Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 13: Issue 33
Thursday 2 April 1992
Contents
William Gibson, An (On-Line) Book of the Dead- PGN
- NSA and cryptographic software
- PGN
- US Navy radar jammers pass test despite software errors
- Jay Brown
- SDI (from Newsweek)
- John Sloan
- A remarkably stupid design decision
- Geoff Kuenning
- Risk of "parameter validation" hype
- Mark Jackson
- Re: FBI v. digital phones
- Daniel B. Dobkin
- Re: Laws to Ease Wiretapping
- A. Padgett Peterson
- Re: Aviation Software Certification
- Brian Randell
- WAR GAMES II
- Eric S. Raymond
- Info on RISKS (comp.risks)
William Gibson, An (On-Line) Book of the Dead
"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 2 Apr 92 9:08:13 PST
William Gibson, well known for his "Neuromancer" (which in 1986 anticipated what is today known as virtual reality), has a new book, "Agrippa (A Book of the Dead)" that apparently will be available ONLY in computer-diskette form, according to Entertainment Weekly. As reported in the San Francisco Chronicle (31 Mar 1992, p.D3), "Gibson plans to infect the disk with a virus that will make it impossible to transfer the text to paper." This supposed "virus" (more like a logic bomb or a confinement lock?) will undoubtably present an interesting challenge to MSDOS crackers, antiviralists, virtual realists, and foreign ripoffs. If it were to run on Unix, where you can external to the program trivially pipe the output to a file, at least the text would be easy to capture. However, perhaps this is really a situation in which it is the graphical screen image that is relevant rather than the words. Digitized sound would also make it hard to transfer to paper. There is also the likelihood that a succession of home-grown purgated editions might appear, with incremental changes in the dialogue, visuals, and plot line. You don't like the ending? You want pornographic augmentations? Roll your own modifications! Tinkering is generally easier than creating in the first place. So, the book also needs some sort of integrity lock (checksum or crypto seal [is a sea-lion a cryptoseal?]) to provide tamper detection; however, many such schemes can be defeated by careful modifications that continue to satisfy the check. But, if Gibson has come up with an interactive, interpretively developed book that creates its own virtual reality on the screen, that could be quite an exciting development. [Note: It is important not to confuse the SF Chronicle noted above with the other publication with the same handle, the Science Fiction Chronicle, although sometimes it is hard to tell the difference.]
NSA and cryptographic software
"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 2 Apr 92 9:23:37 PST
The NSA and the Software Publishers' Association appear to have reached an agreement that would allow some exports of cryptographic software, as long as the keys are constrained to be sufficiently short. The net effect is a slight but potentially useful improvement over what was previously exportable. [Source: An article, NSA May Loosen Curbs on Software Sales Abroad, by Don Clark, Chronicle Staff Writer, San Francisco Chronicle, 24 Mar 1992, p.C1] Now that NSA and RSA have come a little closer, we need to bring in BSA (the Boy Scouts of America). Be prepared! Imagine, a merit badge for cryptography? [For some background on RSA, see Burt Kaliski's contribution on the free (to noncommercial users) RSAREF privacy-enhanced mail toolkit, RISKS-13.22.]
US Navy radar jammers pass test despite software errors
Jay Brown <jbrown@phoebus.ncsc.navy.mil>
Thu, 2 Apr 92 08:02:29 CST
There was a report last week on CNN Headline News about the US Navy improperly certifying radar jamming equipment for Navy jets (I think the F-14 and the F/A-18 were mentioned). According to the report, the Navy tested and certified these jammers despite the fact that the equipment failed several tests or did not meet all the criteria for certification. As a consequence, some congressional subcommittee or another was investigating the Navy's certification procedures. The Navy's excuse for certifying these systems despite the failed tests was to blame the failures on software errors, according to the report. The report did not mention who manufactured the radar jammers or who wrote the software in question. -- John L. Brown, jbrown@phoebus.ncsc.navy.mil
Newsweek, March 23,1992, on SDI
John Sloan <jsloan@niwot.scd.ucar.EDU>
Sat, 28 Mar 92 12:16:32 MST
The March 23, 1992 edition of _Newsweek_ features an article critical
of research related to the Strategic Defense Initiative. The article
is titled "Safety Net Full of Holes" (pp. 56-59), written by Sharon
Begley and Daniel Glick. It contains this reassuring passage:
"[The] Pentagon disagrees that deploying a space-
and ground-based defense system poses significant
technical challenges. The complexity of the software
required to coordinate Star Wars, for instance, is no
more daunting than programs that control nuclear
reactors, it says."
