The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 13 Issue 33

Thursday 2 April 1992

Contents

o William Gibson, An (On-Line) Book of the Dead
PGN
o NSA and cryptographic software
PGN
o US Navy radar jammers pass test despite software errors
Jay Brown
o SDI (from Newsweek)
John Sloan
o A remarkably stupid design decision
Geoff Kuenning
o Risk of "parameter validation" hype
Mark Jackson
o Re: FBI v. digital phones
Daniel B. Dobkin
o Re: Laws to Ease Wiretapping
A. Padgett Peterson
o Re: Aviation Software Certification
Brian Randell
o WAR GAMES II
Eric S. Raymond
o Info on RISKS (comp.risks)

William Gibson, An (On-Line) Book of the Dead

"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 2 Apr 92 9:08:13 PST
William Gibson, well known for his "Neuromancer" (which in 1986 anticipated
what is today known as virtual reality), has a new book, "Agrippa (A Book of
the Dead)" that apparently will be available ONLY in computer-diskette form,
according to Entertainment Weekly.

As reported in the San Francisco Chronicle (31 Mar 1992, p.D3), "Gibson plans
to infect the disk with a virus that will make it impossible to transfer the
text to paper."

This supposed "virus" (more like a logic bomb or a confinement lock?) will
undoubtably present an interesting challenge to MSDOS crackers, antiviralists,
virtual realists, and foreign ripoffs.  If it were to run on Unix, where you
can external to the program trivially pipe the output to a file, at least the
text would be easy to capture.  However, perhaps this is really a situation in
which it is the graphical screen image that is relevant rather than the words.
Digitized sound would also make it hard to transfer to paper.

There is also the likelihood that a succession of home-grown purgated editions
might appear, with incremental changes in the dialogue, visuals, and plot line.
You don't like the ending?  You want pornographic augmentations?  Roll your own
modifications!  Tinkering is generally easier than creating in the first place.
So, the book also needs some sort of integrity lock (checksum or crypto seal
[is a sea-lion a cryptoseal?]) to provide tamper detection; however, many such
schemes can be defeated by careful modifications that continue to satisfy the
check.  But, if Gibson has come up with an interactive, interpretively
developed book that creates its own virtual reality on the screen, that could
be quite an exciting development.

  [Note: It is important not to confuse the SF Chronicle noted above with
  the other publication with the same handle, the Science Fiction Chronicle,
  although sometimes it is hard to tell the difference.]


NSA and cryptographic software

"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 2 Apr 92 9:23:37 PST
The NSA and the Software Publishers' Association appear to have reached an
agreement that would allow some exports of cryptographic software, as long as
the keys are constrained to be sufficiently short.  The net effect is a slight
but potentially useful improvement over what was previously exportable.
[Source: An article, NSA May Loosen Curbs on Software Sales Abroad, by Don
Clark, Chronicle Staff Writer, San Francisco Chronicle, 24 Mar 1992, p.C1]

Now that NSA and RSA have come a little closer, we need to bring in BSA (the
Boy Scouts of America).  Be prepared!  Imagine, a merit badge for cryptography?

  [For some background on RSA, see Burt Kaliski's contribution on the free (to
  noncommercial users) RSAREF privacy-enhanced mail toolkit, RISKS-13.22.]


US Navy radar jammers pass test despite software errors

Jay Brown <jbrown@phoebus.ncsc.navy.mil>
Thu, 2 Apr 92 08:02:29 CST
There was a report last week on CNN Headline News about the US Navy improperly
certifying radar jamming equipment for Navy jets (I think the F-14 and the
F/A-18 were mentioned).  According to the report, the Navy tested and certified
these jammers despite the fact that the equipment failed several tests or did
not meet all the criteria for certification.  As a consequence, some
congressional subcommittee or another was investigating the Navy's
certification procedures. The Navy's excuse for certifying these systems
despite the failed tests was to blame the failures on software errors,
according to the report.

The report did not mention who manufactured the radar jammers or who wrote the
software in question.

-- John L. Brown, jbrown@phoebus.ncsc.navy.mil


Newsweek, March 23,1992, on SDI

John Sloan <jsloan@niwot.scd.ucar.EDU>
Sat, 28 Mar 92 12:16:32 MST
The March 23, 1992 edition of _Newsweek_ features an article critical
of research related to the Strategic Defense Initiative. The article
is titled "Safety Net Full of Holes" (pp. 56-59), written by Sharon
Begley and Daniel Glick. It contains this reassuring passage:

    "[The] Pentagon disagrees that deploying a space-
    and ground-based defense system poses significant
    technical challenges. The complexity of the software
    required to coordinate Star Wars, for instance, is no
    more daunting than programs that control nuclear
    reactors, it says."

