The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 11 Issue 27

Wednesday 13 March 1991

Contents

o Incredible backlog of RISKS contributions -- Risks of RISKS again
RISKS
o New Utility to Unlock Passwords
Martin Minow
o Medical image compromise
Roy Smith
o MCI's Computer Said It Is NOT OK
Li Gong
o Examinations by Phone
James K. Huggins
o Confident Extrapolation of Worst-Case Failures
Anthony E. Siegman
o Re: A pulsar repulsed!
Matti Aarnio
o EM solution for new buildings - risk solved?
Olivier M.J. Crepin-Leblond
o Cellular surveillance
Les Earnest
o Cellular phone usage
anonymous
Ed Hall
o Secret Service Foils Cellular Phone Fraud
P.J. Karafiol
o Telephone risks revisited
W.A. Simon
o Re: Apathy and viral spread
Steven King
o Info on RISKS (comp.risks)

Incredible backlog of RISKS contributions -- Risks of RISKS again

RISKS Forum <risks@csl.sri.com>
Wed, 13 Mar 1991 17:21:44 PST
OK, folks, I have never before asked you to slow down in your contributions,
and am not about to do so now.  Perhaps the evident lag time will help to do
that naturally.  But the recent volume of mail to RISKS is horrendous -- on
droids, dumbing-down, qwertyuiop, EMI (as of 2 March), warranties and free
software (as of 28 Feb, with a double-size issue's worth of stuff still
backlogged waiting for my immoderation), etc., all under consideration.  (And
BARFmail is on the increase again, for no apparent reasons, just the usual net
flakiness, people moving, host names changing, FROM: addresses TO which I
cannot even answer your mail, especially unregistered portions of UUCP, etc.).

I was away most of today and noticed that my backlog of UNSEEN NEW messages was
over 100, and the backlog of UNSEEN messages was about almost twice that, just
over the past few days.  Thanks for all your enthusiasm!

On an old subject, I get complaints from some of you when I do NOT use
draconian pruning shears, because you would like to rely on my moderation to be
incisively oriented toward exciting and really interesting material, so that
you do not have to wade through the less interesting stuff.  But what is
interesting to some may not be interesting to others.  I also get queries from
some of you when your message has not appeared after a while.  I know I cannot
please everyone, but I'll continue to try to do the best I can.  I am currently
batching heavy-response items together into self-contained issues, so that if
you are bored with the topic you may simply ignore the entire issue.

I long ago gave up trying to acknowledge every message.  If you really want to
make sure a particular message got through or try to wedge it out of the
queueueueueueue, please feel free to do so.  Otherwise, please just have
patience.  Thanks.  PGN


New Utility to Unlock Passwords

"Martin Minow moved to LJO2-A2, RANGER::MINOW" <minow@bolt.enet.dec.com>
Tue, 12 Mar 91 08:45:47 PST
>From MacWeek, Mar 12, 1991: [edited for space].

"New Visions Limited Partnership last month shipped a new [Macintosh] password-
recovery utility called MasterKey.

"MasterKey comes in three versions [for WingZ, Excel, and WordPerfect 1.0].
... MasterKey is intended for use by law-enforcement agencies to access
files belonging to drug criminals, embezzlers and terrorists; by companies
to access files that disgruntled or terminated employees have locked; and
by users to access their own files.

"Features ... include the ability to rever passwords from MS-DOS files,
[and] an access code to prevent use by unauthorized users...."

I rather like the fact that they decided to password-protect their utility:
maybe I should write a utility to break their password scheme!

Martin Minow        minow@ranger.enet.dec.com


Medical image compromise

Roy Smith <roy@alanine.phri.nyu.edu>
Tue, 12 Mar 91 11:56:07 EST
    Slightly off the original subject, but I noticed in a recent visit to a
hospital that in the public hallway outside of the CAT/MRI scan area were open
rack upon open rack of magtapes, no doubt containing images of patients.  It
struck me that anybody could just pick up a tape and walk off with it.  Surely
they would not be so sloppy with "official medical records".  My guess is that
it never really occurred to them that these tapes are part of the medical
records, just as surely as the bit of paper charts the doctors scribble in are.

