Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
I received the following below when I logged on to ROSE Media BBS, Toronto's
(and probably Canada's) largest public access bulletin board system. I'll
relay further developments if there's any interest on the part of RISKS.
Russ Herman
===========================================================================
Date: 04-11-91 (19:40) Number: 48911 of 49624
To: RUSSELL HERMAN Refer#: NONE
From: SYSOP Read: NO
Subj: Your Mastercard Status: RECEIVER ONLY
Conf: MAIN BOARD (0) Read Type: GENERAL
Russell,
Last night, a Sysop in the Toronto area uploaded a file to us which was a
listing of the portion of the Users file that was downloaded from Rose Media
during the security breach that occurred on or about February 9th last. This
list did contain credit card numbers of 420 Visas, 150 Mastercards and 4
American Express cards. Unfortunately, your card was one of those that got
out. The breach was an accident that apparently was caused by failure in one of
the third party programs we use to run Rose Media.
We sincerely regret that this has happened, and have rearranged our files in
such a way, that it will never happen again. There is another message posted to
you which will give you more details on how the breach occurred, what we did at
that time, what we are doing now and in the future to protect you and Rose
Media.
We wish to assure you, that in no way are you obligated to pay for any
fraudulent charges on your card. Please check you card statements very
carefully to make sure that everything is valid. It would also be advisable to
call your credit card Company and have them issue you with a new card. We will
be supplying a list of all card numbers acquired during the breach to the
security divisions of the various card granting Companies affected. The names
and numbers of all security officers in these Companies was given to us today
in a meeting with the Metropolitan Toronto Police Fraud Squad, who will be
actively pursuing the case. Charges will be laid against all those apprehended.
Thank you for your patience and understanding in this matter. We have done,
and will continue to do everything we can to apprehend and bring to justice all
those that have used the information obtained during the breach, no matter how
this information was used. If you do find a fraudulent charge, please advise
your credit card Company, as well as David Hodgson of the Metropolitan Toronto
Police Fraud Squad at 324-6136. If you have any information whatsoever that you
think might help to catch and prosecute the offenders, please let us know by a
private message to the Sysop. We will be working very closely on this matter
with the police.
Best regards ...... Vic.
I suppose it was bound to happen. First junk mail, then junk fax, now junk
ftp. Someone has apparently been using anonymous ftp to write two files to
internet hosts. These files contain advertising for a consumer credit
insurance service (which sounds suspect in itself) and offers bounties for
putting up advertising fliers and sending in unspecified information about
local banks. The only identification offered in the files is a name (P.L.
Miller) and a post office box in Auburn, Alabama.
The two files were written to our local machine at 2:16 am on April 8, and were
called CREDIT_CARD_INDEMNIFICATION and MONEY_FOR_BANKS. Randomly picking a
distant internet host, I found two very similar (not identical) files on
cs.yale.edu, created at 12:51pm on March 31. Looking around elsewhere, it
appears that the files were only writen to hosts that allow the world to create
files in the "login" directory for anonymous ftp; there were no files on hosts
where there was a writable subdirectory but the top level was write protected,
implying that the junk ftp was delivered via some automated process.
The risk here is a variation on the "tragedy of commons," i.e. a free
resource provides incentive to overuse it, which degrades its value to
the community. Being able to upload files anonymously is valuable,
but the ability to do so will be curtailed if we are innundated with
junk. Unfortunately, there is no way to screen out the junk without
also losing the ability to get valuable but unsolicited uploads.
Larry
Lawrence Hunter, PhD., National Library of Medicine, Bldg. 38A, MS-54
Bethesda. MD 20894 (301) 496-9300 hunter%nlm.nih.gov@nihcu (bitnet/earn)
S. 266 has been referred to the Senate Judiciary Committee chaired by its author, Mr Biden of Maryland, and to the Senate Environment and Public Works Committee. No action has been taken on the bill. No hearings are scheduled.