Now we can all breath a sigh of relief. [ All typos are mine. ]

John Sloan, NCAR/SCD, jsloan@ncar.ucar.edu


A remarkably stupid design decision

Geoff Kuenning <desint!geoff@uunet.UU.NET>
Thu, 2 Apr 92 03:03:19 PST
I just had to pass this one on because it was so funny/sad.  A client told me
today of a consultant who designed a menu-driven system to be used by
accountants for financial purposes.  Needing a special character to signify
"return to main menu", he chose one that "nobody uses" (his words).  The
character?  The dollar sign!

Needless to say, on the first day the software was installed, my
client got a frantic call.  "Every time I try to enter a dollar
amount, it pops me back to the menu!"

Sigh.       Geoff Kuenning   geoff@ITcorp.com   uunet!desint!geoff


Risk of "parameter validation" hype

Mark Jackson <MJackson.wbst147@xerox.com>
Thu, 2 Apr 1992 06:15:04 PST
So Microsoft is touting "parameter validation" as a bold new innovation.  You
forgot to cite the obvious Risk: someone's inevitable attempt to *patent*
parameter validation. . .


Re: FBI v. digital phones (Kantor, RISKS 13.32)

"Daniel B. Dobkin" <dbd@ans.net>
Thu, 2 Apr 92 10:13:21 EST
Brian Kantor notes that a monitoring capability is an essential diagnostic
element of any telephone switch, digital or analog.  He suggests that the only
purpose conceivable for a law such as the FBI proposes is to enable wiretaps
without Telco cooperation; this in turn is most likely to occur when the FBI
doesn't have a proper warrant, either.  Hence, "[W]hat they are asking for is
the ability to make warrantless taps."

In fairness to the FBI, there are other possibilities, such as when a Telco
employee is himself the subject of an investigation.  Not much, I agree, but
let's try to assume that the Bureau's motivation is pure, even if its proposed
implementation isn't.


Laws to Ease Wiretapping

A. Padgett Peterson <padgett@tccslr.dnet.mmc.com>
Wed, 1 Apr 92 22:37:48 -0500
    This makes the second time in recent months we have heard of government
initiatives to make wiretapping of data traffic easier.  Interestinly, there
are a couple of companies currently working on devices (and must admit I have
been prodding them for a couple of years) that should make it an order of
magnitude more difficult:

    For some time now, I have been concerned about tapping, particularly when
performing my daily security duties while at conferences. Currently I rely on a
"smart card" or dynamic access device for one-time passwords to avoid spoofing.
About two years ago the following thought crossed my mind:

    Years ago when maintaining  KY-26 cryptographic equipment,
(my AFSC was 306mop0) brave souls used to bring up encrypted channels
"blind" to minimise time away from the poker game. Instead of changing
the transmit side first and using the receive side to verify reception,
we used to change both sides at once by taking a pre-established count
to go "bravo india" and create a synchronized duplex connection. If we
could communicate, we would know that it had worked (what was done if
it did not is not disclosable but involved the butt end of a large
screwdriver).

   Similarly, a couple of years ago I was talking to one of the major vendors
of "dynamic access control devices" about use to provide full encryption of all
traffic. Currently, the way such a system works is that when a login occurs,
the host sends out a multi-digit "challenge".  In my case, I enter the
challenge followed by a PIN into a card which then calculates a reply. I send
back the reply as a password that lets me into the system.

    What I postulated was that instead of sending the reply back to the
host, it be fed into my laptop as the seed for encryption. The laptop
then sends a "bravo india" to the host telling it to start encryption.
Since the host knows what the reply should be, it uses that as its own
seed. If both sides are then able to communicate, they authenticate each
other simultaneously while providing full encryption of all following
traffic.

    One of the major problems was loss of synch from line noise, but the
current crop of error-correcting modems has made such encryption not only
feasible but also easy and at whatever level (DES, RSA, ...) is desired.


