Subject: RISKS DIGEST 17.63 RISKS-LIST: Risks-Forum Digest Thursday 11 January 1996 Volume 17 : Issue 63 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, etc. ***** Contents: Justice Dept announces no prosecution of Phil Zimmermann (Stanton McCandlish) Human error cuts power at air-traffic control center (Sean Reifschneider) Misinterpreting technology -- Australian auto-autotolls (Kevin Lentin) Re: A glitch in time shaves NIST (Rob Huey) Tutorial on Internet Security for System and Network Administrators (Ed DeHart) WinWord `Concept Virus' revisited (Tim Parker) Re: Attacking Compuserve Subscribers (A. Padgett Peterson) CompuServe's Motives Questioned (Edupage) Re: CompuServe Overreaction (Sean A Dunn, Ben) Re: Metaphorplay on Compuservile (Bear Giles) CIS censorship--The Whole Story (Michael Kunze via Monty Solomon) ABRIDGED info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 11 Jan 1996 17:50:27 -0800 (PST) From: Stanton McCandlish Subject: Justice Dept announces no prosecution of Phil Zimmermann This is the Justice Dept. press release, verbatim [with considerable whitespace trimmed by PGN], announcing the dropping of the investigation of Phil Zimmermann (and presumably anyone else involved with PGP distribution to Usenet in '91). Transcribed from fax: [logo] United States Attorney Northern District of California San Jose Office (408) 535-5061 280 South First Street, Suite 371 San Jose, California 95113 FAX: (408) 535-5066 PRESS RELEASE, FOR IMMEDIATE RELEASE, January 11, 1995 Michael J. Yamaguchi, United States Attorney for the Northern District of California, announced today that his office has declined prosecution of any individuals in connection with the posting to USENET in June 1991 of the encryption program known as "Pretty Good Privacy." The investigation has been closed. No further comment will be made by the U.S. Attorney's office on the reasons for declination. Assistant U.S. Attorney William P. Keane of the U.S. Attorney's Office in San Jose at (408) 535-5053 oversaw the government's investigation of the case. ------------------------------ Date: Thu, 11 Jan 1996 08:49:34 -0600 (CST) From: Sean Reifschneider Subject: Human error cuts power at air-traffic control center In this Sunday's paper, the AP reported on yet another failure of the ATC system. Apparently, this one was caused by a technician who (after an overnight shift) thought he was working on the standby power conditioning system. Power was killed when he went to reinsert a "card" into the system at about 6:55am. "We were completely in the dark for at least 5 and more like 6 minutes, "said a controller and union representative for the National Air Traffic Controllers Association. Limited radio contact was restored within minutes, but the main radio and communications system was not fully operational until 8:38am, and all systems were not back to normal until 9:32. It was reported that no emergencies were reported during that time, possibly due in part because it happened at a time when traffic normally was low. My analysis: You often will see work being carried out by a group of 2 or 3 people in which only 1 of the people is really "working". A classic example was a local televised problem that had some utility company working on the problem. The news was interviewing a representative at the site who was saying "we're working our butts off to get it fixed" while in the background there were 3 or 4 guys standing around watching another guy dig. It sounds like 2 possible actions can be taken in the future. 1 is making it easier to distinguish the "live" and "standby" systems (some red spray paint perhaps). Another is to have someone there "helping" the technician. "Whoa, Bob! Don't'cha think you should be doing that on the STANDBY machine?" Overnight shifts can be a real killer (no pun intended) if you aren't extra careful. (On a side note, I watched Apollo 13 a couple of weeks ago and think techies can get a lot out of this movie. I loved watching the control systems. In particular I remember the silenceable alarms similar to the medical ones we've been talking about lately). Sean Reifschneider URL: XVScan -- HP-UX/Linux X11 scanning software ------------------------------ Date: Wed, 10 Jan 1996 18:53:24 +1100 (EST) From: Kevin Lentin Subject: Misinterpreting technology -- Australian auto-autotolls The RISKS described below are that when faced with new technology, people who don't know what they are talking about, yet are given credence, can do more harm than good. [This is in fact an old topic in RISKS, but it has some new twists. PGN] I encountered a double-barreled example on the radio today. The Victorian Government (Victoria is a state of Australia) plans to build a freeway system called CitiLink. It will be built and run by private companies and a French company will be collecting tolls for about 34 years. The road will cover a distance of something like 40km (22 miles). A questionaire sent out by the opposition to the government (who detest anything the government does - moreso than normal these days) was being discussed on the radio. The 2 points discussed were completely misunderstood by both the interviewer and the opposition member of parliament who was pushing the survey results. 