The Calgary Sun (April 23 1991) reports that: A new plan to ease Canada's constitutional woes would see 260 people randomly picked by computer holding 'a constitutional jam session.' Canada's constitutional woes revolve mostly around Quebec, a Canadian province which is considering seperation from Canada. The politicians want to let The People solve the problems, since they have failed pretty dismally themselves as of late. The suggestion for the computer selection of people to discuss (and presumably solve) the issues is strange to say the least, but comes from a retired Supreme Court judge, and is supported by various politicians from both major parties. The risks are not with the computer-based selection itself, but with the incorrect perception that such a selection is indeed random. Are those who are picked forced to participate? Are they paid, and if so, how does the payment compare to their job salary? Perhaps only those righ enough or dedicated enough to take a pay cut for a month or so will choose to participate. Are people who do not speak English or Franch (Canada's official languages) allowed to be "randomly selected"? Will the travel expenses of those who are selected but who are working out of the country be paid? At best, it would be a random selection from what amounts to a biased pre-selection. Dan Freedman
Computer File Key To Murder? ALEXANDRIA, Va. (AP) Prosecutors said Tuesday that a former Marine captain was plotting his wife's death when he wrote computer entries including "How do I kill her?" and "What to do with the body?" Witnesses at the murder trial of Robert Peter Russell testified Tuesday that he also showed a lot of interest in his new wife's insurance policy, was found with another woman getting dressed in his quarters the weekend before his wedding, and asked a friend questions about how fast a body decomposes. He also asked about technique, inquiring of at least a couple of his fellow Marines whether it was true you could electrocute someone by lobbing a TV or radio into the bathtub with him, witnesses said. But the key piece of evidence, exhibit 19A, is a 5 1/4 inch floppy disk on which Russell stored a file labeled "Murder." Assistant U.S. Attorney Lawrence J. Leiser said in his opening statement at Russell's trial that the defendant was concocting a "recipe for murder" when he created the computer entries under the heading "murder." Russell has pleaded innocent, contending the computer file was merely part of a mystery novel he was working on. He is free on $50,000 bond. Sgt. Maj. William Joseph Kane, a 24-year Marine, testified that he found the computer disk when cleaning out Russell's office after the captain had been relieved of duty in February 1988, more than a year before his wife disappeared. Most of the files on the disk were clearly military, but several caught Kane's interest, including one about him labeled with the sergeant major's name and one called "Murder." He read them, and a day later during a phone conversation with the captain's wife, Shirley, who was herself a Marine captain, Kane told her what he had found. "I told her if I was you, I'd be careful," Kane said. "I'd watch out for myself." Other entries in the "Murder" file, according to court documents, include: "Make it look as if she left... Rehearse... Mask? Plastic bags over feet... Check in library on ways of murder electrocution?? Wash tarp!! I may need to cut it?" Mrs. Russell, 29, disappeared from the Quantico Marine Corps Base in Virginia on March 4, 1989. Despite intense searches, her body has not been found. Russell, 34, is being tried in U.S. District Court in Alexandria, because, according to authorities, a crime was committed on federal property. Russell's wife was stationed at Parris Island, S.C., in 1988, but she was later reassigned to Quantico and they were reunited. In the meantime, the Marines were moving to dishonorably discharge Russell, accusing him of alcoholism and misconduct that included filing false reports.
SEATTLE, WASHINGTON, U.S.A., 1991 APR 11 (NB) — Honeywell has announced that it has issued new software to various US and foreign registry aircraft to correct a defect in a computerized flight navigation system that federal authorities said could send airliners off course. The problem arises when attempting a non-directional beacon approach for landing. John Clabes, from the Oklahoma City Federal Aviation Office, read portions of a document issued by the FAA in Washington to Newsbytes. In part the document stated that "there has been a report of an erroneous course display on the navigation display map when the non-directional beacon approach was activated from the Honeywell Flight Management System database." The report continued, "This condition not corrected can result in the airplane deviating from the published course to the runway, which could lead to premature ground contact before reaching the runway." When Newsbytes asked Clabes if that was a euphemism for "crash" Clabes replied, "I guess that is what you could call that." The airworthiness directive issued by the FAA mentioned the Boeing 747-400, 757 and 767 and the McDonnell Douglas MD-11 as being equipped with the faulty software. It states that 400 of these aircraft are US registered. Clabes told Newsbytes that a total of 795 aircraft worldwide are equipped with the system. [...] The FAA airworthiness directive requires airlines to place placards next to the control panels of their aircraft, warning pilots not to attempt the nondirectional beacon approach. FAA spokesperson David Duff said nondirectional beacon approaches were rarely used in the United States because most airports have instrument landing system (ILS) approaches. The FAA airworthiness directive says it may consider further rule-making at a later time.