-- Roy Smith, Public Health Research Institute 455 First Avenue, New York, NY
10016 roy@alanine.phri.nyu.edu -OR- {att,cmcl2,rutgers,hombre}!phri!roy

      [Clearly not an integrity concern, but it could be a privacy concern
      if some eager journalist stole a tape, or a denial of service concern
      if the tape goes astray.  PGN]


MCI's Computer Said It Is NOT OK

Li Gong <li@oracorp.COM>
Tue, 12 Mar 91 17:56:09 EST
I wanted to subscribe to MCI's three major calling packages: Prime Time, Call
Europe, and Call Pacific.  I was told by MCI representatives that I couldn't do
so because their computer couldn't handle the complicated billing computation.
The maximum is two packages per account.

Li Gong, ORA Corp, 675 Mass Ave, Cambridge, MA


Examinations by Phone

James K. Huggins <huggins@zip.eecs.umich.edu>
Wed, 13 Mar 91 11:32:53 EST
With the recent discussion on voting-by-phone in RISKS, I thought
the following (excerpted) article, taken from "U.: The National
College Newspaper" might be of interest to readers.

"Test Taking Goes Touch-Tone": Seema Desai, _The_Daily_Pennsylvanian_
(student newspaper of the University of Pennsylvania)

At Governors State U., a wrong number can cost students more than a quarter.
It can cost them their grade point averages.  The small university near Chicago
recently adopted a telephone system that lets students take multiple-choice
exams over a touch-tone telephone.

Donald Fricker, a management professor who spent about two years developing the
application, said students call a special number and respond to recorded
multiple choice questions by pressing digits on their phones.  The system,
named Big Mouth, has been in operation since this fall, and four professor
currently use it to administer exams.  Fricker said more than 100 students in
classes ranging from psychology to management have taken exams on the system,
adding that most students have responded positively to the new technology.
[student and faculty testimonial deleted]

Some students and faculty have raised concerns about abuse of the system.
Currently, students have to enter their social security number to access the
system.  Students are on their honor not to cheat, Fricker said.  And because
students have only five seconds to answer, Scherzinger said cheating is
difficult. [quote deleted]

In the near future, Big Mouth will have the ability to repeat questions and
accept short essay answers.  Fricker said he also plans to add more security
measures to the system, including offering multiple versions of exams and
giving each student a special security code. [...]

Despite some of the system's drawbacks, Scherzinger said he thinks it will gain
wide acceptance in the academic community.  "I personally believe that the
system will come to every college within the next 10 years."

The RISKS here are abundant: students hiring other students to take their exams
for them (a risk that is somewhat minimized by an in-person exam) using their
identification number, students deliberately using someone else's Social
Security number to flunk the exam for them, and students recording the exam as
it is being given in order to distribute copies to their friends.

I hope Big Mouth never comes to Michigan.

Jim Huggins, Univ. of Michigan (huggins@zip.eecs.umich.edu)

            [This is getting to be an old-hat topic.  But it will recur.  PGN]


Confident Extrapolation of Worst-Case Failures

Anthony E. Siegman <siegman@sierra.stanford.edu>
Tue, 12 Mar 91 11:39:51 PST
>From Henry Spencer at U of Toronto Zoology ...
>  because we must rely on such extrapolation and we already do;
>  the questions are how best to do such extrapolation and what
>  form of testing must be done to permit confident extrapolation.

Surely it's also very important to assess the magnitude of the damage that
could be done by overconfident extrapolation.

Failure of a large airliner due to some unanticipated worst-case behavior
(e.g., the early Comets) will kill at most a few thousands (in the air and on
the ground).

(I suppose a really worst-case failure in which an airliner comes down in
Yankee stadium could kill several tens of thousands; but one can at least
estimate with fair confidence the probability that a falling airline will hit
Yankee Stadium.)
                                                  [Shea, Hey, Willie?]

In any event one can accept this level of tragedy and then use it to improve
the system.  Indeed that's more or less how large-scale civil aviation has made
progress.  The ``confident extrapolation'' in this instance, based on several
decades of experience, is really that unanticipated worst-case behavior
probably WILL happen; and one is nonetheless willing to accept this risk.

