The RISKS Digest
Volume 13 Issue 03

Friday, 10th January 1992

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

CNN Nearly Reported Bush Death, due to rapidly shared computer data
Chaos Congress 91 Report
Klaus Brunnstein
Conflicting SSNs and Federal Tax Numbers
Mike Engber
Errant `timed' wreaks havoc
Clay Jackson
PC virus infects UNIX system
Bear Giles
Automated bill collectors, privacy, and accuracy
Bryan MacKinnon
The last (?) word on/from the Honda guy
Adam Gaffin
Re: "Miracle" computer-controlled piano teaching
Scott E. Preece
Ed Nilges
Info on RISKS (comp.risks)

CNN Nearly Reported Bush Death, due to rapidly shared computer data

"Peter G. Neumann" <neumann@csl.sri.com>
Fri, 10 Jan 92 9:33:56 PST
The AP reported from Atlanta 09Jan91 that CNN Headline News came within
seconds of reporting that President Bush had died at the banquet in Japan at
which he had collapsed from stomach flu on 8Jan92.  A caller identifying
himself as Bush's doctor had telephoned CNN about three hours after Bush's
collapse, and said the president was dead.
   CNN and Headline News are two floors apart but use the same newsroom
computer system.  A staff member had typed the telephoned report into the
computer.  CNN executives had determined almost immediately that the report was
a fake and pulled it from the computer file.  But downstairs at Headline News,
it had already been seen on the screen and was nearly broadcast.  CNN Headline
News anchorman Don Harrison started to read the report on the air at 9:45 a.m.
EST during coverage of Bush's collapse, when he was alerted in midsentence by
another staff member, said CNN spokesman Steve Haworth.
   The alleged caller, James Edward Smith, 71, left his number with CNN and was
traced to Idaho, where he was arrested and later put in a mental hospital.

   [Starkly abridged by PGN]


Chaos Congress 91 Report

Klaus Brunnstein <brunnstein@rz.informatik.uni-hamburg.dbp.de>
9 Jan 92 16:37 +0100
                 Report: 8th Chaos Computer Congress

On occasion of the 10th anniversary of its foundation, Chaos Computer Club
(CCC) organised its 8th Congress in Hamburg (Dec.27-29, 1991). To more than 400
participants (largest participation ever, with growing number of students
rather than teen-age scholars), a rich diversity of PC and network related
themes was offered, with significantly less sessions than before devoted to
critical themes, such as phreaking, hacking or malware construction.  Changes
in the European hacker scene became evident as only few people from Netherlands
(see: Hacktick) and Italy had come to this former hackers' Mecca.
Consequently, Congress news are only documented in German.  As CCC's founding
members develop in age and experience, reflection of CCC's role and growing
diversity (and sometimes visible alienity between leading members) of opinions
indicates that teen-age CCC may produce less spectacular events than ever
before.

This year's dominating theme covered presentations of communication techniques
for PCs, Ataris, Amigas and Unix, the development of a local net (mousenet.txt:
6.9 kByte) as well as description of regional (e.g.  CCC's ZERBERUS;
zerberus.txt: 3.9 kByte) and international networks (internet.txt: 5.4 kBytes),
including a survey (netzwerk.txt: 53.9 kByte).  In comparison, CCC'90 documents
are more detailed on architectures while sessions and demonstrations in CCC'91
(in "Hacker Center" and other rooms) were more concerned with practical
navigation in such nets.

Phreaking was covered by the Dutch group HACKTIC which updated its CCC'90
presentation of how to "minimize expenditures for telephone conversations" by
using "blue" boxes (simulating specific sounds used in phone systems to
transmit switching commands) and "red" boxes (using telecom-internal commands
for testing purposes), and describing available software and recent events.
Detailed information on phreaking methods in soecific countries and bugs in
some telecom systems were discussed (phreaking.txt: 7.3 kByte). More
information (in Dutch) was available, including charts of electronic circuits,
in several volumes of Dutch "HACKTIC: Tidschrift voor Techno-Anarchisten"
(=news for techno-anarchists).

     Remark #1: recent events (e.g. "Gulf hacks") and material presen ted on
 Chaos Congress '91 indicate that Netherland emerges as a new European center of
 malicious attacks on systems and networks.  Among other potentially harmful
 information, HACKTIC #14/15 publishes code of computer viruses (a BAT-virus
 which does not work properly; "world's shortest virus" of 110 bytes, a
 primitive non-resident virus significantly longer than the shortest resident
 Bulgarian virus: 94 Bytes).  While many errors in the analysis show that the
 authors lack deeper insigth into malware technologies (which may change), their
 criminal energy in publishing such code evidently is related to the fact that
 Netherland has no adequate computer crime legislation.  In contrast, the advent
 of German computer crime legislation (1989) may be one reason for CCC's less
 devotion to potentially harmful themes.

