The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 12 Issue 59

Tuesday 5 November 1991


o New Computer Center for Soviet President
o "Computer rats on students who don't show up in class"
Steve M. Barr?
o Bank tries to lose 14 billion pounds
Nigel Cole
o Management Often Bungles Firing Process
Jeff Helgesen
o Chaos Congress 91
Klaus Brunnstein
o Japan's barriers against IT risks (Tokyo
Klaus Brunnstein
o DES is better than anyone would have guessed!
John Sullivan
o DES Watch
Richard Outerbridge
o Risks of ``record'' and ``replay'' terminal capabilities
Bertrand Meyer
o Re: Licensing of Software Developers
David Parnas
o Re: campaign against telco info services
Dave Bakken
o Re: Mathematical and scientific foundations
Leslie J. Somos
o Re: UCI computing survives power outage
William Walker
o Info on RISKS (comp.risks)


Moscow (TASS, 31Oct91, by TASS special correspondent sergei zinchuk)

A new scientific and technical computer center `sistema' (the system) is now in
operation, aiming to provide immediate and reliable information for the Soviet
president's apparatus and communicate directly with various regions of the
country, as well as with capitals of other states.  The new computer networks
will soon enable president Mikhail Gorbachev to contact leaders of other states
not only by telephone but directly through the computer displays.  Boris
Tolstykh, former deputy chairman of the USSR council of ministers, who also
headed the state committee for science and technology and the state committee
for computing machinery and informatics, has been appointed chief of the
`sistema' center.  "Rechner und Peripherie Vertriebs GMBH" of Germany supplied
the hardware for the center and the "Software AG" transnational company
arranged the software.  "Creation of the `sistema' center is a vivid example of
international collaboration.  So, the design and the control system of the
center was worked out by Soviet specialists, the office fitting was done by an
Italian company, the computers were provided by our company and the software -
by `Software AG' company", Gerd Lutz, head of the hardware firm told TASS.  "As
a result of joint international efforts we have managed to create an
ultramodern computer center which can compete in efficiency with any similar
computer network in the world", Gerd Lutz pointed out.

"Computer rats on students who don't show up in class"

Thu, 31 Oct 91 10:15 EST
This is from wire reports collected into a column in the Winston-Salem Journal,
October 31, 1991.

"Computer rats on students who don't show up in class"

    Skipping class and ignoring homework won't be as easy for students at John
Muir Middle School in Burbank now that a computer is waiting to call their
homes.  The school has installed a 24-hour homework hot line that allows Mom
and Dad to find out what homework is due and what activities are going on in
class.  The computerized telephone system also rats on students who miss class
by calling their parents each night.  "The great thing about this is that the
computer will keep calling until it hears a live voice or an answering
machine," principal Bill Kuzma says.  "In the morning, a printout tells us who
it contacted and who it didn't."

[It is indeed a "great thing" that the map is now equal to the territory. SMB]

Bank tries to lose 14 billion pounds

Nigel Cole <>
04 Nov 91 14:35:55 EST
I have just seen the following on CEEFAX (BBC TV's Teletext service):


Barclays bank is investigating how 14000 million pounds was almost
mistakenly transferred to the National Bank of Greece.

A spokeswoman for Barclays said the mistake was spotted by a computer
security system just before the transaction was due to go through.

Fourteen thousand million pounds is the equivalent of more than the
entire Greek national debt.

((Nice to see computers catching an error instead of creating or compounding
one, although the whole affair sounds like another case of "Computer Operator
Error". Does anyone else know more details? - NHC))

Management Often Bungles Firing Process (WSJ 10/14/91)

Jeff Helgesen <>
Mon, 4 Nov 91 15:19:14 -0600
>From the 14 October 1991 Wall Street Journal, "Firms Get Plenty of Practice
at Layoffs, But They Often Bungle the Firing Process":

     When reporters and other employees at the Record of Hackensack
     newspaper tried to log onto their desktop computers on a recent
     Wednesday morning, a puzzling thing happened. None of them could
     get into the system.

     It had nothing to do with computer failure. Rather, it was the way
     workers learned which ones among them would be getting pink slips.
     Reporters were directed to an editor's office, where they either
     for an envelope containing a new password---meaning they still had
     a job---or a note to see a supervisor---meaning they didn't.

     "It was really tense," says one staffer who survived the cut of
     138 employees. "People felt really angry. And a lot of people felt
     betrayed, too."

The story goes on to describe firing methods and practices, and other horror
stories regarding botched firings.

