The RISKS Digest
Volume 12 Issue 27

Sunday, 8th September 1991

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Play the lottery via Nintendo
Mike Cepek
Re: Salomon Brothers — Database Design
Jeff Berkowitz
Larry Press via Tom Lincoln
Re: ``Returns for Senders''
Willis H. Ware
Re: +&*#$
John Moore
Andy Goldstein
Re: A number is no name
Bob Frankston
Re: Unusual characters in addresses
David Lamb
Re: A permanent EMAIL address
Mike Van Pelt
Re: RISKS of using electronic mail"
David Parnas
John Sloan
Re: The Dead Sea Scrolls and Data Security
Chuck Karish
David A. Curry
Chuck Karish
A better model for cracking
Scott Draves
Prize for Most Useful Computer Virus
Cliff Stoll
15,000 Cuckoo Letters [Another RISK OF EMAIL?]
Cliff Stoll
Info on RISKS (comp.risks)

Play the lottery via Nintendo

"Mike Cepek, MGI" <>
Fri, 06 Sep 1991 18:23:01 CDT
[ From the Minneapolis Star Tribune, 1-Sep-1991, Section B.  I will
let it speak for itself.  See if you can keep from laughing.   - mkc ]

Several kinks have yet to be worked out

   [...] Minnesota gamblers soon could be winning jackpots as early as 1993
from the comfort of their own living rooms... the state will begin testing a
new system next summer that will allow gamblers to pick numbers and buy tickets
at home by using a Nintendo control deck.  [...] The system, to be created by
the state and Control Data Corp., would be somewhat similar to banking with an
automated teller machine card.  Gamblers would use a Nintendo control deck and
a state lottery cartridge [...]  The cartridge would be connected by phone to
the lottery's computer system, allowing players to pick Lotto America, Daily 3
and Gopher 5 numbers, and play the instant cash games.  Players would gain
access to the system by punching in personal security codes or passwords.
Incorrect passwords would be rejected.  Only adults would be allowed to play.
[...A] number of kinks, including setting up a pay-in-advance system for
players to draw on, computer security and adult registration, must be worked
out.  [...] 32% of Minnesota households have Nintendo units.  About half of
those who use the units are older than 18 [...]  [...] Those chosen to
participate [in the summer experiment] will be given a Nintendo control deck,
phone modem and lottery cartridge.

Re: Salomon Brothers — Database Design (RISKS-12.24)

Sat, 7 Sep 91 22:35:58 GMT
>The recent Salomon Brothers securities scandal was caused in part by sloppy
>database design according to an employee in the database programming department...

I can't let this this abuse of the concept of "responsibility" go by.  Saying
that Salomon's DB programmers in any way "caused" the scandal, even "in part",
is like saying that police "caused" an automobile accident because they didn't
happen to catch the speeder before s/he hit somebody!  After all, the police
*do* have "responsibility" for catching speeders.

It is incredible to me how we have moved away from the concept of individual
responsibility and toward reliance on various societal "mommies and daddies" to
watch over behavior.  I can't help but think that our newfound ability to
create computerized "mommies" encourages this trend.

Jeff Berkowitz, Sequent Computer Systems: uunet!sequent!jjb or

The REAL RISKS and REWARDS of E-Mail (By Larry Press)

Tom Lincoln <>
Fri, 06 Sep 91 21:19:16 PDT
The LA Times of Sept 6 ran an article on the DEMOS network in Moscow as it
operated during the coup attempt.  Larry Press, who played a major role, felt
that this article did not do justice to the full set of facts.  Here is his

     ------- Forwarded Message

Date: Fri 6 Sep 91 11:46:51-PDT
From: Laurence I. Press <LPRESS@ISI.EDU>

Copyright, Larry Press, August 26, 1991, do not reproduce or quote without
permission.  This file may be forwarded around the net as long as this note is

        A Computer Network for Democracy and Development
                           Larry Press

   "Oh, do not say.  I've seen the tanks with my own eyes.  I
   hope we'll be able to communicate during the next few days.
   Communists cannot rape the Mother Russia once again!"

