7-May-86 22:39:45-PDT,19856;000000000000 Mail-From: NEUMANN created at 7-May-86 22:37:15 Date: Wed 7 May 86 22:37:15-PDT From: RISKS FORUM (Peter G. Neumann, Coordinator) Subject: RISKS-2.49 Sender: NEUMANN@SRI-CSL.ARPA To: RISKS-LIST@SRI-CSL.ARPA RISKS-LIST: RISKS-FORUM Digest, Tuesday, 6 May 1986 Volume 2 : Issue 49 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Perrow on reactor containment vessels (Richard Guy) Captain Midnight (Scott Dorsey, MRB) NSA planning new data encryption scheme - they'll keep the keys (Jon Jacky) Espionage (Mike McLaughlin) The Star Wars Swindle (Dave Weiss) Backups (Will Martin) Interpreting Satellite Pictures (Lindsay F. Marshall) Word-processing damages expression (Niall Mansfield, PGN) Proofreading vs. computer-based spelling checks (Dave Platt) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@SRI-CSL.ARPA, Requests to RISKS-Request@SRI-CSL.ARPA.) (Back issues Vol i Issue j stored in SRI-CSL:RISKS-i.j. Vol 1: MAXj=45) ---------------------------------------------------------------------- Date: Wed, 7 May 86 17:27:54 PDT From: Richard Guy To: risks@sri-csl Subject: Perrow on reactor containment vessels I found the following paragraph to be particularly prophetic: (p.40-1) "We can be glad that we have containment buildings. These are concrete shells that cover the reactor vessel and other key pieces of equipment, and are maintained at negative pressures--that is, at a lower air pressure than the atmosphere outside of them--so that if a leak occurs, clean air will flow in rather than radioactive air flowing out. The Soviet Union, which did not begin a large nuclear generating program until about 1970, is far less concerned about the chance of large accidents, so they did not build containment structures for their early reactors, nor do they yet require emergency core cooling systems. Had the accident at Three Mile Island taken place in one of the plants near Moscow, it would have exposed the operators to potentially lethal doses, and irradiated a large population." How is negative pressure maintained? By pumping the contents of the containment building outside? Into a tank somewhere? It seems to me that a leak in the reactor vessel would be releasing very hot gases at very high pressure into the containment building, and even though the building is much larger than the vessel, the pressure differential could be eliminated very soon. To answer my initial question, it seems that the only safe place to pump the (possibly contaminated) building contents is into tanks inside the containment building. Does anyone know if this is how its done? Richard Guy Excerpt from: Normal Accidents, by Perrow UCLA Computer Science 1984, Basic Books [The Soviets are putting the blame on human error. But that may be the case only because they are not very computerized. However, as in TMI, one can put some blame on the absence of computers! In nuclear power, you seem to run the risk of losing either way!] ------------------------------ Date: Sat, 3 May 86 18:30:55 edt From: Scott Dorsey Apparently-To: seismo!sri-csl!risks Subject: Captain Midnight Assuming that Captain Midnight was not an employee of HBO, the trouble required to override a satellite signal is still pretty complex. A significant amount of power is required, probably from some travelling wave tube or klystron. High-power microwave stuff is often sold government surplus at pretty low prices, and a kilowatt or so would certainly do the job. Modulation of equipment designed for pulse and similar radar applications would not be simple, though, and from the look of the bad signal that the Captain put out, that may well have been the method used. Large dish antennae are pretty common, and mesh antennae can be put up and taken down in an hours time, and constructed of wood and chicken wire. In addition, it is possible that the signal originated from somewhere inside HBO. Several examples exist of the wire feed from a radio station's studio to their transmitter being cut and replaced with casette players, etc. In addition, if the studio/transmitter feed is a 2.6 GHz micro link, it is pretty trivial to intercept and jam.... It is possible that off-the-shelf Gunnplexers, and similar low-cost low-power transmission equipment could be used. Of course, there is always the possibility that a disgruntled HBO employee had a little bit of fun... >From the Land of Ted Turner Scott Dorsey " If value corrupts kaptain_kludge then absolute value corrupts absolutely" ICS Programming Lab, Rich 110, Georgia Tech, Box 36681, Atlanta, Georgia 30332 ...!