After all these years, still no improvement over the time-honored method of
moving the employee's desk into the hallway... :-)

Chaos Congress 91

Klaus Brunnstein <>
1 Nov 91 10:36 +0100
According to an invitation (participation in panel "Techno-Terrorism coming?"),
annual (8th) Chaos Congress 91 will be held in Hamburg (-Eidelstedt,
Buergerhaus) on Dec.27-29, 1991. Besides introductions into networking, survey
of networks, mailbox software, operating systems and application software
(usually with several practical demonstrations), IT security will be one major
focus, esp. sociological and legal aspects. Besides the 2nd topic
(Techno-Terrorism, the development of which was strongly warned of by CCC
chairman Frank Simon in a recent discussion), network technologies and possible
applications of networks in environment protection (as started in last years)
and social implications will de discussed. One discussion will be devoted to
'10 years Chaos Computer Club'.
                                  Klaus Brunnstein, University of Hamburg

Japan's barriers against IT risks (Tokyo

Klaus Brunnstein <>
30 Oct 91 18:00 +0100
Conference Report: `Information Security 91' (Tokyo, Oct.17-18,1991)

During this year's Informatization Week in Japan, an international conference
was held in Tokyo on `Information Security'. Invited experts from USA,
Australia, United Kingdom, Germany and Japan discussed, in a plenary part (on
Oct.17) and in 3 parallel streams (on Oct.18) several 'hot' topics in related
areas. The conference was organized by Japanese Information Processing
Development Center (JIPDEC) and Ministry for International Trade and Industries
(MITI)'s Information Technology Processing Agency (IPA); attendance was well
over 700.

During plenary day #1, introductory lectures were given by Solomon Buchsbaum,
AT&T's senior vice president, on 'Information Security Strategy Towards 21st
Century', in which he outlined deficiencies in contemporary digital
communication systems by analysing some accidents (e.g. INTERNET worm); he
described in some detail AT&T's approach to network security. According to him,
the new version of Secure (System V) UNIX designed at B2 level is currently
under NCSC B2-evaluation.

NCSC director Patrick Gallagher, in his contribution on 'Role of Public and
Private Security Activities' introduced concepts of Orange Book and also
discussed the European IT Security Evaluation Criteria (the new release of
which, Version 1.2 was released by EEC in June 1991). In some background
discussion, some experts said that Japan might well (after evaluating this
conference and its results) look at their own Security Criteria to compete with
multi-color US and EEC criteria (which both deserve scientific substance and

Justice Michael Kirby, Judge at the High Court of New South Wales, introduced
into the actual work of OECD expert group on security of information systems,
whose chairman he is. In his impressive lecture (38 pages in the conference
proceedings), he discussed IT risks, demands for and impediments to security
harmonization efforts, and the mission and state of the OECD group. His paper
is surely worth wider recognition in the community of risk analysers and
security experts.

The Japanese contribution was from Tadahiro Sekimoto, Chairman of (influential)
Japan Electronic Industry Development Association; to analyse his country's
position, his (Japanese) paper is very worthwile to be translated into English.

On day#2, three parallel sessions were focused on 'Security Policies' featuring
Japan (Kaoru Nakamura/MITI), USA (Bill Calvin/NASA) and UK (Michael Jones/DTI)
(session 1), 'Computer Viruses' (session 2, about 200 attendants) and `Security
Activities in Business Societies' (session 3), with contributions of Toshio
Hiraguri (Fujitsu), William Whitehirst (IBM) and Alan Stanley (European
Security Foundation).

In session 2 (the only one which the author could attend), Dr. Tojo of MITI's
IPA reported on experiences of IPA's Virus Control Office, founded in October
1990. From the beginning, the office asked Japanese institutions *to report any
case on malicious software*. Though probably not all incidents have been
reported (esp. in universities), the *detailed survey of 49 incidents* shows
essential differences to Western incidents. One major part is concerned with
MACINTOSH virii, among which WDEF/WDEF A/WDEF B (9+4+1 cases) and nVir B (1
case). On Japanese IBM-compatible PCs, only a small subset of the worldwide
virii have appeared: Stoned (8), Jerusalem (4), Joshi, Sunday and Yankee Doodle
(each: 2), and 1701, AZUSA, Invader, Keypress, Vienna (each: 1), plus a
simultaneous occurrence of Dark Avenger and Liberty.  Most interesting, there
is also a report about a mainframe virus (VM/SP on IBM 4381/R23) which is only
described in Japanese (Dr. Tojo's report is very worthwile to be translated in

Dr. Tojo reported also about 6 natively Japanese virii on DOS-PCs and Sharp
X68000 'Human OS'. Following their own naming scheme, he reported on virii
DBf-1, DApm-2, DBo-3, DBh-4, DAn-5 and DShm-6. In it's naming convention, IPA's
Virus Control Office describes the system base (D: DOS, M: MACINTOSH, U:UNIX),
infection (B=Boot, S=OS, A=application), and disease functions (F=FAT, O=OS,
P=EXE/COM.., D=data, H=hangup, m=message, n=nothing). As additional
information, virii are serially labeled with the number in the occurence list.
The naming scheme resembles Patricia Hoffman's classification, though
significantly simpler; the appended sequence number is helpful when a unique
office exists to which virii must be reported.

