The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 13 Issue 49

Saturday 16 May 1992

Contents

o Shuttle computer miscomputes rendezvous
John Sullivan
o The computer made me do it! [Brain enchipment]
Bear Giles
o NY Times Columnist Protests Efforts to Prevent Secure Communications
Peter D. Junger
o New York Times Computer Typesetting
Craig Partridge
o Lack of FTP warning "destroys" hard drive
Taed Nelson
o Ankle bracelet; a busy phone ==> scott-free
McGrew
o No access to exchange via Cellnet
Lord Wodehouse
o OTA has issued a report re "software property"
Jim Warren
o Pentagon taps hackers to write viruses
John Mello
o Re: Microsoft advocates killing of Jews
Mathew
o Two privacy newsgroups [Don't confuse them.]
PGN
o Announcing the PRIVACY Forum digest!
Lauren Weinstein
o Computer Privacy Digest/comp.society.privacy
Dennis G. Rears
o MDC, the C-17 and the F-15E
John Karabaic
o Info on RISKS (comp.risks)

Shuttle computer miscomputes rendezvous

<sullivan@geom.umn.edu>
Thu, 14 May 92 16:32:19 CDT
Buried in a lead article ("from News Services") about the space shuttle
in this morning's (Minneapolis) Star Tribune is the sentence:

    The spacewalk was [...] delayed for 1 1/2 hours because
    Endeavour's on-board computer made a mistake in plotting the
    route needed to rendezvous with the satellite.

I hope someone will have more information on this.

-John Sullivan@Geom.UMN.Edu


The computer made me do it! [Brain enchipment]

Bear Giles <bear@tigger.cs.colorado.edu>
Fri, 15 May 1992 11:46:17 -0600
_Rocky Mountain News_, 15 May 1992, page 211

Computer Chip Get Blame

A woman who went on trial Wednesday in the shooting of three people at a Denver
homeless shelter three years ago blamed the rampage on a computer chip she said
her ex-husband planted in her brain.  Juanita Whitaker, 42, pleaded innocent by
reason of insanity in the Dec. 7, 1988, attack at the Brandon Center for
homeless and battered women.  One victim, a maid at the center, died in the
attack.
                        Bear Giles, bear@fsl.noaa.gov


NY Times Columnist Protests Efforts to Prevent Secure Communications

Peter D. Junger <junger@samsara.law.cwru.edu>
Thu, 14 May 92 13:04:41 EDT
William Safire's column in the New York Times for May 11, 1992 (Page A15,
Column 1) contains a sharp attack upon the Bush Administration's efforts to
prevent the use of technology designed to allow secure communications.  The
essay is called: "Foiling the Compu-Tappers".

Here are some quotes:

   [...] You might think, with foreign economic spies intercepting our global
data transmissions, faxes and phone calls, the Bush Justice Department and
National Security Agency would be helping American businesses defend
communications from prying eyes and ears of overseas competitors eager to steal
our scientific advantage.

    The opposite is the case. In a policy blunder ranking with the adoption of
the Smoot-Hawley tariff as depression loomed, the Bush Administration sent
F.B.I. Director William Sessions to Congress to argue for a weakening of the
devices U.S. citizens use to encode and keep confidential the information our
competition would love to see.  [...]

   This is a classic case of falling off the pace of change. In the name of law
enforcement, we are making ourselves technologically vulnerable to
international criminality. To preserve the huge investment in our old
eavesdropping facilities, we are abandoning the field to modern organized
crime.

   Does anyone seriously think that state terrorism cannot afford the best
encryption and penetration software, or that drug cartels cannot buy the latest
encryption devices for their money movements? [...]

   The trouble with both our Federal law enforcement and intelligence services
is that they have become hooked on yesterday's technology.  Electronic
surveillance for cops and satellite photography for spooks have become central
to their lives; their reaction to the inexorable improvement in encryption is
to say to the world of science: slow down.

   It won't. In trying to sweep back the tide of change, King Canute-style, the
F.B.I. is the front for the intelligence community, which hates to be forced to
go back to the difficult days of running human spies. The N.S.A. (No Such
Agency) is obsolescent because its expensive eavesdropping is an offensive
weapon in the coming age of digital defense.  [...]

   Mr. Bush is on the wrong side of this issue (and Ross Perot will take
him apart on it in debate) because his mindset is toward old-fashioned
spookery and against personal privacy.

   In the end, that's what this futile scramble to stop the scrambling
will come down to: not to stop the march of progress, not to take tools
from counterspies, but to preserve business and personal privacy.