{akgua,allegra,amd,hplabs,ihnp4,seismo,ut-ngp}!gatech!gitpyr!kludge ------------------------------ Date: 3 May 86 03:54:44 GMT From: sdcsvax!sdcrdcf!burdvax!psuvax1!psuvm.bitnet!mrb@psuecl.BITNET@ucbvax.berkeley.edu Organization: Engineering Computer Lab, Pennsylvania State University Subject: Capt. Midnight & HBO Via: arpa-videotech@seismo.CSS.GOV Via: Ole Jorgen Jacobsen Well, it takes a little more than just a home TVRO outfit to break in on HBO. Capt. Midnight had two possible places of entry: 1.) on the microwave path(s) between HBOs origination point and their uplink transmitter (which I think is on Long Island, but not sure)......or, 2.) by double illuminating their satellite transponder which is actually carrying the program. Double illuminating is a fancy way of saying "broadcasting over top of them". During a double illumination, when both signals are about the same power level as received by the satellite, they just mix together. I suppose if one was much more powerful than the other, it would "capture" the channel; it is F.M., after all. However, what most likely happened is that the HBO uplink staff was monitoring their return signal from the satellite. For C-band satellites like Galaxy, Westar, Satcom, etc., you send the signal up at 6 GHz. and the satellite rebroadcasts it back down at 4 GHz. Uplinks routinely send & receive simultaneously in order to monitor their signals. In any event, they probably saw that somebody was uplinking on their transponder.....this is not a totally unknown phenomenon; in fact, it happened on a PBS show not too long ago (Sherlock Holmes, I think). There are lots of video uplinks out there...some operated by Western Union, RCA, etc....others by PBS stations in Hartford, Denver, Miami, Columbia S.C., etc. or the PBS Master Origination Terminal near Washington, D.C.......still others by the bigger commercial stations for newsgathering, etc. (Metromedia, INN, etc.). Every once in a while, somebody in operations slips up and starts transmitting on an occupied channel. Well, standard procedure says that you turn off your uplink signal to the satellite, which leaves just the "bad guy". Then it should be easy to identify who(m) it is. This is most likely what happened when viewers saw a scrambled mess, and then just the Capn's message. Of course, he didn't stay on much longer after that. However, every uplink is a known quantity licensed by the FCC...I don't know of any backyard ones (yet) due to the fairly high-power amplifier and specialized microwave gear required. So we can limit the possible suspects down to the people who were working that night, or had access to the sites. The type of character generator (electronic typewriter) used to produce the message graphics limits it further...only a few uplinks probably have this kind of character generator. Also, many uplinks put an identification code in the vertical interval (the black bar that rolls through the picture when the vertical hold is messed up)...for example, PBS uses a binary number pulse to identify their uplinks. If the guy wasn't smart enough to disable or delete the VITs, well...methinks they got him (not likely though). Also, all color bars are not alike when carefully examined, in terms of bar widths, etc. and I'm sure those few seconds of signal are being pretty thoroughly torn apart. This of course presupposes that he did it on the uplink to the satellite, not on the microwave path. A good question that remains is: Was his signal correctly scrambled so that all the descramblers would let it through (HBOs video scrambling is not particularly sophisticated, unlike their digital audio encoding...he didn't transmit any audio program)? Or do descramblers let "normal" signals through O.K. .... I don't think so. Let's see some discussion on this! (Sorry the above was so lengthy.) Personally speaking, it was a neat stunt but he better have covered his tracks pretty well. MRB@PSUECL ------------------------------ Date: Sun, 4 May 86 22:20:58 PDT From: jon@uw-june.arpa (Jon Jacky) To: risks@sri-csl.arpa Subject: NSA planning new data encryption scheme - they'll keep the keys The following excerpts are from a New York Times story "Computer code shift expected - eavesdropping fear indicated," by David E. Sanger, April 15, 1986, pps 29 and 32. The story described plans by the National Security Agency (NSA) to replace the current Data Encryption Standard (DES) with a new system of its own design. The story said that the system would be phased in beginning January, 1988. Speaking of DES, the story said, "While the government helped design (DES), it has no special advantage in determining a particular key being used. ... Security