RISKS-LIST: RISKS-FORUM Digest Saturday 17 September 1988 Volume 7 : Issue 55 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: The Ethics of Conflict Simulation (Mike Trout) Re: Social content of video games (Tim Wood) Re: Credit Doctors (Dave Robbins) Virus in ROM on commodore 64 (Jurjen N.E. Bos) Re: Destructive remote controls (Henry Spencer, Jurjen N.E. Bos) Another one-key mishap (Russ Nelson) Call for Papers, Invitational Workshop on Data Integrity (Zella Ruthberg) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. FOR VOL i ISSUE j / ftp kl.sri.com / login anonymous (ANY NONNULL PASSWORD) / get stripe:risks-i.j ... (OR TRY cd stripe: / get risks-i.j ... Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85),(6,95). ---------------------------------------------------------------------- Date: 16 Sep 88 16:23:05 GMT From: miket@brspyr1.brs.com (Mike Trout) Subject: The Ethics of Conflict Simulation (Re: RISKS-7.49) In RISKS-FORUM 7.49, Eric Postpischil and Henry Spencer disagree with Ed Nilges' assertion (in RISKS-FORUM 7.45) that increasing technical abilities of computer games has corresponded with a decline in social and moral content. They point out the subtle yet insidious context of chess and _Monopoly_, the large number of computer games that encourage moral behavior, and the overt content of standard wargames. Although many of their points are valid, I must disagree with the basic contentions of Eric and Henry. I, too, have noticed the same disturbing trend aptly noted by Ed. I have been involved with the design, use, and history of wargames (perhaps more correctly called "conflict simulations") for nearly 20 years. Over that time, I have witnessed a definite change in attitude among those in the field. In the mid 70s, a major debate erupted over whether the industry leader should or should not do a proposed project for the Pentagon. The consensus was that dealing with the Pentagon would poison the intellectual atmosphere that had so far kept conflict simulations a model of integrity. The project was never done. Shortly thereafter, the industry leader was destroyed in a hostile takeover attempt, and surviving companies began the first Pentagon projects. Today, most wargaming companies fight for those precious Pentagon dollars, and gaming has suffered for it. Many simulations are today designed for the purpose of developing better ways to slaughter people, rather than as intellectual history lessons. Worse, there is a disturbing tendency to design simulations as vehicles for displaying aggression. Certainly 20 years of progress has given us conflict simulations that are technically far more accurate than anything done in the "Golden Years" of the 60s and 70s, and the use of computers in simulations has revolutionized the industry. But with the improvement in technical accuracy and mechanics has come a change in the purpose of wargames. Instead of serving primarily as learning tools, they are now approached as pure profit-making ventures, military aids, or macho exercises. The "learning tool" aspect is still there, but it has been subverted by baser instincts. Of course, there is the "fun" aspect of conflict simulations. Even the most intellectual simulations invariably contain certain amounts of "fun," and most of us get a great deal of satisfaction that way. I would not deny that I myself have enjoyed watching my Soviet infantry turn a Nazi pillbox into a fireball. Yet when that enjoyment becomes the PRIMARY purpose of the simulation, something is wrong. This is one of the more disturbing aspects of many arcade-type computer games. It doesn't matter whether you are pushing a button on a joystick, typing in a line of commands, or moving a cardboard counter across a map. What are the functions of the simulation? I submit that greed and aggression have no place in the study of a human activity which is itself intrinsically rooted in greed and aggression. Michael Trout (miket@brspyr1) =-=-=-=-=-=-= UUCP:brspyr1!miket BRS Information Technologies, 1200 Rt. 7, Latham, N.Y. 12110 (518) 783-1161 ------------------------------ Date: Wed, 14 Sep 88 19:28:23 PDT From: mtxinu!sybase!linus!tim@ucbvax.Berkeley.EDU (Tim Wood) Subject: Re: Social content of video games (RISKS-7.49 etc.) The conditioning effect of violent video games should be at least as much of a concern as the effect of similar content on viewers of ordinary TV. Video games do not present the spare, tokenized arena of chess or Monopoly; they present a (speculative) graphical scene of the player's struggle toward the goal. When the player and the obstacles are cast in demeaning human stereotypes, the game is degrading to play. The key aspect of video games is the explicit graphical interface that requires the player to focus on the images of the game's creators rather than create his/her (possibly less hostile in some cases) own mental images. {ihnp4!pacbell,pyramid,sun,{uunet,ucbvax}!mtxinu}!sybase!tim Voluntary disclaimer: This posting is solely my personal opinion. It is not a representation of Sybase, Inc. ------------------------------ Date: Fri, 16 Sep 88 14:40:04 EDT From: Dave Robbins Subject: re: Credit Doctors donn@cs.utah.edu (Donn Seeley) quotes in Risks 7.50 portions of the Newsweek article about credit doctors. The concluding question is: Are credit bureaus' security measures really this lax? It's not hard to believe, just appalling. I have a couple of