This message was sent from Moscow at 5:01 AM on August 19.  It was written by
26 year-old Vadim Antonov, a senior programmer at the Demos Cooperative in the
Soviet Union.  Demos operates a computer-based communication network which
spans the Soviet Union, and within a few hours, Vadim's message had been
relayed to computers in 70 Soviet cities from Leningrad in the West to
Vladivostok in the East.

The message had also been sent to a computer in Helsinki Finland, which is
connected to the non-Soviet computer networks.  From Finland, the message was
relayed to networks such as The Internet, serving millions of users on all
continents.  Seconds after it reached Finland, I could read it at my computer
in Los Angeles, California.  The message was particularly important to me
because the week before the coup attempt I had been in Moscow and spent several
days with Vadim and his colleagues at Demos.  We met professionally and as

Demos' RELCOM (RELiable COMmunication) network celebrated the first birthday of
its link to Finland on August 22.  During that first year, RELCOM spread to 70
Soviet cities, and over 400 organizations were using it — universities,
research institutes, stock and commodity exchanges, news services, high
schools, politicians, and government agencies.  As is typical with computer
networks, noone knows how many users RELCOM actually reaches.

During the Coup

During the days of the coup, RELCOM was pressed into service in support of the
constitutional government.  The junta moved quickly to control mass media.
When I learned of the coup, I immediately sent a worried message to Vadim's
wife Polina Antonova, who also works at Demos.  I did not receive her answer
until August 20 at 12:17 AM Moscow time:

   "Dear Larry,

   Don't worry, we're OK, though frightened and angry.  Moscow is
   full of tanks and military machines — I hate them.  They try
   to close all mass media, they stopped CNN an hour ago, and
   Soviet TV transmits opera and old movies.  But, thank Heaven,
   they don't consider RELCOM mass media or they simply forgot
   about it.  Now we transmit information enough to put us in
   prison for the rest of our life.

   Greetings from Natasha.


The Demos staff had learned of the coup around 6 AM on the 19th, and
immediately began sending political information to the Soviet Union and the
outside world.  By 12:30 PM, Moscow time, I was reading news releases from the
independent Soviet news agency Interfax.  Although outlawed by the junta, news
from Interfax, the Radio Moscow World Service, the Russian Information Agency,
Northwest Information Agency (Leningrad), and Baltfax was disseminated by
RELCOM throughout the coup attempt.

RELCOM also distributed news from official sources opposed to the coup.  For
example, a copy of the letter Boris Yeltsin read from a tank turret in front of
the Russian Parliament building was brought to Demos headquarters (a short
trip), entered into a computer, and forwarded across the network.  By early
evening, several people in the United States had also translated it, and an
English-language version was broadcast to the non-Soviet networks.

There were also many eye-witness reports.  Pay phones were working in Moscow,
and people in the streets could phone news in.  At one point, Polina told me
she was leaving for the Russian Parliament Building with a portable computer so
she could report from there.  Later I learned that she had not gone because the
phone service to the building was unreliable.

Of course all the news did not come from Moscow.  The network was buzzing with
reports and official notices from Leningrad, Kiev, the Baltic capitals, and
many other Soviet cities.

News also came in from the West.  I wrote regular summaries of the news as
broadcast on radio and television in the United States.  Jonathan Grudin, a
colleague in Denmark, did the same for BBC news.  Regular reports were also
posted from Finland, giving both Finnish and Baltic news summaries.  These were
translated into Russian by Polina and others, and transmitted throughout the
Soviet Union.

Western news was welcome, but the link to Finland became a bottleneck.  Before
the coup, 6,000 messages were passed between Finland and RELCOM on a typical
day.  After the coup began, traffic increased substantially, prompting Vadim to
broadcast this message at 6:44 PM on the 19th:

   "Please stop flooding the only narrow channel with bogus messages
   with silly questions.  Note that it's neither a toy nor a means to
   reach your relatives or friends.  We need the bandwidth to help
   organize the resistance.  Please, do not (even unintentionally)
   help these fascists!"