Re: Aviation Software Certification

<Brian.Randell@newcastle.ac.uk>
Mon, 30 Mar 92 12:56:51 BST
Last month I sent to RISKs a copy of an article that appeared in the (UK)
Computer Weekly on 6 February which carried the headline "Experts warned CAA
before Airbus disaster". Attached is a letter, from the experts concerned,
complaining at this article. This letter was I understand published by Computer
Weekly on February 13, and has just been drawn to my attention. Despite the
delay, I suggest that it be included in RISKs, in view of the comments it makes
on the original article.
                                           Brian Randell

                                -----------

AIRBUS SOFTWARE IN THE CLEAR

We are the three BCS "software experts" who visited the CAA in January to
discuss the new draft standard for software in aircraft systems D0-178B.

We believe that it is misleading that you linked our technical visit to the CAA
to the subsequent A320 Airbus crash. There is no evidence of any fault in any
safety-critical software on the A320 Airbus crash. It is too early to know the
causes of the crash and irresponsible to imply that we were in any way trying
to "warn the CAA" about the A320.

Our concerns about the draft D0-178B are technical and relate to its inadequacy
as a basis for objective certification of the reliability of software in
airborne systems. All modern passenger aircraft contain safety-critical
software and our comments to the CAA did not relate to any specific aircraft.

The CAA received our comments constructively and readily agreed to pass each
criticism to the international team which is reviewing the draft standard.

Bev Littlewood, Martyn Thomas, Brian Wichmannn

Computing Laboratory, The University, Newcastle upon Tyne, NE1 7RU, UK
EMAIL = Brian.Randell@newcastle.ac.uk   PHONE = +44 91 222 7923
FAX = +44 91 222 8232


WAR GAMES II

Eric S. Raymond <eric@snark.thyrsus.com>
2 Apr 92 02:34:52 GMT
            WAR GAMES II
                or
    How I Learned To Start Worrying and Hate The Bomb

[posted to comp.risks; an incomplete version previously went to other groups]

   Some of my friends call me an `improbability vortex' --- the kind of person
weird stuff just naturally happens around.  Occasionally I manage to to forget
why; my life doesn't seem bizarre to *me*.  Then, something happens to remind
me...

   Wednesday, March 25 1992: a fairly ordinary day in the life of Eric Raymond,
Boy Hacker.  Shower, read netnews, phone calls, some revision on the clone
hardware buyer's guide I've been working on for comp.unix.sysv386.  Will the
top ten vendors go for my idea of a competitive "UNIX Dream Machines Bake-Off"?
Hmm...well, Swan Tech wants to sign up, that's a start.  Ah, the mail's in.

   Riffle, riffle.  What's this?  Forwarded from MIT Press.  Something about
the book, no doubt...

   The Book: if you don't know it already, I edited a lexicon called
_The_New_Hacker's_Dictionary_  (MIT Press, 1991, ISBN 0-262-68069-6).  It's
all about hacker language and folklore.  Sold 14,000 copies in its first
seven months, got rave reviews everywhere, good stuff like that.  Got my
first nut-case letter about a month back --- always heard that was supposed
to happen to authors.  Some of the fallout has been weird.  Ouch, fallout ---
*bad* choice of words.  Back to our story.

   Hm.  From ISPNews.  INFOSecurity Product News.  Eh?  Never heard of them;
sounds like some trade rag for professional paranoids.  Computer form on the
inside; addressed to ERIC RAYMOND EDITOR, THE MIT PRESS, MASS INST OF
TECHNOLOGY, CAMBRIDGE MA 02142.  I see what happened; the Press's editorial
address miscegenated with my book credit in someone's mailing-list software,
and some clerical droid at the Press didn't look at content and forwarded
a piece of mail that should have stayed in-house.

   What we've got here is, oh, yeah, must be a report from the magazine's
bingo card.  Reader service; they circle numbers, you get a bunch of product
info requests.  OK, who wants to know about my book?  Maybe I'll give them
a surprise and answer it myself.  They probably all think the book is a how-to
manual for crackers.  Damn all journalists for what they did to the word
"hacker", anyhow...

   There were four.  First one:

   DAVID CARGILL SYSTEMS A
   GUARDIAN LIFE INS
   STE 201
   888 SEVENTH AVE
   NEW YORK         NY 10106

   Oh, boring, I thought to myself.  Actually he turned out not to be; I spoke
with him, later, and the guy turns out to be an old UNIX hand who, when I
explained what the book is really about, cheerfully expatiated on Cargill's
Theory of Fat Electrons.