comments to add: 1) This type of activity is not uniquely a computer risk. I can imagine a computerless credit bureau, where records are kept on paper, and further imagine a 'credit doctor' fraudulently obtaining the credentials necessary to gain access to the credit bureau. The 'doctor' then calls up the credit bureau and obtains the desired information. The difference, of course, is that in this case the 'doctor' is probably dealing with a human at the credit bureau, and this human might by some chance figure out that the 'doctor' is up to no good. 2) The computer-related risk is, of course, that this sort of activity is much more likely to happen with computerized credit bureaus. The volume of information involved, and the anonymity of the individual making the request for credit information (via a terminal) make it much more difficult for requests to be validated and for fraudulent usage to be detected. This is just one more example of a well-known risk that is all too often not accounted for in the design of a system. 3) Surely there must be a reasonable way to provide legitimate access to credit information without making it so easy to obtain illegitimate access! As the credit bureaus operate today, any individual who knows how to access the credit bureau's computer can apparently locate anyone's credit information. It has been demonstrated that we cannot place much trust in those individuals at the banks, etc. who have access to the credit bureaus. I can imagine an individual whose credit information is on file at the credit bureau providing a unique 'password' to the bank for the purpose of a credit check, but how then is that password protected from abuse? (I seem to remember a proposal for a relatively secure version of this sort of thing in CACM 3-4 years ago.) Or is this an inevitable and unavoidable risk of having computerized records? I should hate to think so -- it might lead me to advocate keeping computers away from such sensitive records. These issues are not really new, so I think I'll stop at this point, and wait for the next creative abuse of computerized personal records to pop up in the news. ------------------------------ Date: Sat, 17 Sep 88 12:06:45 +0200 From: jurjen@cwi.nl (Jurjen N.E. Bos) Subject: Virus in ROM on commodore 64 The commodore homecomputer has an EPROM containing the boot and basic software. This ROM is in principle programmable only if the programming voltage is applied. In practice it is possible to modify the ROM by writing to it many times. This already caused a severe problems because a crashing program destroyed the ROM in a computer of a friend of mine. I do not know if there already is a ROM virus on the 64, but I'm sure it is possible. This makes those computers more vulnerable to viruses than any other homecomputer. ------------------------------ Date: Sat, 17 Sep 88 00:26:17 EDT From: attcan!utzoo!henry@uunet.UU.NET Subject: Re: Destructive remote controls > REMOTE WILL DAMAGE your home TV sets." I'd say they're just trying to scare you. I find it hard to imagine a remote control that puts out enough infrared to even be competitive with direct sunlight -- and any consumer product must be designed for the possibility of lengthy periods of direct sunlight. Henry Spencer at U of Toronto Zoology ------------------------------ Date: Thu, 15 Sep 88 10:49:16 +0200 From: jurjen@cwi.nl (Jurjen N.E. Bos, CWI, Amsterdam) Subject: Damage by remote controllers Talking about TV sets that are claimed to be damaged by remote controllers... I happened to go to Disneyland lately where I saw the 3D movie "captain EO". As you might know, this 3D effect is done using a special kind op polaroid glasses. They said after the movie was over: "Please do not take these glasses as a souvenir. They will impair your vision outside this theatre." There they go again! What's the difference between this theatre and the outside world? Those glasses will either impair your vision on the long run (which I doubt) or they won't. The only difference between the inside of the theatre and the outside world is the 3D illusion they make. -- Jurjen N.E. Bos [Irrelevant to computers, but nevertheless interesting as another example of the same approach! PGN] ------------------------------ Date: Fri, 16 Sep 88 11:12:20 EDT From: Russ Nelson Subject: Another one-key mishap When I worked at HP, we acquired a new HP-IB hard disk drive with integral tape backup. To perform a backup or restore, you simply pull off the faceplate and press disk-to-tape or tape-to-disk. Both switches were identical, and you can guess what eventually happened... [As you might guess, there are about 12 messages pending on variants of "rm" pitfalls and other single-keystroke fiascos. We'll slow down on these for a while. PGN] ------------------------------ Date: Fri, 16 Sep 88 17:19:43 EDT From: ewiles%netxcom@uunet.UU.NET (Edwin Wiles) Subject: Re: ISDN/ANI - What one switch vendor told me In RISKS 7.53 Writes: > Another point we had questions about, and they could not answer, is what > happens to all of those companies (like banks) who now do some business using > the touch-tone key pad. Under ISDN, signalling uses the "D" channel, not one > of the voice carrying "B" channels. Therefore you cannot listen and capture > touch-tones off of the conversation. I'm not absolutely certain that we are talking about the same thing, but "Feature Group D" services do