The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 11 Issue 10

Thursday 14 February 1991

Contents

o On-line in Saudi Arabia
Steve Elias via Martin Minow
o Serious bug in SVR3.2 gives root access easily
Patrick Wolfe
o Risks of large disk drives
Roger H. Goun
o Re: The Risks of Having a Sister
David Ruderman
John Sullivan
Charles Meo
o Guilty until proven innocent
Andrew Koenig
o Parking Ticket Notice
Robert McClenon
o Reinterpretation of the term "Computer Security"
Barry Schrager
o NCCV: COMPUTING & VALUES CONFERENCE, 12-16 Aug 1991
Walter Maner
o Info on RISKS (comp.risks)

On-line in Saudi Arabia

"Martin Minow, ML3-5/U26 14-Feb-1991 1444" <minow@bolt.enet.dec.com>
Thu, 14 Feb 91 11:47:35 PST
Date: Fri, 08 Feb 91 16:06:19 -0500
From: Steve Elias <eli@pws.bull.com>
Subject: funny sco unix story

[...] at sco last week, they told me that their customer service line had
received a call from a US Army dude who was calling from inside his M1 tank in
the Saudi desert.  apparently, SCO Unix runs on one of the computers in the
tank.  the customer service person pointed him to the SCO BBS system and he
dialed it and downloaded the bug fix.

Steve Elias, eli@spdcc.com; 617 932 5598 (voicemail), 508 294 7556 (work phone)

                [Hmm.  I wonder if someone could dial up the tank's Unix?  PGN]


serious bug in SVR3.2 gives root access easily

Patrick Wolfe <pwolfe@kailand.kai.com>
Wed, 13 Feb 1991 12:19:18 CST
I learned last night that the Esix operating system (really AT&T Unix System
V/386 Release 3.2) which I run on my PC at home suffers from the serious
security bug recently reported in comp.unix.sysv386.  Someone posted a 51 line
(commented) program which shows how any user with access to a shell and C
compiler can obtain root priviledges with no effort at all.

I'm not familiar with all the details, but apparently it has something to do
with a bug in the numeric coprocessor emulation library and the os which makes
the user page (where uid information is stored) writable to the process.  The
posted program changes it's own effective uid and gid to zero (becoming root),
and changes the permissions on /etc/{passwd,shadow} to 666 (world writable).

Apparently the bug exists in Esix 3.2, Interactive Unix version 2.02 and 2.2,
and possibly others, but not in SCO Xenix or Unix, nor Intel's Unix 3.2 (these
give memory faults).  Interactive V2.2 users (and possibly some others - not
Esix) can fix the problem by installing a 387, changing the value of one kernel
variable (UAREARW) and rebuilding the kernel.

In my opinion, the rest of us are probably screwed.  I seriously doubt any of
these OS vendors will stop working on SVR4 to fix this bug in SVR3.2, except
possibly for customers who pay for software maintenance.  Many vendors are just
about ready to ship their SVR4 release.  I suspect most will tell those of us
who don't pay for maintenance that we must upgrade to fix the bug.

It just goes to show that it was a good idea when I set my bbs up to run in a
"chroot" filesystem, where even if a user could break out of the bbs program
into a shell, there is no compiler (in fact, there are hardly any useful
commands at all) to mess around with.

Patrick Wolfe, System Programmer/Operations Manager, Kuck & Associates, 1906
Fox Drive, Champaign IL USA 61820-7334, voice 217-356-2288, kailand!pat


Risks of large disk drives

"Roger H. Goun 12-Feb-1991 1602" <goun@ddif.enet.dec.com>
Wed, 13 Feb 91 02:03:05 PST
>From an article in the USENET newsgroup clari.nb.general, announcing a new
large-capacity Winchester disk drive from Fujitsu:

"You used to have to rely on 8 inch drives for capacity, performance and
reliability," added [Mike] Gluck [senior vice president of Fujitsu America's
Computer Products Group].  "Now we have put mainframe reliability into a 5.25
inch disk drive.  Our MTBF (mean time between failure) is 200,000 hours and the
advantage to using one large capacity drive like ours over three smaller drives
is that even if the smaller drives have an equal MTBF, there are three chances
to have a problem."

