Testing 11. Generating Test Cases Index ------------------------------ Date: 7 Sep 1995 11:15:30 -0400 From: sans@clark.net (SANS'95 Conference Office) Subject: Unix Network Security '95, final program information [You don't know what SANS is? The official message that I trimmed down for RISKS didn't say. The NS is presumably Network Security, but WITHOUT SANS (bad franglais pun) deacronymization, it is hard to tell. PGN] The entire program lasts a week (November 13 - 18) with in-depth courses on Monday through Wednesday and on Saturday. The multi-track Technical Conference is on Wednesday and Thursday. [Send E-mail to sans@clark.net or phone 719-599-4303 for full program and registration information. PGN] TECHNICAL CONFERENCE PROGRAM Unix Network Security 95 (November 16-17, Washington D.C.) Thursday, November 16, 1995 9:00 - 10:30 Keynote Address Keynote: "Early Insecurity" Peter Salus Track 1: Remainder of Thursday 11:00 - 12:30 pm Session 1-1: "Legal Issues of Computer Security" 2:00 - 3:30 Session 1-2: Intruder Profiles and Incident Response Experiences "Current Trends in Intruder Methods", Moira West or Tom Longstaff, CERT "An Incident Response Case Study", Brent Mead, Jet Propulsion Laboratory 4:00 - 5:30 Session 1-3: Incident Response Case Studies, Randy Marchany, VPI "Security in the Blacksburg Electronic Village" "Email Harassment: the Aura of Anonymity" Thursday Track 2 11:00 - 12:30 Sessions 2-1: Intrusion Detection - Past, Present and Future "Informal Methods of Intrusion Detection", Matt Bishop, Univ. California Davis "An Introduction to Intrusion Detection Modeling", Karl Levitt, UCDavis 2:00 - 3:30 pm Session 2-2: Current Intrusion Detection Systems and Future Trends: A Panel, Moderated by Dorothy Denning, Georgetown University Panel Members: Becky Bace, Department of Defense Karl Levitt, University of California at Davis Teresa Lunt, ARPA/ITO 4:00 -5:30 pm Session 2-3: Encryption Alternatives: Overview and Applications Dr. Robert Baldwin, RSA Data Security, Inc. Both tracks: 5:45 - 6:45 pm Special Bonus Session and Contest: The Best Security Stories of 1995 Contest Winners E-mail (before September 12) your abstract and complete contact information (name, title, organization, address, telephone, fax, email address to sans@clark.net. Evening: BOFs 8:00 to 10:00 Friday November 17 Track I 9:00 - 10:30 am Session 1-4: Intruders and Incident Response "Network Intruder Profiles", Gene Shultz, SRI "Building An Incident Response Team for Your Organization", Gene Shultz, SRI 10:45 am - 12:15 pm Session 1-5 Firewalls - Design Issues and Case Studies, Part I "An Overview of Firewall Design and Selection Criteria", Marcus Ranum "Case Study: A Winding Road To Security", Marcus Ranum 1:15 to 2:45 Session 1-6 Firewalls - Design Issues and Case Studies, Part II "Case Study: A Secure Firewall Implementation", Paul Vixie, Vixie Enterprises "Firewalls Into the 20th Century - Where Do We Go From Here", Fred Avolio, Trusted Information Systems 3:00 - 3:45 Session 1-7: "Case Study: Experiences In Implementing A Network Authentication System In A Large Commercial Site", Bryan Koch, Norwest Technical Services Track 2 9:00 - 10:30 Session 2-4: "Surviving the Battlefield of Security Policy Design and Implementation", Michele D. Crabb, Sterling/NASA Ames, Todd Welch, Sterling/NASA Ames, plus one other speaker to be announced 10:45 - 12:15 Session 2-5: "Insecurity in the PC-UNIX Realm", Kenneth R. van Wyk, Defense Information Systems Agency and two associates to be named at the conference 1:15 - 2:45 Session 2-6: Potpourri One - Real World Experiences "Case Study: Whom Shall I Say is Calling?", Hal Pomeranz - The NetMarket Co. "Four Short Case Studies: Variations On A Theme", Darren Reed, Cybersource Software Services (Australia) 3:00 - 3:45 Session 2-7: Potpourri Two - Real World Experiences "Augmenting Security in a UNIX Environment", Steve Lutz, Chase Manhattan Both Tracks 3:45 - 4:30 Session 8: Plenary Session "The Taking of Clark", Bill Cheswick, AT&T Bell Labs 4:30 - 4:45 Summing Up: The Conference Chairpersons List of Full-Day Intensive Courses: COURSE M1: UNIX Security Threats and Solutions (Basic) Dr. Matt Bishop (Univ. of California at Davis) (NEW and UNIQUE) COURSE M2: Firewalls: Principles, Six Key Pitfalls, and Finding The Right Solution, Bruce D. Wilner (NEW AND UNIQUE) COURSE T8: Building a Successful Security Infrastructure Michele Crabb, Sterling Software Inc. for NASA Ames Research Center COURSE T9: Advanced Topics in UNIX Security Dr. Matt Bishop, University of California at Davis (EXPANDED) COURSE W16: UNIX Security Tools: Use and Comparison Dr. Matt Bishop (Univ. of California at Davis) COURSE W17: Network Security, the Kerberos Approach Dan Geer, Open Vision Four Half-Day Post Conference Workshops Workshop S51: (NEW) Security and the World Wide Web, John Stewart, Cisco Workshop S52: (New and Unique)Workshop on Security Policy Design and Implementation, Michele Crabb, Sterling at NASA Ames Workshop S53: Survival Strategies: Ten Keys To Giving Winning Technical Presentations Alan Paller, President, The CIO Institute Workshop S54: Survival Strategies: Great Technical Writing Made Easy, Carolyn Sherman ------------------------------ Date: 6 September 1995 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: ABRIDGED info on RISKS (comp.risks) The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. [...] DIRECT REQUESTS to (now majordomo) with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] INFO [for further information] CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. [...] ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. RISKS can also be read on the web at URL http://catless.ncl.ac.uk/Risks RISKS ARCHIVES: "ftp unix.sri.comlogin anonymous[YourNetAddress] cd risks or cwd risks, depending on your particular FTP. [...] [Back issues are in the subdirectory corresponding to the volume number.] Individual issues can be accessed using a URL of the form http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue] ftp://unix.sri.com/risks [if your browser accepts URLs.] ------------------------------ End of RISKS-FORUM Digest 17.33 ************************