Now we can all breath a sigh of relief. [ All typos are mine. ]
John Sloan, NCAR/SCD, jsloan@ncar.ucar.edu
A remarkably stupid design decision
Geoff Kuenning <desint!geoff@uunet.UU.NET>
Thu, 2 Apr 92 03:03:19 PST
I just had to pass this one on because it was so funny/sad. A client told me today of a consultant who designed a menu-driven system to be used by accountants for financial purposes. Needing a special character to signify "return to main menu", he chose one that "nobody uses" (his words). The character? The dollar sign! Needless to say, on the first day the software was installed, my client got a frantic call. "Every time I try to enter a dollar amount, it pops me back to the menu!" Sigh. Geoff Kuenning geoff@ITcorp.com uunet!desint!geoff
Risk of "parameter validation" hype
Mark Jackson <MJackson.wbst147@xerox.com>
Thu, 2 Apr 1992 06:15:04 PST
So Microsoft is touting "parameter validation" as a bold new innovation. You forgot to cite the obvious Risk: someone's inevitable attempt to *patent* parameter validation. . .
Re: FBI v. digital phones (Kantor, RISKS 13.32)
"Daniel B. Dobkin" <dbd@ans.net>
Thu, 2 Apr 92 10:13:21 EST
Brian Kantor notes that a monitoring capability is an essential diagnostic element of any telephone switch, digital or analog. He suggests that the only purpose conceivable for a law such as the FBI proposes is to enable wiretaps without Telco cooperation; this in turn is most likely to occur when the FBI doesn't have a proper warrant, either. Hence, "[W]hat they are asking for is the ability to make warrantless taps." In fairness to the FBI, there are other possibilities, such as when a Telco employee is himself the subject of an investigation. Not much, I agree, but let's try to assume that the Bureau's motivation is pure, even if its proposed implementation isn't.
Laws to Ease Wiretapping
A. Padgett Peterson <padgett@tccslr.dnet.mmc.com>
Wed, 1 Apr 92 22:37:48 -0500
This makes the second time in recent months we have heard of government
initiatives to make wiretapping of data traffic easier. Interestinly, there
are a couple of companies currently working on devices (and must admit I have
been prodding them for a couple of years) that should make it an order of
magnitude more difficult:
For some time now, I have been concerned about tapping, particularly when
performing my daily security duties while at conferences. Currently I rely on a
"smart card" or dynamic access device for one-time passwords to avoid spoofing.
About two years ago the following thought crossed my mind:
Years ago when maintaining KY-26 cryptographic equipment,
(my AFSC was 306mop0) brave souls used to bring up encrypted channels
"blind" to minimise time away from the poker game. Instead of changing
the transmit side first and using the receive side to verify reception,
we used to change both sides at once by taking a pre-established count
to go "bravo india" and create a synchronized duplex connection. If we
could communicate, we would know that it had worked (what was done if
it did not is not disclosable but involved the butt end of a large
screwdriver).
Similarly, a couple of years ago I was talking to one of the major vendors
of "dynamic access control devices" about use to provide full encryption of all
traffic. Currently, the way such a system works is that when a login occurs,
the host sends out a multi-digit "challenge". In my case, I enter the
challenge followed by a PIN into a card which then calculates a reply. I send
back the reply as a password that lets me into the system.
What I postulated was that instead of sending the reply back to the
host, it be fed into my laptop as the seed for encryption. The laptop
then sends a "bravo india" to the host telling it to start encryption.
Since the host knows what the reply should be, it uses that as its own
seed. If both sides are then able to communicate, they authenticate each
other simultaneously while providing full encryption of all following
traffic.
One of the major problems was loss of synch from line noise, but the
current crop of error-correcting modems has made such encryption not only
feasible but also easy and at whatever level (DES, RSA, ...) is desired.