1. The system will use a transponder in the car to automatically collect tolls. The questionaire posed a question describing how you would be able to open an account with the toll collectors and pre-deposit money into it. It then stated that they therefore had access to your bank balances and that was an invasion of privacy. Did people support such a scheme? It had escaped the minds of these people that if you pay anybody in advance, or open an account with anybody, that person will know your balance. They have to. If they don't, who else will? These two had decided that this was an EFTPOS style system and that they could query your balance unlike any other EFTPOS system. This is on the number 1 rating radio show in Melbourne. 2. They claimed that the transponders had 2 way communication with the toll `booms' and that therefore, all sorts of information about you and your car could be sent. For example: SPEED! The fact that the transponder is taped to your windshield and has no other connection to the car escaped their attention. Far more important, they missed the _real_ RISK. The tolls are to be taken at over half a dozen regions along the route. The opposition is yet to bring up the very real fact that any system that records when you go through each toll (which most people would insist on seeing on their bills!) can calculate your average speed between two such points and if you get from point A to point B too quickly, know you've been speeding. I am yet to hear any discussion of this point and the privacy problems associated with it. Does the legislation prevent or allow the authorities to obtain such information and/or use it in this way. The only discussion of speed was whether the transponder could transmit the speed of your car to the toll detectors. And the audience of these politicians and media geniuses (genii?) will believe anything they hear! Kevin Lentin K.Lentin@cs.monash.edu.au CARLTON 21-15-141 d geelong 11-14-80 ------------------------------ Date: Thu, 11 Jan 1996 12:15:41 -0500 From: Robhuey@aol.com Subject: Re: A glitch in time shaves NIST (Peterson, RISKS-17.59) Think about the impact of doing [the correction] at midnight. 1)The day increments to January 1, 1996, 00:00:00. 2) you reset the clock to 23:59:59 - minus one second. 3) The clock starts running again. 4) the day flips over, and it's suddenly, January 2, 1996, 00:00:00. No wonder they had problems. I know that's what my VCR would do if I tried that :-). My understanding is that in order to minimize problems, this "duplicate" second was supposed to occur at 7:00pm on December 31, 1995. (Not sure about 7:00pm, but) It was *not* supposed to happen at midnight. But, based on the observed effect it sounds like the adjustment did, in fact, happen at midnight. What I don't understand is: shouldn't NIST be the responsible body to set the official time (moment) when the leap second occurred!!?? Did they decide on 7:00pm 12/31, and then the implementors didn't follow the specification? :-)) Or were we at the mercy of a world organization (something else for the militias to worry about :-), that specified the UT (new/improved GMT :-) when it occurred, and it just happened to be midnight in Washington? (Although, I think the clock is actually in Colorado?) I wonder if the government shutdown had any impact on this!! ------------------------------ Date: Thu, 11 Jan 1996 15:52:50 -0500 From: Ed DeHart Subject: Tutorial on Internet Security for System and Network Administrators First offering... February 15 at the Software Engineering Institute, Pittsburgh, PA Who should attend? * practitioners (UNIX system and network administrators) who need to build and maintain trustworthy networked systems. * UNIX system programmers * practitioners who evaluate or initiate Internet connectivity This one-day seminar teaches practical strategies and techniques to combat the threat of intrusions and improve the security of operating systems connected to the Internet. Participants typically have at least one thing in common: the need, the desire, and the organizational mandate to provide trustworthy network services. They also typically share a lack of understanding of the issues related to network security and do not know how to protect their systems from the level of threat that exists on the Internet today. The seminar will cover fundamental security practices for UNIX system administration. Participants will learn about the latest information on security problems, defensive strategies, offensive strategies, network security, and establishing appropriate site security policy. After completing the seminar, participants will be able to establish and maintain a secure Internet site that allows the benefits of connectivity to the Internet while protecting the organization's data. Participants will also gain familiarity with tools that assist them in securing their systems. Seminar topics include: * latest information on security problems * UNIX system security * network security * site security policies SEI Events Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 FAX: 412 / 268-7401 To inquire about registration, payment, or logistics, contact-- Registration, Phone: 412 / 268-7388 Internet: registration@sei.cmu.edu To inquire about the course [and receive the full announcement], contact-- Customer Relations, Phone: 412 / 268-5800 Internet: customer-relations@sei.cmu.edu ------------------------------ Date: Thu, 11 Jan 1996 03:24:09 -0500 From: Tim Parker Subject: WinWord `Concept Virus' revisited I've recently had the unfortunate `pleasure' of dealing with the troubling consequences of the `Concept Virus' that affects Microsoft Word for Windows (WinWord) and Word for Macintosh. (To refresh your memory, the `Concept Virus' is a Trojan horse that rides on AutoExec macros that can be hidden in documents) Microsoft has distributed a set of macros that partially protects users - the macros identify documents that have macros and warns users that these macros MIGHT be hazardous... Several risks here... 1) The `fix' distributed by Microsoft isn't complete - there are ways to open documents (like from the recently used files list) that don't trigger the protection macros. 