Worst-case failure of a nuclear power plant in Sacramento, California, on the
other hand, could render the entire San Francisco Bay Area uninhabitable for
generations if not centuries (perhaps I'm exaggerating here, but it's hard to
be certain).  In any event, an really ``confident extrapolation'' that this
worst-case event can't happen may be near to impossible; and past performance
(Browns Ferry, Three Mile Island, Chernobyl) may lead one to have doubts about
the ability (or wisdom?) of those who put such forth confident extrapolations.

This is NOT an anti-nuclear message; I merely wish to make the points that:

1) The conservative confident extrapolation, based on past experience, may be
   that in most cases a worst case failure IS LIKELY to happen.

2) The most crucial question then is not "Will it happen?", but "Can we live
   with it, if it does?" (or "when it does").
                                                         --AES


Re: A pulsar repulsed! (RISKS-11.25)

Matti Aarnio <mea@mea.utu.fi>
Tue, 12 Mar 91 23:35:20 EET
> The 1989 discovery of an apparent supernova-remnant pulsar, blinking 2000
> times per second, has now been attributed to electrical interference from a
> closed-circuit television camera used to operate the telescope in Chile.
> [Source: an AP item in the San Francisco Chronicle, 11 Mar 91, p.A8]

  Interesting that this item has now surfaced thru AP.  This was news item on
Sky & Telescope magazine a few months back when it was debugged. (Reported
around August-90?)  What your extract doesn't tell is whether or not SFC
mentioned it was a suspected OPTICAL pulsar -- which vanished next night.  (No
radio pulsar has been detected either.)

  It is very difficult to measure small but fast variations on very low levels
of light intensity.

  Long lags from news to their appearance in newspapers seem to be common,
also time lag and amount of errors correlate positively.  Maybe feeding some
RISKS to papers like Datamation would help?  (I doubt they know what ACM is..)

> I suppose it would have been much more obvious had it been blinking at 60
> cycles (or is it 50 in Chile?), although certainly less spectacular.  A little
> like hearing a loud thumping in a quiet room and discovering it the pulse of
> your own heart beat?

  Or faint ticking at 2Hz, and you start to suspect bugs until you notice your
watch...  Anyway, it tells that while we use complex systems we must be
carefull to spot all possible interference sources before we jump to
conclusions.  (Aren't we always?)

  About two weeks ago I saw on national TV news something telling that
Australian radio astronomers had spotted an "ET" signal (me: immediate frown),
but the way it was told on TV (as their "ending joke"), associated picture
material etc., gave me conclusion: this is a red herring, forget it.
  "Hey, lets tell this joke from Down Under about those Radio Astronomers..."
(Maybe 15 seconds total.)

  Today I went to do some UNIX system maintenance at the University of Turku
Astronomy departement.  Professor asked if I had heard anything about those
Aussies, because local commercial radio wanted to make a program about this ET
signal, and to interview some local radio astronomer...

  Our problem?   No word about it from verifiable sources, thus do we
dare to dip into USENET to fish out POSSIBLE information about it?
(I hope there is information, but I doubt it...   Good luck for SETI anyway!)

/Matti Aarnio <mea@utu.fi>


EM solution for new buildings - risk solved?

"Olivier M.J. Crepin-Leblond" <UMEEB37@vaxa.cc.imperial.ac.uk>
Mon, 11 Mar 91 18:07 BST
I have read in this month's British Airways Business magazine that
Pilkington's, the UK's glass manufacturer has attempted to tackle the problem
of electromagnetic spying with a new "shielded" glass.

The glass sheets are similar to the ones usually mounted on new sky-scrapers,
with a shiny surface. However, this metallic film can be tied to earth, thus
providing shielding which stops any electromagnetic radiation from leaving the
building. It is therefore impossible to hack inside information from outside by
picking-up electromagnetic radiation.  Solutions were very costly up to now,
with actual physical shielding of the building using metallic plates etc.

Olivier M.J. Crepin-Leblond, Comms.Sys., Imperial College, London, UK.
disclaimer: I am NOT related to Pilkington Glass or British Airways in any way !