I see two risks here:

- As has recently been beaten to death in RISKS, the proffered MTBF figure is
  suspect, unless Fujitsu has actually withheld this product from market long
  enough to test a statistically significant number of samples for nearly 23
  years;

- Mr. Gluck seems to think that having a single point of failure is less risky
  than having three separate (though of course not entirely decoupled) points
  of failure.

Roger H. Goun, Digital Equipment Corporation, 110 Spit Brook Road, ZKO2-2/O23,
Nashua, NH 03062 USA, +1 603 881 0022, goun@ddif.enet.dec.com or
goun%ddif.enet@decwrl.dec.com, {uunet,sun,pyramid}!decwrl!ddif.enet!goun


The Risks of Having a Sister (Any well informed sibling will do)

David Ruderman <ruderman@sbcs.sunysb.edu>
Thu, 14 Feb 91 16:54:12 EST
A few years ago, I encountered virtually the same problem with my driving
record.  I went to motor vehicles for my routine license renewal (every
three years), when I noticed on the bottom line a small comment that
read "Last Conviction Speed In Zone $50".

I was directed to the violations department, where they quickly
consulted my records on a terminal.  They told me that one year earlier
I had gotten a speeding ticket and evidently paid it.  They told me
that I had other tickets as well.  I was told that if I wanted a list
of 'my' violations I would have to send $5 or so to Albany (NY) and
they would send me a printout.

I discovered that my brother had simply told the police that he was me, and he
did not have his license with him (his was nearly suspended).  He then paid the
tickets.

The Risks are clear:
-  There was no confirmation of my brother's identity.
-  He was able to plead me guilty by mail.
-  I was not provided with a routine way to review my driving record for
   possible errors.
-  The last risk is that I was not able to clean up my record,
   since the only way would be to turn in my brother to the authorities.

David Ruderman, Department of Computer Science, SUNY at Stony Brook,
Stony Brook, NY 11794-4400 ruderman@sbcs.sunysb.edu (516) 632-7675


Re: risks of having a sister

<sullivan@poincare.geom.umn.edu>
Thu, 14 Feb 91 04:02:13 CST
In the states of the USA with which I'm familiar, one must be a licensed driver
to register a car.  This allows a driver's license number to be associated
with, say, unpaid parking tickets.  I don't think that moving violations (say
in the case of a hit&run driver whose plates are observed) can be ascribed to
the owner of the car without other evidence.  But it does seem that such a rule
might be useful in Australia to discourage unlicensed drivers.

John Sullivan  sullivan@geom.umn.edu


Re: Risks of having a sister

Charles Meo <cm@yarra.oz.au>
13 Feb 91 04:17:20 GMT
For non-Australians it is worth pointing out that under unique (and unsuccess-
fully opposed) legislation, the burden of proof has been reversed and police
are empowered to record a conviction _without_ any judicial process whatever
and the driver is then obliged to prove his or her _innocence_ in the matter.

This has enabled local police to generate enormous government revenues as many
traffic infringements are now handled in this way.

I do not know of any other civilised country that would allow this (the spirits
of the old prison governors are alive and well in our seats of government!) and
of course, when this law is translated into computer systems with _no_ safe
guards the situation Robyn has described can happen easily.
                                                                 C. Meo


guilty until proven innocent

<ark@research.att.com>
Thu, 14 Feb 91 16:46:32 EST
C. Meo says he `does not know of any other civilised country' that would allow
the burden of proof to be reversed in the event of traffic violations.
Unfortunately, that is becoming more common here as well -- several states have
empowered police to seize licenses of people tho fail breath alcohol tests.  It
then becomes the problem of the accursed -- um, accused, to prove innocence.
Yeah, right.

