The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 57

Monday 3 May 1993

Contents

o The risks of non-24-hour days
Debora Weber-Wulff
o Flaws in government computer bond auction
Mark Seecof
o Evading 1-900 blocking
John Carr
o `New Computer Virus Reported in Japan
David Fowler
o Stunning vending machines
Edward N Kittlitz
o Junk mail reduction request can add to your junk mail, too
Rich Rosenbaum
o Re: SSN for Health Identifier
John R. Levine
o Re: How to rob a bank the cashcard way
Anthony Naggs
o Humans NOT needed to save NASA
Don Norman
o Re: Human vs. computer in space
Craig Partridge
Espen Andersen
Scott Alexander
R. Mehlman
o Re: Clipper - A dumb idea
Brian Seborg
o Re: Worries over the Clipper Chip
Brinton Cooper
o Re: Too much electricity
DonB
o Info on RISKS (comp.risks)

The risks of non-24-hour days

Debora Weber-Wulff <dww@math.fu-berlin.de>
Sun, 2 May 1993 12:26:02 GMT
A student told this quite believable tale about a German steel-producer last
week:

The steel production line is completely automated, with the molten ingots
having to cool a certain number of minutes/hours before force is applied to
flatten them out. It appears the programmers of the system didn't want to
construct their own clock, and so from a security point of view they used the
German radio signal put out from Braunschweig (Funkuhr) that gives the exact
time. This was used to calculate cooling times. In April, though, there was
the day we switched to summer time, and a day with just 23 hours. 3:00 am
followed 1:59 am, and the mill controller thought that the cooling time was
up, and applied force - splattering still-molten steel around the place and
breaking this part of the mill.

Any confirmation of this from sources other than a friend of a friend?

Debora Weber-Wulff, Technische Fachhochschule Berlin, FB Informatik,
Luxemburgerstr. 10, 1000 Berlin 65     dww@informatik.tfh-berlin.dbp.de


Flaws in government computer bond auction

Mark Seecof <marks@wimsey.latimes.com>
Sun, 2 May 93 12:32:35 -0700
On Friday 29 April 93 the Los Angeles Times reported on page D1 in a story by
Robert A. Rosenblatt that the U.S. Treasury department will implement a new
computerized government securities auction system even though the General
Accounting Office (GAO) says it is "deeply flawed."  [Paraphrasing and
elisions by Mark Seecof.]  The purpose of the new system is to prevent fraud
and bid-rigging such as Salomon Bros. engaged in during 1990 and 1991.

"The automated network proved highly unreliable during tests of simulated
auctions...  In one test, five dealers 'were disconnected from the
mainframe'...  If this happened during an actual auction, the bids would have
been lost.

"Another threat comes from the computer clock..., which 'drifts and has to be
manually readjusted...  This poses a potential problem for those dealers who
submit bids seconds before an auction closes... For instance, should the
computer clock gain time, dealers could transmit timely bids that are rejected
as late.' [NNTP, anyone?]

"Because of these uncertainties, the Treasury is allowing dealers to maintain
the old [paper] method of bidding despite the GAO warning that this defeats
the purpose of the new network, known as the Treasury Automated Auction
Processing System.

"The GAO recommended that the computer effort be delayed while a better system
is devised to detect fraud and collusion...  The Treasury defended its
decision to proceed...  'Our position is that TAAPS has been thoroughly tested
and is ready to be put into production,' a Treasury spokeswoman said.
'Treasury considers this TAAPS program an important first step...  We
deliberately chose to introduce automation to the auction process
incrementally and believe this to be a prudent approach.'"

[Mark Seecof says:]
"Prudent incrementalism."  Note that this is (a) not a lie, (b) not a response
to the charge that TAAPS is "deeply flawed," and (c) not very satisfying to
the reader.  Okay, so bureaucrats will "brazen it out," and implement even
"deeply flawed" systems rather than admit to development failures.  Perhaps we
should start rewarding managers for NOT implementing bogus systems?  Could we
devise a suitable bureaucratic scheme for doing so?  On another note, could an
unethical trader with a copy of the GAO report find a way to gain some
advantage by exploiting TAAPS' flaws?

