30-May-87 18:02:50-PDT,24930;000000000000 Mail-From: NEUMANN created at 30-May-87 18:01:44 Date: Sat 30 May 87 18:01:44-PDT From: RISKS FORUM (Peter G. Neumann -- Coordinator) Subject: RISKS DIGEST 4.92 Sender: NEUMANN@CSL.SRI.COM To: RISKS-LIST@CSL.SRI.COM RISKS-LIST: RISKS-FORUM Digest Saturday, 30 May 1987 Volume 4 : Issue 92 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Computer matching of cats and dachshunds (Rick Kuhn) Electromagnetic Interference (EMI) & Liability (Richard S D'Ippolito) Horror story about inadvertent wiretapping (Gordon Davisson) ATM fraud (Bob Johnson) Computer thefts (Mike Alexander, Brint Cooper) Shooting Down Exocet Missiles (Mark S. Day) Phalanx is unreliable? (Lorenzo Strigini) Stark Incident (Eugene Miya) Technical error in item "Phalanx Schmalanx" (Mark Brader) Phalanx; Laser guides (Phil Ngai) Laser guided anti-tank weapons (Eugene Miya) Unfair testing (Paul Peters) "Credentials", Privacy, etc. (Willis Ware, Alan R. Katz) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM) (Back issues Vol i Issue j available in CSL.SRI.COM:RISKS-i.j. MAXj: Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.) ---------------------------------------------------------------------- Date: Fri, 29 May 87 10:33:57 edt From: kuhn@ICST-SE (Kuhn) To: risks@sri-csl.ARPA Subject: Computer matching of cats and dachshunds Charles Osgood reported the following story on CBS Radio this morning: Hundreds of cat owners in Chicago received a bill for five dollars accompanied by a letter explaining that they were required to register their dachshund. Apparently the Cook county health department had provided rabies shots for pets and kept a computerized list of animals receiving shots. Someone got the bright idea of matching this list against the list of dogs licensed in Chicago to find dogs that received shots but were not licensed. Cats are not required to have licenses. Unfortunately, the county uses the code "DHC" to represent "domestic house cat", while the city of Chicago uses "DHC" to represent "dachshund", resulting in computer generated form letters to the owners of the "DHCs". After the mess was discovered, a city official said "I guess if we'd thought about it, we would have wondered why there were so many dachshunds in Chicago." (not an exact quote, I couldn't take notes when I heard the story.) Rick Kuhn, National Bureau of Standards [Perhaps some of us should keep tape recorders in our cars, in the interests of accuracy... PGN] ------------------------------ Date: Friday, 29 May 1987 12:16:34 EDT From: Richard.S.D'Ippolito@sei.cmu.edu To: risks@csl.sri.com Subject: Electromagnetic Interference (EMI) & Liability In RISKS 4.91 and some previous digests, some attention is drawn to the problems of equipment malfunctioning due to EMI. I spent my early career years designing electronic control equipment which was applied in very (electrically) noisy environments, such as steel mills and forge shops. The equipment was used to control the electrode gap spacing on various types of melting and refining furnaces, such as electric arc furnaces operating at 400 volts and 30,000 amperes. The early designs contained mostly analog circuits, which were supplemented by the then new digital technology. In one of these environments, where RF was used to melt artificial ruby for growing laser crystals, a Simpson VOM would read without the leads connected and oscilloscope use was impossible. We now have a new generation of designers without practical experience in analog circuits, noise filtering, and shielding techniques, who don't think of voltages and currents, but only of zeros and ones. While I agree with the FCCs EMR regulations, they attack the problem only from one side. We must urge designers to submit the equipment to operational tests under reasonably expected EMR fields, as the cranes and even common static electricity can never be eliminated. And those of us who use EPROMS shouldn't forget that light (even the flashlight of an unsuspecting service man) and X-rays are EMR. We may soon find the government forcing certification at the emissions-receiving end. And the liability laws are such that you could have a hard time defending the use of a single PROM in a critical application if an erasure caused by cosmic radiation caused an accident. And some day, I know, just the right EMI will come along and cause everyone's digital watch alarms to sound at once, thus deafening us all. Richard S. D'Ippolito, PE, Software Engineering Institute, Carnegie Mellon University, rsd@sei.cmu.edu. (412)-268-6752. ------------------------------ Date: Fri, 29 