Re: Aviation Software Certification
<Brian.Randell@newcastle.ac.uk>
Mon, 30 Mar 92 12:56:51 BST
Last month I sent to RISKs a copy of an article that appeared in the (UK)
Computer Weekly on 6 February which carried the headline "Experts warned CAA
before Airbus disaster". Attached is a letter, from the experts concerned,
complaining at this article. This letter was I understand published by Computer
Weekly on February 13, and has just been drawn to my attention. Despite the
delay, I suggest that it be included in RISKs, in view of the comments it makes
on the original article.
Brian Randell
-----------
AIRBUS SOFTWARE IN THE CLEAR
We are the three BCS "software experts" who visited the CAA in January to
discuss the new draft standard for software in aircraft systems D0-178B.
We believe that it is misleading that you linked our technical visit to the CAA
to the subsequent A320 Airbus crash. There is no evidence of any fault in any
safety-critical software on the A320 Airbus crash. It is too early to know the
causes of the crash and irresponsible to imply that we were in any way trying
to "warn the CAA" about the A320.
Our concerns about the draft D0-178B are technical and relate to its inadequacy
as a basis for objective certification of the reliability of software in
airborne systems. All modern passenger aircraft contain safety-critical
software and our comments to the CAA did not relate to any specific aircraft.
The CAA received our comments constructively and readily agreed to pass each
criticism to the international team which is reviewing the draft standard.
Bev Littlewood, Martyn Thomas, Brian Wichmannn
Computing Laboratory, The University, Newcastle upon Tyne, NE1 7RU, UK
EMAIL = Brian.Randell@newcastle.ac.uk PHONE = +44 91 222 7923
FAX = +44 91 222 8232
WAR GAMES II
Eric S. Raymond <eric@snark.thyrsus.com>
2 Apr 92 02:34:52 GMT
WAR GAMES II
or
How I Learned To Start Worrying and Hate The Bomb
[posted to comp.risks; an incomplete version previously went to other groups]
Some of my friends call me an `improbability vortex' --- the kind of person
weird stuff just naturally happens around. Occasionally I manage to to forget
why; my life doesn't seem bizarre to *me*. Then, something happens to remind
me...
Wednesday, March 25 1992: a fairly ordinary day in the life of Eric Raymond,
Boy Hacker. Shower, read netnews, phone calls, some revision on the clone
hardware buyer's guide I've been working on for comp.unix.sysv386. Will the
top ten vendors go for my idea of a competitive "UNIX Dream Machines Bake-Off"?
Hmm...well, Swan Tech wants to sign up, that's a start. Ah, the mail's in.
Riffle, riffle. What's this? Forwarded from MIT Press. Something about
the book, no doubt...
The Book: if you don't know it already, I edited a lexicon called
_The_New_Hacker's_Dictionary_ (MIT Press, 1991, ISBN 0-262-68069-6). It's
all about hacker language and folklore. Sold 14,000 copies in its first
seven months, got rave reviews everywhere, good stuff like that. Got my
first nut-case letter about a month back --- always heard that was supposed
to happen to authors. Some of the fallout has been weird. Ouch, fallout ---
*bad* choice of words. Back to our story.
Hm. From ISPNews. INFOSecurity Product News. Eh? Never heard of them;
sounds like some trade rag for professional paranoids. Computer form on the
inside; addressed to ERIC RAYMOND EDITOR, THE MIT PRESS, MASS INST OF
TECHNOLOGY, CAMBRIDGE MA 02142. I see what happened; the Press's editorial
address miscegenated with my book credit in someone's mailing-list software,
and some clerical droid at the Press didn't look at content and forwarded
a piece of mail that should have stayed in-house.
What we've got here is, oh, yeah, must be a report from the magazine's
bingo card. Reader service; they circle numbers, you get a bunch of product
info requests. OK, who wants to know about my book? Maybe I'll give them
a surprise and answer it myself. They probably all think the book is a how-to
manual for crackers. Damn all journalists for what they did to the word
"hacker", anyhow...
There were four. First one:
DAVID CARGILL SYSTEMS A
GUARDIAN LIFE INS
STE 201
888 SEVENTH AVE
NEW YORK NY 10106
Oh, boring, I thought to myself. Actually he turned out not to be; I spoke
with him, later, and the guy turns out to be an old UNIX hand who, when I
explained what the book is really about, cheerfully expatiated on Cargill's
Theory of Fat Electrons.