Mark Seecof <marks@latimes.com>
Los Angeles Times' Publishing Systems Dept.


Evading 1-900 blocking

John Carr <jfc@Athena.MIT.EDU>
Mon, 03 May 1993 08:30:52 EDT
A local TV news program had a story about a new type of phone sex
service.  A teenage boy evaded the long distance blocking on his
parents' phone by calling a free 1-800 number and leaving his phone
number.  The phone sex service called him back, collect.

The people interviewed on the show acted very shocked that this could happen,
even though the phone company said it wouldn't charge for the calls.  In
particular they pointed out that the boy was not required to prove his age.
No suggestions were offered as to how he might do so over the phone.

In my opinion, they were trying to blame technology for a social problem.  The
phone company is an easy target.  Certainly it's easier to blame them than to
ask controversial questions like "why can't you take responsibility for your
son's actions?" or "what's wrong with talking about sex?".

I was a bit surprised that the report included the free phone number to call.
I wonder how many people will call the service after learning about it from
the news.
              --John Carr (jfc@athena.mit.edu)


New Computer Virus Reported in Japan

David Fowler <fowler@oes.ca.gov>
Sat, 1 May 93 19:21:33 PDT
The Kyodo News Agency, in a story datelined Tokyo, warns of a new strain of
computer virus that is to strike computers operating under MS-DOS on the
Japanese Children's Holiday, May 5 (May 4 on this side of the International
Dateline).

Kyoto quotes the Information Technology Promotion Agency, which it
describes as "a government-backed computer institute." as identifying the
new virus as DApdm-13.  This virus, when activated displays the English
sentence, "Hey boy, do you know hide-and-seek?  Play with me."  The virus
will then, according to Kyoto, overwrite all data and programs.

Without further elaboration, the news agency says that the virus can be
removed by programs already on the market.

David Fowler, San Francisco


stunning vending machines

Edward N Kittlitz <kittlitz@world.std.com>
Fri, 30 Apr 1993 09:14:40 -0400 (EDT)
I just saw a Japanese language report from a network or program called `FNN'.
Based upon the abridged subtitles, some people are stealing telephone service.
This is accomplished by using a hand-held electric stun gun on a machine which
vends telephone debit cards.

E. N. Kittlitz  kittlitz@world.std.com


junk mail reduction request can add to your junk mail, too

"Rich Rosenbaum, rosenbaum@lkg.dec.com" <rosenbaum@tuxedo.enet.dec.com>
Sat, 1 May 93 09:29:54 EDT
The Direct Marketing Association maintains a database listing people that
prefer to not receive unsolicited marketing material.  I've had my name and
address added to this list, hoping it would reduce my mail.  It seems to
have had just the opposite effect recently - I just received a mailing from
Sears that begins:

    "Because you have requested through the Direct Marketing Association
     not to receive various solicitations through the mail, ..."

Rich Rosenbaum


Re: SSN for Health Identifier

John R. Levine <johnl@iecc.cambridge.ma.us>
30 Apr 93 12:37:32 EDT (Fri)
[RE a note saying that the Clinton administration seems to be leaning toward
making the SSN the national health ID]

There is a thriving business in stolen SSN's so that illegal aliens can
get work.  The checking is now good enough that the alien needs the name
that matches the SSN for the I-9 form to pass, under the bureaucratic rule
of thumb that anyone who presents your name and SSN must be you.

This means that people all over the country are now being hassled by the
IRS for not reporting income, typically from some place in Southern
California or Texas that they've never heard of where the alien was
working.  There was a sidebar in the Boston Globe yesterday about a local
woman who was hounded by the IRS for five years with this problem.

Until now, SSN theft could cause considerable financial pain, but it
couldn't kill you.  If the national health number is the SSN, this means
that when someone steals your SSN and they go to the doctor, their health
records will become mixed in with yours.  If someone is already fairly
sick, it is easy to imagine how a system depending on computerized records
could misprescribe drugs or other treatment with fatal effects.