   The coming Information Age threatens to be intrusive; the individual
will be watched, examined, crowded. At the same time, to the happy tune
of "I got algorithm," the  computer-telephone complex brings us defenses
against its own intrusion.

Peter D. Junger, Case Western Reserve University Law School, Cleveland, OH
Internet:  JUNGER@SAMSARA.LAW.CWRU.Edu -- Bitnet:  JUNGER@CWRU


New York Times Computer Typesetting

Craig Partridge <craig@aland.bbn.com>
Tue, 12 May 92 12:34:26 -0700
Has anyone else noticed that the New York Times (at least the west coast
edition) seems to have lots of trouble with computer typesetting?

Yesterday they had a notice on the front page that due to computer problems,
some articles were not complete.  The issue also had a lot of articles with
headlines in the wrong fonts.  It looked rather like someone had put the paper
together by cut and paste.

Today, the pull-out quotes in Science Times were scrambled so that the
article on jury behavior had pull-out quotes from the article on crystals
in the human brain.  Made for an amusing, if accidental, editorial.

Craig Partridge     E-mail: craig@aland.bbn.com or craig@bbn.com


Lack of FTP warning "destroys" hard drive

Taed Nelson <nelson@berlioz.nsc.com>
Fri, 15 May 92 16:50:40 PDT
About a year back, a co-worker asked me how to re-partition his hard drive.  I
told him that this was a silly idea, considering that he had lots of space and
the partitions didn't get into anyone's way.  He just wanted to do it because
it was "better".

Anyway, after explaining that he would have to save all of the old data some
place (and suggesting that he not use millions of floppies, but instead FTP it
up to our Unix system), he went away.

About an hour later, he came back asking for PKzipFix.  I asked him why, and he
told me that PKunzip was complaining that he had a bad ZIP file.  I went over
to his desk, and after about 15 minutes of questioning, I realized what had
happened.

He had PKzip-ed each of his partitions and FTP-ed them up to the system.
Unfortunately, he did not specify BINARY mode, and so it only transferred ASCII
characters and converted CRLFs to LFs.  Since he had reformatted his drive, all
of that data was lost...

The RISK was that FTP had no warning message of the following sort:
    WARNING: Non-ASCII characters found while in ASCII mode.
I suppose that some further argument could be made that BINARY mode should
be the default (instead of the data-modifying ASCII mode)...


Ankle bracelet; a busy phone ==> scott-free

<mcgrew@cs.rutgers.edu>
Wed, 13 May 92 15:08:32 EDT
`Busy signal' aided an `anklet' escapee
(Newark "Star Ledger", 13 May 1992, By Robert Schwaneberg)

A Paterson man charged with committing a murder while he should have been under
house arrest was able to beat the electronic system monitoring his where-abouts
because a computer got a busy signal - and never called back.  That was the
explanation members of the Senate Law and Public Safety Committee were given
yesterday as to how Tony Palmer was able to remove the rivets from his
electronic anklet and have the tampering go undetected for four months.  In
fact, the computer at the Corrections Department headquarters in Trenton
detected the tampering on Dec. 16 and printed the information out, according to
Steven Adams, supervisor of the electronic monitoring-home confinement program.
But when the computer tried to relay the information to computer monitors
sitting just a few feet away, it got "a busy signal," Adams said. "It did not
call back," he added.

As a result, senior parole officers manning the monitors 24 hours a
day, seven days a week never knew what the computer knew - that Palmer
had tampered with his anklet and that the computerized phone calls
assuring that he was at home were worthless.

Sen. Louis Kosco (R-Bergen), the committee chairman, was incredulous at first.
"I don't accept the answers that I've gotten," Kosco said.  "How could this
have happened for four months - time after time after time?"  Corrections
Commissioner William Fauver and other staffers explained that once the computer
detected the tampering, any additional tampering would not set off new
warnings. Adams explained that the device remained in "tamper status" until it
was reset.  When Kosco realized the implications of that, he was even more
appalled. "If someone could get away with it one time, then he had carte
blanche," Kosco said. "If you can get away with it one time, you're free."

"That's what happened in the Palmer case," conceded Loretta O'Sullivan, the
Corrections Department's egislative liaison, "but it will not happen again."

Adams said parole officers in Trenton now scrutinize the computer printouts for
information about tampering, disconnected phone service or an inmate on home
detention failing to answer when called.  Anv such incident would trigger an
immediate visit from a parole officer, he said.

Other staffers said that when parole officers visit home jail inmates once a
week, they no longer rely on a visual inspection of their anklets but insert
them into a verifier, which would show if the anklets are in "tamper" mode.  By
the end of the month, Adams added, the state should begin receiving new anklets
that attach with interlocking metal bands rather than rivets.  Adams,
displaying one of the new anklets, said, "The only way this can be removed is
by cutting it off."

