The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 84

Tuesday 17 August 1993


o Re: BARFmail and other list headaches
Dennis G. Rears
o Prototype voice-operated ATM
Malcolm Butler
o Filling Station Ripoff
Matt Healy
o President Clinton's Tax Plan
Richard Schroeppel
o Terminal Consternation
A. Padgett Peterson
o Preserving electronic memos — a serious problem
Bob Frankston
o Call for Clipper Comments
Dave Banisar
o Call for papers — 2nd Workshop on Feature Interactions
Nancy Griffeth
o Call for papers IFIP SEC'94 Caribbean
F. Bertil Fortrie
o Info on RISKS (comp.risks)

Re: BARFmail and other list headaches (PGN in RISKS-14.82)

"Dennis G. Rears" <drears@Pica.Army.Mil>
Tue, 17 Aug 93 15:46:22 EDT
  I guess you can say that one risks of BARFmail is that if it gets to a
certain point, volunteers will just say no.
  I run an exploder list for RISKS for all U.S. military and government sites.
I also run the mail list for the Computer Privacy Digest.  In each case I have
seen an increasing amount of BARFmail, broken mailers, people with improper
addresses, and general incompetence among many postmasters.
 I use to spend 15-45 minutes a week in mail list maintenance.  Now it
is close to three hours a week.  With every Risks Digest that is sent out
I get back 3-4 error messages; with the Computer Privacy Digest, I get
about 10.

 As a subscriber,

  o You should ensure that you have enough space in your mailbox for the lists
    that you subscribe to.

  o If you domain address changes, please let us know.

  o If your account is canceled, please let us know.

 The system administrator as part of his job should ensure that:

  o  All outgoing mail is stamped properly so that replies can be sent back.

    - Several times a month I get add requests from <name@host>
    as opposed to <name@host.domain>.  I have to go through the
    received lines to get a valid email address.

  o  Send rejected mail to the right place:

    - It should go to the Errors-To, Reply-to, List-request
    address.  I had to stop my notification service front the CPD
    thanks to a badly configured mailer.

  o  There are military machines that use subhosts, which is
     in violation of RFC 822. I have to source route these
     (name%subhost@realhost) in the mail list.  I am talking about
     the Sperry hosts that a lot of military sites use.  These
     STILL DON'T use DNS aka nameservers.


      [I am exceedingly grateful to Dennis, who handles .mil and .gov
      RISKS traffic for me, and also to
      who provides a similar indirection service for RISKS readers in the
      U.K.  Anything you can do to make their lives and mine simpler with
      respect to E-mail addresses would be greatly appreciated.  PGN]

Prototype voice-operated ATM

Malcolm Butler <>
Mon, 16 Aug 93 1:25:39 EST
  [RISKS readers may be interested in the following report from The Sydney
  Morning Herald, August 13, 1993).  Malcolm Butler (]

    Your word is my command: ATM

Researchers at the University of Queensland unveiled yesterday a prototype of
what they say is the first voice-activated automatic teller machine (ATM).

But in an embarrassing moment during a media demonstration, a mock ATM
incorrectly accepted the voice od a female journalist and allowed her to
gain access to the "funds" of a male researcher.

It was quickly pointed out that the machines accuracy would improve with
fine-tuning and that security was the opposite of convenience.  A second
imposter who tried to con the machine was unsuccessful.  All he could
extract from it was a wicked cackle.

The system uses the new technology of artificial neural networks ... It
verifies customers' identities by comparing their voices with samples
that have been stored on a computer.

This aural equivalent of a fingerprint is good news for those who have trouble
remembering their personal identification numbers but, unfortunately, the
system, still has a few glitches.  It accepts 10 per cent of imposters,
rejects 1 per cent of true customers and may not be sympathetic if you have a
cold, are drunk, or your voice sounds different.