experts say there have been no known successful efforts to defeat (DES). ... But NSA officials have said that they do not want to entrust a rising volume of sensitive data to a coding system whose major elements have been widely published for some time. Details of the new system are still unclear. But ... unlike the Data Encryption Standard, the new algorithms will not be publicly available. Instead, they will be buried in computer chips manufactured to NSA specifications, and encapsulated so that any effort to read the code with sophisticated equipment would destroy the chip. ... By some accounts, under the new system the NSA would distribute the keys -- probably limiting them to companies in the United States. ..." The story explained that NSA wanted the system to be adopted by industry as well as the Federal government, and if institutions like the Federal Reserve system adopted it, banks and other private institutions would be encouraged to follow suit. I know little about data security and encryption, but these points seem interesting: 1. NSA appears concerned that DES may become compromised in the near future. 2. NSA apparently believes that greater security can be assured by keeping the encryption algorithm secret. Could this not lead to a false sense of security by preventing independent researchers from pointing out weaknesses that NSA is unaware of or unwilling to divulge? Is it reasonable to assert that hardware can be built so that no test equipment can probe it? 3. What about keeping the keys under NSA control? At the very least, it could create logistical difficulties; at worst, it seems to permit NSA to snoop at will. -Jonathan Jacky University of Washington ------------------------------ Date: Mon, 5 May 86 08:45:37 edt From: mikemcl@nrl-csr (Mike McLaughlin) To: elex814@nrl-csr Subject: Espionage Cc: neumann@sri-csl.ARPA U.S. Naval Institute Proceedings, May, 1986 (Naval Review issue) has an excellent article by Bamford on the Walker case. Also has a summary of Navy espionage cases since 1981. - About 20 Navy/Marines charged in last five years. - Not one was "recruited" - all approached the bad guys. - All did it for money. - Although no case involved "computers" a number were "computer-like", i.e. crypto & telecommunications. Heartily recommend all compusec types read, and think. - Mike McLaughlin ------------------------------ Date: Sun 4 May 86 21:10:34-PDT From: Peter G. Neumann To: RISKS@SRI-CSL.ARPA Subject: The Star Wars Swindle Dave Weiss passed along the following quote from Harper's, May 86, from an article by Fred Reed entitled "The Star Wars Swindle": "The comprehensive vagueness of Star Wars is, insanely, allowing a technical question - Will it work? - to be answered by an ideological show of hands." ------------------------------ Date: Wed, 7 May 86 11:14:34 EDT From: Will Martin To: risks@sri-csl.arpa Subject: Backups The issue of backup procedures, difficulties, and methodologies has been discussed amongst those of us at this Activity and at other parts of the Army Materiel Command for some time now, mainly in the context of our acquiring and proliferating small workplace-automation computers which are located in the users' offices (as opposed to being in traditional computer centers), and where the systems administration tasks (which would include backup) are performed by functional specialists who are (usually) not computer experts or in computer-related job classifications. Though we have discussed it, there really has been no good and elegant solution to the problem(s). Most of these machines are backed up on cartridge tapes, with a daily incremental and weekly full user-filesystem schedule (and monthly for the entire system). When you then get into the issue of PC's, where you do not have an assigned system administrator, the whole thing really breaks down. If you have the luxury of having all your PC's on some network and can run some sort of background task at odd hours, which backs up data to some other storage system from each PC, that is great. (We don't have this, and I don't know of anyone who does.) One other thing I think we need more of, considering how the existence of fresh backups cannot be relied upon, is more and better tools to get around failures. Tools that will let a user get to the data on his hard disk even after it has nominally been "deleted", or special hardware that will let someone read data off a disk that has been damaged or trashed by some glitch or another -- we all know that the bits are still there on the medium; it is just the paths to get to them that are damaged and garbaged by failures. I