Sen. Bradford Smith (R-Burlington) said a "major fault" of the current system
is that even when an anklet is in tamper mode, the inmate can still use it to
check in when the computer calls to see if he is home.  Smith said that if the
device has been tampered with, that should trigger an alarm each time a call is
made to the inmate.  "The technology has got to be up-graded in some fashion,"
Smith said.  "This is just not acceptable."  The anklets and monitoring
equipment were manufactured by Digital Products of Florida, which did not have
a representative at yesterday's committee meeting at Corrections Department
headquarters.  "I think we ought to look at some other systems and see what
other companies are doing," Smith said.

Despite their apparent distress at the technical limitations of the system, the
lawmakers said the home confinement program must continue but should be
improved and become more selective about the kinds of inmates it takes.

State and county jails face severe crowding problems. It costs $12.80 a day to
keep an inmate on home confinement vs. $67 a day to keep him in prison.

"We all believe this is a very worthwhile program," Kosco said. "We want it to
continue in the state of New Jersey, but we want it to work as close to perfect
as we can make it."  Kosco said the program should be put "on hold" as Fauver
had announced last month, but added, "We don't mean stopped." Kosco said the
program should not be expanded but that as inmates come out of home detention,
new inmates should enter. As of yesterday, 642 state inmates - all within six
months of parole - had been released to home confinement with electronic
monitoring. Some counties also use electronic bracelet programs.

Kosco and Sen. John Girgenti (D-Passaic) said the state should be more
selective about the kinds of inmates it releases into the program.  "I have
problems when I read about people who were armed robbers who are now part of
the program," Girgenti said. He said drug dealers and persons with ties to
organized crime should also be ineligible for home detention.  Girgenti and
Kosco have introduced bills to restrict eligibility for home detention.

Fauver said he had canceled plans to expand the state's electronic anklet
program in the next budget year. He added that he was "still confident" about
the program but said it is better suited to county jail inmates than state
prison inmates convicted of more serious crimes.  Fauver said he was awaiting a
consultant's report on the technical as pects of the home detention program and
the procedures used in other states with similar programs.


No access to exchange via Cellnet

Lord Wodehouse <w0400@uk0x08.ggr.co.uk>
15 May 92 11:53:00 BST
Recently an old friend tried to call me at work, in response to a call from me.
He discovered that his moble phone on the Cellnet network would not reach an
081-966-nnnn number, while he could do so from a standard BT phone.  Being a
comms specialist, he called Cellnet, after a discussion with me.  The end
result was that Cellnet had in fact left this exchange out of their routing
tables.  It is now in!

The reason behind this is that Cellnet (although partly owned by VBT) has to
pay for any access to the BT phone network.  To prevent calls being made to
exchanges that do not exist and thus return a number unobtainable, but still
raise a charge on Cellnet, but nothing that can be charged to the customer,
Cellnet blocks such calls.  When 966 came into being, no one added the route to
make it available.
                      Lord John - The First Programming Peer on INTERNET!


OTA has issued a report re "software property"

Jim Warren <jwarren@autodesk.com>
Thu, 14 May 92 14:55:13 PDT
Hi, all.  I just received this and tho't you'd be interested.  --jim

>From autodesk!megalon!wsgr Thu May 14 08:31:36 1992
To: megalon!jwarren
Subject: Software Patent Report

Jim -
Just in case you hadn't heard, Congress' Office of Technology
Assessment has released a new report on the state of protection
for computer software.  According to an article in the Daily
Journal, the report entitled "Finding a Balance:  Computer
Software, Intellectual Property and the Challenge of Technology
Change" has drawn praise for its sophisticated look at the unique
problems in safeguarding technology rights.

The report is available through the U.S. Government Printing Office ($11).
 - MarkB


Pentagon taps hackers to write viruses

John Mello <jmello@igc.org>
Fri, 15 May 92 05:32:15 PDT
The following item is in the latest issue of Mother Jones.
Cybervirus warfare anyone?

The Pentagon has a dream: An enemy soldier is attempting to pull up vital
information on his computer screen. Suddenly, a peace sign flashes, along with
the message, "You are STONED!'' A virus has destroyed his files.
     If you can make this dream a reality, Secretary of Defense Dick Cheney
wants <it>you<>! His department's Innovative Research program is enlisting an
unlikely group--computer hackers--to create strategic computer viruses that can
attack enemy systems via radio signals.  According to an official at the Army's
Center for Signal Warfare, one hacker has already been awarded a $500,000
contract for the program's production phase.
     The exact nature of the work is classified, but the Signal Warfare
official told <it>Mother Jones<> magazine that the virus project is based at
Fort Monmouth, New Jersey, and described the work as "serious stuff.... Some
believe these [viruses] exhibit lifelike tendencies, reproducing themselves
like animals or plants.''
     Critics fear that the Pentagon's viruses pose a greater threat to computer
networks at home than do any potential enemies overseas. Last year, for
example, the "STONED!'' virus and several others somehow found their way into
nearly five thousand battlefield computers awaiting shipment to the Persian
Gulf.