The potential for abuse here is mind-boggling. The common custom and
practice in America has, for 200 years, been that the government has
NO automatic right of access to private papers, documents, transmissions,
data, etc., sithout clear due process. By creating a clear-text copy of
a cryptographic transmission, or the immediate means to do so, this
idea would short-circuit that due process into an Orwellian parody
of prove-we-should-not-have-your-data.
And who is going to pay for the additional archiving that could be required
under such legislation?
I know of at least one prominent American who has openly expressed a
global distrust for the government's attitude toward personal privacy.
Further, he has gone to such lengths to preserve his own personal
privacy as to encrypt a large portion of his personal correspondence,
using a number of different ciphers depending upon the intended recipient.
This same gentleman has expressed the opinion that documents entrusted
to the mails are not secure and should be encrypted.
You know him. His name is Thomas Jefferson.
This S 266 business is a very old wolf, dressed up in a few new clothes. The
government has been trying to spy on its citizens since it was *created by
those citizens.*
W. K. Gorman
In V11, Issue 43, Bill Murray passes on an extract from Senate Bill 266: > It is the sense of Congress that providers of electronic communications > services and manufacturers of electronic communications service equipment > shall ensure that communications systems permit the government to obtain > the plain text contents of voice, data, and other communications when > appropriately authorized by law. While Mr. Murray comments on the impact to cryptographic equipment manufacturers, I wonder about the RISKS to common-carriers and, for that matter, entities such as Usenet and local BBS's. A "provider of electronic communications services" such as CompuServe would, under this provision, have to forbid the movement of encrypted text over its facilities. Let's say I choose to encrypt my E-mail before sending it, and further hypothesize that the FBI had some interest in what I say in E-mail. Would CompuServe now be required to monitor my E-mail? Would they forbid the encrypted transmissions, or simply demand the key and program to decrypt them? Considering Usenet is even cloudier. With the distributed nature of the Net, literally thousands of admins would be held responsible for accessing cleartext translations of encrypted transmissions passing through their systems. This places all of us in the ethically untenable (and physically impossible) position of having to monitor all the traffic passing through our systems. What of common carriers under this act? They have been traditionally held not to be accountable for the actions of their users. Will the telephone companies now be forced to monitor all its lines, cutting off the first sign of a scrambled transmission? I see this as another step in the same style of repression that gave us Operation Sun Devil. It's apparant that our leaders fear the Information Age and the power that it places in the hands of the people. Making the ability to privately communicate an exclusive privelege of the ruling class is nothing short of terrifying. Roy M. Silvernail roy%cybrspc@cs.umn.edu cybrspc!roy@cs.umn.edu
>In fact, this claim (re: trap doors) is false. A system with the properties desired was proposed several years ago as a replacement for DES..... Well, I think that is a little strong. I will not be so strong in my characterization of Mr. Leichter's posting. I will only say that: 1) while the mechanism to which Mr. Leichter refers may have the properties which the sponsors of the bill desire, it certainly does not remedy my objections to S. 266, 2) that I take the authors at their word and that word requires a trap door, 3) perhaps Mr. Leichter has a greater trust in authority than I do, and 4) perhaps he missed the point of my objection. First, I am well familiar with the mechanism to which he refers. Rather than refute my claim, he proves it. Unfortunately for me, he chose the one proposal that I am least happy having to discuss in a public forum. Please do not get so bogged down in the elegance of the mechanism that he endorses that you fail to recognize it for what it is. It is a trap door. "In this system, the government supplies the cryptographic "boxes" as sealed units; details of their operation is not made public. Keys are also provided only by the government." That is a TRAP DOOR in any system into which it is incorporated. Even if it is never used or exploited it reduces confidence in the system. Now, make no mistake about it, dear reader; the proposal which Mr. Leichter so well represents did not originate with the U. S. Postal Service or Her Majesty's PTT. It did not originate with those whose job it is to deliver the mail while preserving its confidentiality. It originated with the world's largest intelligence gathering agency, whose name ne'er escapes my lips. It originated with those