RISKS-LIST: RISKS-FORUM Digest   Friday 29 July 1988   Volume 7 : Issue 30

        FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS 
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
  NASTRAN and ship steel (Lindsay F. Marshall)
  Is vibration a known A300 problem? (Eric Roskos)
  Business Week article on computer security (Woody Weaver)
  Computers can increase privacy, too! (Robert Weiss)
  Viruses - a medical view (John Pettitt)
  Apple viruses -- don't go through the ZLINK
    (Practor Fime, Dr. Logic, The Byter -- via Greg Prevost via Eric Haines)
  On IRS direct computer access (Steven C. Den Beste)
  Re: doing away with privileged users (Alan Silverstein)

The RISKS Forum is moderated.  Contributions should be relevant, sound, in good
taste, objective, coherent, concise, and nonrepetitious.  Diversity is welcome.
CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line
(otherwise they may be ignored).  REQUESTS to RISKS-Request@CSL.SRI.COM.
FOR VOL i ISSUE j / ftp kl.sri.com / login anonymous (ANY NONNULL PASSWORD) /
  get stripe:<risks>risks-i.j ... (OR TRY cd stripe:<risks> / get risks-i.j ...
  Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85),(6,95).

----------------------------------------------------------------------

Date: Thu, 28 Jul 88 10:03:46 WET DST
From: "Lindsay F. Marshall" <Lindsay_Marshall%newcastle.ac.uk@NSS.Cs.Ucl.AC.UK>
Subject: NASTRAN and ship steel

Talking of NASTRAN reminds me of something that happened when I worked for a
company involved in shipbuilding. The steel ordered for a ship that was almost
completed turned out to be too thin so some extra reinforcerment was needed. In
order to find the best places for this they ran the whole ship through NASTRAN.
This job ran for 17 hours and filled several Gbytes of disc with temporary
files. The machine crashed when there was no more available disc space. It
turned out that the run involved 32000 degrees of freedom, but nobody had done
the back of an envelope calculations to see if it was practical...
                                                                      Lindsay
JANET: Lindsay_Marshall@uk.ac.newcastle 
UUCP:  ...!ukc!newcastle.ac.uk!Lindsay_Marshall

------------------------------

Date: Thu, 28 Jul 88 13:13:34 EDT
From: csed-1!csed-47!roskos@daitc.ARPA (Eric Roskos)
Subject: Is vibration a known A300 problem?

> Pilots on France's domestic airline, Air Inter, began a new strike last
> night as part of a three-year campaign over Airbus safety. 

Are there safety concerns other than fly-by-wire involving the Airbus?
Or is this "three-year campaign" just about fly-by-wire?  The above
suggests there may be other safety issues; due to 3 experiences with
A300s, I have suspected for several years that there might be some
problem with resonance of the body to engine vibrations during takeoff.
However, I have no evidence other than firsthand observation as a
passenger on A300s to back this up.

Eric Roskos (csed-1!roskos)

------------------------------

Date:     Fri, 29 Jul 88 16:21 EDT
From:     <WWEAVER%DREW.BITNET@CUNYVM.CUNY.EDU> (Woody)
Subject:  Business Week article on computer security

  The August 1, 1988 issue of BusinessWeek contained as cover article, "Is
Your Computer Secure?  Hackers, Viruses, and Other Threats".  The article,
pages 64-72, is reasonably well written, without inflammatory text, and has
few errors or misleading statements.  The article is in essence examining
the risk to the public and private sectors of computer usage and loss; and
covers employee attacks (Gene Burleson's assault on the Fort Worth security
firm USPA & IRA Co., and arrest for "harmful access to a computer"), physical
security in light of accident (the Hinsdale disaster), child 'phrackers' and
Ma Bell, adult hackers (the Chaos Computer Club and the Deutsche Bundespost)
viruses, and the like.

  It's a glossy article, but is filled with interesting bits of data, such as
US expenditures on computer systems over the last four years versus estimated
sales of computer protection goods and services.  They have photographs of
Richard Brandow and the programmer who created the McMag virus, Pierre Zovile'
(err -- if I ever meet them in a dark alley...) and so on.  Its nice to see
some responsible journalism coverage in a general purpose magazine.  Or
perhaps this is just a measure of how important the private sector rates
computer security...

------------------------------

Date: Thu, 28 Jul 88 20:26:10 CDT
From: "Robert Weiss" <weiss@umnstat.stat.umn.edu>
Subject: Computers can increase privacy, too!