     Remark #2: while few Netherland universities devote research and teaching
 to in/security, Delft university at least offers introductory courses into data
 protection (an issue of large public interest in NL) and security.  Professors
 Herschberg and Aalders also analyse the "robustness" of networks and systems,
 in the sense that students may try to access connected systems if the adressed
 organisations agree.  According to Prof. Aalders (in a recent telephone
 conversation), they never encourage students to attack systems but they also do
 not punish students who report on such attacks which they undertook on their
 own.  (Herschberg and Alpers deliberately have no email connection.)

Different from recent years, a seminar on Computer viruses (presented by Morton
Swimmer of Virus Test Center, Univ. Hamburg) as deliberately devoted to
disseminate non-destructive information (avoiding any presentation of virus
programming).  A survey of legal aspects of inadequate software quality
(including viruses and program errors) was presented by lawyer Freiherr von
Gravenreuth (fehlvir.txt: 5.6 kByte).

Some public attention was drawn to the fact that the "city-call" telephone
system radio-transmits information essentially as ASCII.  A demonstration
proved that such transmitted texts may easily be intercepted, analysed and even
manipulated on a PC.  CCC publicly warned that "profiles" of such texts (and
those adressed) may easily be collected, and asked Telecom to inform users
about this insecurity (radioarm.txt: 1.6 kByte); German Telecom did not follow
this advice.

Besides discussions of emerging voice mailboxes (voicebox.txt: 2.8 kBytes), an
interesting session presented a C64-based chipcard analysis systems
(chipcard.txt: 3.3 kBytes).  Two students have built a simple mechanism to
analyse (from systematic IO analysis) the protocol of a German telephone card
communicating with the public telephone box; they described, in some detail
(including an elctronmicroscopic photo) the architecture and the system
behaviour, including 100 bytes of communication data stored (for each call, for
80 days!)  in a central German Telecom computer. Asked for legal implications
of their work, they argued that they just wanted to understand this technology,
and they were not aware of any legal constraint.  They have not analysed
possibilities to reload the telephone account (which is generally possible, due
to the architecture), and they didnot analyse architectures or procedures of
other chipcards (bank cards etc).

Following CCC's (10-year old charta), essential discussions were devoted to
social themes.  The "Feminine computer handling" workshop deliberately excluded
men (about 25 women participating), to avoid last year's experience of male
dominancy in related discussions (femin.txt: 4.2 kBytes).  A session (mainly
attended by informatics students) was devoted to "Informatics and Ethics"
(ethik.txt: 3.7 kByte), introducing the international state-of-discussion, and
discussing the value of professional standards in the German case.

A discussion about "techno-terrorism" became somewhat symptomatic for CCC's
actual state.  While external participants (von Gravenreuth, Brunnstein) were
invited to this theme, CCC-internal controversies presented the panel
discussion under the technical title "definition questions".  While one
fraction (Wernery, Wieckmann/terror.txt: 7.2 kByte) wanted to discuss
possibilities, examples and dangers of techno-terrorism openly, others (CCC
"ol'man" Wau Holland) wanted to generally define "terrorism" somehow
academically, and some undertook to describe "government repression" as some
sort of terrorism.  In the controversial debate (wau_ter.txt: 9.7 kByte), few
examples of technoterrorism (WANK worm, development of virus techniques for
economic competition and warfare) were given.

More texts are available on: new German games in Multi-User Domain/Cyberspace
(mud.txt: 3.8 kByte), and Wernery's "Btx documentation" (btx.txt: 6.2 kByte);
not all topics have been reported.  All German texts are available from the
author (in self-extracting file: ccc91.exe, about 90 kByte), or from CCC
(e-mail: SYSOP@CHAOS-HH.ZER, fax: +49-40-4917689).

Klaus Brunnstein, University of Hamburg (Jan.8, 1991)


Conflicting SSNs and Federal Tax Numbers

Mike Engber <engber@aristotle.ils.nwu.edu>
Fri, 10 Jan 92 14:22:17 CST
If your Social Security Number = FedTaxNumber of some business, you could be in
for problems. It turns out that both SSNs and Federal Tax number are 9 digits
and the government does issue Fed Tax numbers that match SSNs.

I recently tried to open an account at Savings of America, they did a credit
check with ChexSystems and my SSN flagged a problem.

After 3 months, and much aggravation it turns out that some business has a
Federal Tax number that is the same as my Social Security number and that
business did something to get reported to ChexSystems.