The following article appeared in the Chicago Tribune. I have taken the liberty of omitting non-salient paragraphs. Jeff "`TRAFFIC CRYSTAL BALL' MAY BE IN YOUR CAR'S FUTURE" Chicago Tribune - Tuesday, April 23, 1991 (Gary Washburn) Announcement of an experimental traffic management project here, which would have computers in cars to tell drivers when to get off one highway and onto another to avoid tie-ups, could come as early as next month, transportation sources said Monday. The futuristic system could be installed and operating in about two years, they said. U.S. Transportation Secretary Samuel Skinner touched on the system at a speech in Chicago on Monday, saying it is called ADVANCE. ``I don't want to get into all the details,'' Skinner told reporters after the speech. ``A lot of people need to be involved. But I think there is good news to come...You will be hearing more about it soon.'' One person who is familiar with the project explained further. ``In layman's terms, this would provide an on-board computer for you that would give you real-time traffic conditions ant tell you what alternate routes to select,'' he said. In addition, the car computers would contribute new data to the central computer based on traffic conditions that they encounter, and this information would quickly become available to other drivers, he said. Transportation experts say that such ``intelligent vehicle'' systems may be able to smooth traffic flow and ease congestion without any new pavement being laid. The details about the ADVANCE project include: o It has been under study for at least a year, under the auspices of the state and federal governments, with participation from researchers from the University of Illinois at Chicago, Northwestern University and Motorola, Inc. o It will involve 4,000 specially-equipped vehicles. o It will cover 250 square miles in the highly congested northwest suburbs, targeting oft-clogged arterials that could include such bust thoroughfares as Palatine, Algonquin, Golf and Higgins Roads. The Chicago area's expressway system already has sensors embedded in the pavement. Those sensors feed congestion information to a central computer operated by the Illinois Department of Transportation. In turn, this computer supplies data to radio stations and traffic reporting services. But the metropolitan area's suburban arterials do not have such sophisticated monitors, and motorists often have no way of knowing up-to-the-minute conditions on the road they use. When people visit the supermarket, they choose their checkout lanes based on the length of lines, the speed of clerks and baggers and other data, Skinner said in his speech, one in the Bright New City lecture series. ``We make an informed decision,'' he said. ``That same logic [should apply] to the highways of this country,'' he asserted. ``Why shouldn't you have a computer in your car that shows you how fast traffic is moving...where it is moving quicker, where the delays are, where the accidents are, where the congestion is, where the construction is? Why shouldn't we let you make informed decisions?'' European and Japanese companies are rushing to develop smart-car technology as efforts in this country advance. A year ago, Skinner announced an $8 million project to install computerized traffic displays in 100 cars in Orlando. More recently, a $1.7 million project called Pathfinder has begun on a 13-mile stretch of California freeway between Los Angeles and Santa Monica. Twenty-five specially-equipped cars receive up-to-date information about accidents, congestion, highway construction and alternate routes. But the proposed project here would be much larger. The potential for computerized traffic management systems is ``immense,'' said Rich Schuman, manager of technical information for the Intelligent Vehicle Highway Society of America, a not-for-profit group that promotes the new approach.