John Levine, johnl@iecc.cambridge.ma.us, {spdcc|ima|world}!iecc!johnl


Re: How to rob a bank the cashcard way (Wodehouse, RISKS-14.56)

Anthony Naggs <amn@ubik.demon.co.uk>
Fri, 30 Apr 93 13:19:08 BST
It is interesting Lord Wodehouse's contribution was published here.  I had
considered sending details myself, but I remembered that my similar
submission last autumn was not published, (describing a report on the BBC
Newsnight television programme and New Scientist magazine).

> An article in the UK Sunday Telegrapph on 25 Apr 1993, p. 5, by Barbara
> Lewis, ...

Barbara is the journalist, the deceit of the Automated Teller Machines
(ATMs) was performed by Bryan Clough, and an unnamed computer expert.


The banks call this "white card fraud" because up to now most attempts
have been with the plain white plastic cards supplied by vendors of the
card read/write equipment.  The banks only find the white cards if they
are retained by the ATMs.  To my knowledge all ATMs operated in the UK
allow three attempts to enter the correct 4 digit PIN.  If the third
attempt is not validated the ATM retains the card, but after the first
or second attempt you can select "cancel" or "error" and have the card
returned.  If you reinsert the card into the ATM it does not remember
your previously failed attempts.  Summary: a fraudster has to be very
incompetent to let the ATM retain the card.


I spoke to Bryan Clough on Monday about this.  He clarified a few of the
technical aspects for me, which I hesitate to post here.  A brief outline
of one of the events described should be enough to worry:
1   The journalist used her cashcard to withdraw money at an ATM.
2   She placed the receipt in the bin provided.
3   Bryan Clough retrieved the receipt.
4   Bryan, and his colleague, took the receipt to a portable computer and
    card read/write unit, (in their car I think).  They programmed 3
    cards using information from other cards and the receipt.
5   Presenting each of the 3 cards to an ATM, (not at the bank that issued
    the card), gave these results:
    1.  10 pounds was withdrawn, debited to the journalist's account.
    2.  10 pounds was withdrawn, the journalist's account was debited
        with 10 pounds and 3 pence!
    3.  The card was rejected as invalid, Mr Clough recovered the card
        by selecting "cancel".

Note, in this case the PIN was derived from the known card - only the
journalist's account number was needed, not her PIN.

In a further conversation with Bryan today he told me that the (UK) Sun
newspaper had a short item on this yesterday, and that he was expecting
them to do another one on Saturday.


I suspect that the banks insist that this is impossible simply because
the managers lack a technical understanding of the technology.

Anthony Naggs (anti-virus consultant)
email: amn@ubik.demon.co.uk     phone: +44 273 589701


Humans NOT needed to save NASA (Mellor, RISKS-14.56)

Norman, Donald <DNORMAN@applelink.apple.com>
03 May 93 01:12 GMT
A contribution to RISKS (14.56) once again repeats the propaganda that it is
only through human cleverness and ingenuity that complex space missions are
saved. That is sheer propaganda. Oh yes, it is true, but the stories neglect
the fact that if it weren't for the requirement to keep the humans healthy and
alive, the mission would be dramatically less complex and the reliability would
be dramatically greater (and the cost correspondingly less). And if a space
launch or two failed, it wouldn't much matter.

Reread that RISKS quote: "For a few appalling moments it must have seemed as
though the nightmare had begun: marooned on the Moon, with only a day's oxygen
and no way home. Aldrin poked around, and found a felt-tipped pen, and shoved
it in the slot. It worked. ... Man had a proper place in the scheme after all."

Notice that the felt-tipped pen prevented the humans from being marooned. But
if there were no humans on board, it wouldn't have mattered. What is all this
about "Man had a proper place in the scheme after all"?

And then RISKS repeats the old joke: ``Where else,'' said one test pilot in the
programme, ``would you get a non-linear computer weighing only 160 lbs, having
a billion binary decision elements, that can be mass-produced by unskilled
labour?''  (Actually, it is hundreds of billions of elements, and a lot more
complex than binary).  The problem with this old joke is not the inaccuracy of
the numbers (for the correct numbers make the point of the joke even more
impressive) but rather the neglect of the twenty to thirty years of training by
*very highly skilled* personnel necessary to produce test pilots and the rest
of us, to say nothing of the infrastructure and costs required to keep us alive
during that period.