May 87 23:19:34 PDT From: gordon@june.cs.washington.edu (Gordon Davisson) To: risks@csl.sri.com Subject: Horror story about inadvertent wiretapping In RISKS DIGEST 4.91, Boebert@HI-MULTICS.ARPA (Earl Boebert) writes: > From the Computer Shopper, May 1987: Password Snatcher -- RS-232 Data tap. You don't need any special equipment to do this. I once accidentally put an extra null modem (a receive/transmit channel swapper) between the VAX and the Macintosh I was using as a terminal. This meant the Macintosh was listening to a wire that wasn't being driven at the other end. With a normal terminal, this wouldn't have done anything interesting, but Macintoshes have unusually sensitive receivers, and there was enough crosstalk in ~150 ft of twisted pair cable for me to get a complete (error-free!) transcript of everything going through that cable. This happened to include somebody's password... (Just thought I'd give the security-conscious people out there one more thing to worry about.) Gordon Davisson (gordon@june.cs.washington.edu) (uw-beaver!uw-june!gordon) Computer Science Department, University of Washington. Seattle, WA, 98195. ------------------------------ Date: 29 May 1987 09:48:55 CDT From: U18323 at UICVM (Bob Johnson) To: RISKS at CSL.SRI.COM Subject: ATM fraud In the past few days some of the Cash Station (*) ATMs in the Chicago area have changed the format of the receipts they dish out. The new style no longer has the account number of the account used in the transaction. The above was a statement, now I have a question. Has anyone heard of the 'new' phone features 'Call blocking' and 'Call tracing'? Supposedly call blocking will not let your phone ring if call is placed from a certain number ( number to be designated by you, from the phone which you are at ) and call tracing traces a phone call after one presses a certain key sequence ( on your phone ). I've heard that these are available in California and another area. Is there truth in this? Bj * I'm sure this is a registered trademark for someone ------------------------------ Date: Fri, 29 May 87 13:31:58 EDT From: Mike_Alexander@um.cc.umich.edu To: RISKS@CSL.SRI.COM Subject: Computer thefts (Risks 4.91) The Public Facilities people at the University of Michigan Computing Center use the Macintosh Security kit mentioned in Risks 4.91 to protect Macs installed in public areas. They modified it to protect the mouse too, and now they find that people steal the tracking ball out of the bottom of the mouse. Someone jokingly suggested epoxying it into the mouse, but so far they haven't resorted to that. [Epoxy on both their mouses. PGN] ------------------------------ Date: Fri, 29 May 87 10:10:21 EDT From: Brint Cooper To: oster%dewey.soe.Berkeley.EDU@ucbvax.Berkeley.EDU Cc: comp-risks@ucbvax.Berkeley.EDU Subject: Re: Computer thefts (re: RISKS-4.82) Perhaps I missed it, but I haven't seen anyone mention the kits for under $40, sold by 3rd parties, that permanently attach to two or three parts of your computer and attach to one another by a tough steel cable that can be passed through a radiator (here in the East), wrapped through a hole in immovable furniture, or attached to something immobile. We bought my son's at ComputerLand, but they're available all over by now. _Brint ------------------------------ Date: Fri 29 May 87 11:50:22-EDT From: Mark S. Day Subject: Shooting Down Exocet Missiles To: RISKS@CSL.SRI.COM This morning's Boston Globe included an article on the Phalanx and Aegis defense systems. The analysis was that the Stark was out of luck, because the Phalanx couldn't possibly have shot down the Exocet. It was possible that an Aegis system could have shot down the missile, but the article said there had been only two even-close-to-meaningful tests and they weren't all that impressive. In the first, the Navy classified as "sea-skimming" any missile that came in at an altitude of 100 feet or less above the waves. This let them shoot down a missile at 100 feet, which is pretty irrelevant when it comes to an Exocet at 10 feet. The other test involved shooting down an Exocet (at 10 feet above the waves) but with the Aegis system mounted on a barge so that its radar was at approximately sea-level. The problem that both tests successfully avoided was having to look down at the radar reflections off the wave tops. The conclusion of the article was that in all likelihood the Aegis couldn't have distinguished an Exocet from the "sea clutter". --Mark ------------------------------ Date: FRIDAY 29 May 1987 10:45:57 SET From: lorenzo strigini (IEI - CNR;Via S.Maria 46;56100 Pisa;Italy)(Tel +39 