whose job it is to read other people's mail. Dear reader, this proposal originated with the fox; it did not originate with the farmer and it certainly did not originate with the chickens. The fox is a fox to his toes; he is all fox. He is not sometimes a fox and sometimes a farmer. Those of you who are familiar with the world's largest intelligence gathering agency, whose name ne'er escapes my lips, know that reading other people's mail dominates the essence of the institution. The ability to read other people's mail dominates every thing they do, every decision they make, every proposal they offer. They will read other people's mail, and when they do not, they will still preserve their ability to do so. Who can have confidence in any encryption mechanism that comes from and whose keys are supplied by the world's largest intelligence gathering agency? I quote Courtney (if I could not quote Courtney, I would be more often silent), who said at the time this proposal was first floated, "While I trust the minions of the world's largest intelligence gathering agency, (whose name ne'er escapes my lips) to abstain from treason, I do not trust them to abstain from fraud." The last thing I might expect of them is that they would abstain from reading other people's mail. Indeed, this proposal is a "trap door." It is a hoax. It is precisely the kind of mechanism that I fear in response to the law. It is a mechanism that puts too much power in the hands of the government. I do not have any direct evidence that the proposal to which Mr. Leichter refers and S. 266 have any common origins; no reasonable person would expect that I could have. Nonetheless, I will go to my grave suspicious that they do. Orwell understood that bureaucracy need not have malicious motives in order to be malevolent; it only has to do what bureaucrats do. I respect the fox; I have many friends who are foxes. Nonetheless, I expect them to behave like foxes and I behave accordingly. William Hugh Murray, Executive Consultant, Information System Security 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840 203 966 4769
Gary Greene <garyg@convergent.com> says:
The problem I see in the above is what does the government do when
there is grounds for "reasonable" search or seizure. [...]
The guarantees in the Bill of Rights never said nor have the courts
ever upheald, to my knowledge at least, any assertion that the
government had no right of search or seizure, nor have the courts
ever upheld that the people as a whole or individualy had a blanket
right to communications which the the government could not access
during proper and reasonable process. [...]
I could not disagree more. The words "`reasonable' search or seizure"
should tell you that there are many types of search or seizure which are
totally immune to a bench warrent. For example, Constitution is quite explicit
in the way it says that communications between TWO individuals cannot be
evidence of treason. Also most conspiracy laws require "three or more persons"
for their to be a conspiracy. Under many circumstances, a discussion with a
lawyer cannot be revealed, even voluntarily, by the lawyer. And finally, the
many laws (and the common law provision) that a man cannot be compelled to
testify against his wife, and vice versa. (P.S. In what follows, you might want
to keep in mind that I am not a lawyer, although there are several in my
family. I have spent a lot of time studying constitution law, both as a hobby,
and as a part of family history.)
Now let's sit down to an actual case: You and I agree on a key, and we send
several messages back and forth using, say, DES. A police officer comes into
your office with a search warrent allowing him to seize all messages to and
from Robert Eachus, and all keys pertaining thereto.
Then the fun begins. You don't have a written copy of the key, so it can't
be seized, so after heavy badgering, you agree to testify under a grant of
immunity. The cops now say, okay what is the key? You say, tough luck Jack!
You can force me to testify as to the contents of the messages (providing a
basis has been established, etc.) but there is no power in the law to force me
to translate the messages for you...
Okay, so you want to be that way, do you...and they start setting a basis
for asking you about the conversation in which I told you the key... However we
agreed to a procedure which established the key from two words, one from each
of us. (Assume for the moment we did it "right," and half the seed is worse
than useless.) Now, can you be forced to testify about your chosen word? I
don't see how. It is either self incrimination, the most serious violation of
privacy possible, entrapment, or since YOU have immunity concerning any
criminal actions of yours discussed in the encrypted messages, they cannot be
shown to involve a crime. (The distinction between messages which describe a
crime {useless} and those which are part of a crime is very important.) So I am
safe from the thought police unless you are stupid and vice-versa.