``It may turn out that it would be a good idea for you to go in sometime and
leave a voice sample when you have a cold so that it can recognise you when
you are in that situation," said one of the project's researchers, Professor
Tom Downs.

[...]  The researchers say the system could also be used for credit card or
banking transactions by telephone and for allowing entry into restricted
buildings.  Their next project will be to develop a system which allows free
conversations between ATMs and customers.

Professor Downs said several voice-verification systems had been developed
overseas but were relatively unsophisticated.

Filling Station Ripoff

Matt Healy <>
Fri, 30 Jul 1993 00:45:52 GMT
On Thursday afternoon, 29 July, WCBS Radio (NYC) broadcast an interview with a
city official about a new scam: modifying the circuit board of a gas pump
controller so the pumps will deliver less gasoline than indicated by the

He characterized this as "just old fashioned cheating, using new technology."
In one case, his inspector discovered that the pump delivered about 5 gallons
while indicating 7 gallons.

He said his department will be stepping-up inspections, but of course they
cannot check every filling station at once!  He advised motorists to keep
records of gas purchases and odometer readings, and report any suspicious
sales immediately.  He said several offenders have already been caught in this
manner--an alert citizen noticed the short delivery amounts.

Matt Healy    Dept of Genetics (WardLab-SHM I-148)
            333 Cedar Street   NEW HAVEN, CT 06510

President Clinton's Tax Plan

"Richard Schroeppel" <>
Tue, 17 Aug 1993 11:28:11 MST
With the passage of the new budget, the IRS has shifted into high gear.
One provision of the bill imposes the higher rates retroactively to Jan 1.

Last Thursday night (Aug 12) our local TV news did a story about a Tucson
small-businessman who received a tax bill for $72G.  They showed the bill,
it looked real, including low order digits, properly placed commas & decimal
point, etc.  Apparently the man was a real slacker; about half the amount
was for interest & penalties.  The IRS had no immediate comment, but
apparently this man was not the only recipient of such a bill.

Now it seems to me, that if this guy & his five friends would just pay their
fair share, instead of whining to the media, we'd have this deficit thing
licked in no time.  Way to go, Prez!

The RISK here should be apparent to all programmers:  When laying out your
printed forms, be sure to allow extra space in the numeric fields.  Always
use double precision for money amounts.  It's stupid to have a program break
just because some intermediate value is unexpectedly large, or to not have
room on the form for a big amount.  The constants for interest rates &
penalties should be specified to high enough precision, so that the cents are
calculated accurately.  Clearly the IRS hires pros:  These guys really know
their stuff!  All their commas and periods lined up exactly, no extra
punctuation, nothing out of place, even a properly placed floating dollar sign.

Too often, RISKS concentrates on the failures and screwups.  It's high time
that we recognized the people who do it right, and celebrate a job well done.
The hard working programmers behind the tax bills often go unacknowledged.
Let's show them our appreciation.  Tax programmers, I take my hat off to you!

Rich Schroeppel

Terminal Consternation (csvcjld, RISKS-14.82)

A. Padgett Peterson <>
Tue, 17 Aug 93 15:40:21 -0400
>If the bytes are uniformly distributed, there is a good chance they
>are encrypted.

>   [But NOT NECESSARILY.  ...  simplifications are tricky.  PGN]

The whole subject is tricky. Functionally, there is no real difference between
compression and encryption other than degree of difficulty in breaking 8*).
Run the compressed file through UUENCODE or a TEKHEX generator and we are back
to a non-random string. (BTW XXENCODE permits use of a user-supplied table --
is this Encryption ?).

I *suspect* that the telco filter is very simplistic - could just be
interrupting the connection on an XOFF (Ctrl-S or 13h). Might not even be

Point is that it is easy to disguise text as binary, slightly more difficult
to make binary look like text, but not impossible, engineers have been doing
it for years - "I didn't know you were *trying* to block binary, it just
looked like a faulty design."