50 43023) To: Subject: Phalanx is unreliable? In RISKS 4.91 I read: ... the use of computers in this context for automatic firing of the Phalanx is deemed unsafe .... As I understand the situation, the problem in question is not peculiar to computer technology: if you carry a handgun, you do not keep it always ready to fire, except in the case you are in a very dangerous situation, and then you accept much higher risks of hurting somebody by accident. There is no such thing as a safe weapon: one has always to decide which compromise between security against enemies and safety from your own weapon is best at the moment. The difference between Phalanx and revolvers is not qualitative ("using Phalanx is unsafe"). Just for accuracy (and, I am not sure the previous poster had made the mistake I thought I saw, but I thought saying this may be useful anyway). Apart from this, discussing how good radars and computers may be for telling friend from foe is certainly interesting. Lorenzo Strigini ------------------------------ Date: Fri, 29 May 87 11:31:17 PDT From: Eugene Miya To: arms-d@xx.lcs.mit.edu, risks@csl.sri.com Subject: Stark Incident I was on vacation when the Stark incident happened, and am just catching up. Upon reading some accounts, I think inappropriate attention is being focused on the Stark's defensive systems. What concerns me more was the role of the AWACS aircraft and the look-down radar it carries. (I note American crews.) It appears from accounts I have read that it was the maneuver of the plane that gave away the launching of the missiles, not any radar returns from the entire minute in missile flight. I don't know the range, but it seems the sea state was ideal for detecting low flying cruise missiles of this type (easier than terrain), and should have given a full minute warning. The failure of the USAF AWACS to report sooner might show flaws in the integration of the C^3I of the region making "layered defense" a joke. I don't know the AWACS radar system (like frequency, range from target (The F-1), etc.), and I hope that this aspect of the investigation is not lost to Adm. Rogers. I no longer work with radar. The stuff on the net focusing on the lack of a "front" Phalanx is probably a little misdirected. These missiles come in from the side (since the cross-section of a ship is larger and armored ships have less side armor) and the system on the Stark is probably adequate for such side protection. If the Phalanx were in the front, and the missile had hit more aft, there probably would have been outcry for protection in the stern. The readiness state was still the important thing in the end. In the end, the title of the old WWII British movie sums up the role of this type of ship: They Were Expendable. --eugene miya [Thanks. Once again, RISKS has had much speculation on this subject. We now have a lot of background with which to understand the conclusions of the investigation, so let's slow down for a while. PGN] ------------------------------ Date: Fri, 29 May 87 23:49:31 EDT From: msb@sq.com (Mark Brader) To: RISKS@csl.sri.com Subject: Technical error in item "Phalanx Schmalanx" Mike Trout writes: > But the devastation caused by a dud > missile was still severe enough to wreck or sink the ships hit. Even > without an exploding warhead, an anti-ship missile is a large, heavy object > travelling at high speed carrying fuel tanks at least partially filled with > various formulas of highly volatile rocket fuel. The force of the missile > mass times its velocity is transferred as heat to the ship, resulting in the > possibility of a devastating fire--the greatest danger to modern warships. In fact, of course, the amount of energy transferred to the ship is proportional to the missile's mass times the SQUARE of its speed. Knowing only how big an Exocet is and how much a V-2 weighed, I'll guess the weight of the Exocet at 1/3 that of a car. According to Newsweek, it moves at 500 mph. So imagine being hit by a car going at 50 mph. The missile would deliver over 30 times that much energy from impact alone! Mark Brader, SoftQuad Inc., Toronto, utzoo!sq!msb ------------------------------ Date: Fri, 29 May 87 16:22:51 PDT From: amdcad!phil@decwrl.DEC.COM (Phil Ngai) To: RISKS@CSL.SRI.COM Subject: Phalanx (Re: RISKS-4.91); Laser guides (RISKS-4.90) Unsafe does not imply unreliable. A loaded gun is unsafe to carry around, but that does not mean it is unreliable in the sense of "will it fire when I pull the trigger". The Phalanx shoots at anything that it sees. You wouldn't normally arm it unless you were in combat. >From: "Jon A. Tankersley" >Seems