In the afternoon (after contributions of Fred Cohen and the author, see below),
a major part of the panel discussion was devoted to the question why so few
virus incidents have appeared, and why *Japan* is world-wide (among high
developed countries) the *country with lowest per-capita-density of virii*
(with no major native hacker attack reported). Among several reasons, the low
PC-density (about 100,000 PCs only) as well as 'cultural' and 'language'
barriers are worthwile to analyse.

The *language barrier* is established by Japanese laws and regulations which
require all foreign software to be adapted to Japanese standards and language.
This requires all software to be adapted, and in this process, major
'anomalies' may vanish (probably, the high percentage on Mac virii comes from
the fact that the exchange of Mac software is nearly as free as in Western

The *cultural barrier* was described by some participant with the sentence: 'In
Japanese culture, students would be ashamed to damage any organisation by
writing a virus'. From Western experience (e.g. in discussion with hackers and
virus authors), this built-in ethics seems as the most reasonable Japanese
barrier, while the 'language barrier' is often accused for the closure of
Japanese markets against Western products. Consequently, political pressure may
well damage this antivirii barrier, while the cultural barrier may remain
strong for some time (slowly eroding, as some Japanese discutants admitted).

Fred Cohen's contribution consisted of two rather controversial parts.  In his
first part, he analysed - in an outstanding contribution - essential features
in PCs and MSDOS which are basically responsible for virus proliferation. He
described concepts of his (=ASP's) integrity product which (as this part of his
lecture) deserves broader recognition; his suggestion of a 'safe snapshot'
(established as virus-free) which is loaded at any boot time seems promising
(VTC will test it against it's virus database) against all virii which do not
(mis)use hardware features to protect (stealth) themselves.

Fred Cohen's second part will also be controversial in western conferences. He
repeated arguments of his dissertation, recently published in Science
(Sept/Oct-edition), that virus technology should be used for 'good purposes'.
While his dissertation contained examples of compression and encryption,
today's examples are a 'viral bill collector' and 'garbage collection'.
Moreover, to get more examples, Fred has publicly devoted $1,000 in a contest
to the programmer of the best good virus (Science). Fred's argument is, that in
adequate (evidently not contemporary) systems environments, technology of
self-replicating programs may be used for good purposes. Starting from genetic
principles ('liveware'), several models of garbage collectors, bill collectors
may concur, on a birth-and-death-basis: the successful ones survive (if enough
'food' is available) and replicate, while the unsucessful ones 'die'.

In the wake of his Science contribution, Gene Spafford gave an essential
argument that replicative techniques should not be used in cases where more
controllable techniques are available. All examples up-to-now can be solved
(more controllably) by a good operating system. The author mentioned moreover,
that in contemporary systems, *virii steal the author's copyright as well as
the user's quality guarantee*. The argument is as follows: if a user buys a
software product, he/she gets a (usually written) quality assurances limited to
the tested product; as virii change the assured product, the quality assurance
is no longer valid for an infected product. Similarly, the copyright holds only
for the product as shipped; with any change of the product at the user's site,
the copyright no longer holds. In the lively discussion, Fred was alone to
defend his 'good virus' idea.

In his contribution 'Malicious Software: Trends and Counteraction', the author
analysed essential paradigms inherent in von Neumann architectures (PCs, large
systems and networks) as well as in contemporary systems analysis and software
construction. He argued that known forms of malicious software (virii, worms,
trojans) and future 'hybrids' (trojanized virii, virus-worms etc) are the
consequence of inherent insecurity of contemporary concepts. In a live show, he
demonstrated (with 28 virii, known since at least 5 months) the discrepancies
in quality of selected antivirii (McAfee's V84 found 21 virii but misclassified
14 yielding in 25% success quota; Solomon's Version 5 properly classified 2,
and Skulason's F-PROT 1.16 found 16). According to the author, contemporary
antivirus techniques will experience more trouble when future stealth virii use
hardware protection (not used by the operating systems) to undergo protection
mechanisms, where contemporary integrity checkers (checksum etc) will also
fail. He suggested new architectural designs which combine von Neumann concepts
with functional concepts not dissimilar to Japanese 5th Generation concepts
(which were not discussed in this event).