This plea notwithstanding, traffic rose to a high of 13,159 messages on the

While news of tank movements, demonstrations, and official political statements
was of practical value, it also provided emotional support.  When the coup was
finished, and there was time to rest, I received a message from Polina that
said in part "You can't even imagine how grateful we are for your help and
support in this terrible time!  The best thing is to know that we aren't
alone."  That message paid me 1,000 times for the hours spent at my computer


At the beginning of the coup, memories of the Hungarian revolt, Kruschev's
ouster, the Prague Spring, and Tiananmen Square did not give one much hope.
Had the coup succeeded, the Demos staff and people using their network would
have been in great danger.  As Vadim noted in a message to Doug Jones, a
professor at the University of Iowa:

   "If these dogs win, for certain they'll throw us in prison --
   we distributed the proclamation from Yeltsin and the Moscow
   and Leningrad Soviets throughout the entire Soviet Union,
   together with the forbidden communiques from Interfax ...
   Greetings from the underground."

Demos headquarters is in a small building near the Kremlin.  The KGB knew of
RELCOM, and had they decided to, they could have easily shut the network off
early in the coup.  When a friend asked why they didn't, Polina replied "Thank
Heaven, these cretins don't consider us mass media!"  After the coup, she and
others speculated that the KGB was generally passive because they were not
confident the coup would succeed.

Sensing danger, the Demos staff arranged for backup computers to substitute for
the vulnerable headquarters machine if necessary.  On the 20th at 8:30 PM
Moscow time, Vadim sent this message to Doug Jones:

   "Yes, we already prepared to shift to underground; you know --
   reserve nodes, backup channel, hidden locations. They'll have
   a hard time catching us!  Anyway, our main communication line
   is still open and it makes us more optomistic."

They not only hid the computers, many people left Demos headquarters and
communicated from their homes and other locations.  Polina told me:

   "Don't worry; the only danger for us is if they catch and
   arrest us, as we are sitting at home (valera is at Demos) and
   distributing all the information we have."

When the coup was finally defeated, George Tereshko, broadcast the following
thanks for the risk taken by the Demos staff:

   "When the dark night fell upon Moscow, RELCOM was one source of
   light for us.  Thanks to these brave people we could get
   information and hope."

Of course, for now, the story appears to have had a happy ending.  At 3:07 PM
on the 21st, I received this from Polina:

   "Really good news.  Right now we're listening to Radio Russia
   (without any jamming!); they told that the eight left Moscow,
   noone knows where ... Hard to believe ... Maybe, they've
   really run away?"

And on the 22nd at 1:31 PM she wrote:

   "Now Vadim and I have to do our usual work (that's so nice!)
   and Valera and Mike Korotaev went to sleep.  They were on duty
   the whole night.  Now there is celebration in Moscow.  We just
   watched president Gorbachev on TV."

RELCOM in Peace Time

In the past, a network like RELCOM would have been prohibited in the Soviet
Union.  Like any communication media, it is incompatible with repressive
dictatorship.  Gorbachev's Glasnost made RELCOM possible, and in one year, it
became a significant segment of the Soviet communication infrastructure.

Part of the reason for RELCOM's success is the fact that postal and telephone
service in the Soviet Union are poor, making electronic mail very attractive.
Another element of their success is that they use low-cost, appropriate
technology.  The primary technology used by RELCOM is the voice phone system,
low cost modems, and standard personal computers.  The final element in their
success is the people at Demos.  They are very skillful as technicians and as
entrepreneurs (Demos is 100% free enterprise), yet they are different than
their counterparts in the United States.  They are more idealistic and less
competitive.  If they were in the US, my guess is they would either be graduate
students in computer science or they would be driving BMWs and sipping Perrier.

As such, RELCOM may be a good model for other countries with poor
telephone and postal systems, little capital, and well educated,
motivated young professionals.  Networks like RELCOM, probably
using satellite technology, may change the face of the earth in
peace time as well as helping to keep the peace.

  [Larry Press is Professor of Computer Information Systems at California State
  University at Dominguez Hills.  He has visited Chile several times, most
  recently as an organizer of the EIES held last July.  The week before the
  coup, Press co-chaired a conference on human-computer interaction in Moscow.
  While there, he spent several days visiting the Demos Cooperative, which
  operates RELCOM, an important Soviet computer network.  During the coup, he
  relayed news to his friends at Demos.]