It is time to decide what kind of a network we want. Given the age of our users, the novelty of the environment, and the absence of authority, the internet is a surprisingly orderly place. Who would have believed that a multi-institutional, multi-national network of peers could be so orderly?. However, now we stand challenged by a group of puerile rogues, in a rogue institution, in a rogue nation. They insist upon their right to behave in a rude and disorderly manner. They flaunt their behavior and invite those of us who do not like it to withdraw from the field. They must be made to understand that that is the natural consequence of their behavior. The marginal propensity to connect to the net is a function of how useful and how orderly it is. If it becomes too disorderly, it will collapse. The rest of us also need to understand it. If we tolerate this behavior, the network may collapse. What are our options? We seem to be paralyzed. We have followed Cliff Stoll's "scientific/law-enforcement" approach for six months. Having found that the rogues are in a rogue institution in a rogue nation, where law enforcement is powerless, we do not seem to remember what to do next. Unless we want a network that depends upon law enforcement for its order, and which is subject to their authority, we should not have turned to them in the first place. Cliff's skill and daring notwithstanding, his model is wrong. He did the wrong thing. We have done the wrong thing in following his example. If you observe rogue behavior at the perimeter to your system, break the connection. Inform the adjacent node why you have done so. If they are not the source of the behavior, encourage them to follow your example. The closer we break the connection to the source of the behavior, the sooner it will stop. I guarantee it. We should not, we must not, we dare not tolerate this behavior. If we must isolate the University of Utrecht, then we must. If we must isolate all of Holland, then so be it. We must not shrink. The order and the future of the network depend upon it. Ostracism has always been the most powerful and successful of all social controls. It dwarfs law enforcement in its power. In the modern world it is so Draconian that we are reluctant to use it. We may have forgotten how to use it. We may have forgotten all about it. However, this is a case that justifies its use. The protection of the order and organization of the network justify its use. In a community of peers, it is the only one with any opportunity of success. It is the only one that will preserve the community. William Hugh Murray, 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840 203 966 4769, WHMurray at DOCKMASTER.NCSC.MIL
The time has come to put this debate behind us. Clearly, as with burglary of an unlocked home or theft of a car with keys hanging from the ignition, carelessness by the owner does not set aside the guilt of the perpetrator. Conversely, carelessness by the owner does not relieve her/him of responsibility for the loss. In the "Dutch cracker" incident, perhaps BOTH the cracker's host and the host with known, repairable security holes should be barred from the Internet. _Brint
It seems (from the amount of "hate mail" that I have received) that I erred when I assumed that most readers of RISKS would recognize the concept of (token-based) one-time passwords. I have now been disabused of this assumption. I will explicate this concept as quickly and as briefly as I can. However, there are many ramifications to the use of these mechanisms that I will not go into. Please try not to infer too much from what I do not say. My experience is that many people are intuitively hostile to this idea, that it is difficult to describe in words, and and that it is very easy to demonstrate. Please give me credit for trying, and the benefit of the doubt when necessary. Remember that what we are comparing is not working. These mechanisms rely upon the fact that attacks passwords would not be efficient if the password had no residual value. The only time that this will be true is if the password is only used once. Therefore, the mechanisms generate and expect a new password for each session. While computers are very good at this, people are very poor (for many of the same reasons that they are bad at selecting and managing reusable passwords.) Therefore, we provide them with little tiny computers, tailored to this purpose, and generically called "tokens." These special purpose computers are used by the computer user to determine what password to use for a given session. The user need not generate the password. He need not remember it. He need not write it down. He must carry the token. Each token is "seeded" with one or more values (one for each independent security domain in which the user must operate). The value(s) that the token contains makes it unique. It is not like any other in the world. There is no non-destructive way to determine the value from the token. Therefore, the token cannot be counterfeited. The token uses the seed value, and perhaps other values, to determine the instant password. (For those of you familiar with the concept, it employs a "non-disclosure" or "zero-knowledge" proof to demonstrate that is has beneficial use of the seed value.) The optional values may include time, a challenge, and/or a personal identification number. (These provide protection against "play-back" or "mid-night" attacks.) Tokens come in many forms. Users may sometimes choose the form that they prefer. Popular forms include credit cards, calculators, and keys. In one scenario, when prompted for the password, the user looks at the token, reads the current password from the display, and enters it at the keyboard. In another, the password prompt is replaced by a "challenge" value. The user reads the challenge from the terminal, enters it on the token's keyboard, reads the "response" to the challenge from the token's display and enters it on the terminal's keyboard. If the token is lost, it can be revoked. Since the user cannot use the target system without the token, unlike the compromised password, he will notice. Thus, the window of vulnerability is very narrow. It can be narrowed further through the use of personal identification numbers, signature verification, and speaker verification. However, the marginal security of the latter two may be small when compared to their cost. This technology is mature, widely available, and widely supported. It is clearly supported on the popular platform types within the internet. It is both effective and efficient. That is, it works, and it covers its own cost. The cost is measured in the tens of dollars per user. While this seems high when multiplied by the number of users, anything seems high when multiplied by the users. When compared to the other costs of computing, it is trivial. When compared to the cost of losses offset, it is attractive. It is much more effective and efficient than other security measures, such as access control, that we take for granted. It is clearly more effective and efficient than these other are in its absence, since in its absence the other mechanisms are not effective.
Please report problems with the web pages to the maintainer