Preserving electronic memos — a serious problem

Mon, 16 Aug 1993 21:00 -0400
A recent New York Times featured a policy wherein all electronic
correspondence among people at the White House must be preserved. As Oliver
North discovered, email can be forever. More to the point is Richard Nixon's
experience. Once he recorded all his phone conversations, he exposed himself
to having them subpoenaed!

Here is an example where the reality of electronic communications and our
legal systems are seriously out of step.  Essentially all business records
and, I wouldn't be surprised, all personal records, can be subpoenaed. In the
government, many of the records must be supplied upon request. (A reader with
more expertise can clarify the legal aspects of this).

It can be quite disconcerting to discover that a private memo citing the
possibility that a chemical might cause cancer surfaces twenty years later to
prove that your company knew about the danger and failed to act. On the other
hand, such exposure is often necessary to uncover criminal behavior.  Let's
assume that a balance has been struck over the year between the publics need
to know and the requirements of privacy for classic paper documents.

While this might be a big assumption, it is the status quo.  One develops
defenses such as a paperless office (i.e., never write anything down, just
discuss it in person or on the phone) or shredding memos upon reading them.
These aren't perfect as the Nixon experience shows and when participates
choose to, or accidentally preserve information.

This all changes when the normal means of conversations leaves an indelible
trail. While this policy cites email, bits is bits and as we shift to digital
PBXes in which text, voice, images are all stored in the same pool, we have
lost all privacy.

Unfortunately, this issue was not explicitly faced in the 1700's and thus
there was no provision in the constitution.

There are those that argue that there is no right to privacy in a commercial
setting, that an employer has a right to tape all conversations on premises
and install video cameras in every nook and cranny. And some have. After all,
who knows how many rest room visits were just a way to take a break without
accomplishing anything.

But it also means a world that doesn't allow tentative thinking, questioning
of the norm, diplomacy or correction. It is a world where all ones inner
thoughts are exposed to analysis and criticism without a chance to refute or
comment. It is a world where innocuous behavior might resurface twenty years
later and be judged in an entirely different world. It is a world that
guarantees mediocrity since any behavior that doesn't reinforce the popular
images of the majority (even if it is not a real majority) will result in

Sadly, the problem is not easy to solve. The opposite extreme of a world with
no paper trail can be a conspiratorial world where all behavior is hidden and
thus is suspect, if not corrupt. I don't have easy answers but am concerned
that people should be aware that while email might be the successor to the
paper memo, it is much more than that and extending an old policy can have
serious, and unexpected, ramifications.

Is a world with perfect memory better than one without history?

Call for Clipper Comments

Dave Banisar <>
Tue, 17 Aug 1993 14:23:16 EST
The National Institute of Standards and Technology (NIST) has issued a request
for public comments on its proposal to establish the "Skipjack" key-escrow
system as a Federal Information Processing Standard (FIPS).  The deadline for
the submission of comments is September 28, 1993.  The full text of the NIST
notice follows.

CPSR is urging all interested individuals and organizations to express their
views on the proposal and to submit comments directly to NIST.  Comments need
not be lengthy or very detailed; all thoughtful statements addressing a
particular concern will likely contribute to NIST's evaluation of the
key-escrow proposal.

The following points could be raised about the NIST proposal (additional
materials on Clipper and the key escrow proposal may be found at the CPSR ftp

* The potential risks of the proposal have not been assessed and many
questions about the implementation remain unanswered.  The NIST notice states
that the current proposal "does not include identification of key escrow
agents who will hold the keys for the key escrow microcircuits or the
procedures for access to the keys."  The key escrow configuration may also
create a dangerous vulnerability in a communications network.  The risks of
misuse of this feature should be weighed against any perceived benefit.

* The classification of the Skipjack algorithm as a "national security" matter
is inappropriate for technology that will be used primarily in civilian and
commercial applications.  Classification of technical information also limits
the computing community's ability to evaluate fully the proposal and the
general public's right to know about the activities of government.

