9-Nov-86 12:06:25-PST,14753;000000000000 Mail-From: NEUMANN created at 9-Nov-86 12:04:54 Date: Sun 9 Nov 86 12:04:54-PST From: RISKS FORUM (Peter G. Neumann -- Coordinator) Subject: RISKS DIGEST 4.8 Sender: NEUMANN@CSL.SRI.COM To: RISKS-LIST@CSL.SRI.COM RISKS-LIST: RISKS-FORUM Digest, Sunday, 9 November 1986 Volume 4 : Issue 8 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Brazilian laws require proof of voting. People NEED those cards. (Scot E. Wilcoxon) Grassroots sneak attack on NSA (Herb Lin, Matthew P Wiener) Ethernet Security Risks (Phil Ngai) Perfection (Herb Lin) Information replacing knowledge (Daniel G. Rabe) Word Processors / The Future of English (Stephen Page) Copyrights; passwords; medical information (Matthew P Wiener) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM) (Back issues Vol i Issue j available in CSL.SRI.COM:RISKS-i.j. MAXj: Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.) ---------------------------------------------------------------------- From: rutgers!meccts!mecc!sewilco@seismo.CSS.GOV Date: Sun, 9 Nov 86 01:14:36 EST Subject: Re: Computer causes chaos in Brazilian Election Summary: Brazilian laws require proof of voting. People NEED those cards. To: seismo!csl.sri.com!risks This situation involving computers is severe due to Brazil's laws, with which most of the RISKS readers are undoubtedly not familiar. The "frayed tempers" due to not getting the "essential voting card" in Brazil are not simply because everyone likes to vote. Everyone MUST vote in Brazil. Proof of recent voting is one of the required legal documents for several situations, including simply getting a job. Those missing voting registration cards are the prerequisite to being able to vote and be a law-abiding citizen qualified to live a normal life. (My wife is from Brazil and had to carry those documents.) > Programmers overlooked that twins are born on the same day to the same > parents. Consequently, the voting rights of an estimated 70,000 twins > were cancelled. The Federal Electoral Tribunal in Brasilia is currently > wading through 140,000 appeals, including the case of a certain Jose > Francisco, who says all his 14 brothers were baptised with identical > names. All this is familiar to analysts and programmers. The voting documents were formerly handled by humans who modified the processing procedure as required by common sense and local situations ("Yeah, I know Jose Francisco. All 14 were here last year, I still have to see 6 of them this year.") The written procedures are undoubtedly what guided the programmers. If the implementation schedule was the same for the whole country, it is little wonder that many exceptions were found at the same time. Scot E. Wilcoxon Minn Ed Comp Corp {quest,dayton,meccts}!mecc!sewilco ------------------------------ Date: Sat, 8 Nov 1986 09:42 EST From: LIN@XX.LCS.MIT.EDU To: weemba@BRAHMS.BERKELEY.EDU (Matthew P Wiener) Cc: risks@CSL.SRI.COM Subject: Grassroots sneak attack on NSA From: weemba at brahms.berkeley.edu (Matthew P Wiener) Several people have started inserting cute words like "crypt" or "terror" or "CIA" in their signatures in an attempt to over- load NSA's automatic grep for cute words in overseas traffic. Consider- ing the minuteness of the added load, and the likelihood that NSA already filters out obvious traffic like the net... That would be inconsistent with the oft-repeated claims that NSA monitors ALL overseas telephone calls. I have been told (someone pls confirm or deny?) that voice recognition technology is good enough that given Crays on an NSA budget, such a feat is possible when you are looking for certain key words, and that recognition can be done on a very limited vocabulary independent of speaker. Comments? ------------------------------ Date: Sat, 8 Nov 86 14:33:51 PST From: weemba@brahms.berkeley.edu (Matthew P Wiener) To: lin@xx.lcs.mit.edu Subject: Re: Grassroots sneak attack on NSA Cc: risks@csl.sri.com > Considering ... the likelihood that NSA already > filters out obvious traffic like the net... [MPW] > >That would be inconsistent with the oft-repeated claims that NSA >monitors ALL overseas telephone calls. [HL] Of course they intercept the net, but if you were snooping around through all overseas telephone calls, you too would set some priorities. >[voice recognition rumor] Well if that's how they do it, I *hope* they know enough to filter the net! ucbvax!brahms!weemba Matthew P Wiener/UCB Math Dept/Berkeley CA 94720 ------------------------------ Date: Sat, 8 Nov 86 12:49:41 pst From: lll-crg!amdcad!phil@seismo.CSS.GOV (Phil Ngai) To: risks@csl.sri.com Subject: Ethernet Security Risks Security on an Ethernet is a very tricky business. If you use the Berkeley rhosts scheme, it is easy to spoof someone else's ip address, although there is some code in Berkeley Unix that detects when someone is impersonating you, the message only comes out on the system console. And if the bad guy makes your machine crash while you are away, no one will be the wiser. If you ban rhosts and only allow ftp and telnet, you are vulnerable to people grabbing packets off the Ethernet and getting your password. Which is worse? Would you rather freeze to death or burn to death? I don't know if it matters. I think that if security matters, it would be best not to let machines you don't trust on your Ethernet. Sun proposed an interesting scheme at the last Usenix. Two machines that wanted to communicate would use an encrypted timestamp on each packet as authentication. This assumes, of course, that the two machines have synchronized their clocks and that they have a common key no one else knows. (their scheme included a key distribution method which I will not discuss here) There is also a performance penalty. They did some back of the envelope calculations showing it would be acceptable in many cases. Is it unreasonable to put machines you don't trust on another Ethernet, with a router between your group and them? Phil Ngai ------------------------------ Date: Tue, 28 Oct 1986 10:48 EST From: LIN@XX.LCS.MIT.EDU To: Douglas Humphrey Cc: risks@CSL.SRI.COM, lin@XX.LCS.MIT.EDU Subject: Perfection From: Douglas Humphrey To LIN : In response to a message, you state that none of the anti-SDI folk ever stated that the software had to be perfect. I have heard constantly in both the widely read (Washington Post) and limited (?) distribution industry media (Aviation Leak and Space Mythology) SDI critics that conte[x]t that it must be perfect or it is useless. I don't bel[ie]ve this, and I would hope you don't either, but saying that the whole must be perfect certainly implies that the parts must be perfect. Please give a citation. The only place I have ever seen a statement about required "perfection" came in an article written by James Fletcher, of the Fletcher Commission, who clearly states that "an enormous and error-free program" would be required. Fletcher hardly counts as a critic. [I held this one up hoping for a response... PGN] I don't deny that you have heard what you say you have heard, but the only inference I can draw is that neither the Post nor AWAST have correctly reported the critics' position. What critics DO say is that you can never know if BMD software will work in the absence of realistic testing. KNOWING that a program will work properly without error is a different, and more demanding, condition than whether or not it *actually* will if put to the test. Moreover, critics do not have faith that it is possible to predict all of the ways that the Soviets might attack; we do believe that the Soviets *might* be able to attack in a way that would result in catastrophic failure. On the general issue of "perfection", critics believe that the statement of mission requirements comes from the President of the United States and the Secretary of Defense, who assert that SDI is a way to protect everybody against nuclear ballistic missiles. They get funding from Congress on that claim, and they present it to the American people that way. If they want to use it for something else, such as improving the ability of the U.S. to retaliate, then let them say so. Until the proponents admit POLITICALLY that their goal is infeasible, critics have a responsibility to confront them with their fallacies. You may acknowledge that their goal is infeasible, in which case we can argue about what goals are feasible, but you are not the President. If you want to criticize someone for asserting perfection, dump on the highest levels of the Administration, because they are the ones that set the terms of the debate. [As usual, we tread some fine lines, e.g., among technically motivated nonpolitical arguments, nontechically motivated political arguments, etc. Just as we often note that RISKS issues are holistic system issues, it is risky to try to talk of just the technical arguments in isolation. Although RISKS seeks to avoid political issues, this one is metapolitical and is closely intertwined with technological evaluations. PGN] ------------------------------ Date: Sat, 8 Nov 86 14:20 CST From: (Daniel G. Rabe) Subject: Information replacing knowledge To: risks@csl.sri.com In RISKS 4.4, Martin Minow makes the point that computerization makes it easier to substitute quantity for quality in our writing. I would go one step farther and say that the easy access to information made possible by computer systems has also degraded our ability (or at least our desire) to gain and retain knowledge. The following is excerpted from an essay entitled "Look it up! Check it out!" by Jacques Barzun in the Autumn 1986 *American Scholar.