Look, folks, the main justification of humans in space is that it is a neat
thing to do, that it provides new opportunities for growth, exploration, and
colonization. It is probably inevitable, given human curiosity and love of new
adventures. I want to do it too.  But let us be honest: if you want people in
space, then admit it. Justify it on those grounds. Don't lie and say that
humans are needed to keep the spacecraft going -- the only reason they are
needed for that purpose is because humans are on board in the first place.

There is a NASA report floating about somewhere (the old "Carl Sagan committee"
-- of which I was a member -- that performed an expensive several year study of
the problem and concluded just that. But the report violated NASA's goals of
"man in space" and seems to have been lost in the filing cabinets.

Don Norman    Apple Computer  dnorman@apple.com


re: Human vs. computer in space (Mellor, RISKS-14.56)

Craig Partridge <craig@aland.bbn.com>
Fri, 30 Apr 93 08:05:42 -0700
Page 365 of Murray and Cox's, "Apollo: The Race to the Moon", (Simon and
Schuster 1989) gives a very different account.  According to their version of
the story, Armstrong bumped into the circuit breaker with his backpack, and
the astronauts reported the damage before going out on their moon walk.
During the moon walk, folks on Earth figured how to rewire some of the
switches in the LEM to bypass the circuit breaker and arm the ascent engine.

So the astronauts were superfluous...  :-)

Craig Partridge


Re: Human vs. computer in space (Mellor, RISKS-14.56)

ESPEN ANDERSEN <EANDERSEN@HBS.HBS.HARVARD.EDU>
30 Apr 1993 07:01:24 -0400 (EDT)
While not disagreeing with Peter Mellor's point about humans having a place in
space (that is, on manned space missions), I would like to point out that his
example would seem to argue for the opposite.  The error that Buzz Aldrin
fixed was caused by a misplaced backpack.  A computer probably wouldn't do
this, not because computers do not misplace things, but because in an unmanned
flight there would not be any backpacks--or any switches either.  In other
words, the error corrected was in the user interface of the lunar module, and
the correction was done by the user.

Espen Andersen (eandersen@hbs.harvard.edu)


re: Human vs. computer in space (Mellor, RISKS-14.56)

Scott Alexander <salex@jpl-devvax.jpl.nasa.gov>
Fri, 30 Apr 93 13:16:29 PDT
I probably have a bias in this matter working for a laboratory tasked with the
robotic exploration of the solar system.  Let me reiterate that I cannot speak
for JPL (and that they probably disagree with at least some of this.)

It strikes me that the case cited illustrates the advantages of unmanned
exploration as well as the advantages of manned exploration.  If Armstrong and
Aldrin hadn't been on board the module, some mission capabilities would have
been lost.  However, there would not have been the "nightmare" scenario in
which human beings are at risk.

Given that losing humans is considered far worse than any other failure in our
space program, the cost of sending humans into space is much higher than the
cost of robotic exploration.  This limits the number of missions flown.
Moreover, the cost to the space program any time an astronaut is lost is
tremendous both in terms of money and time lost to the program.

Thus, because of the costs of additional systems and redundancies to support
humans and the additional weight (which adds further costs), I believe we need
to very carefully choose those situations in which it is worthwhile to send
humans versus those situations where sending several robots will produce wider
results.

Scott Alexander  salex@devvax.jpl.nasa.gov


RE: Human vs. computer in space (Mellor, RISKS-14.56)

<rmehlman%grumpy.decnet@pdsppi.igpp.ucla.edu>
Fri, 30 Apr 1993 18:44:12 PDT
In all fairness, it should be noted that the circuit breaker would not have
failed if a human had not been present to brush the plastic pin with his
backpack.  Further, the increased complexity of *manned* spacecraft greatly
increases the number of things which can fail.

The pyramids are a poor example to bring into the argument about manned space
exploration.  They cost more than just money.