Cellular surveillance

Les Earnest <les@Gang-of-Four.Stanford.EDU>
Wed, 13 Mar 91 13:55:56 -0800
I am seeking information on current practices and prospects for
the use of cellular telephone systems in surveillance of individuals.

1. Given that the telephone companies have traditionally facilitated the
tapping of individual telephones by law enforcement agencies if a court order
has been obtained, I would assume that most cellular telephone systems have
been instrumented to provide this capability.  True?

2. Given that cellular telephone systems must track each individual instrument
as it moves between cells (by checking relative signal strengths at cellular
receiving stations) and given that phones can be tracked even when they are not
in use, it would be a simple task for the cellular computers to record a time
log of the movements of any selected phone.  Has this capability been included
in the software of these systems?

3. By using signal strength information from more than one cellular receiving
station it is possible to estimate the location of a given phone more
accurately than just which cell it is in.  With existing equipment and signal
strength accuracy, what is the typical positional accuracy of this estimate?

4. Motorola's planned Iridium system is expected to provide global cellular
telephone service via 77 satellites in polar orbits.  What kind of positional
tracking accuracy will that system be able to provide on individual cellular
telephones?

Les Earnest, 12769 Dianne Dr., Los Altos Hills, CA 94022    415 941-3984
Internet: Les@cs.Stanford.edu     UUCP: . . . decwrl!cs.Stanford.edu!Les


Cellular phone usage

<[anonymous]>
Mon, 11 Mar 91 12:05:23 XST
A recent poster questioned the cellular phone fraud loss figure mentioned in
RISKS.  He seemed to feel that 10 minutes/day/person would be a large amount of
usage for cellular phones.  In fact, this would be a very modest usage!

While many cellular phone calls are short, many are VERY long, with individual
calls longer than an hour not at all rare.  Many people sit on those things all
day long, making call after call.  Whether the duration and number of calls is
related in any way to whether or not the user is paying for the call or
committing "cellular fraud" is difficult to determine from the "outside", of
course.  But persons who have "accidently" tuned in cellular conversations will
tell you that it is amazing how many of the calls are such things as long,
intimate chats between couples, people with handheld phones chatting with
others for hours on end, lawyers talking about cases, etc.  Not to mention the
drug and prostitution rings (the latter two groups are BIG TIME users of
cellular systems--and may well be among the more likely to be operating
modified, illegal phones).

There also seemed to be some concern that many of the calls would not have been
made if the person weren't stealing the service.  This is no doubt true, but
there aren't many other obvious ways to quantify loss other than the unbillable
amounts.  The same could be said about toll fraud and intellectual property
thefts.


Re: Re: Secret Service Foils Cellular Phone Fraud (RISKS-11.23)

Ed Hall <edhall@rand.org>
Mon, 11 Mar 91 18:13:24 PST
Who said anything about long-distance?  A $5000 bill for cellular calls
wouldn't be that hard to accrue for someone who spent a lot of time on the
phone.  Remember that you have to pay to *receive* as well as make cellular
calls.

I can think of one occupation where a person might receive dozens of calls a
day, and where the anonymity provided by the counterfeit chips would be a big
plus.  In fact, this particular occupation might also afford a ready connection
to the underground market for such devices, and its practitioners wouldn't be
likely to worry about their illegality.  You've probably guessed the occupation
I'm thinking of: drug dealing.  Indeed, cellular phones have replaced pocket
pagers as the major technological tool of the "upscale" retail illicit drug
trade.  Considering the size of the drug trade in a city like New York, $100
million in calls a year sounds like a reasonable estimate to a city-dwelling
layperson like me.
                                -Ed Hall


Secret Service Foils Cellular Phone Fraud (bart, RISKS-11.23)

P.J. Karafiol <karafiol@husc8.harvard.edu>
Wed, 13 Mar 91 20:04:56 -0500
Let's be real for a second.  When was the last time you made a phone call
to a friend that was less than ten minutes?

It's very easy to talk for five minutes at a go.  The few people I know who
have cellular phones use them for an average of ten minutes a day, if they can
afford it.

Someone who plunks down $5000 for a modified phone can afford it.  Not
because he has $5000 to plunk down, but because he has free phone service.