A similar, but as you realize, different in nature situation, is if I have
a warrent which allows me to seize a safe (and its contents) in your house. In
theory, the combination is safe from seizure, in practice the police will use
brute force to open the safe if you don't provide the combination. In theory,
a judge could order you to open the safe. In practice, I don't think any such
evidence could be used. (So a safe which destroyed its contents upon
"unauthorized" opening could protect you, legally, but I don't think I'd want a
bomb around which could accidentally blow my head off.
I have thought and thought about a "safe" law allowing some such seizures
and, in this country, there is no such thing. The rule is, should be, and has
to remain, that unless someone who saw me type that message is willing to
testify, IN OPEN COURT, that that is in fact the message I sent, such
correspondence is no evidence of anything and should neither be admissable or
subject to seizures.
Stolen software is another situation, including stolen data... Seizure is
possible and theoretically useful , but I would hate to be arguing chain of
evidence in front of the Supreme Court to show that:
1) The software was "in the possesion of the defendant." — Relatively easy,
but chain of evidence may be very hard to prove, if procedures are sloppy.
2) The defendant knew he had it, and knowingly received to stolen merchandise.
— If you haven't got the guy who gave it or sold it the defendant to
testify, lots of luck. Circumstantial evidence? Boasting to friends? Sold
it to others? Aaah. Such things as the defendant putting his name in it,
or handwriting on a floppy disk, might do the job. (According to what we
just saw, some people are THAT dumb. In my opinion stealing software is
always dumb, but there are degrees of dumbness.)
I have been thinking about a constitutional amendment to fix forever some
of these problems. When I've gotten the wording worked out I'll post it, but
basically it tries to establish "beyond the reach of the law" three things:
* Personal papers, disks, RAM, etc., which are notes to oneself. The
distinction between in your head and on paper is getting less and less clear...
* "Private correspondence" whether electronic, on paper, or in person,
without the permission of one of the parties to the correspondence. The
wording, and the intent could be that telephone conversations, unless encrypted
are public, but I am not sure that that is a valid distinction. Certainly, I
would like to see lots of evidence that legal wiretaps, entered in evidence,
had resulted in convictions. They certainly have resulted in lots of legal
mischief. A much better rule here might be that a use of a legal wiretap could
not contaminate evidence it led to, but it could only be presented in court as
part of a chain of evidence.
The idea here is that even if I were to write you a letter explaining, in
gory detail, how I dismembered your mother-in-law. There is no legal path to
that evidence without your co-operation or mine. (Posting it on a bulletin
board, electronic or otherwise, is of course such co-operation, even if
unintentional. Again, proper definition of private is the trick. The
circumstances under which E-mail must be considered to be private will need to
be established by legislation and case law, but certainly the enciphered
messages above are beyond search and seizure. Notice that this type legal
presumption already exists for some types of communications.
* Finally, there is a class of tools and records which should be incapable
of seizure even when search is permitted. Can a man get a fair trial if
deprived of his hearing aid? If he is only allowed to use it in the courtroom?
What use are eyes, if notes useful in my defense are encoded magnetically?
Translation: Even if you are allowed to search my "memory aids," to deprive me
of their use denies me a fair trial. Period. A court would not dream of making
records available to the prosecution which are unavailable to the defense.
(Well maybe some judges dream about it, but they know they had better not.)
What I want to do here is to say that a paper listing of a database is not
the same thing at all, and that part of my entitlement to council could be a
net connection (and my personal computer). If the prison doesn't provide an
Internet connection, it's bail or walk away free. This may seem extreme, but
it is on the verge of becomming a necessity. To deprive a junky of illegal
drugs is not considered "cruel and unusual punishment" but to deprive a
diabetic of insulin certainly would be. At what point does depriving a net
junky of net access fall into the second class? And hadn't we better wait
until after the trial to impose such a punishment if legal? Especially since,
I can imagine many situations in which relatively access to the net would be
the difference between conviction and freedom.