2) WordBasic is a very useful (albeit very quirky) language - enough so that alot of people have taken the time to learn it and build useful things with it - and enough so that just saying "don't run macros" is unacceptable... And automating tasks without use of AutoOpen macros gets much more difficult... (a macro named `AutoOpen' is executed when you open a WinWord document) 3) Without a clear distinction between CODE and DATA, we have the beginnings of a new form of terrorism - is it safe to read this document? 4) The REAL risk seems to be ignored here. WinWord DOCUMENTS cannot contain macros - this is reserved to TEMPLATES - the problem here is that you can give a TEMPLATE a ".DOC" extension and it will look to all in the outside world that it is really a DOCUMENT. The key flaw here (at many levels - from the operating system on up to the individual user) is that everything seems to be relying on the NAME of the file to indicate the TYPE of the file - rather than looking at the contents of the file to determine type. Microsoft has spent a lot of effort building on this fundamental flaw with all versions of Windows - the application run to edit/view/print a file is determined by the extension, not by the actual file format. Give a file a filename with an inappropriate extension and strange things can happen. (many applications will do a little error checking of their own and die gracefully - others will just crash - but... use your imagination!) This is really a thread all of its own... What can we do to address this problem? 1) ensure that `code' and `data' are clearly distinguishable - we should be able to communicate data without fear - code, on the other hand, is a different issue... 2) develop a standard code wrapper scheme to provide authentication and certification - Authentication (ala PGP) to verify that the file wasn't altered after the creator created it - and that the creator is really the creator) and Certification to allow proxies to bestow `trusted' status (This would allow trusted third parties to `screen' code for you - the `certifier' would also append a PGP-style signature). Users would have a repository of public keys for `trusted' sources - the code is `trusted' if either the `creator' or the `certifier' is in the repository (and, of course, the signature and the key check out OK) 3) start working NOW to get rid of U.S. export restrictions on crypto technology - good validation (and, for that matter, good anti-piracy) depends on secure encryption methods - if we can't export it, we can't use it in a world marketplace. I'm sure I'm not the first person in the world to think of encoding messages in pictures or sound files - not too efficient, but what's a little bandwidth when you really have something to hide? Tim Parker, Lobster Information Systems, Inc Litchfield, NH, USA tim@lobster.mv.com ------------------------------ Date: Wed, 10 Jan 96 16:19:08 -0500 From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson) Subject: Re: Attacking Compuserve Subscribers (Kabay, RISKS-17.62) I really do not understand Mr. Kabay's concern for C$. (Of course, the repeated reference to the NCSA forum may indicate that there is some bias there.) Mr. Baker is free to write whatever he wants including a rather restrictive copyright notice. Peter is free to publish or not and C$ is free (practically not legally speaking) to respect it or not. As an expression of intent it is clear that once the electronic word reaches the Internet, any hope for control is about the same as controlling cats. Certainly, if notices were universally respected, I would have retired long ago from shareware revenue. Fortunately, it was not my expectation to derive an income from it, rather to have some measure of control hence "copyrighted freeware". I have an opinion on the subject (in fact is the same one I sent to Klaus before the first RISKS posting appeared) but it is really not necessary to discuss. The question Mr. Baker faces is the same as the German authorities face concerning "International" regulations: enforceability. Their power to enforce does not extend beyond the limits of their sovereignty. C$ does business in Germany. If they wish to continue then a corporate decision must be made (and there are a number of options). It is probable that Mr. Baker has even less ability to enforce his copyright statement. However I suspect that "free speech" is often confused with "property rights". Anyone may disagree with Mr. Baker's position but to say that he is wrong to take that position or to declare an intent to limit dissemination is something entirely different. I have been flamed on numerous occasions for refusing to provide viral code or software I have developed to people simply because they feel they have a need (often just a desire or pure laziness) for it. That is my "right". As a result it is bothersome to see a respected member of the community chiding another for putting restrictions on dissemination of what they have created particularly when the restriction was obviously intended to be a statement itself. Padgett ------------------------------ Date: Thu, 11 Jan 1996 16:48:50 -0500 (EST) From: Educom Subject: CompuServe's Motives Questioned (Edupage, 11 January 1996) CompuServe's