I'm not sure there is anything I can do. Assuming the business really did
something, the credit ding could be legit.

ChexSystems reports that the business does not have my name on it, but from the
S&L's point of view it's possible I opened a business account using my SSN
under the business's name name. ChexSystems won't even tell me the name of the
business.

I don't really care about opening up this particular account, but I'd don't
want me to come back and haunt me in the future, If anyone has any ideas,
please email engber@ils.nwu.edu.


Errant `timed' wreaks havoc

Clay Jackson <cjackso@nv6.uswnvg.com>
Fri, 10 Jan 92 13:54:36 PST
We had an interesting experience this morning with `timed' (a unix Network time
daemon).  A vendor brought a demonstration machine to a first-time unix user,
who let the vendor install it and boot it while it was connected to our
network.  The machine had a `timed' set up as a master.  When the vendor booted
the machine, he did not set the time.

So, the first time one of our other machines on the net asked for the time,
this machine responded.  Soon all of our machines thought that the date was
1/1/1970.  When this was first noticed, our SysAdmins found the errant machine
and shut it down.  Unfortunately, the story doesn't end here.

It seems that there was also a bug in our 'real' `timed' software, such that
any date with more than 1 digit in the day is not handled correctly.  So, the
date went from 1/1/70 to 10/10/92 instantly.  This caused further havoc with
things like 'at' and all sorts of other unix utilities.

We're still picking up the pieces of our database (which tracks things like
work orders and trouble tickets, some of which now have ages of 20+ years!).

Needless to say, we're working on a `reasonableness' check for `timed', as
well as (more) controls on what gets put on our network!

Clay Jackson, US West NewVector Group Inc


PC virus infects UNIX system

Bear Giles 271 X-6076 <bear@fsl.noaa.gov>
Fri, 10 Jan 92 09:40:56 MST
We were configuring the ethernet card on our new 486 UNIX (SVR5) box when we
determined that we needed to boot and run DOS to run the ethernet configuration
program.  (Or possibly the EISA configuration — this happened in my office but
I was not involved).

No problem: simply create a boot disk from the DOS system across the hall and
reboot DOS.

Unfortunately, that system had been infected with the 'Stoned' virus.  This
virus overwrote the UNIX BOOT TRACK when the infected DOS was booted.

Result — no more SVR5.  We will probably have to perform a low-level format of
the disk and rebuild the UNIX from original media.

Morals: 1) don't ignore DOS viruses simply because you run UNIX unless you
NEVER need to use DOS.  2) Pound on DOS users to note and report strange
behavior because some infections are very costly (several person-days to
rebuild this system — at least it was new and had no work-in-progress on it!)

Bear Giles   bear@fsl.noaa.gov


Automated bill collectors, privacy, and accuracy

Bryan MacKinnon <mackinno@fndaud.fnal.gov>
Fri, 10 Jan 92 09:27:43 CST
A recent incident that happend to me has called me to question the accuracy
and privacy of bill collecting.

One evening, I received a phone call at home.  When I answered, I was
greeted by a synthetic voice stating: "Hello, I have importantant
information for Jane Doe, if you are that person, please press 1 now." (I
replace the real name here with Jane Doe for privacy.)  I was and am not
Jane Doe so I hung up.  The next night, I received around the same time
the same phone call - again I hang up.  This went on for five days.

Sure enough, on the sixth day, my synthetic friend calls me again.
Annoyed and a bit curious, I finally press 1. The voice then begins to
tell me that Jane Doe, of address [not mine], had a CaT scan that has
not been paid for.  It gave me the date, hospital, referring doctor,
and reason for the scan.

This amazed me for many reasons.  I knew some very private things about
a complete stranger, including a physical disorder she had (abeit
minor), merely because of an incorrect telephone in a database.  If the
automated bill service did not have her phone number and perhaps her
address correct, that could explain why she has not paid her bill.

Well, that was the last time I heard from my automated friend.  I assume that
the autocalling program noted that it delivered its message and it was done
with its responsibility.  What happened to Jane Doe, I do not know.
                                                                    — Bryan.