I know a guy who was stopped for speeding once.  They looked him up and
discovered his license had been revoked, so they carted him off to the police
station and booked him for driving while on the revoked list.  He protested
that (a) he had never been informed that his licence had been revoked, and (b)
he had not done anything that should have caused his license to be revoked.

When his case came to trial, the state readily admitted that both (a) and (b)
above were true.  However, his name was indeed on the revoked list, albeit
erroneously, and he was accused of driving while his name was on the revoked
list, so he should be found guilty.  The judge agreed and found him guilty.
Afterwards, he asked what he might have done to avoid this.  The answer was
that it was his responsibility to check the revoked list to see if his name
turns up there.  He left the state shortly thereafter, and I don't suppose he
has been back since.


Parking Ticket Notice

Robert McClenon <76476.337@compuserve.com>
14 Feb 91 00:46:16 EST
     I received from the District of Columbia Government Bureau of Traffic
Adjudication a Notice of Delinquent Parking Tickets today for three tickets
issued in December 1990.  The tickets were all issued to a Volkswagen with
plate number 457-143 in a section of Washington that I have not visited.  I do
not own a Volkswagen.

     Prior to October 1987 I owned a Ford Fiesta with plate 457- 143.  Shortly
before October 1987 I lost the front plate.  Since I was preparing to trade it
in for a new van I did not replace the plate, and did not report it as lost.  I
simply requested a new plate rather than transferring an old plate.  The plate
expired in March 1988.

     Either the plate number was reissued, or someone found the lost plate and
is using it illegally.  If it was reissued, the problem is that the database
shows the wrong name as the owner.  If it was lost and found and is being used
illegally, then the system should have shown that the registration is no longer
valid.  Besides, if that old plate is being used, tickets should also have been
issued for using an expired license plate without renewal stickers.

     The specific RISK here is: "D.C. motor vehicle registration will not be
renewed if you have outstanding parking tickets."  The notice doesn't say that
it only restricts the renewal of this Volkswagen with plate 457-143.  They also
have my name, and presumably know that I now own a 1988 van.  A more serious
risk could arise with a system with this vulnerability in a state where parking
tickets are considered to be petty crimes, in that an arrest warrant could be
issued.  (Parking tickets in the District of Columbia are civil rather than
criminal.  That reduces the risk but doesn't eliminate it.)
                                                               Robert McClenon


Reinterpretation of the term "Computer Security"

Barry Schrager <71370.2466@compuserve.com>
08 Feb 91 23:02:59 EST
Mr Dixon seems to be perturbed that one of the moguls in his business has
determined that all data should be protected rather than just "sensitive
data."  Just who is going to be so totally aware of what the implications of
all data are to make an absolutely correct decision so that all company
sensitive information will be protected.  It is obviously much more secure
and definitely safer to assume that all data has some importance and
therefore should has some measure of protection.  If this is the case then
the data creator/owner or security manager can determine who should have
access to share this data.

If all data is protected by default then the error of omission is just an
inconvenience -- if only "sensitive data" is protected then the error of
omission is disclosure of sensitive data and presumably some corporate harm.

The security product I designed for large IBM Computer Systems -- ACF2 --
was the first product in that arena to protect all data by default and it
was done with less overhead than the products that presumably protected only
sensitive data.  Given this, there exists no reason to not protect all data
and determine who to share it with rather than guess which data should be
protected or not protected.   Thousands and thousands of computer sites
licensed this package so therefore they also felt that this was the correct
way to do this.

The SHARE Security Project Requirements for future data security in IBM
Operating Systems also called for all data to be protected as a default in
1974.  Obviously, Mr Dixon's business mogel is not alone with his
presumptions  -- in fact, I think he's right.