recent action to shut down subscriber access to 200 newsgroups carrying sexual content was motivated more by U.S. politics than German objections, apparently. Reports that the action was in response to Bavarian government complaints are false -- the incident was sparked by an inquiry from a district attorney in Munich regarding the alt.sex groups. Leaders of all four parties in the Bundestag have spoken out against any legislation to regulate the Internet and agree that existing criminal law in Germany is sufficient to handle any potential legal misconduct. It's rumored that, rather than reacting to German authorities, CompuServe's restrictions were enacted in response to legislation pending in Congress against "indecent" digital content in an effort to bolster CompuServe's reputation as a morally responsible online service provider. (STERN Infomat, 3, 1996) ------------------------------ Date: Wed, 10 Jan 1996 23:10:17 GMT From: Sean A Dunn Subject: Re: CompuServe Overreaction (RISKS-17.61) It puzzles me that so many people are up in arms over Compuserve's decision to block newsgroups, no matter how many. Discussion over the (lack of) right of individual countries to say what they think is reasonable is bizarre, to say the least. If Germany decides, in any way, that it does not want certain sorts of material available via Compuserve (a company that provides what amounts to the largest bulletin board in the world - the Internet is different in that each computer is actually part of it), and that decision is in accordance with German law, it has the right to enforce it. Compuserve might find it technically simpler to treat the entire world as basically groups of people speaking funny languages, but if it wants to trade in Germany, it must act in accordance with its laws, however bewildering or unreasonable. If Compuserve finds it easiest to solve this problem (almost certainly in the short-term) by canning all access to some news groups, then so be it - you don't have to use Compuserve if you don't want to. The risk of trying to insist that US liberalism should apply across the globe seems dangerous to me. Expecting another country to obey according to your rules has probably been a significant factor in the starting of a number of wars over the centuries! Global war, or even a local one, is not a likely consequence of differing restrictions on pornographic material on Compuserve or the Internet. But, a growing feeling that anyone should be allowed to say anything may be the outcome. As is evidenced by comments in many newsgroups, the US dominates Compuserve and the Internet - but US ideals are definitely not appropriate nor appreciated by every country. *** Sean Dunn, Wolverhampton, England *** *** E-mail: sean@lilydale.demon.co.uk *** ------------------------------ Date: Wed, 10 Jan 1996 09:53:04 +1100 (EST) From: ben@jna.com.au Subject: Re: CompuServe Overreaction I've thought of a RISK arising from the reaction of CompuServe to pornography on its discussion groups. If there were a discussion group that you wanted to attack, you could submit some child pornography to it, and then wait for CompuServe to do your dirty work for you, and close it down. And if you wanted to be thoroughly despicable, you could submit the pornography via an anonymous remailer. Every news group in the world is wide open to that kind of risk. My opinion on the subject is this: if someone uses a telephone to commit a crime, do you prosecute the telephone company? Obviously not - you prosecute the person who committed the crime. I think that the case with Internet service providers is similar. Just because there are difficulties in the Internet, finding the person who has committed the crime, doesn't make it reasonable to prosecute someone who is innocent. Ben ------------------------------ Date: Wed, 10 Jan 1996 11:04:53 -0700 From: Bear Giles Subject: Re: Metaphorplay on Compuservile (Baker, RISKS-17.61) I feel compelled to point out that Robert Anton Wilson found an even more elegant solution in one of his fictional works. He believed it unlikely that the Supreme Court justices would find their own names obscene, so (using contemporary Justices) he would have a couple wildly thomasing in the back of their car, a drunk man renquisting against a tree, a ditzy blonde model with huge scalias, etc. For anyone interested, I think this appeared in the second _Schroedinger's Cat_ book, but I might be mistaken. Bear Giles bear@indra.com ------------------------------ Date: Thu, 11 Jan 1996 03:00:36 -0500 From: Monty Solomon Subject: CIS censorship--The Whole Story Begin forwarded message: Date: Sat, 06 Jan 1996 09:33:39 GMT From: michael_kunze@spiegel.de (Michael Kunze) Newsgroups: alt.censorship Subject: CIS censorship--The whole story Dear Nettizens, Some few five-hundred postings ago, I promised you let you have more details about the CompuServe censorship case investigated by the editorial staff of SPIEGEL online. It is not a story of evil but of people acting overambitious and ignorant. And it is not quite as simple as DrG might be wishing! To keep it short, here are the facts: In 1994, a Task Force called "AG EDV" was set up by the Bavarian Minister of Interior at the Police Headquarters in Munich. Initially, the Task Force was formed to search persons dealing with pornographic material via BTX the former online service of German Telekom and its work was limited to one year. For the moment, investigations of this Task Force ran successfully due to the assistance of Telekom. But simultaneously, people being