The last (?) word on/from the Honda guy

Adam Gaffin <adamg@well.sf.ca.us>
Fri, 10 Jan 92 08:00:00 -0800
Note comments from the man himself

Adam Gaffin, Middlesex News, Framingham, Mass.   adamg@world.std.com
Voice: (508) 626-3968. Fred the Middlesex News Computer: (508) 872-8461

Judge pulls the plug on Holliston man's calls, By Lisa LaBanca,
Middlesex News, Framingham, Mass., 1/10/92

NEWS STAFF WRITER
     HOLLISTON - A federal judge has hung up the Honda phone of Holliston
resident Daniel Gregory.  The American Honda Motor Co. has obtained a permanent
injunction in federal court that prohibits him from harassing the company.
     The injunction was granted in U.S. District Court in Boston this week,
according to Bob Butorac, a spokesman for the Torrance, Calif.-based carmaker.
Butorac said that the Burnap Road resident signed an agreement to not
telephone, send facsimile transmissions or otherwise harass the company. ``It
would appear that the issue is now closed,'' Butorac said.
     Gregory, 31, made national news when American Honda decided to go to court
to prevent him from calling or sending facsimile transmissions over the
company's telephone lines. The company said Gregory had made more than 100
phone calls in one day last fall and transmitted multi-page letters by fax over
four days.  American Honda blocked off all calls to its 800 numbers from the
508 area code in order to keep Gregory from tying up the lines.  ``His phone
calling inconvenienced other customers who were trying to call us,'' Butorac
said.
     Gregory, the owner of a 1990 Honda Civic CRX, said his car did not stop
properly in the rain.  Gregory said yesterday {Thursday} that he would abide by
the consent agreement until he disposes of the car. The agreement did not
require Gregory to admit that he had harassed the company.  ``In no way have I
given up my quest to solve the problem,'' Gregory said.  But he said the
experience was useful. ``It gave me some interesting insight: I've got to be a
lot more careful in not losing my cool,'' he said.  ``You can compromise your
opportunity to pursue a resolution if you lose your cool.''
     Gregory is thinking about initiating a suit of his own: He claims that an
American Honda executive contacted an area dealership and notified its
management that Gregory might call them.  The dealership later refused to
service his car, Gregory said. ``As far as I'm concerned, he prejudiced that
dealership against me.''


Re: "Miracle" computer-controlled piano teaching (RISKS-13.02)

Scott E. Preece <preece@urbana.mcd.mot.com>
Fri, 10 Jan 92 09:43:54 -0600
| This is it could not recognize the slight improvisation represented by grace
| notes as an improvement over the music displayed on the screen.  In my opinion,
| a good piano teacher would give Couric a higher score for the creativity
| implicit in grace notes.

That depends on whether the teacher had told her to play it as written or to
perform it.  Playing the instrument involves basic skills that must be
mastered; performing compositions involves *both* those skills and aesthetic
skills that have to be learned/acquired separately.  It makes a lot of sense
for a computer training system to grade students on their mastery of playing
skills.  At the present level of AI, it makes no sense at all for a computer
training system to make aesthetic judgements.

Think of it as more like a typing teacher than like a music teacher.

| More than this, the developers of "The Miracle" seem unaware of the fact that
| Playing The Music Exactly As Written (PTMEAW) is (in a global sense) not the
| usual practice.  Not only is folk music almost completely improvised, Indian
| classical music gains much of its richness from being IN PART improvised by
| master musicians every time it is performed.

Note the phrase "master musicians" in that last sentence.  You have to earn
your freedom (you're totally free to play whatever you like in your living room
and grade yourself, but if you want to submit yourself for public evaluation,
you'd better have the technical skills to support your improvisational
insight).

Back when I lived in a city, I went to a lot of piano recitals.  I would say
Vladimir Horowitz made more technical mistakes than almost anyone else I heard,
but was also the most riveting and persuasive of the lot.  My daughter, on the
other hand, though better technically and musically than most kids her age,
would probably profit a lot from a mechanical grading that would not let her
get away with sloppiness.

No, it won't make you a musician.  That requires insight and experience.  A
good human teacher will help the student acquire those.  But you'll never be
able to express your musicianship unless you acquire the mechanical skills that
something like the Miracle Keyboard *can* help you with.


Re: "Miracle" computer-controlled piano teaching (RISKS-13.02)

Ed Nilges <egnilges@phoenix.Princeton.EDU>
Fri, 10 Jan 1992 16:45:26 GMT
>instrumentalist in a concerto provided a "coda" in which the soloist could

Thanks to Phil Karn of the University of Chicago for correcting this post on a
matter of detail.  He reminded me that the improvisational section is a
"cadenza" rather than a "coda", and of course a "coda" is the section in the
concerto towards the end in which the soloist and the orchestra usually play
"tutti."  A rose by any other name and all that, and the fact remains that in a
world-music sense improvisation is the norm rather than the exception (being
vestigial in Western classical music through Mozart in the form of the CADENZA)
but my apologies to comp.risks for this slip.

Please report problems with the web pages to the maintainer

x
Top