RISKS-LIST: RISKS-FORUM Digest Monday 25 July 1988 Volume 7 : Issue 27 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: A Fishy Story (John Colville) Inconsistent Data Taxes Vancouver Woman (Don Chiasson) Computer Viruses and RETROVIRUSES (Peter J. Denning) Hacking central office switches - too easy? (John T. Powers Jr.) "Man in the Loop" (Bill Murray) AEGIS (Herb Lin) Journal of Computing and Society (Gary Chapman) Barcodes (Jerome H. Saltzer) The IRS Illinois Experiment (Lenoil) "Scratch-and-win"? Try "X-ray-and-win"! (Fred Baube) PIN on PNB calling card (Mark Mandel) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. FOR VOL i ISSUE j / ftp kl.sri.com / login anonymous (ANY NONNULL PASSWORD) / get stripe:risks-i.j ... (OR TRY cd stripe: / get risks-i.j ... Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85),(6,95). ---------------------------------------------------------------------- Date: Mon, 25 Jul 88 16:23:31 EST From: munnari!nswitgould.oz.au!colville@uunet.UU.NET (John Colville) Subject: A Fishy Story From "The Sydney Morning Herald", 23 July 1988 (Reprinted without permission) The new restaurant at the Opera House seems to be having a few technical troubles. Three people lunching there yesterday ordered river trout. Some minutes later, an embarrassed waiter told them: "Sorry, we put the trout through the cash register, and it came out in the kitchen as octopus." The diners settled for octopus anyway. John Colville [Obviously the wrong "menu" popped up on the screen! Or were they pulling somebody's leg (not the octopus') and using the computer as an excuse? PGN] ------------------------------ Date: Mon, 25 Jul 88 16:44:30 ADT From: Don Chiasson Subject: Inconsistent Data Taxes Vancouver Woman From the Toronto Globe and Mail, page 3, July 25, 1988 (Canadian Press), as usual without permission: BC Woman Alive And Well Despite What Taxman Says Judi Sommer insists she is alive and well and living in Vancouver. But the 40 year old has trouble convincing the taxman of that. "They say their computer has me down as officially dead but gainfully employed," she said during the weekend. Ms Sommer said the dilemma is preventing her from collecting the $1,200 she expects back from Revenue Canada. "What do I have to do to prove I'm alive?" the teacher asked. Her troubles started in 1986 when her mother, Mollie, died. A mixup in her lawyer's office led to the placing of Ms Sommer's social insurance number on her mother's death certificate. She said that, when she asked a Revenue Canada official last year if her tax forms had been received, he told her the social insurance number she gave belonged to a dead person. It took three months for her to sort out the problem and get her 1986 tax refund ... But she said she is now facing the same problem with her 1987 return. Revenue Canada spokesman Harm Dhillon acknowledged that mistakes are made occasionally, but added that he has never heard of someone being both dead and gainfully employed at the same time in his 11 years with the tax office. Ottawa has promised to straighten out the mistake and forward Ms Sommer her refund. ------------------------------ Date: Sat, 23 Jul 88 14:10:53 pdt From: Peter J. Denning Subject: Computer Viruses and RETROVIRUSES (Re: RISKS-7.23) Peter Neumann asked what terminology could be applied to the corrupted data that propagated through a system or network. The closest biological analogy is the retrovirus. A retrovirus (such as the HIV, or human immunodeficiency virus, or AIDS) incorporates itself into the genetic material of the cell that it attacks, causing the cell to alter its function; the reproductive processes of the cell spawn new copies of the retrovirus. The retrovirus is not capable of self-reproduction. So Neumann's ARPANET node "data virus" is analogous to a retrovirus. But let's be careful about the analogies with biology. They are intriguing metaphors that give the appearance that our machines have lives of their own, and absolve us of the responsibilities for their behavior. Peter Denning ------------------------------ Date: 23 Jul 88 00:08:58 PDT From: "John T. Powers Jr. (Jac" Subject: Hacking central office switches - too easy? [See also RISKS-7.26] I read a New York Times article in the San Jose Mercury-News for Friday, 7/22/88 which spoiled my day. The title was fairly routine: "Computer users break privacy, security of phones". Being mildly interested in security, I read it anyway. If this article is correct, crackers have been playing games with Pacific Bell central office switches up to no less than a year ago, maybe even now. It appears that open modems were left on what I would call "console" ports, allowing crackers access to operator-class commands after guessing or otherwise obtaining passwords. Once logged on, "visitors" could reportedly disconnect a line, assign it to another account ("steal dial tone"), and who knows what other mischief. It would have been easy for them to make this kind of activity much harder than it evidently was. A simple callback system (something I introduced at IBM about 10 years ago, and common now) would, if used correctly, make it *much* harder to gain unauthorized access to a CO switch. In addition, it would probably warn of interest by unauthorized persons. Today, much more sophisticated security systems are not only available but cheap. It amazes me that a phone company, of all possible victims, would omit such a simple and effective barrier to mischief. It would have cost them almost nothing. I've toured a number of Pacific Bell COs, and their physical security looks pretty good to me. It's almost *inconceivable* to me that that they would leave a back door open via, of all things, the bleeping *telephone*. Anyone know how accurate this report is, and what PacBell did about it, if true? Does this remind you of another recent security horror story? Disclaimer: These are my views only... and even I might disclaim them later. Jack Powers IBM Almaden Research Lab powers@ibm.com Flames at 1200bps or less to 408/779-7472. Voice: 408/927-1495. Share water. ------------------------------ Date: Tue, 19 Jul 88 09:31 EDT From: WHMurray@DOCKMASTER.ARPA Subject: "Man in the Loop" Rodney Hoffman offers: >Despite the fact that the Aegis system has been exhaustively tested at the >RCA lab in New Jersey and has