suspected changed their ways of distributing either to closed BBS systems or chose more secret methods. So the Task Force was compelled to enhance their efforts and they raided Munich BBS systems. Furthermore, they studied computer magazines to find ads for pornographic CD-ROMs. During this operation they found what they were looking for, and "PC Direkt", a Ziff Davis publication, and some other magazine were forced to pulp some issues. All activities of the Task Force could not have happened, if they were not supported by a whole bunch of local prosecutors and judges. Sticking together, chatting, doing favours forms a part of the social life in Munich - in malicious words - the `Munich swamp'. The prevailing opinion of the Task Force and of some prosecutors is that carriers of digital information could held responsible for the content of what they are spreading. This meaning matches exactly the content of the CDA. But this is only one point of view. Up to now, there doesn't exist any law or direction in Germany concerning responsibilities of ISPs or online services regarding contents they only do deliver. And so, judges decide from case to case. The German department of justice thinks that carriers could be held responsible if they deliver illegal content "deliberately". But then, could one call them "carriers"? [I suppose, if they are carrying "common" materials, then they must be "common" carriers! PGN] Last summer, a kind of hysteria about Internet pornography broke out in German media. A few journalist had made their first steps in the Internet and discovered nasty postings in the alt.binaries.pictures.erotica Usenet hierarchy. A student of Erlangen University was seized because of spreading child porn via Usenet. Then, the "Time" article about Internet porn was published and quoted by nearly every German newspaper. I think at that time the Task Force planned to investigate the Usenet. Due to the facts that CIS had become a big ISP and their German office is located in Munich, CIS seemed to be a worthwhile target. Somehow the Task Force managed to get a search warrant to investigate the Munich CIS office on November, 22nd. However, the search was more or less like a visit. Let me quote the public prosecutor: CompuServe "was quite cooperative". "We sat together talking about chances to kick pornographic contents out of CompuServe's information system." The police officers just collected a copy of the CompuServe association contract and the address of the CEO. Two days later, CompuServe's German managers published that they "will do anything to support the work of German authorities fighting against pornography in Cyberspace". On December, 8th, CIS was handed a list of more than 200 newsgroups by the Task Force. In my opinion, interpreting the prosecutor and the CIS spokeswoman, this list was presented to CIS as containing "suspicious newsgroups". In the attached letter from the prosecutor it is said: "... it is left to CompuServe to take the necessary steps to avoid possible liabilities to punishment." So, if CompuServe should have ever had threats, it could have been only very small ones. But there is no reason to their German management to risk anything. CompuServe's approach is not to guarantee for "freedom of speech and information" but to make "money". When I interviewed the prosecutor, it soon became quite clear that his department had tried to bring CIS to court to get its legal position checked by some judges. Because of CIS servile tactics they had to give up their goal. The ominous list itself shows how ignorant the members of the Task Force are about the Usenet. In my opinion, they just sampled all newsgroups containing words like "sex", "erotic", "gay" and so on and put the result onto the list. We have two in-depth articles on the whole affair on our web server. One is an extended version of what I've posted here, the other deals with the CDA and the actual political and legal situation concerning the Internet. Unfortunately for US readers, these articles are in German, because we didn't find the time to translate them. But I hope will can manage this until Monday 8th, 8:00 AM, EST. Then, you should point your browser to or have a look at our complete online services at . By the way, SPIEGEL Online is the online department of the [reputable] German news magazine DER SPIEGEL. Michael Kunze, Redaktion/editorial staff, Spiegel Online, Brandstwiete 19, 20457 Hamburg / Germany Tel.:+49(0)40-3007-0 Fax :+49(0)40-3007-2986 ------------------------------ Date: 11 January 1996 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: ABRIDGED info on RISKS (comp.risks) The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. [...] DIRECT REQUESTS to (majordomo) with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] INFO [for further information] CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, nonrepetitious, and without caveats on distribution. Diversity is welcome, but not personal attacks. [...] ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. RISKS can also be read on the web at URL http://catless.ncl.ac.uk/Risks RISKS ARCHIVES: "ftp ftp.sri.comlogin anonymous[YourNetAddress] cd risks or cwd risks, depending on your particular FTP. [...] [Back issues are in the subdirectory corresponding to the volume number.] Individual issues can be accessed using a URL of the form http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue] ftp://unix.sri.com/risks [if your browser accepts URLs.] ------------------------------ End of RISKS-FORUM Digest 17.63 ************************