believe that there are firms who do this on a contract basis now; we probably need to implement this expertise in devices and programs that are usable by less-skilled people. Of course, the existence of such tools will create security holes, also -- something that can dig down into the guts of a disk this way would also bypass copy-protection or use-restriction, and make the illicit recovery of data thought to be erased possible. I think we will have to accept such risks to gain the capability to recover irreplaceable data or work. Will Martin USArmy Materiel Command Automated Logistics Mgmt Systems Activity UUCP/USENET: seismo!brl-smoke!wmartin or ARPA/MILNET: wmartin@almsa-1.ARPA ------------------------------ From: "Lindsay F. Marshall" Date: Wed, 7 May 86 10:12:02 gmt To: risks@sri-csl.arpa Subject: Interpreting Satellite Pictures Sir - "We have never had to interpret this kind of satellite picture before...... we may have got it wrong" (U.S. Government scientist, in the Guardian Letters, Sat. 3rd May 1986) (Could this be relevant to SDI?) ------------------------------ Date: Tue, 06 May 86 13:14:59 To: risks@sri-csl.arpa From: Niall Mansfield Organisation: European Molecular Biology Laboratory Postal-address: Meyerhofstrasse 1, 6900 Heidelberg, W. Germany Phone: (6221)387-0 [switchboard] (6221)387-247 [direct] Subject: Word-processing damages expression In RISKS-2.48, Bruce A. Sesnovich asked whether word processing and electronic mail are helping to proliferate bad writing. Surely, YES! The following is a list of the more interesting spellings noticed on the net, excluding what I thought were obviously typos. [I have used the words on Bruce's list to write a nonsense paragraph: I beleive Britian is definately not compatable reguarding cleen explainations. I was woundering if it is truely nessesary to let lose a concious warrantee which is to periferal too guarentee a miscellaney of usefull ideas. The kernal idea is a distructive facination for publically loosing ones bargins. (No Deniall)? By the way, I added the hyphen in the SUBJECT: line, to remove one of its several ambiguities... PGN] ------------------------------ Date: Wed 7 May 86 10:33:54-PDT From: Peter G. Neumann Subject: Re: Word-processing damages expression To: RISKS@SRI-CSL Cc: MANSFIELD%DHDEMBL5.BITNET@WISCVM.WISC.EDU One way of judging RISKS contributions is by how sloppy the spelling is. One might assume that a miserable speller would be a sloppy thinker. However, there is grave danger therein -- as some of our most intuitive and forward-thinking (right-brained) folks are miserable spellers. As someone who has always been a good speller, a good grammarian, and so on, I resist an instinctive suspicion of miserable spellers, mantaining the patience to dig beneath the surface to seek worthwhile ideas lurking. But please try harder to make my task easier -- by writing more coherently and spelling halfway decently. Peter ------------------------------ Date: Tue, 06 May 86 13:10 PST From: Dave Platt To: Risks@SRI-CSL.ARPA Subject: Proofreading vs. computer-based spelling checks There has been some discussion in the SF-Lovers digest of late about this basic subject... people have been submitting mention of their "favorite typos". Several people have noted that some recent books have been coming out with some glaring errors: words that are correctly spelled, but are entirely wrong for the context in which they appear. Frequently, these words are either (a) similar in sound to the word that "should have" been there, or (b) can be generated from the correct word via a simple permutation of letters, addition or deletion of a letter, etc. It appears that some publishers are accepting manuscripts in machine- readable form (disk or download), running them through a spelling checker, and then printing them without actually having them proofread by a reasonably literate reviewer. I don't know the details... perhaps they have completely eliminated the author's galley copies, or perhaps some authors just aren't taking the time to proofread the galleys (or having someone other than themselves do the proofread to catch errors of this sort). I seem to recall a passage in "Imperial Earth", by Arthur C. Clarke, concerning the pitfalls of cybernetic voice-to-type memowriters about 150 years in the future. He wrote that everybody who uses (will use?) such systems was careful to proofread the output of the voice-recognition modules, as some "hilarious" malaprops had occurred during the early years of these systems' availability. ------------------------------ End of RISKS-FORUM Digest ************************ -------