   See, Con Edison sucks its line current out of the big generators with a pair
of coil taps located near the top of the dynamo.  When the normal tap brushes
get dirty, they take 'em off line to clean up, and use special auxilliary
taps on the *bottom* of the coil.  Now (sez Cargill) this is a problem,
because when they do that they get not ordinary or `thin' electrons, but the
fat'n'sloppy electrons that are heavier and so settle to the bottom of the
generator.  These flow down ordinary wires OK, but when they have to turn a
sharp corner (like in an IC via) they get stuck.  This is what causes computer
glitches.

   I laughed, said "You sound like a man who wants to hear about {quantum
bogodynamics}" and directed him to the on-line version of the book at prep.
Back to our story...

   Next guy...

   BRADLEY H EDWARDS  SEC SPE
   SECURITY-SAFETY
   CONSULTS
   PO BOX 536
   TOPEKA            KS 66601

Well, the phone number attached to this one was out of service.  Security
Specialist, eh?  For sure he's got the cracker/hacker bug on the brain.  Then
my eyeballs tripped over the third address

   PAMELA D MILLER CHIEF
   USSPACE COM
   STOP 4
   J2C/SS0-C
   CHEYENNE MTN AFB  CO 80914

and I went into the mental equivalent of TILT TILT TILT.  Now, any of you who
ain't congenital idiots raised in a rain barrel somewhere on the butt-end of
nowhere will already have decoded that address to "U.S. Space Command, Cheyenne
Mountain Air Force Base".  Yeah, that's right.  NORAD; the big tunnel complex
under the mountain from which they be plannin' to fight World War III if it
ever goes down.  Huge walls of blinkenlights, 30-foot-thick blast doors,
"We could tell you, sir, but then we'd have to kill you", the whole weird trip.
Cornpone accents with their fingers on the pulse of the Apocalypse.

   Oh, *man*, I said to myself.  I have to talk to this woman.  I haven't
forgotten the nationwide media flap after _War_Games_ came out.  You remember,
that silly movie where the kid with the voice-controlled IMSAI (snort) cracks
into NORAD's computers and accidentally damn near starts a nuclear war?  God
damn; I'll bet the plot of that sucker is seared into the collective psyche of
every security officer at Cheyenne Mountain, they probably screen the video
every couple months just to keep the newbies on their toes.

   What kind of hideous Federal heat could land on me if PAMELA D MILLER has
hacker/cracker confusion on the brain?  I imagine some steel-eyed amazon in a
blue suit exuding grim determination to Nip This Menace In The Bud.  *Bad*
scene for a guy who is, after all, better known in some circles for practising
witchcraft and stone anarchist-loony politics than for The Book.  Yiiiii ...
visions of sinister limos and Men In Black pulling up to my front porch.  "We
want to ask you a few questions, sir."  So I called my editor Terri and Guy
Steele (credited coauthor) and told them all the proceedings so far.  Nervous
laughter all around.  Lugubrious jokes.

   I need to convince this woman and her unknown masters that I'm a *harmless*
lunatic.  Time to track PAMELA D to her lair. (Yes.  Think of her that way,
Pamela D., like one of those impossible anonymous synthetic blondes in an
upscale skin magazine.  "Well, I'm into sailing Sunfishes and I really like
kids, you know?".  Good.  A *much* less threatening mental tableau.)  I limber
up my phoning fingers and call the number blazoned above her address.

   <click> <sputter> "NORAD operator ten.  What extension?"
   Gulp.  "Uh, I'm trying to reach Pamela D. Miller?  I got a product
information query from her."
   "Do you have an extension, sir?"
   "Um, no I don't.  Just this number.  And her address." I reel it off.
   "Try the base locator at Peterson, sir.  554-4020."
   "Thanks", I said, and hung up."

   Ohhh-kay.  NORAD for sure.  Hail Eris! PAMELA D's hanging out somewhere
under a couple of cubic miles of rock, likely in some cramped little office
with 1950s-era furniture and walls painted institutional puke-green.  And an
old-style black phone. (How long has it been since you've seen a black phone?)
(Trust me, this is what the military version of bureaucratic rabbit warrens
looks like.)  Or maybe at some gleaming console watching telemetry from all
those KH-11s we're supposed to pretend don't exist.  Hah.  Heads up, Pammy;
constructive chaos is about to enter your life.  All hail Discordia!

   This is about where things started to get really Kafkaesque.  The base
locator is their directory information desk.  I ask for Pamela D. Miller's
extension and get 3247 (remember that number).  I call it.  Some guy who sounds
exactly like Andy Griffith answers: "

                    
    

Please report problems with the web pages to the maintainer

Top