indeed allow you to capture touch tones off of the conversation. (I have worked with this, so I know something about it.) The ANI signalling *is* done on different lines from the ones that carry the conversation, and uses something other than DTMF. However, once the ANI signalling is done, the receiver of the call performs an "Acknowledgement Wink" on the special line. This opens the 'voice path', which is what carries both the conversation, and any additional touch tones the caller sends. (Such as a command code to tell the bank what to do with your account.) The RISKY thing about this setup, is that it takes an additional "Wink" to 'accept' the call. Theoretically, you could complete your entire conversation without sending that wink, and never be billed for the call since the telco doesn't start billing until the call is 'accepted'. Practically, if you did it much, the telco would notice, and you would be "up the evil smelling tributary, with no visible means of locomotion, and no knowledge of aquatics." The reason for this setup is so a service can extract further addressing information before the caller is billed. This prevents a caller from being billed for a call which cannot be completed. DISCLAIMER: I do not work for any telephone company. Neither I, nor my company, condone any illegal actions. Edwin Wiles, NetExpress Comm., Inc., 1953 Gallows Rd. Suite 300 Vienna, VA 22180 ------------------------------ Date: 16 Sep 88 17:39:00 EDT From: "RUTHBERG, ZELLA" Subject: Call for Papers, Invitational Workshop on Data Integrity CALL FOR PAPERS Invitational Workshop on Data Integrity January 25-27, 1989 Sponsored by and Held at National Institute of Standards and Technology (formerly National Bureau of Standards) Gaithersburg, Maryland The National Institute of Standards and Technology is sponsoring an Invitational Workshop on Data Integrity to be held at NIST in Gaithersburg, Maryland on January 25-27, 1989. The Workshop will focus on the concepts of data integrity and data quality, and the characteristics, metrics, and principles needed to define and provide a suitable framework for data integrity and data quality. This invitational workshop is a follow-on to the October 27-29, 1987 invitational Workshop on Integrity and Privacy in Computer Information Systems (WIPCIS). The latter originated as a response to a paper by Clark and Wilson presented at the IEEE Security and Privacy Conference in April, 1987. That paper compared commercial and military computer security policies. The 1987 Workshop focused on commercial sector interpretations of the issues of Assurance, Granularity and Function, Identity Verification, Auditing, and System Correspondence to Reality and related these to a data integrity model. A subsequently-formed data integrity working group of the NIST Computer and Telecommunications Security (CTS) Council has proposed definitions for data integrity and data quality. These have been incorporated, along with other conclusions, in a paper written by the working group chair Robert H. Courtney, Jr. It is intended that this paper serve as a strawman to stimulate responses in the form of papers to be given at the January Workshop. The Clark & Wilson paper would form an example within this framework. Although computer and telecommunications system integrity is broader than data integrity, consensus findings about data integrity would contribute significantly to our understanding and handling of the broader concerns of integrity. Papers are being sought from the computer security community for presentation at the Workshop. Papers could address but need not be limited to the following topics: o Key principles for achieving data integrity. o Key principles for achieving data quality. o The application of principles to achieve integrity and quality of data. o The attributes of data quality (other than accuracy, timeliness and completeness). o Is confidentiality an attribute of data quality? o Connection between Quality Assurance and data integrity. o Connection between Quality Control and data quality. o Relation between data quality and the value of data. o Organization-specific data integrity/data quality policies derived from a body of principles. o Cost-Benefit Relationships between security controls and data quality and integrity. o Organizational structures for assigning data integrity, quality assurance, and data quality functions. o A realistic internal audit role relative to data integrity and quality. o A reasonable external auditor role relative to data security and its subset data integrity. o The relation of people roles (ADP staff, user, internal auditor, quality assurance, quality control) to data integrity and quality. Papers should be submitted by November 17, 1988 to: National Institute of Standards and Technology, Computer Security Division, Attn: Zella Ruthberg, A-216 Technology, Gaithersburg, Maryland 20899 Approximately six papers will be selected for presentation and discussion. Selections will be made by December 7, 1988. The strawman paper will be sent on request. For further background, people may also request a copy of the report of the 1987 WIPCIS workshop. The paper and report are available from Robin Bickel at the above address or 301-975-3359. For further information on the Workshop contact Zella Ruthberg at 301-975-3361. ------------------------------ End of RISKS-FORUM Digest 7.55 ************************