* The proposal was not developed in response to a public concern or a business
request.  It was put forward by the National Security Agency and the Federal
Bureau of Investigation so that these two agencies could continue surveillance
of electronic communications. It has not been established that is necessary
for crime prevention.  The number of arrests resulting from wiretaps has
remained essentially unchanged since the federal wiretap law was enacted in

* The NIST proposal states that the escrow agents will provide the key
components to a government agency that "properly demonstrates legal
authorization to conduct electronic surveillance of communications which are
encrypted."  The crucial term "legal authorization" has not been defined.  The
vagueness of the term "legal authorization" leaves open the possibility that
court-issued warrants may not be required in some circumstances.  This issue
must be squarely addressed and clarified.

* Adoption of the proposed key escrow standard may have an adverse impact upon
the ability of U.S. manufacturers to market cryptographic products abroad.  It
is unlikely that non-U.S. users would purchase communication security products
to which the U.S.  government holds keys.

Comments on the NIST proposal should be sent to:

Director, Computer Systems Laboratory
ATTN: Proposed FIPS for Escrowed Encryption Standard
Technology Building, Room B-154
National Institute of Standards and Technology
Gaithersburg, MD 20899

Submissions must be received by September 28, 1993.  CPSR has asked NIST that
provisions be made to allow for electronic submission of comments.

Please also send copies of your comments on the key escrow proposal to CPSR
for inclusion in the CPSR Internet Library, our ftp site.  Copies should be
sent to <>.

  [Federal Register Vol 58 No 145, NIST, Docket No. 930659-3159,
  RIN 0693-AB19, "A Proposed Federal Information Processing Standard for an
  Escrowed Encryption Standard (EES)", 58 FR 40791, Friday, July 30, 1993
  is available for anonymous FTP on CRVAX.SRI.COM in the RISKS: archive
  directory, with file name RISKS-14.84N, of from Dave Banisar
  <>.  PGN]

Call for papers — 2nd Workshop on Feature Interactions

Nancy Griffeth <>
Wed, 11 Aug 93 16:22:54 GMT
Feature interactions can create security loopholes or even bring the public
telephone network down.  Since various critical systems — emergency services
and airport control towers — depend on the telephone network, the subject is
relevant to RISKS.  For more information, I would refer readers to the August
1993 issues of Computer and Communications magazines, especially the
introductory articles and the paper by Kuhn et. al., ``Improving Public
Switched Network Security in an Open Environment'' in Computer, pp. 32-35.
Also, Cameron and Lin published a paper in the Proceedings of the 1991 SIGSOFT
Conference on Software for Critical Systems, ``A Real-Time Transition Model
for Analyzing Behavioral Compatibility of Telecommunications Services''.
Otherwise, little work has been published on approaches that can protect the
network and its users from potential effects of feature interactions, so
responses from people who have worked on other critical systems would be most

      Second International Workshop on Feature Interactions
          in Telecommunications Software Systems

            Amsterdam, The Netherlands
                  May 9-10, 1994

This workshop is the second in a series, whose mission is to encourage
researchers from a variety of computer science specialties (software
engineering, protocol engineering, distributed artificial intelligence, formal
techniques, software testing, and distributed systems, among others) to apply
their techniques to the feature interaction problem that arises in building
telecommunications software systems (see the back page for a description of
the problem).  We welcome papers on avoiding, detecting, and/or resolving
feature interactions using either analytical or structural approaches.
Submissions are encouraged in (but are not limited to) the following topic
      - Classification of feature interactions.
      - Modeling, reasoning, and testing techniques for detecting feature
      - Software platforms and architecture designs  to aid in avoiding,
        detecting, and resolving feature interactions.
      - Tools and methodologies for promoting software compatibility and
      - Mechanisms for managing feature interactions throughout the
        service life-cyle.
      - Management of feature interactions in PCS, ISDN, and Broadband
        services, as well as IN services.
      - Management of feature interactions in various of the operations
        support functions such as Service Negotiation, Service Management,
        and Service Assurance.
      - Feature Interactions and their potential impact on system Security
        and Safety.
      - Environments and automated tools for related problems in other
        software systems.
      - Management of Feature Interactions in various proposed
        architectures such as TMN, INA, ROSA, CASSIOPEIA, SERENITE, or