Re: Microsoft advocates killing of Jews (RISKS-13.48)

mathew <mathew@mantis.co.uk>
Thu, 14 May 92 15:21:11 BST
I decided to see what other sinister secret messages were lurking in Windows
3.1's "WingDings" font.

If you type "IBM", you get a waving hand, a hand making an "OK" symbol, then
a bomb.  Obviously a reference to OS/2.

If you type "GOD", you get a hand pointing to heaven, a white flag, and a
thumbs down symbol.  Clearly Microsoft are a bunch of atheists.

If you type "MAC", you get a bomb, a V for victory sign, and a thumbs up.
Plainly inspired by the recent legal bombshell in the look-and-feel lawsuit.

If you type "UN", you get a crucifix followed by a skull and crossbones.
Obviously Microsoft knows something about the United Nations that we don't.

Another potentially interesting bit of information: In the beta-test versions
of Windows 3.1, three "dingbats" fonts were supplied -- Lucida arrows, Lucida
stars and Lucida icons.  WingDings seems to have been formed by condensing the
three into one single font.  It's interesting to note that whereas Lucida icons
had both black and white coloured hand symbols, WingDings has only the
white-skinned variety.
                          mathew           [Clever disclaimer omitted, as usual]


Two privacy newsgroups [Don't confuse them.]

"Peter G. Neumann" <neumann@csl.sri.com>
Sat, 16 May 92 14:33:46 PDT
Following are items relating to two different newsgroups on PRIVACY.

Dennis Rears' DIGEST is purposefully on the permissive side, less stringently
moderated than RISKS; it is ideal for people who want relatively open
newsgroups.  Lauren Weinstein's FORUM will be on the selective side,
substantially more closely moderated than RISKS; it is suitable for people who
have little time, but have a vital interest in privacy.  Both gentlemen are
serious in their efforts.  I think there are many reasons for both groups to
coexist.  Perhaps one or the other will satisfy those people interested in
privacy issues who complain to RISKS that they want LESS MODERATION or MORE
MODERATION, respectively.

I hope that general discussions on privacy issues will continue to appear in
RISKS, because those issues represent serious risks.  Perhaps both moderators
will submit summaries of key discussions to RISKS for our wider audience.


Announcing the PRIVACY Forum digest!

<privacy@cv.vortex.com>
Wed, 13 May 92 00:08:14 PDT
Announcing the global Internet PRIVACY Forum!

The PRIVACY Forum is a moderated digest for the discussion and analysis of
issues relating to the general topic of privacy (both personal and collective)
in the "information age" of the 1990's and beyond.  Topics include a wide range
of telecommunications, information/database collection and sharing, and related
issues, as pertains to the privacy concerns of individuals, groups, businesses,
government, and society at large.  The manners in which both the legitimate and
the controversial concerns of business and government interact with privacy
considerations are also topics for the digest.

Except when unusual events warrant exceptions, digest publication will be
limited to no more than one or two reasonably-sized digests per week.  Given
the size of the Internet, this may often necessitate that only a small
percentage of overall submissions may ultimately be presented in the digest.
Submission volume also makes it impossible for unpublished submissions to be
routinely acknowledged.  Other mailing lists, with less stringent submission
policies, may be more appropriate for readers who prefer a higher volume of
messages regarding these issues.

The goal of PRIVACY Forum is to present a high quality electronic publication
which can act as a significant resource to both individuals and organizations
who are interested in these issues.  The digest is best viewed as similar in
focus to a journal or specialized technical publication.  The moderator will
choose submissions for inclusion based on their relevance and content.

The PRIVACY Forum is moderated by Lauren Weinstein of Vortex Technology.  He
has been active regarding a wide range of issues involving technology and
society in the ARPANET/Internet community since the early 1970's.  The Forum
also has an "advisory committee" consisting of three individuals who have
offered to act as a "sounding board" to help with any questions of policy which
might arise in the course of the Forum's operations.  These persons are Peter
Neumann of SRI International (the moderator of the excellent and renowned
Internet RISKS Forum digest), Marc Rotenburg of Computer Professionals for
Social Responsibility (a most clear and articulate spokesman for sanity in
technology), and Willis Ware of RAND (one of the U.S.A.'s most distinguished
champions of privacy issues).