While some part of the conference proceedings is in Japanese, the invited
speaker's contributions are in English. The conference demonstrated Japan's
interest to become a major player also in fields of Computer Security; in
several areas (e.g. Classification of Computer Security), evident deficiencies
(esp. ill-understood concepts in Europe's ITSEC) may be uncovered when Japan
plays a major independent role. This may lead to new concepts and approaches
and competitivity.

Klaus Brunnstein, University of Hamburg  (October 26, 1991)

DES is better than anyone would have guessed!

Sat, 2 Nov 91 00:23:13 CST
In the NYT "Week in Review" for 13 October, Gina Kolata writes about DES.  The
basic thrust of the article is that DES is a much better code than anyone would
have guessed; nobody (outside the NSA, anyway) understands why it is better
than any similar codes that have been tried.  The recent Israeli attack on DES
is only a "slight improvement over laboriously trying every key".  Martin
Hellman of Stanford is quoted as saying that special pupose hardware costing
$10million could break DES by brute force in two hours.  [So in 20 years, if
costs go down 40%/yr, your desktop workstation will do this easily.]

Shamir evidently says that DES is "the strongest possible code of its
kind"; his method "devastates similar codes", while only denting DES.
He doesn't believe DES has a trap-door for NSA.

Whitfield Diffie of Sun points out that a cryptosystem must last for many
years: the British got an encrypted Soviet message in the 30's and continued
for 30 years to try to decode it.
                                             -John Sullivan

DES Watch

Richard Outerbridge <>
04 Nov 91 20:20:58 EST
Apropos of the robustness of DSS, RISK readers might be interested by our
guesstimation of the strength of DES during the next nine years.  The title
says it all- "DES Watch: An Examination of the Sufficiency of the Data
Encryption Standard for Financial Institution Information Security in the
1990's", Gilles Garon and Richard Outerbridge, in CRYPTOLOGIA Volume XV Number
3 July 1991, pp. 177-193.  The pun on "DEATH Watch" was intentional.

Time-to-Break               Investment              Cost-per-Period
                          90     95     2000      90     95     2000
One Year               $129K    $52K    $10K    $48K   $19K      $4K
One Month             $1532K   $600K   $117K    $45K   $18K      $4K
One Day              $46622K $18265K  $3580K    $45K   $18K      $4K

If we adopt Dr. Rivest's metric of "$25 million"-worth of resistance
to attack, single-key DES will be obsolete for protecting transactions
with a lifespan of under 12 hours by about 1995 or so.  If single
length DES keys are changed less frequently than once every couple
of days, single-key DES is already exposed when used to protect more
than $48,000 worth of information.

Richard Outerbridge, Senior Security Analyst, CIBC

Risks of ``record'' and ``replay'' terminal capabilities

Bertrand Meyer @ Interactive Software Engineering Inc. <>
Sat, 2 Nov 91 17:35:03 PST
Has this risk been documented before?    Bertrand Meyer

From in a letter by ``Paul J. Lourd, Greenwich, CT'' to the magazine
``Enterprise Systems Journal'', October 1991:

  Recently there was a situation in which several customers received products
  from my company they claimed were never ordered.  [...] The [originating]
  clerk claimed he never entered them, but did say that his terminal was acting
  ``wacky'' that morning.
  [...] The orders matched [others shipped] nine months ago to the same
  customers.  [...]

  After much head scratching, the staff realized that these particular ``dumb''
  terminals (IBM 3192) had a keystroke record and play feature.  Although no
  one believed it was possible, it turned out that this clerk had accidentally
  hit the record button which recorded some of his work and assigned it to a PF
  key.  Nine month laters, he managed to hit the play key while in just the
  right screen and it re-entered the orders!

  The staff then checked the rest of the 3192 terminals and found that more
  than 75 percent had accidental keystrokes recorded and assigned to various PF
  keys. Naturally, the staff is in the process of rendering these key
  inoperable.  [...]

Re: Licensing of Software Developers (RISKS-12.58)

David Parnas <parnas@qusunt.eng.McMaster.CA>
Wed, 30 Oct 91 16:29:04 EST
John Gilmore, suggests that I have gone "beyond advocacy to misrepresentation".

Having read his contribution twice, I still can't figure out what was
misrepresented.  In the jurisdictions that I know, if a professional engineer
is accused of having violated some of the rules of the profession, the decision
about his/her right to continue practicing is made by the professional society.
In that sense, the standards are enforced by the practicing professionals.