to me that the laser guided technology is about the same as the wire >guided technology of the Arab-Israeli War. Wire guided TOW missles could >be easily defeated by spraying the general direction of origin. Many >Israeli tanks ended the war with lots of wires draped over them. That works if the laser designator is operated by the launch crew. One of the advantages of laser guidance is that the designator can be operated by a separate crew in a location which the target has trouble figuring out. The launch crew can run as soon as the missile is launched. The FOG-M is also a major advance in this type of technology. Phil Ngai, {ucbvax,decwrl,allegra}!amdcad!phil or amdcad!phil@decwrl.dec.com ------------------------------ Date: Fri, 29 May 87 11:38:50 PDT From: Eugene Miya To: risks@csl.sri.com Subject: Laser guided anti-tank weapons Jon Tankersley compares wire-guided munitions to laser designated. No, they are a new-generation weapon. The laser designator need not be located at launch point and in fact it is preferable they be at different points. His suggestion of smart weapons is more scary for me, don't. Just noted: Hammer's comment about Exocets not exploding. Actually, duds happen all the time. There were several duds in the South Atlantic. Actually probably makes disarming them easier. --eugene ------------------------------ Date: Fri, 29 May 87 15:43 EDT From: PPeters@DOCKMASTER.ARPA Subject: unfair testing To: RISKS@CSL.SRI.COM A discussion in RISKS 235 relating to the STARK incident and the "MIC" test procedures stated "Drones...have been painted with gloss red enamel to absorb more laser energy." The implication was that this is an unfair advantage. Unless these are heat seekers, I would think that the advantage would be obtained by painting them to REFLECT more laser energy. ------------------------------ Subject: "Credentials", Privacy, etc. (Re: RISKS-4.91) Date: Fri, 29 May 87 09:55:06 PDT From: willis@rand-unix.ARPA As a member of the computer fraternity who who has been in the privacy area for a long time (e.g., chaired the HEW Committee whose report led to the Federal Privacy Act, member of the Privacy Protection Study Commission), I'd like to offer $0.25 more on the subject of TRW's Credentials. To me, this is marketing of the obvious and of information that is largely useless for most people. I didn't see Forbes on the issue but it seems that it expresses the same view. In the course of various privacy activities, I've had occasion to talk in depth with TRW Credit Data and see my own record -- one time for free and another time for (I think) $7.50. For anyone that is seriously thinking of subscribing to Credentials, I'd urge that you invest the nominal amount first and see how little is really in your record. All of the good things that you've done creditwise (e.g., regular mortgage payments for 30 years) will not be there; if you've been too bad (e.g., declared bankruptcy) it will be there. Even then, bankruptcy records have a legal life of 7 years, at which point TRW is obligated to expunge the record. Beyond that your record will be mostly a listing of your credit card accounts together with a comment about outstanding balance or being current. As I recall when I last looked, my TRW credit file had about 6 entries in it although I held many more plastic cards than that and had much other credit activity. Your SSN may be there, although TRW is not authorized under any law to solicit its collection. So, take a test flight with your record before plunging into a $35 annual fee. The things (as I recall the blurb) that Credentials offers is a regular copy of your record and notification of whenever the record is consulted. I believe TRW does not offer to tell you when the record is updated on existing lines of credit. Unless one is extraordinarily active in creating new credit accounts or in hunting new jobs, your record will not be consulted very often and so you won't hear much. Meanwhile for less than $10 a throw, you can get your record once or twice a year directly -- if you're interested enough to want to know that often. If you want to know something about how your credit record plays a role in activities that you may not suspect (e.g., investigations of various kinds), one can get some insight for a year's subscription. It isn't TRW that represents the really big risk to most people. It's the small local credit bureau tucked away on some side street, that is frequently manual or at least not extensively automated, and that often engages in information collecting activities that can be a little less than ethical. For example, there