I regularly get reports from my congressperson on his activities, and a comment
in one of the articles grabbed my attention before I could toss the mailing:

	"Technology provides the students with privacy ..."

A different sentiment than we usually read about in RISKS.  This is from an
article on a computer-aided adult literacy teaching project in St. Paul.  PC's
placed in individual booths provide both privacy and flexibility.  If I was 30
years old and unable to read at a 4th grade level, the privacy issue would be
important to me.

This made me realize that while large computers and networks may in general be
detrimental to privacy, there _are_ possibilities for computers to increase
privacy.

Robert Weiss 

    [But probably not if untrustworthy people have authorized access to the
    system or to the data, or if people without authorized access masquerade.
    The biggest problem with putting really sensitive data about an individual
    that might be of interest to someone else (for revenge, blackmail,
    curiosity, leaking, etc.) may be that the temptation level has escalated.
    PGN]

------------------------------

Date: Wed Jul 27 19:00:35 1988
From: mcvax!pyrltd!jpp@uunet.UU.NET
From: jpp@slxsys.specialix.co.uk (John Pettitt)
Subject: Viruses - a medical view

Taken without permission from the Independent (which seems to have
gotten it from the British Medical Journal):

VIRUSES could invade hospitals throught their computer systems,
so new software used by doctors is being quarantined before it is
allowed contact with patients' data, Oliver Gillie writes.

The Royal Infirmary in Glasgow isolated a computer virus in its
laboratory among software destined for the cardiac intensive care
unit.  The virus was found by a technician who destroyed it before it
was able to multiply.

Dr Gavin Kenny, an anaesthetist at the Royal Infirmary, said the virus
was not malignant, but "as soon as it was found, we made a complete sweep
to look for others and now we do regular checks".

"A virus can wipe out the memory on an entire disk - that would 
cause a lot of trouble although it would not put patients' lives
in danger," he added. "But some viruses are benign. There is one which
just comes out on Tuesdays.  It says it is Tuesday and then it goes away
again."

[ stuff about what a virus is and the christmas tree deleted - jpp]

Dr John Asbury, another Glasgow anaesthetist, says a virus got
into an intensive care unit in the city where it corrupted data
and caused files to be lost.  Dr Asbury writes about computer
virus disease in the latest issue of the British Medical Journal.

John Pettitt, Specialix, Giggs Hill Rd, Thames Ditton, Surrey, U.K., KT7 0TR
{backbone}!mcvax!ukc!pyrltd!slxsys!jpp            jpp@slxsys.specialix.co.uk

------------------------------

Date: Fri, 29 Jul 88 13:06:44 EDT
From: saponara@tcgould.tn.cornell.edu (John Saponara) [REALLY Eric Haines]
Subject: Apple viruses

From batcomputer!cornell!mailrus!uwmcsd1!ig!agate!ucbvax!pro-carolina.cts.COM!gregp Fri Jul 29 11:52:17 EDT 1988
Article 7320 of comp.sys.apple:
Path: batcomputer!cornell!mailrus!uwmcsd1!ig!agate!ucbvax!pro-carolina.cts.COM!gregp
>From: gregp@pro-carolina.cts.COM (Greg Prevost)
Newsgroups: comp.sys.apple
Subject: Virus Information
Date: 26 Jul 88 21:54:43 GMT
Reply-To: pnet01!pro-simasd!pro-carolina!gregp@nosc.mil
Organization: The Internet

Ok folks, in the past few days I have seen some major stuff going on.  There
are at least two different viruses running around.  One is called Cyberaids
and the other is made by some group called Festering Hate.  Here is some of
the info I have picked up on it in the last few days.

 - = - = - = - = - = - =

50/50: Warning Apple users
Name: Practor Fime #13 @4
Date: Sat Jul 16 17:16:14 1988

CAUTION:

        ZLink+, ZLink.PBH, ZLink are all viruses, if you run ZLink then you
now are the happy parent to a rodent virus. It seem Zlink has some sort of
virus that attaches to files and stuff.  My friend has it on his HD and it
creates some file entry in the ROOT directory that is hidden from every utility
EXCEPT APW or ORCA.  Every time you boot the prodos with the virus it will do
and ON-LINE vol check (even if you specifiy the exact pathname) and install the
virus on systems files such as, Mr Fixit, Basic.system,Copy II+ etc....