Re: ``Returns for Senders'' (RISKS-12.26)

"Willis H. Ware" <>
Fri, 06 Sep 91 15:11:26 PDT
I'm afraid that the author chases a vacuous ghost.  She apparently doesn't
really understand how the direct mail business works but evidently hopped onto
a seemingly significant process.  The true situation is the quote from Krause
in the final paragraph.

Her facts are correct but the implications are not.  If one moves, there
will be some collection of mail that he will want forwarded.  Among the
set will be journal and technical magazines subscriptions, favorite mail
order outlets, the family's hobby magazines, the children's items,
charitable organizations that one supports and wishes to hear from, — on
and on.

Address information is traded and exchanged on a huge basis and any legitimate
address change will readily and quickly find its way into the whole direct mail

Try the following experiment.  Move but have no mail forwarded to the new
residence; route it to a POBox.  Then place just one order from some mail order
house and have it delivered to the new residence address.  Sit back and log the
buildup of direct-mail materials.  It will startle you how quickly your address
gets around.

Such a phenomenon is of course the fallacy, if not silliness, of writing
to the Direct Mail Marketing Association and asking to be removed from
circulation.  It will only do some good if one also forswears to never
again order anything by mail.

The most that the USPS update-list sales will do is possibly shorten the
response time of updating mailing lists — although it isn't certain that the
USPS is indeed swifter than other methods; and it facilitates the job of the
list maintainers by providing material in machine readable form from a single
source.  These are, to be sure, important points but not the ones that the
author identified in the article.

For an extensive treatment of direct mail marketing and its list ramifications,
see the report of the Privacy Protection Study Commission.
                                     Willis H. Ware

Re: +&*#$ (RISKS-12.21)

Sat, 7 Sep 91 00:15:37 -0700
As a ham radio operator, for years I have had an amateur radio license plate.
In the late '60s, when motor vehicle departments were first computerizing, I
was pulled over one night by a policeman. When I asked why he had stopped me,
he said that my license number was not valid - the computer (in Topeka, KS)
would not accept a license number of WA0DVD - although I suspect that this same
computer had originally issued the registration. This took some explaining, and
if the police dispatcher that night had not been a friend of mine I might have
had an even tougher time of it.

John Moore anasaz!

RE: +&*#$

Andy Goldstein - VMS Development 06-Sep-1991 1609 <>
Fri, 6 Sep 91 22:15:20 PDT
Bob Frankston's posting about strange characters on New Hampshire license
plates reminds me of one of the little bits of dirt that came out about the Ed
King administration in Massachusetts back when Dukakis was elected for the
second time. Seems the registry of motor vehicles had been issuing special
license plates to friends of the governor that contained stars, squiggles, and
other symbols expressly chosen because they had no representation on the
registry's computer system. Talk about diplomatic immunity!

Re: A number is no name (Frankston, RISKS-12.26)

Fri, 6 Sep 1991 20:00:02 PDT
> There is a proposed character set, Unicode, that is intended to encode
> all glyphs.

Sorry, this is not quite correct.  Unicode is an attempt at a universal
character set, not a glyph set.  In some cases a Unicode character may be
represented by more than one glyph; choosing which glyph is then a rendering
(font, maybe?) problem.

Re: A number is no name (RISKS DIGEST 12.26)

7 Sep 1991 01:31 -0400
I was, perhaps, a bit sloppy in my use of the term "glyph". I did indeed mean
to say that each numeric code stood for a canonical character not a rendering.
Unicode is a great improvement over ASCII but doesn't solve all the encoding
and representation problems.  While Unicode doesn't preserve font distinctions
it does preserve case distinctions but sometimes the case distinction is not
signficant but the font distinction might be or the shading or ...