    We hope  to promote  a dialogue  among  researchers in various related
    areas, as  well  as the  designers  and builders of telecommunications
    software.  To this  end,  the  workshop will  have sessions for  paper
    presentations, including relatively  long discussion  periods.   Panel
    discussions and tool demonstrations are also planned.


    Workshop attendance will be limited to 90  people. Attendance will  be
    by invitation only. Prospective attendees are asked to submit either a
    paper (maximum  5000 words)  or  a  single page description  of  their
    interests and  how they  relate  to the  workshop. About  16-20 of the
    attendees will be asked to  present talks. We will strive for an equal
    mix of  theoretical results and practical experiences. Papers  will be
    published in a conference proceedings.


    Please  send five  copies  of  your  full original  paper  or interest
    description to:

    Wiet Bouma
    PTT Research, Dr. Neher Laboratories
    PO Box 421               or      St. Paulusstraat 4
    2260 AK Leidschendam             2264 XZ Leidschendam
    The Netherlands                  The Netherlands
    Tel:    +31 70 332 5457
    FAX:    +31 70 332 6477

                 IMPORTANT DATES:

    November 15, 1993:  Submission of contributions.
     January 15, 1993:  Notification of acceptance.
    February 15, 1993:  Submission of camera-ready versions.


    Wiet Bouma & Hugo Velthuijsen (PTT, The Netherlands)

                PROGRAM COMMITTEE

    Chair: E. Jane Cameron (Bellcore, USA)  [Rest deleted.  Request it.  PGN]

Call for papers IFIP SEC'94 Caribbean

Wed, 11 Aug 1993 01:49 +0100
  Call for Papers IFIP SEC'94 - updated information August 1993

Technical Committee 11 - Security and Protection in Information
Processing Systems - of the UNESCO affiliated INTERNATIONAL


THROUGH MAY 27, 1994.

Organized by Technical Committee 11 of IFIP, in close cooperation with the
Special Interest Group on Information Security of the Dutch Computer Society
and hosted by the Caribbean Computer Society, the TENTH International
Information Security Conference IFIP SEC'94 will be devoted to advances in
data, computer and communications security management, planning and control.
The conference will encompass developments in both theory and practise,
envisioning a broad perspective of the future of information security.  The
event will be lead by its main theme "Dynamic Views on Information Security in

Papers are invited and may be practical, conceptual, theoretical, tutorial
or descriptive in nature, addressing any issue, aspect or topic of
information security. Submitted papers will be refereed, and those presented
at the conference, will be included in the formal conference proceedings.
Submissions must not have been previously published and must be the
original work of the author(s). Both the conference and the five
tutorial expert workshops are open for refereed presentations.

The purpose of IFIP SEC'94 is to provide the most comprehensive international
forum and platform, sharing experiences and interchanging ideas, research
results, development activities and applications amongst academics,
practitioners, manufacturers and other professionals, directly or indirectly
involved with information security. The conference is intended for computer
security researchers, security managers, advisors, consultants, accountants,
lawyers, edp auditors, IT, adminiatration and system managers from
government, industry and the academia, as well as individuals interested and/or
involved in information security and protection.

IFIP SEC'94 will consist of a FIVE DAY - FIVE PARALLEL STREAM - enhanced
conference, including a cluster of SIX FULL DAY expert tutorial workshops.

In total over 120 presentations will be held. During the event the second
Kristian Beckman award will be presented. The conference will address
virtually all aspects of computer and communications security, ranging
from viruses to cryptology, legislation to military trusted systems,
safety critical systems to network security, etc.