I'd make ten minutes of calls a day if they were free.

I'd make a couple of hours of calls a day if they were free.

I have friends all over the country.  I can't afford to call them.  But if I
had a modified phone, I could.  I would say, "Hey, I wanna talk to mike, let me
get in the car ..."

Of course, I think using phones like this *is* theft, and not something I would
do at all.  But I'm trying to get across the salient facts here.
                                             == pj karafiol


Telephone risks revisited (Griffith, RISKS-11.23)

W.A.Simon <alain@elevia.UUCP>
Tue, 12 Mar 91 18:07:52 EST
All of the listed features really are one: calling phone identifies itself or
is identified for us by the telco.  This one feature is used to provide n
services.  [...]

> Welcome to the age of Big Brother.

Big Brother is a state of mind which belongs to bureaucrats, in government as
well as in private enterprises.  It was always there.  Technology is now such
that their particular vice can easily be satisfied.  But don't kid yourself,
Big Brother was always watching.  Instead of fighting it, why not setup social
and legal structures which will negate the benefits of snooping?  Examples:

* Let's make wiretapping legal; this way, we know and we expect our
communications are monitored.  We can always invest in cryptographic systems.
And we can listen to the cellular calls of our politicians (:-).

* Our medical files are violated by law enforcers as a matter of routine.
Employers are not far behind.  Insurance companies are misusing this same
information.  Government agencies are unable to protect it against leaks.  And,
big insult, I am not allowed to see the file my own doctor keeps on my subject.
Therefore I propose all medical files should be made public.  If I am
discriminated against by an insurance company for smoking pot, why should their
president be sheltered from the public revelation that he is a drunk and a wife
abuser?

* All of my past employers know about my checkered past.  I know nothing about
theirs.  Why should their resume be confidential?  I ask that human resource
departments make all resumes public.

* Police and politicians keep tabs on our every move through passport controls
and credit cards.  But politicians travel with diplomatic passports and they
use assumed names to protect their privacy.  My credit history (yours too) is
known by so many people that it would make little difference if it were made
public.  I ask credit records be made public and that borders be opened.

Etc...

What makes our privacy so fragile is that we value it; it makes us vulnerable
to B.B.: being homosexual is a problem only as long as one has to hide the
fact.  In the same manner, if all our foibles and weaknesses are made public,
right along those of our neighbours and friends, who is to cast the first
stone?  Who will need to snoop then?  In other words, since we can't protect
privacy, let's replace it with the right to know.  Technology would then work
for us peons.

Alain       Home+Office: (514) 934 6320         UUCP: alain@elevia.UUCP


Re: Apathy and viral spread (Slade, RISKS-11.26)

Steven King <king@motcid.UUCP>
12 Mar 91 19:20:55 GMT
Your data looks good, but I don't think your conclusions are well-founded.
Let's assume that SUZY is a valid cross-section of the computer-using
populace.  Also, let's ignore the inactive users on the grounds that they're
not participating in discussions on *any* topic.  You claim this leaves us
with only 20% of the active computer-using popluace that cares enough to talk
about viri, implying that the remaining 80% are ignorant of the matter.

Well, count me in that 80%, though I'm *not* ignorant.  I don't use SUZY, but
I use other information networks such as Usenet and local BBSs.  I'm pretty
active on them as well.  And I don't subscribe to VIRUS-L or any other
anti-viral discussions.  Why?  Is it that I'm unaware of the threat of viri?
Hardly.  It's that I have a limited amount of time, and I prefer to spend it
in other ways.  I pick and choose my discussions carefully, tempering my
decisions with real-world affairs like cooking dinner.

Yes, I'm aware of the threat of viri.  Yes, I care about them.  But I don't
care enough to devote time to discussing the latest ones, or the latest
theories on how to combat them.  I suspect that you'll find a large number of
people who fall into this category.  While it's reasonable to say that only
20% of the populace care enough to discuss matters, it hardly follows that
the remaining 80% is apathetic and ignorant.  We're just off saving a
different corner of the world...

Steven King, Motorola Cellular  (...uunet!motcid!king)

Please report problems with the web pages to the maintainer

Top