COMPUTING & VALUES CONFERENCE, N C C V / 91, Aug 12-16 1991

Walter Maner <maner@bgsuvax.UUCP>
9 Feb 91 17:35:09 GMT
NCCV/91 THE NATIONAL CONFERENCE ON COMPUTING AND VALUES,
AUGUST 12-16, 1991, NEW HAVEN, CONNECTICUT  FIRST CALL FOR PARTICIPATION

The National Conference on Computing and Values will address the broad topic of
Computing and Values by focusing attention on six specific areas, each with its
own working groups.

      -  Computer Privacy & Confidentiality
      -  Computer Security & Crime
      -  Ownership of Software & Intellectual Property
      -  Equity & Access to Computing Resources
      -  Teaching Computing & Values
      -  Policy Issues in the Campus Computing Environment

CONFERENCE HIGHLIGHTS -- Details follow

o  Active role for all attendees
o  Free associate membership in the Research Center on Computing and Society
o  Valuable take-home materials
o  A user-friendly conference
o  A family-friendly conference
o  Unique aspects
o  Members of the Planning Committee
o  Partial list of confirmed speakers
o  Modest cost
o  Further information and registration

ACTIVE ROLE FOR ALL ATTENDEES

A special feature of the National Conference on Computing and Values will be
the active role of all attendees.  Each attendee will belong to a small working
group which will "brainstorm" a topic for two mornings, then recommend future
research.  On the third morning, each group will report the results of its
activities to the assembled conference.  (Group reports will be incorporated
into the published proceedings of the conference.)

In addition, each person will be able to attend five keynote addresses, three
track addresses, three track panels, two evening kick-off events, two evening
enrichment events, and four days of exhibits and demonstrations.

FREE ASSOCIATE MEMBERSHIP IN THE RESEARCH CENTER ON COMPUTING AND SOCIETY

Every attendee can become an Associate of the Research Center on Computing and
Society for two years free of charge.  Associates receive the Center
newsletter, announcements of Center projects, lower registration fees at Center
sponsored events, and access to the Center's research library on computing and
values.

VALUABLE TAKE-HOME MATERIALS

The conference will provide a wealth of materials on computing and values,
including articles, government documents, flyers about organizations and
publications, a special "Resource Directory on Computing and Society," and a
"track portfolio" of materials for each of the six tracks.  Every attendee will
receive a copy of the resource directory, the track portfolios, plus many other
useful materials.

A USER-FRIENDLY CONFERENCE

The conference will be held on a residential campus at a quiet time between
semesters.  Adequate time for meals, conversations, and relaxation is
scheduled.  There will be social events, such as an ice cream social and a
conference barbecue.  In addition, various lounges will have coffee, tea,
juice, and snacks all day to encourage conversation among participants.  The
conference will include individuals from six different professional groups:
Computer Professionals, Philosophers, Social Scientists, Public Policy Makers,
Business Leaders, and Academic Computing Administrators.

A FAMILY-FRIENDLY CONFERENCE

Family members of attendees will be able to use university facilities, such as
the swimming pool, playing fields, tennis courts, and TV lounges.  In addition,
a day-care center, baby sitting service, and bus trips to local tourist
attractions will be available.  Attendees' spouses will be welcome at
conference social events; and both spouses and children may attend the
conference barbecue.

UNIQUE ASPECTS

The National Conference on Computing and Values will be one of most significant
assemblies of thinkers on computing and values ever to gather in one place.

Among the nearly 50 speakers who will address the 500 conference attendees are
philosophers, computer scientists, lawyers, judges, social scientists,
researchers in artificial intelligence, and experts in computer security.

The conference also will feature one of the most comprehensive exhibits of
materials ever assembled on computing and values.  The exhibit will including
books, journals, articles, government documents, films, videos, software,
curriculum materials, etc.

Hosted by Southern Connecticut State University, including the Research Center
on Computing and Society, Philosophy Department, Computer Science Department,
Adaptive Technology Laboratory, and the journal Metaphilosophy.

Planned in cooperation with: The American Association of Philosophy Teachers,
the American Philosophical Association, the Association for Computing
Machinery, the Canadian Philosophical Association, Computer Professionals for
Social Responsibility, and the Institute of Electrical and Electronics
Engineers.