Re: Unusual characters in addresses (Re: RISKS-12.26)

David Lamb <>
7 Sep 91 12:25:15 GMT
Regarding the discussion of unusual characters in licence plates: it's not
surprising there should be difficulties interfacing with the "real world" when
we can't even interface with our technically-defined software world.  Back in
the late 70's and early 80's I maintained Carnegie-Mellon's RDMAIL system; when
we shifted to supporting RFC733, we implemented the whole thing (there was even
a hack for handling :postal:) except for retrieving foreign mailing lists on
:include:.  We immediately broke most other mailers on the net, and got so much
flack that we had to turn off half the stuff in the RFC for outgoing mail.  I
wasn't too surprised that folks didn't want to parse :include:, but was a bit
more suprised nobody wanted to handle spaces in names (at the time we were the
only site we knew of that would let your mail name be "David Lamb@cmu-10a" (if
that's who you really were, of course)).

I'm not sure what this has to do with RISKS, unless it's something
along the line of "forall x,y, x wants y to adhere to x's standards".

Re: A permanent EMAIL address

Mike Van Pelt <>
Fri, 6 Sep 91 19:21:27 PDT
One way to have a permanent email address is to subscribe to one of the more
stable and inexpensive services (say, The Well) and put in a .forward file to
wherever you happen to be at the moment.  If you change jobs, delete the
.forward file and read your mail on the public access site until you get a new

Re: "risks of using electronic mail" (RISKS-12.26)

David Parnas <parnas@qusunt.Eng.McMaster.CA>
Fri, 6 Sep 1991 17:31:09 -0400
   The discussion of "risks of using electronic mail" that I started, began at
the trivial level and seems to be descending even further.  I wished to remind
users of a simple risk, not to suggest that an employer had any obligation for
forward the mail of former employees or that there was no solution for people
who had advance warning that they would be leaving.  Those things are obvious.

  There is however one difference between the situation with "snail mail" and
that for electronic mail.  In the former case it is not necessary that the
owner or new occupant of your house or apartment be cooperative.  In the
electronic mail situation they are involved.  They can discard your mail, store
it in a deep electronic well, read it, respond to it, etc.  If you tell your
snail mail service that you are moving, the new occupants need not be involved
at all and cannot intercept your love letters.

     [Well, mail for the former occupant tends to get (mis)delivered anyway,
     including after the one-year forwarding expires.  Worse yet, my mailman
     apparently cannot read English, although he is pretty good at numbers.
     I often get mail for neighboring streets for which the street number
     matches!  PGN]

Re: RISKS of using electronic mail (Cooper, RISKS-12.26)

John Sloan <jsloan@niwot.scd.ucar.EDU>
Sat, 7 Sep 91 10:05:05 MDT
Will we have this same discussion ten years from now when cellular
phones are cheap, and the expanded cellular communications infrastructure
means we all have one in our hip pocket? Our cellphone numbers won't be
tied to geographic locations, as they are with wired telephones, but
rather associated with an individual. I have a bad feeling that we'll
all be arguing about the risks of universal identifiers like SSNs while
publishing our universal telephone numbers in our network signatures.
(We'll also need voice mail built into those hip pocket cellphones!)

John Sloan NCAR/SCD, P.O. Box 3000, Boulder CO 80307 +1 303 497 1243

Re: The Dead Sea Scrolls and Data Security (Leichter, RISKS-12.26)

Chuck Karish <mindcrf!>
Sat, 7 Sep 91 16:22:39 PDT
A security system that implements the `born classified' doctrine must try to
deny access to information which, if properly related to other marginally
sensitive information, will allow conclusions to be drawn which will compromise
the national interest.  The act of declaring a particular piece of information
to be sensitive alerts the bad guy to its importance.  Since the information is
protected by only the very lowest levels of national security restrictions, it
is likely to be available to moderately well-connected information brokers.

Two consequences: First, modest restrictions on the availability of data impact
the ordinary citizen's access to information about how the world works much
more than it protects `us' from the bad guys.  Second, material that's
completely innocuous must also be declared sensitive, to avoid giving the bad
guys information about which data the security establishment considers to be
important and providing them with a starting point in using the powerful
correlation techniques that will turn these hints into solid intelligence.
Note that I use this last word in a technical sense; no judgement as to the
wisdom of playing this game is intended.