been at sea for years, it still failed to make >the right decision the first time an occasion to fire a live round arose. It is clear that the first time that it hit a target, it was a friendly target. What evidence is that this is the first opportunity, or even the first round? [I also question "exhaustively." One of the problems of this class of system is that they do not permit of exhaustive testing.] [As did Will Martin (RISKS-6.26), Bill noted that "People are fallible". PGN] Still, they are less fallible in an anticipatory mode than they are in a life and death crisis situation. Bill Murray ------------------------------ Date: Sun, 24 Jul 1988 07:26 EDT From: Herb Lin Subject: AEGIS For more commentary on AEGIS and SDI, you might find an article in Scientific American interesting -- December 1985, on computer software and SDI. It contains a description of the early operational testing of AEGIS (including defects in the testing), and draws comparisons to SDI. ------------------------------ Date: Sun, 17 Jul 88 10:59:33 PDT From: chapman@csli.stanford.edu (Gary Chapman) Subject: Journal of Computing and Society CALL FOR PAPERS for THE JOURNAL OF COMPUTING AND SOCIETY P.O. Box 717, Palo Alto, CA 94301, (415) 322-3778 The Journal of Computing and Society will begin publishing in late 1988. It will be a quarterly journal of material on the social implications of computing technology and computerization. The journal is soliciting articles on computers and privacy, computers and war, computers and power relations, computers and gender, computers and politics, computers and social theory, and similar subjects. The deadline for the Spring 1989 issue is September 15, 1988. The emphasis in this journal will be on high quality writing and provocative ideas. Original research is welcome, but the journal will try to avoid conventional academic writing in favor of well-crafted essays. The journal is intended to appeal to a general audience as well as the profession of computer science. Preference in publication will be given to material showing originality, creativity, relevance to substantive problems in society, and readability. There will be no political or philosophical prejudice--all viewpoints are welcome. The Journal of Computing and Society is edited by Gary Chapman, executive director of Computer Professionals for Social Responsibility. Questions regarding manuscripts should be directed to him at the address above. Manuscripts should be submitted in quadruplicate, typed or laser-printed, on 8 1/2" x 11" paper with one-inch margins all around. The Journal's style will be the same as that of The Chicago Manual of Style and The Communications of the ACM. The editorial board of the Journal of Computing and Society consists of the following people: Jerry Berman; Margaret Boden; David Burnham; Hubert Dreyfus; Jean-Louis Gassee; Calvin Gotlieb; Douglas Hofstadter; Deborah Johnson; Rob Kling; John Ladd; Abbe Mowshowitz; Peter G. Neumann; Susan Nycum; Kristen Nygaard; Paul Saffo; Mike Sharples; Lenny Siegel; Luca Simoncini; Brian Smith; Lucy Suchman; Zhisong Tang; Joseph Weizenbaum; Alan F. Westin; Langdon Winner; and Terry Winograd. Subscription rates for The Journal of Computing and Society have not yet been determined, but there will be a personal subscription rate for individuals. The Journal of Computing and Society will be published by Ablex Publishing Corporation of Norwood, New Jersey. ------------------------------ Date: Fri, 22 Jul 88 14:37:04 EDT From: Jerome H. Saltzer Subject: Barcodes (re: RISKS-7.13 ) > From: dap@cgl.ucsf.EDU (David A. Pearlman) > Subject: Grocery Store Barcodes: Another game you don't win > All this talk about how ATM's don't make mistakes in the customer's > favor reminds me of one of my pet peeves: When the price on the food > shelf is not the same as the price scanned at the cash register. This is a case in which a combination of technology and store policy can make a big difference. The last Albertson's store in which I shopped had a voice synthesizer that announced the price of every item scanned, and a big sign saying that if the price scanned isn't identical to the price on the shelf you get the item for free. Jerry Saltzer ------------------------------ Date: Mon, 25 Jul 1988 14:19 EDT From: LENOIL@XX.LCS.MIT.EDU Subject: The IRS Illinois Experiment One way to partially automate the filing process without granting online access to IRS computers to the masses would be to supply a tax filing program to taxpayers and allow them to file on floppy disk. The cost would be more than direct electronic filing, but should be less than a paper return. ------------------------------ Date: Fri, 01 Jul 88 14:40:53 -0400 From: Fred Baube Subject: "Scratch-and-win"? Try "X-ray-and-win"! [RISKS-7.13] Even if they make instant-win lottery cards immune to non- destructive testing by X-ray, aren't there small CAT scanners or NMR imagers out there that can determine the location of ink molecules, providing the same winner/no-winner information ? ------------------------------ Date: Thu, 21 Jul 88 16:48 EDT From: Mark Mandel Subject: PIN on PNB calling card Agreed, the calling card with magnetically-encoded PIN is similar to a credit card, though a credit card still provides a security barrier of sorts in the signature. But according to the description we were given, PNB doesn't tell you so. What started this discussion was someone's report of PNB's form letter accompanying the mailed card, in which they said, a: For security, don't write your PIN on your card or keep it in the wallet, and b: You don't even need to remember your PIN because the card encodes it! We who read this digest recognize the contradiction here, but we're not typical consumers. The PINheads who set up that arrangement and wrote the letter don't seem to see that (a) is no protection in light of (b). How can Jane and Joe Average be expected to see it? Pacific Northwest Bell's irresponsibity lies not so much in mag-encoding the PIN, per se, as in failing to inform the card's users of the resulting risk, and in actually disguising this risk by warning them to keep the PIN separate from the card. -- Mark Mandel * My employer is not responsible for anything I say, think, do, or eat. ------------------------------ End of RISKS-FORUM Digest 7.27 ************************