Clipper - A dumb idea

Brian Seborg <seborg@csrc.ncsl.nist.gov>
Fri, 30 Apr 93 12:26:51 EDT
After reading the initial announcement of Clinton's support of the Clipper
Chip I thought that the idea was insane!  Upon reading more about the chip and
following the discussions here I have to express some concern over this
technology and the cost of pursuing the implementation of it in government
systems.  One concern that was raised was the problem that once an entity had
been given the escrow key to effect a tap that they could then continue to tap
any and all conversations in the future.  Dorothy Denning suggested that the
purchase of a new unit could be effected, or a simple chip relacement could be
done to rectify this situation.  I have to suggest that now hardware
replacement is "simple" and I have to wonder at the cost and logistics of
effecting such a replacement.

Padgett suggests that this is a sound technology whose time has come and which
will offer a "good enough" encryption service.  Well, I would suggest that
"good enough" technology already exists, so why invest in technology which has
a built in trap door?  It makes no sense!

Also, I am somewhat concerned that we are already ramping up for this effort.
NIST is already beginning to allocate resources to this project, as has NSA.
How much is this going to cost?  It seems to me that we have embarked on a
trip but forgotten the map.  Why would Clinton set up such a standard before
trying to get some consensus from the effected parties?  Or is this just a
trial balloon?

I think there are many valid questions which have been raised such as who will
be the consumers of this technology?  What is the point of providing such a
chip if criminals are unlikely to use it, or if additional layers of
encryption are placed on the communications?  Tapping would seem useless if
this were the case, unless, as others have pointed out, other forms of
encryption were made illegal.  But what is the possibility of this?  I'd say
nil.  Such a requirement would be so onerous that it would never be supported.
In addition, there is no way that current vendors of encryption software and
hardware would lay down while this occurred.  Plus, it might not even be
constitutional (potentially violating privacy, freedom of press, and
expression).  So I doubt that doing away with other forms of encryption is
being contemplated.

So then what is the use of this chip?  It may have some use as a technology,
but not in the way currently described.  For example, I could think of a use
within a corporation.  If all computers in a corporation used the encryption
provided by such a chip to encrypt sensitive information and an employee
left, then the escrow key could be used to get back the information which would
otherwise be lost to the company.  But this is not the way that is currently
being pursued.  And since other forms of encryption can be used to thwart
tapping attempts, what is the point?

It seems to be an interesting intellectual exercise, and it may indeed have
uses in corporations requiring encryption, but the idea that you would provide
the "keys to the kingdom" to some currently undefined escrow authority such as
the FBI or NSA or the local police will never be supported by security experts
or commercial entities.

Let's all agree that we don't want to waste our tax dollars on this project and
contact our congresspeople and senators to nip this project in the bud before
it becomes the next government sponsored boondoggle.

Brian Seborg, VDS Advanced Research Group


Re: Worries over the Clipper Chip (Firth, RISKS-14.55)

Brinton Cooper <abc@BRL.MIL>
Fri, 30 Apr 93 13:28:21 EDT
Robert Firth, <firth@SEI.CMU.EDU>, asks

>Why should anyone worried about snoopers
>use an encryption scheme designed to allow snooping?

Answering his own question, he says

>The answer, of course, is indeed that all other encryption schemes
>must be outlawed.

When private use of end-to-end encryption is outlawed, how will it be
enforced?  How will the agents of the Crypto Enforcement Agency (CEA) know
that two end-users are sending encrypted traffic and not just random bit
streams?  Will they mis-interpret binary file transfer as unauthorized use of
encrypted data?  Will every kermit user be subject to search of his/her
premises by CEA agents, bashing in the door under authority of search warrant?
Where will it all end?

_Brint


Re: Too much electricity (Miller, RISKS-14.55)

<donb@crash.cts.com>
30 Apr 93 16:33:02 GMT
    In a case several years ago in the desert north of Los Angles
"excessive" electricity use was the "Probable Cause" for a search warrant.
The police did find pot cultivation in an underground garden.  The excessive
use was determined by a bill found during a raid in Bullhead City Arizona.

    The part never mentioned by the press was the bill was while the house
and barn were being constructed.  Power for the garden was provided by a
generator.

    DonB

Please report problems with the web pages to the maintainer

Top