Funded, in part, by grants from the National Science Foundation (DIR-8820595
and DIR-9012492).

MEMBERS OF THE PLANNING COMMITTEE

Terrell Ward Bynum, Co-chair,       Walter Maner, Co-chair

Ronald E. Anderson, Gary Chapman, Preston Covey, Gerald Engel, Deborah G.
Johnson, John Ladd, Marianne LaFrance, Daniel McCracken, Michael McDonald,
James H. Moor, Peter Neumann, John Snapper, Eugene Spafford, Richard A. Wright

PARTIAL LIST OF CONFIRMED SPEAKERS

    Ronald E. Anderson, Chair, A C M Special Interest Group on Computing and
Society; Co-Editor, SOCIAL SCIENCE COMPUTER REVIEW
    Daniel Appelman, Lawyer for the USENIX Association, Specialist in Computer
and Telecommunications Law
    Leslie Burkholder, Staff Member of the Center for the Design of Educational
Computing, Carnegie-Mellon University; Editor, COMPUTERS AND PHILOSOPHY
    David Carey, Author and Speaker on Software Ownership; Doctoral
Dissertation on Software Ownership; Assistant Professor, Whitman College, WA
    Gary Chapman, Executive Director, Computer Professionals for Social
Responsibility; Editor, JOURNAL OF COMPUTING AND SOCIETY
    Marvin Croy, Author and Researcher on Ethical Issues in Academic Computing;
Associate Professor of Philosophy, University of North Carolina at Charlotte
    Gerald Engel, Vice-President of Education, Computer Society of the I E E E;
Member, Computing Sciences Accreditation Board; Editor, COMPUTER SCIENCE
EDUCATION
    Batya Friedman, Co-Editor of Computer Professionals for Social
Responsibility Anthology of Computer Ethics Syllabi; Teacher of Computer Ethics
at Mills College, CA
    Don Gotterbarn, Researcher and Speaker on Computer Ethics; Associate
Professor of Computer and Information Sciences, East Tennessee State University
    Barbara Heinisch, Co-Director, Adaptive Technology Computer Laboratory,
Southern Connecticut State University; Associate Professor of Special Education
    Deborah G. Johnson, Chair, Committee on Computers and Philosophy of the
American Philosophical Association; Author of the textbook COMPUTER ETHICS
    John Ladd, Professor Emeritus of Philosophy, Brown University; Author of
articles on Ethics and Technology
    Marianne LaFrance, Project Director, "Expert Systems: Social Values and
Ethical Issues Posed by Advanced Computer Technology"; Associate Professor of
Psychology, Boston College
    Doris Lidtke, Editorial Staff, Communications of the A C M; Professor of
Computer and Information Sciences, Towson State University
    Walter Maner, Director of the Artificial Intelligence Project, Bowling
Green State University; Author of Articles on Computer Ethics
    Dianne Martin, Researcher and Curriculum Developer in Computers and
Society; Co-Chair of "Computers and the Quality of Life 1990", A C M / S I G
C A S conference
    Keith Miller, Computer Science, the College of William and Mary; Author and
Speaker on Integrating Values into the Computer Science Curriculum
    James H. Moor, Member, Subcommittee on Computer Technology and Ethics,
American Philosophical Association, Author of Articles on Computer Ethics
    William Hugh Murray, Consultant and Management Trainer in Information
Systems Security; Past Fellow on Information Security with Ernst & Young
Accountants
    Peter Neumann, Senior Researcher in Computer Science, S R I International;
Chair, A C M Committee on Computers and Public Police; Editor, Software
Engineering Notes; Moderator of COMP.RISKS
    George Nicholson, Judge of the California Superior Court, Head of the
"Courthouse of the Future" Project
    Judith Perolle, Researcher on "Ethical Reasoning about Computers and
Society"; Associate Professor of Sociology, Northeastern University
    John Snapper, Illinois Institute of Technology; Author and Editor in
COMPUTER ETHICS; Member of the Center for the Study of Ethics and the
Professions
    Eugene Spafford, Member A C M - I E E E Joint Task Force on Computer
Science Curriculum; Author of Articles and Reports on Computer Viruses and
Security
    Willis Ware, Researcher, Author and Speaker on Computers and Privacy
    Terry Winograd, Past President of Computer Professionals for Social
Responsibility; Author and Researcher in Artificial Intelligence
    Richard A. Wright, Executive Director, American Association of Philosophy
Teachers; Director, Biomedical and Healthcare Ethics Program, University of
Oklahoma
    Bryant York, Professor of Computer Science, Boston University; Director of
the Programming by Ear Project for visually handicapped individuals