Hypothetical example: I was home "alone" when the murder was committed,
participating in an electronic meeting. I may have to act quickly to get
several people who attended the meeting to keep their session records to show
that there was no gap of say twenty minutes in which I could have committed the
crime. The jury is going to have to decide if I had a confederate, and whether
or not I was posting from home, but with that transcript, preferably more than
one copy, I am in much better shape. Just having access to MY records may be
all that is needed to allow me to say, oh yeah, I was bowling that night with
friends. As interaction times get shorter, and with things like Shadow, and
talk, and... we may soon have a major electronic alibi case, other than on
televison.
Without knowing the context, it's difficult to judge just how senseless this
"sense" is. The significance of "sense" in this case, I suspect, is to guide
the judiciary in decisions about the intent of Congress. The executive has
broad power to make binding regulations that can only be voided if they
contradict the clear intent of the legislature (or are unconstitutional).
Whether there is really any sense here depends on a number of things, including
the definition of an "information transfer service." The most widely used
electronic information transfer service today is the telephone system. The
suggestion that AT&T, for example, might be responsible for ensuring that no
unauthorized encrypted messages cross its network is absurd. There is no way
that an information transfer service can even tell whether a message is
encrypted, not to mention that the Electronic Communications Privacy Act would
explicitly disallow observation of message traffic for that purpose (by my
reading, I am not a lawyer, this is not legal advice, consult a lawyer blah
blah blah).
A more basic question that's been raised in the discussion is whether the risk
of allowing secure communication outweighs the right to keep secrets. If it
does, then we can surely expect as a consequence any number of changes in our
lifestyle, most of which will be reminiscent of Orwell's 1984. Secure
communications go far beyond electronic information systems, extending to every
possible communications medium. If we remain free to speak and publish
whatever we will, then secure communication will be possible. Attempts to
prohibit it are in conflict with the very foundation of a free society.
joe
Willis Ware writes about the sense of Congress: "Congress is simply stating its position on the matter, not doing something about it." Isn't it the case that many judicial questions revolve around the "intent" of the legislators? Isn't this a handy way to reduce the language of a law, while expanding its applicability in unpredictable ways? E. N. Kittlitz kittlitz@world.std.com / kittlitz@granite.ma30.bull.com
CALL FOR PAPERS for ACM/SIGSAC Student Paper Contest in Computer Security
Dr. Harold Joseph Highland, FICS
Distinguished Professor Emeritus of State University of New York
Managing Director of Compulit Microcomputer Security Laboratory
Editor-in-Chief Emeritus of Computers & Security
Telex: +1-650-406-5012 MCI Mail: 406-5012 Voice: +1-516-488-6868
Electronic mail: Highland@dockmaster.ncsc.mil
CALL FOR PAPERS
Student Paper Competition: Computer Security, Audit and Control
Sponsored by ACM/SIGSAC
The purpose of this paper competition is to increase the awareness of security,
audit, control and ethics as they apply to the computing field. SIGSAC will
award $1,000.00 to the student or junior faculty member whose paper is selected
by the review committee as the outstanding contribution of the year.
The contest is open to all full-time undergraduates, graduate students and
junior members of the faculty of a recognized or accredited institution of
higher learning. Only those who have not previously had a paper published in a
referred journal in which he or she was the lead or sole author will be
eligible for the award.
Papers must be received by the SIGSAC Competition Committee Chairman
on or before October 7, 1991
SIGSAC reserves the right to publish any submitted paper, whether selected for
a prize or not, in SIGSAC Security, Audit and Control Review. Author will be
notified about acceptance of his or her paper for publication within 90 days
after the announcement of the contest winner.