* ``... the age of ready reference is one in which knowledge inevitably declines into information. The master of so much packaged stuff needs to grasp context or meaning much less than his forebears: he can always look it up. His live memory is otherwise engaged anyway, full of the arbitrary names, initials, and code numbers essential to carrying on daily life. He can be vague about the rest: he can always check it out. ``... But what we are experiencing is not the knowledge explosion so often boasted of; it is a torrent of information, made possible by first reducing the known to compact form and then bulking it up again -- adding water. That is why the product so often tastes like dried soup.'' As computer scientists, I think we find it all too easy to divide and compartmentalize information as we see fit. As I see it, one of the greatest risks of widespread computing is that we'll all stop learning. We've got spelling checkers, so why bother learning to spell? We've got calculators and home computers, so why bother learning any math? We've got electronic mail and conferencing, so why bother to learn or practice the art of public speaking? Are we reaching the point where being an expert simply means having a large computer database, as opposed to years of learning and knowledge? I don't think we're there yet, but I fear that our society's heavy emphasis on "information" and computing might be leading us there. Daniel G. Rabe Northwestern University ------------------------------ From: Stephen Page Date: Sunday, 9 Nov 1986 14:07-EST To: risks@csl.sri.com Subject: Word Processors / The Future of English The interesting article by Anthony Burgess reproduced in RISKS-4.4 reminded me that when the first lap-top computers were introduced a few years ago, some professional writers noticed that their sentences were becoming shorter and their paragraphs chunkier, as they relied on a 40-column, 8-line display (e.g.) when composing texts. Has this really been cured by newer technology? Or is our familiar 80x25 model just as likely to have an adverse impact on writing style? ------------------------------ Date: Sat, 8 Nov 86 01:16:22 PST From: weemba@brahms.berkeley.edu (Matthew P Wiener) To: RISKS@csl.sri.com Subject: Copyrights; passwords; medical information > "How Fred lets the fraudsters in" (c) Newspaper Publishing PLC ^^^ Considering the frequency with which we see this half-circled c used as an ASCII replacement for the genuine circled c, it is obvious that a lot of people have let their primitive keyboards delude them into a non-copyright. ("Copyright", spelled out, takes longer than "(c)", but it has legal standing.) > Passwords are particularly vulnerable when they remain unchanged for a long > time. The chairman of one major company the auditors investigated had kept > the same password for five years. It was "chairman". This reminds me of the WWII story in Feynman's book about the hot-shot military big boss with his fancy-dancy super-safe: the combination was never changed from the factory original. "The more things change, the more they stay the same." >Now, I am being accused of taking confidential information out of the >hospital in the form of patient records and doctors names! All I had on the >computer were my notes. The paranoid medical staff is afraid that having >this information in my "COMPUTER" is dangerous, [...] >Pretty amazing paranoia, huh? Do people really still fear computers this way? In this situation, it strikes me as typical computer ignorance. But in general, the use of a computer as opposed to a legal pad leads to more security problems. Handwritten notes are both unmistakeable as such and are naturally limited in content. (I assume this is old hat to RISKers.) ucbvax!brahms!weemba Matthew P Wiener/UCB Math Dept/Berkeley CA 94720 ------------------------------ End of RISKS-FORUM Digest ************************ -------