MODEST COST

Registration Fee
            Before 7/1/91    After 7/1/91
  regular       $175.00         $225.00
  student       $ 50.00         $100.00

Food (entire conference)
  $90.00 (adult)           $50.00 (child)

Dormitory Room (entire conference)
                             Before 7/1/91    After 7/1/91
  adult (double occupancy)      $100.00          $110.00
  adult (single occupancy)      $150.00          $175.00
  child                          $40.00           $50.00

  There are a limited number of single occupancy rooms available.
  A few Room & Board Scholarships are available.

FURTHER INFORMATION AND REGISTRATION

Registration for the National Conference on Computing and Values is limited to
500 people (about 85 from each professional group).  It is highly recommended
that you pre-register well in advance to ensure a place in the conference.  To
receive a set of registration materials, please supply the requested
information (see "coupon" below) to Professor Walter Maner, the conference
co-chair:

By E-Mail:
   BITNet      MANER@BGSUOPIE.BITNET
   InterNet    maner@andy.bgsu.edu (129.1.1.2)
   CompuServe  [73157,247]
By Fax:
   (419) 372-8061
By Phone:
  (419) 372-8719  (answering machine)
  (419) 372-2337  (secretary)
By Regular Mail:
   Professor Walter Maner
   Dept. of Computer Science
   Bowling Green State University
   Bowling Green, OH 43403 USA

/------------------------- COUPON ---------------------------\
First Name:
Last Name:
Job Title:
Phone:
Institution or Company:
Department:
Building:
Street Address:
City:
State:
Zip:
Country:
Email Address(s):

     All attendees will be part of a working group that "brainstorms" a topic
and suggests further research for the next five years. PLEASE INDICATE YOUR
PREFERENCES BELOW (1 = first choice, 2 = second choice, 3 = third choice):

[  ] Privacy & Confidentiality
[  ] Equity & Access
[  ] Ownership & Intellectual Property
[  ] Security & Crime
[  ] Teaching Computing & Values
[  ] Campus Computing Policies

PLEASE MARK *ONE* OF THE FOLLOWING:

[ ] Send me registration information ONLY.  I'll decide later whether or not to
register.

[ ] Register me NOW.  Enclosed is my check (made payable to "B G S U") for $ to
cover all of the following (PLEASE ITEMIZE):

               Quantity
                [   ]    regular registration(s)
                [   ]    student registration(s)
                [   ]    meal ticket(s) for adult
                [   ]    meal ticket(s) for child
                [   ]    room(s) for adult (double occupancy)
                [   ]    room(s) for adult (single occupancy)
                [   ]    room(s) for child

Note that rates change on July 1, 1991.

\---------------------- END OF COUPON -----------------------/

InterNet maner@andy.bgsu.edu  (129.1.1.2)    | BGSU, Comp Science Dept
UUCP     ... ! osu-cis ! bgsuvax ! maner     | Bowling Green, OH 43403
BITNet   MANER@BGSUOPIE                      | 419/372-2337  Secretary
Relays   @relay.cs.net, @nsfnet-relay.ac.uk  | FAX is available - call

Please report problems with the web pages to the maintainer

Top