The six expert tutorial workshops, each a full day, will cover the
following issues:

Tutorial A: Medical Information Security
Tutorial B: Information Security in Developing Nations
Tutorial C: Modern Cryptology
Tutorial D: IT Security Evaluation Criteria
Tutorial E: Information Security in the Banking and Financial Industry
Tutorial F: Security of Open/Distributed Systems

Each of the tutorials will be chaired by a most senior and internationally
respected expert.

The formal proceedings will be published by Elsevier North Holland
Publishers, including all presentations, accepted papers, key-note talks,
and invited speeches.

The Venue for IFIP SEC'94 is the ITC World Trade Center Convention
Facility at Piscadera Bay, Willemstad, Curacao, Netherlands Antilles.

A unique social program, including formal banquet, giant 'all you can eat'
beach BBQ, island Carnival night, and much more will take care of leisure
and relax time.

A vast partners program is available, ranging from island hopping, boating,
snorkeling and diving to trips to Bonaire, St. Maarten, and Caracas.
A special explorers trip up the Venezuela jungle and the Orinoco River
is also available.
For families a full service kindergarten can take care of youngsters.

The conference will be held in the English language. Spanish translation
for Latin American delegates will be available.

Special arrangements with a wide range of hotels and appartments complexes
in all rate categories have been made to accommodate the delegates and
accompanying guests. (*)
The host organizer has made special exclusive arrangements with KLM Royal
Dutch Airlines and ALM Antillean Airlines for worldwide promotional fares
in both business and tourist class. (**)

(*)(**) Our own IFIP TC11 inhouse TRAVEL DESK will serve from any city on
the globe.

All authors of papers submitted for the referee process will enjoy special

Authors of papers accepted by the International Referee Committee will enjoy
extra benefits.

If sufficient proof (written) is provided, students of colleges, universities
and science institutes within the academic community, may opt for
student enrollment. These include special airfares, appartment accommodations,
discounted participation, all in a one packet prepaid price.
(Authors' benefits will not be affected)


Five copies of the EXTENDED ABSTRACT, consisting of no more than 25 double
spaced typewritten pages, including diagrams and illustrations, of
approximately 5000 words, must be received by the Program Committee no
later than November 15th, 1993.

We regret that electronically transmitted papers, papers on diskettes,
papers transmitted by fax and handwritten papers are not accepted.

Each paper must have a title page, which includes the title of the paper,
full names of all author(s) and their title(s), complete address(es),
including affiliation(s), employer(s), telephone/fax number(s) and
email address(es).
To facilitate the blind refereeing process the author(s)' particulars
should only appear on the separate title page. The language of the
conference papers is English.
The first page of the manuscript should include the title, a keyword list
and a 50 word introduction. The last page of the manuscript should include
the reference work (if any).

Authors are invited to express their interest in participating in the
contest, providing the Program Committee with the subject or issue that
the authors intend to address (e.g. crypto, viruses, legal, privacy, design,
access control, etc.) This should be done preferably by email to
< TC11@CIPHER.NL >, or alternately sending a faxmessage to
+31 43 619449 (Program Committee IFIP SEC'94)

The extended abstracts must be received by the Program Committee on or
before November 15th, 1993.

Notification of acceptance will be mailed to contestants on or before
December 31, 1993. This notification will hold particular detailed
instructions for the presentation and the preparation of camera ready
manuscripts of the full paper.

Camera ready manuscripts must be ready and received by the Program Committee
on or before February 28, 1994.

If you want to submit a paper, or you want particular information on
the event, including participation, please write to:

  IFIP SEC'94 Secretariat, Postoffice Box 1555, 6201 BN   MAASTRICHT

  or fax to IFIP SEC'94 Secretariat: +31 43 619449 (Netherlands)
  or email to TC11@CIPHER.NL

Please report problems with the web pages to the maintainer