"David A. Curry" <>
Fri, 06 Sep 91 21:02:56 -0500
You're going to have the NIC very mad at you; registrations for WHOIS are sent
to REGISTRAR@NIC.DDN.MIL, not NIC@NIC.DDN.MIL.  Furthermore, there is a special
template to use.  I presume the newest template is in the NETINFO: directory
somewhere; here's a slightly old one:


Re: whois (RISKS-12.26)

Chuck Karish <mindcrf!>
Sat, 7 Sep 91 16:22:39 PDT
My understanding of the charter of the `whois' database is that it is meant to
provide a directory of the people who make the Internet work, not of all the
people who use the Internet.  I'm in the database because I'm the zone
technical contact for the domain.

The NIC is not in the business of providing a directory service for everyone on
the Internet.  Maybe there's a business opportunity here ...

Chuck Karish, Mindcraft, Inc  (415) 323-9000

a better model for cracking

Sat, 07 Sep 91 13:34:54 -0400
Cracking systems is often called the electronic equivalent of breaking and
entry.  I'd like to propose another model:

Say I telephone your residence, and your six year old child answers.  I tell
her to go to a filing cabinet, and retrieve a document.  She does so.  I tell
her to read the document to me over the phone.  She does so.  I hang up.

Models like these are an important part of deciding how to penalize crackers.
We must be careful to base our laws on the right model.

My opinion is that organizations (eg att) are using the "breaking and entry"
model to shift public perception of the problem.  Instead of "our vulnerable
systems are being compromised" we have "our systems are being victimized by

Prize for Most Useful Computer Virus

Cliff Stoll <stoll@ocf.Berkeley.EDU>
Sun, 8 Sep 91 00:33:24 -0700
Prize for Most Useful Computer Virus

Computer virus specialist Fred Cohen writes an intriguing article in the
September/October 1991 issue of The Sciences (published by the New York Academy
of Sciences).  In short, Dr. Cohen describes ways in which computer viruses and
virus-like programs can be beneficial.

These include automated bill-collectors, where, "each bill
collector virus is a small program designed to collect one bill";
this program modifies itself depending on the debtor's response.
Another instance is maintenance viruses which dispose of
temporary files or hung programs.

Dr. Cohen has published "A Short Course on Computer Viruses".  Curiously, his
publisher is offering a $1,000 prize for the most useful computer virus.
However, "contest rules prohibit any entries that have been released into a
computing environment without the permission of the owner or without mechanisms
to control their spread"

He points out that malicious and unauthorized viruses have given a bad name to
viruses.  I'll say!  Strangely, though, I've heard less of viruses in the past
year than in years past.  I wonder if the fad is finally passing?

-Cliff Stoll

    [Cliff, I guess you have not been reading VIRUS-L, which documents the
    continuing incidents and the continuing proliferation of new strains.  PGN]

15,000 Cuckoo Letters [Another RISK OF EMAIL?]

Cliff Stoll <stoll@ocf.Berkeley.EDU>
Sun, 8 Sep 91 00:29:08 -0700
In 1989, I wrote, "The Cuckoo's Egg", the true story of how we tracked down a
computer intruder.  Figuring that a few people might wish to communicate with
me, I included my e-mail address in the book's forward.

To my astonishment, it became a bestseller and I've received a tidal wave of
e-mail.  In 2 years, about 15,000 letters have arrived over four networks
(Internet, Genie, Compuserve, and AOL).  This suggests that about 1 to 3
percent of readers send e-mail.

I've been amazed at the diversity of the questions and comments: ranging from
comments on my use of "hacker" to improved chocolate chip cookie recipes.
Surprisingly, very few flames and insulting letters arrived - a few dozen or

I've tried to answer each letter individually; lately I've created a few macros
to answer the most common questions.  About 5% of my replies bounce, I wonder
how many people don't get through.

I'm happy to hear from people; it's a gas to realize how far the book's reached
(letters from Moscow, the South Pole, Finland, Japan, even Berkeley); but I'm
going to spend more time doing astronomy and less time answering mail.

Cheers,     Cliff Stoll

Please report problems with the web pages to the maintainer