is the instance of an individual being hired to poke through a bank's trash in the dumpster; he was picking out "pieces of yellow paper" which turned out to be unneeded copies of delinquency notices on various individual bank accounts. The local credit bureau was learning about delinquencies before the account holders even knew it. In this instance, it was poor information security in the bank that created the risk to individuals. But the Credentials offer does raise an interesting philosopical point for the citizen. In my own consideration of the privacy issue as it may emerge in the future, I've about decided that each of us will largely have to take of himself. There will be some law and some protections, but the risks of living and operating in a highly automated information society will have to be offset by our own individual protective efforts. We're already being told that the patient will have to play a bigger role in managing his personal medical care; so it's going to be more of the same in privacy and perhaps elsewhere. Give such a premise, the next question is: does one want to run open loop or closed loop? Does one want to monitor the flow of his automated data as it swirls around? Or just hopefully have things arranged so he knows when negative or harmful events happen? There are some people who want to be proactive and will want to run closed loop; and for them, services like Credentials can be helpful. I suspect most people will opt for open loop, simply because of the burden of watching all the reporting; BUT at the same time, we will all expect mechanisms to trigger negative events to our attention. Thus, the present Fair Credit Reporting Act requirements of providing a copy of the credit report which reputedly is behind a negative credit action is both appropriate and useful. But, the initiative still is with the individual; there is nothing automatic about the law's protection against risk. As I recall the law, the organization that makes a negative credit decision is required to tell the individual where it got credit reports that entered into the decision. The individual must then contact such places and request the credit reports. I'm not sure that Forbes is correct about providing free copies; I suspect that the only legal obligation is to make the credit record available for perusal at a specified place of business and during specified business hours. But then the FCRA was ammended I think, and free copies may indeed be a legal obligation. I think that the individual must bear the cost of any reproductions. On the other hand, I can understanding TRW choosing to send a copy as a business convenience. Among other things, it will avoid having people turn up [at] the front door of an installation whose physical location TRW properly wants to keep secret as an aspect of good system security. Willis H. Ware, Rand Corporation, Santa Monica, CA ------------------------------ Date: Fri 29 May 87 14:26:22-PDT From: Alan R. Katz Subject: TRW's Credentials To: risks@csl.sri.com I have been a member of this for over a year and am pretty satisfied with it. Advantages: 1. The biggest is that you get notified automatically if ANYONE accesses your credit history. This alone is worth the $35/year to me (it may not be to you). 2. Free copy of your credit report whenever you want. It is true you can get a free copy whenever you are turned down for credit (sometimes a big hassle though). However, the NOMINAL charge for a copy otherwise is $8.00. This can add up if you get more than one a year. 3. "Standard" forms for disputing and correcting information (a little easier than writing letters). Also, since you are a paying customer, you get a little better service. 4. Credit card registration and protection service (generally costs about $12/year elsewhere). Disadvantages: 1. If YOU WANT (not required), you can tell them income and asset information which they keep on file along with your credit history. Then, theoretically, you can apply for a loan or other credit just by giving your TRW Credentials number and not having to fill out long applications every time. In practice, I have not found anyone who will do this (yet) (except for some car dealer whose ad was sent as a part of the TRW Credentials package!). 2. $35 / year All in all, it's worth it if you want to know when someone accesses your credit history (which they are NEVER supposed to do unless you authorize it) or if you want to get more than one or two credit reports a year. Alan (Katz@ISI.Edu) ------------------------------ End of RISKS-FORUM Digest ************************ -------