SUGGESTED TOPICS
Access/authentication control
Administrative policies, standards and procedures
Audit concerns for data communications
Auditing in computer security
Banking industry security
Communications security
Computer crime
Computer law
Computer security audit techniques
Computer viruses and other threats
Contingency planning
Crypto systems and encryption
Data integrity and security
Database security
Distributed systems security
Dynamic signature verification
Education for computer security
E-mail systems security
Electronic funds transfer
Ethics and security
Expert systems in security
Formal specifications and verification
Information system security
Key management
Local area network security
Logging and accountability in security
Medical databases and security
Microcomputer security
Modeling security requirements
Multi-level security
Network design for security
Network security issues
Office automation security
Open communications and security
Operating systems security
Operational assurance in security
Passwords: management and controls
Penetration testing as an audit tool
Physical security
Privacy and security
Protecting programs and data
Risk analysis and assessment
Risk management
Smartcards and security
Telephone intrusion threat
Tokens as a security tool
Trusted systems
Use of microcomputers in an audit environment
User authentication
INSTRUCTIONS TO AUTHORS
[1] The manuscript must be typed double-spaced on one side of the page with
one-inch top, bottom and side margins. All illustrations must be in
camera-ready form. An abstract [maximum of 100 words] should be included on
the first page. Style and format of the paper should follow the form used in
Communications of the ACM.
[2] Manuscript is limited to a maximum of 25 double-spaced typewritten pages.
[3] The author's name, address and any references to a university must not
appear in the paper. Acknowledgements, if any, must appear on a separate page.
[4] Five (5) copies of the paper [quality photocopies will be accepted]
should be submitted together with a covering letter and the additional
information requested as contained in this announcement.
[5] A floppy disk [3 1/2" or 5 1/4" standard or high density format],
preferably in DOS ASCII format, should also be included.
[6] All copies should be sent prior to October 7, 1991 to:
Dr. Harold Joseph Highland, FICS
SIGSAC Competition Committee
562 Croydon Road
Elmont, NY 11003-2814 USA
Telephone: [+1] 516-488-6868 Telex: [+1] 650-406-5012
MCI mail: 406-5012 E-mail: Highland -at dockmaster.ncsc.mil
==== Author Information Entry Form ====
[Please reproduce in typewritten form and submit with paper]
Title of paper .....................................................
Author's full name .................................................
Full name of school ................................................
Author's home address ..............................................
Author's school address [if applicable] ............................
Telephone number ...................................................
E-mail address .....................................................
Name of faculty advisor ..........................................
<For junior members of faculty only>
Full address .......................................................
Telephone number ...................................................
E-mail address .....................................................
Degrees held or year at college ....................................
Previous publications [if any]; list title(s), publication in which
article appeared and date .........................................
COMPETITION COMMITTEE
* Chairman, Dr. Harold Joseph Highland, FICS, Distinguished Professor Emeritus,
State University of New York USA
* Ms. Victoria A. Ashby, The MITRE Corporation, McLean, VA USA
* Mr. John G. Beatson, Databank Systems Ltd., Wellington, New Zealand
* Professor Jack Bologna, Sienna College, Plymouth, MI USA
* Professor William J. Caelli, FACS, Information Security Research Center,
Queensland University of Technology, Brisbane, Queensland Australia
* Dr. John M. Carroll, University of Western Ontario, London, Ontario Canada
* Mr. Raymond W. Elliott, Coopers and Lybrand, New York, NY USA
* Professor Josep Domingo-Ferrer, Universitat Autonoma de Barcelona,
Bellaterra, Catalonia, Spain
* Mr. Virgil L. Gibson, Grumman Data Systems, McLean, VA USA
* Dr. Daniel Guinier, IREPA Computer Security Department,
French National Research Council, Strasbourg, France
* Mr. Gerald Isaacson, Information Security Services, Northborough, MA USA
* Mr. Stanley A. Kurzban, International Business Machines, Thornwood, NY USA
* Dean Dennis Longley, Faculty of Information Technology, Queensland University
of Technology, Brisbane, Queensland Australia
* Mr. Hanan Rubin, Metropolitan Life Insurance Company, New York, NY USA
* Squadron Leader Martin Smith, Royal Air Force, Peterborough, England
* Professor Louise Yngstrom, The Royal Institute of Technology, The University
of Stockholm, Stockholm Sweden
Please report problems with the web pages to the maintainer