See, Con Edison sucks its line current out of the big generators with a pair
of coil taps located near the top of the dynamo. When the normal tap brushes
get dirty, they take 'em off line to clean up, and use special auxilliary
taps on the *bottom* of the coil. Now (sez Cargill) this is a problem,
because when they do that they get not ordinary or `thin' electrons, but the
fat'n'sloppy electrons that are heavier and so settle to the bottom of the
generator. These flow down ordinary wires OK, but when they have to turn a
sharp corner (like in an IC via) they get stuck. This is what causes computer
glitches.
I laughed, said "You sound like a man who wants to hear about {quantum
bogodynamics}" and directed him to the on-line version of the book at prep.
Back to our story...
Next guy...
BRADLEY H EDWARDS SEC SPE
SECURITY-SAFETY
CONSULTS
PO BOX 536
TOPEKA KS 66601
Well, the phone number attached to this one was out of service. Security
Specialist, eh? For sure he's got the cracker/hacker bug on the brain. Then
my eyeballs tripped over the third address
PAMELA D MILLER CHIEF
USSPACE COM
STOP 4
J2C/SS0-C
CHEYENNE MTN AFB CO 80914
and I went into the mental equivalent of TILT TILT TILT. Now, any of you who
ain't congenital idiots raised in a rain barrel somewhere on the butt-end of
nowhere will already have decoded that address to "U.S. Space Command, Cheyenne
Mountain Air Force Base". Yeah, that's right. NORAD; the big tunnel complex
under the mountain from which they be plannin' to fight World War III if it
ever goes down. Huge walls of blinkenlights, 30-foot-thick blast doors,
"We could tell you, sir, but then we'd have to kill you", the whole weird trip.
Cornpone accents with their fingers on the pulse of the Apocalypse.
Oh, *man*, I said to myself. I have to talk to this woman. I haven't
forgotten the nationwide media flap after _War_Games_ came out. You remember,
that silly movie where the kid with the voice-controlled IMSAI (snort) cracks
into NORAD's computers and accidentally damn near starts a nuclear war? God
damn; I'll bet the plot of that sucker is seared into the collective psyche of
every security officer at Cheyenne Mountain, they probably screen the video
every couple months just to keep the newbies on their toes.
What kind of hideous Federal heat could land on me if PAMELA D MILLER has
hacker/cracker confusion on the brain? I imagine some steel-eyed amazon in a
blue suit exuding grim determination to Nip This Menace In The Bud. *Bad*
scene for a guy who is, after all, better known in some circles for practising
witchcraft and stone anarchist-loony politics than for The Book. Yiiiii ...
visions of sinister limos and Men In Black pulling up to my front porch. "We
want to ask you a few questions, sir." So I called my editor Terri and Guy
Steele (credited coauthor) and told them all the proceedings so far. Nervous
laughter all around. Lugubrious jokes.
I need to convince this woman and her unknown masters that I'm a *harmless*
lunatic. Time to track PAMELA D to her lair. (Yes. Think of her that way,
Pamela D., like one of those impossible anonymous synthetic blondes in an
upscale skin magazine. "Well, I'm into sailing Sunfishes and I really like
kids, you know?". Good. A *much* less threatening mental tableau.) I limber
up my phoning fingers and call the number blazoned above her address.
<click> <sputter> "NORAD operator ten. What extension?"
Gulp. "Uh, I'm trying to reach Pamela D. Miller? I got a product
information query from her."
"Do you have an extension, sir?"
"Um, no I don't. Just this number. And her address." I reel it off.
"Try the base locator at Peterson, sir. 554-4020."
"Thanks", I said, and hung up."
Ohhh-kay. NORAD for sure. Hail Eris! PAMELA D's hanging out somewhere
under a couple of cubic miles of rock, likely in some cramped little office
with 1950s-era furniture and walls painted institutional puke-green. And an
old-style black phone. (How long has it been since you've seen a black phone?)
(Trust me, this is what the military version of bureaucratic rabbit warrens
looks like.) Or maybe at some gleaming console watching telemetry from all
those KH-11s we're supposed to pretend don't exist. Hah. Heads up, Pammy;
constructive chaos is about to enter your life. All hail Discordia!
This is about where things started to get really Kafkaesque. The base
locator is their directory information desk. I ask for Pamela D. Miller's
extension and get 3247 (remember that number). I call it. Some guy who sounds
exactly like Andy Griffith answers: "
Report problems with the web pages to the maintainer