 - = - = - = - = - = - =

(92 of 100)
Titled : <*** W A R N I N G ***>
Author : Dr. Logic/Bill of [None]
Stamped: July 13, 1988 at 12:07 AM

There is a file going around (currently on the Hard Drive) called Z.LINK.PLUS.
It is supposed to be a terminal program somewhat like ProTERM.  It is a decent
program but the main reason I posted this is when you boot it up, it GOES TO
EVERY ON-LINE DRIVE AND MODIFIES >BASIC.SYSTEM<!!!

At bootup, it looks like it's doing an On-Line call and checks every drive.
Then it goes back to some and starts doing some modifications (especially
noticeable on floppy drives).  The program modified copies of BASIC.SYSTEM,
FILER, BACKUP.SYSTEM and PROSEL (don't ask me how it chooses, it usually just
attacks BASIC.SYSTEM).

After installing itself into BASIC.SYSTEM, everytime you boot a disk with that
BASIC.SYSTEM on it, it will do another on-line check and continue to add itself
to other copies of BASIC.SYSTEM.

One of the tell-tale signs of this is it will leave behind tracks such as the
modification date of the files it altered (that's how I found out).  BE
CAREFUL!!!  I do not know if this is a virus as my HD is still operable and
I've replaced all infected files with backups.  Either way, I don't like
something that spreads itself around, especially doing an on-line call after
every bootup.


Please spread the word around.  I don't know what kind of file this is but it
sounds like bad news to me.  I encourage those of you who are more
knowledgeable about machine language to d/l the disk and examine the contents
of the files.  I don't trust it but you have been warned.

WARNING: This is a FOR REAL virus not a trojan, if interested I will pack the
         Infected Basic System and U/L it if you want to make a detoxin for it

-Jon

 - = - = - = - = - = - =

                                    Virus
                                    ~~~~~
        The first verified virus of the ProDOS operating system is out and
around.  The first identified carrier of this virus was a terminal program
called "ZLINK.PLUS", which was discovered about one week ago.  Today, our board
was struck by the same virus, which was hidden inside another file,
"MR.FIXIT.3.7", and since I have found it to inhabit "SQUIRT.1.5" as well.  Be
careful.  The most telltale sign of this virus is the fact that when you
execute a system file which is a carrier, it will scan all of your online
prodos devices, and will then occasionally write to one of them.  Check your
directories carefully, look at the modification date on your system files.  If
it is recent, you may have an infected program.  Files in subdirectories are
NOT safe.  I have not found it to copy itself into any file other than
BASIC.SYSTEM, but I hear that other people have had it copy onto other SYS-type
files.

The Byter

(This is the Byter who runs Cabal of the Lexicon in 213.)

------------------------------

Date: Fri, 29 Jul 88 09:09:58 -0400
From: denbeste@OAKLAND.BBN.COM
Subject: On IRS direct computer access

I think this is going to fail. High school students all over the state will
spend their evenings making up social security numbers and entering phony
returns. Perhaps one time in thirty or so they'll hit pay dirt (a real social
security number!).

The only way to prevent this is to have the machine know the names of the
people who own the SSN - and reject any return which isn't right.

Only, having done that, what happens if the legitimate owner of the SSN doesn't
enter their own name is quite the same way it is held in the database?

Perhaps the right answer is for the computer to categorize the returns into one
of two groups: "Those where the name was correct" and "those which a human
being will check for validity".

Steven C. Den Beste,   Bolt Beranek & Newman, Cambridge MA
denbeste@bbn.com(ARPA/CSNET/UUCP)    harvard!bbn.com!denbeste(UUCP)

------------------------------

Date: Thu, 28 Jul 88 18:31:41 mdt
From: Alan Silverstein <ajs%hpfcajs@hplabs.HP.COM>
Subject: Re: doing away with privileged users

In 7.29, Allan Pratt said:

> If there is NO SUCH THING as privileged access, where can you go wrong?

Alas, there is NO SUCH THING as "NO SUCH THING as privileged access".

Why?  Because computers aren't as smart as people and as trustworthy as
their administrators.  Situations inevitably arise which require ad hoc
human intervention -- by privileged users.

What if there were no distinction of "privilege"?  If any user could
handle the interventions?  There'd also be precious little protection of
users's data from other users.  Even cooperating users need protection
from each other's mistakes.

Alan Silverstein, Hewlett-Packard HP-UX DCE Lab, Fort Collins, Colorado

------------------------------

End of RISKS-FORUM Digest 7.30
************************