This is exactly analogous to the situation in Medicine.  Government's decide
that you must have a medical license to perform heart surgery.  Doctor's decide
who can have such a license.  Doctor's consider themselves a self-enforcing
profession, but the government does not allow them to determine their own

Nobody is forced to get a medical license either.

Although I don't recall anyone in this conversation being called a "crackpot",
I was glad to read that Mr. Gilmore believes I that I don't deserve that
classification.  It has to be the nicest thing a self-avowed crackpot has said
to me this year.

I repeat that we are discussing the wrong issue.  I don't believe that we can
afford to ignore the issue of qualifications for software professionals, but
the question we should be debating is what those qualifications should be and
who should be covered.  It is not an all-or-nothing problem.

Prof. David Lorge Parnas, Comm.Res.Lab, Electrical and Computer Engineering
Dept., McMaster University, Hamilton, ONT Canada L8S 4K1 416 525 9140 Ext. 7353

Re: campaign against telco info services (Seecof, RISKS-12.56)

"Dave Bakken" <>
Wed, 30 Oct 91 15:18:23 MST
In RISKS-12.56 Mark Seecof of the Los Angeles Times used this forum to try to
rally people to support HR 3515, in the name of privacy.  I think that it would
be very beneficial to hear exactly how he or others fear that the telecos
providing information services could be a threat to privacy.  (Must I note that
the LA Times and the other groups he mentioned have a very big vested
commercial interest in this?  And yet they raised the bogeyman of ``potential
invasion of privacy'' without being questioned.)

I myself look forward to the telecos providing information services (and TV
shows, as the FCC just allowed this last week).  This greatly increases the
probability that we will get fiber optic phone lines in ``the last mile'' to
our houses and small businesses, and is likely to accelerate the pace at which
it comes.  As long as the telecos are required to rent the lines to others on a
fair basis, I can see nothing but good coming out of this, and a lot of good at

Dave Bakken, Dept. of Compter Science, U of Arizona, Tucson, AZ 85721; USA
                                                            +1 602 621 4089

Re: Mathematical and scientific foundations (Petroski, RISKS-12.51)

Leslie J. Somos <>
Thu, 31 Oct 91 14:23:11 -0500
My wife Kathy Bacon had an interesting experience in a class while getting her
Computer Engineering B.S. at Case Western Reserve University: After one
particular homework assignment, many of the students complained to the
professor about how the problems were graded.  The (engineering) students had
ruled out certain of the solutions which were physically impossible (the
problem was a word problem about a mechanical linkage).  The professor said
that the class he gave the problems to last year had no problem.  He scratched
his head some, and realized that last year he taught the course to mathematics
students, who had solved the equations as-is, and not ruled out the answers
which were negative numbers.

So, it's not really engineering versus mathematics, it's more of not doing
reasonability checks on your results.
                                               Leslie J. Somos

Re: UCI computing survives power outage [almost] (Krause, RISKS-12.58)

"William Walker C60223 x4570" <>
31 Oct 91 11:05:00 CST
This type of power outage is really not surprising considering how most (if not
all) buildings receive their electricity from the power company.  To reduce the
size (and subsequently cost) of power feed lines and main breakers or fuses, as
well as provide a more efficient distribution of power, AC electricity is
provided to buildings in three phases (houses and small buildings often have
only two phases).  Each phase, or "leg," is separately protected by a fuse or
breaker at the point it enters the building.  Each circuit coming off of each
leg is also separately protected by a fuse or breaker.  Here's the RISK: often
the sum of the ratings of the breakers for the circuits exceeds the rating of
the breaker for that leg.  So, it is possible to overload and trip the breaker
for that leg without tripping any breakers for the individual circuits.  The
other legs will not normally be affected, unless the breakers for all legs are
connected to trip at once.  If one leg supplies computers and one supplies
lights (and maybe AC), one can see how these scenarios are possible, but more

The same can occur on a larger scale.  OUTSIDE of the buildings, on the power
poles, are line fuses for each leg of power.  Sometimes several buildings (or
several mains for one building) will be "downstream" of the line fuse.  Then,
if the line fuse is overloaded and blows, all mains served by that leg will go
down.  I have experienced this twice: once while at the University of Alabama
in Tuscaloosa, and once while at Holly Farms Headquarters in Wilkesboro, North
Carolina.  The line fuse for one leg blew, knocking out power to computers but
not lights (at U of A), or to the mainframe (thank goodness for UPSs) and some
of the lights but not the PCs (at Holly Farms).

Bill Walker, OAO Corporation, Arnold Engineering Development Center, M.S. 120,
Arnold Air Force Base, TN 37389-9998 ( WALKER@AEDC-VAX.AF.MIL )

Please report problems with the web pages to the maintainer