Feel free to distribute this announcement message to any interested individuals
or groups, but please keep this entire message intact when doing so.  Thanks!

                  How to subscribe to PRIVACY Forum
                  =================================

Individual subscriptions for the PRIVACY Forum are controlled through an
automated list server ("listserv") system.

To subscribe, send a message to:

   privacy-request@cv.vortex.com

       or:

   listserv@cv.vortex.com

with a line in the BODY of the message of the form:

   subscribe privacy 

Computer Privacy Digest/comp.society.privacy

"Dennis G. Rears " <drears@pica.army.mil>
Wed, 13 May 92 13:59:53 EDT
   I am the moderator of the Computer Privacy Digest.  The computer Privacy
Digest is an Internet mailing list that is dedicated to the discussion of how
technology impacts privacy.  This list is gatewayed into the moderated USENET
newsgroup comp.society.privacy.  In lot of ways it is a subsection on the risks
digest but it concentrates on the risks of technology on privacy.  The charter
is:

  comp.society.privacy    Effects of technology on privacy (Moderated)

   This newsgroup is to provide a forum for discussion on the effect of
   technology on privacy. All too often technology is way ahead of the
   law and society as it presents us with new devices and
   applications.  Technology can enhance and detract from privacy.
   This newsgroup will be gatewayed to an internet mailing list.

  Submissions go to:  comp-privacy@pica.army.mil and administrative
requests go to comp-privacy-request@pica.army.mil.

dennis
            Dennis G. Rears
MILNET:   drears@pica.army.mil     UUCP:  ...!uunet!cor5.pica.army.mil!drears
INTERNET: drears@pilot.njin.net    USPS:  Box 210, Wharton, NJ 07885
Phone(home): 201.927.8757      Phone(work): 201.724.2683/(DSN) 880.2683
USPS:        SMCAR-FSS-E, Bldg 94, Picatinny Ars, NJ 07806


MDC, the C-17 and the F-15E

<John_Karabaic@NeXT.COM>
Fri, 15 May 92 10:57:17 EDT
>END OF STORY.  Mark Seecof asks: has anyone seen the report itself?
>I'd like to know in what way it was a mistake to give McDonnell-Douglas
>control over software development for a plane it was building?

---flame on

Well, since I was the Software Manager on the F-15E I can give you lots of
reasons from personal experience about why any Government agency should think
long and hard before giving McDonnell Douglas control over any software
project:

    1. Their insistence that flight-control software is not
    flight-safety critical, since there was a hydraulic backup in
    the F-15E aircraft.

    2. Refusal to perform software Formal Qualification Tests
    prior to first flight, stating that the FQT is required only
    on production aircraft, and F-15E-1 was not a production
    aircraft.  FQT should be an iterative testing process, but
    according to MCAIR, it was an acceptance test.

    3. Refusal to define software stored in ROM as software,
    defining it instead as "firmware", and thus not subject to
    formal review and testing.

These are just a few off the top of my head, five years after the fact.  Don't
get me wrong; I think MCAIR did a fantastic job on the F-15E.  It's one great
weapon system. But McDonnell Douglas's biggest problem on the F-15 project was,
even though they could build excellent aircraft and systems, they wouldn't tell
us government types (including this pitiful second lieutenant) anything unless
we pried it out of them with a crowbar.  And sometimes not even then, parroting
the tired line, "Out of scope [of the contract]!" This makes it extremely
difficult to get enough information to enable "organic support" (support by US
Government personnel) or second-sourcing of software after the systems are
delivered. Since the Advanced Tactical Fighter Program Office was right across
the hall at that time, every time I had a problem, I would go tell the people
writing the contracts for that program how responsive my contractor was being.
(In Air Force talk: "Check six!")

--flame off

But there may be another, more simple reason for the GAO's finding: I believe
that the US Government, not the prime contractor (MDC, in this case) has "total
system performance responsibility" for the C-17.  That is, a program office
residing at Wright-Patterson AFB has the responsibility for integrating and
testing every aspect of the aircraft, not the contractor who is building it.
Since software is the glue that holds a modern military aircraft together, this
may be why the GAO is faulting the C-17 SPO for not "controlling" the software.

John S. Karabaic, Systems Engineer, jkarab@NeXT.com, 513 792 5904
NeXT Computer, Inc.; 4434 Carver Woods Dr.;  Cincinnati, OH 45242
cellular: 513 532 0224; fax: 513 792 5913; territory: OH, IN & KY

Please report problems with the web pages to the maintainer

Top