The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 86

Monday 23 August 1993


o Everyone gets a 'A' for Welsh exam
Richard Clayton
o Medicare checks for $0.01
Bear Giles
o E-mail privacy
Mich Kabay
o Re: Child-Prodigy
Ed Ravin
Jeffrey I. Schiller
o AT&T Security Authenticators
o Re: Remotely accessible answering machines
Mark A Biggar
o Worrying about online education
Steve Talbott
o NCSC 16 Announcement
Louise Reiner
o Info on RISKS (comp.risks)

Everyone gets a 'A' for Welsh exam

Richard Clayton <>
Mon, 23 Aug 93 17:32:02 GMT
>From the 'The Guardian'  (UK National paper) 23 Aug 1993

Exam blunder

A computer blunder was blamed yesterday for wrongly awarding A grades
to all 84 students who sat a Welsh Language exam. Corrected results
with apologies were sent out by the Welsh Joint Education Committee
after the error was discovered.

   I assume these would be 'A Level' exams for 18 year olds because
   these results came out last week. Grade A is the highest level of
   pass. They are vital for University entrance, and the papers have
   been full of stories about the necessity to get good grades in order
   to get on a course this year because of cutbacks. There must be 84
   rather worried kids out there whose plans may have to be changed!

Richard Clayton, Locomotive Software                        tel: +44 306 740606
Dorking Business Park, DORKING, Surrey, UK. RH4 1YL         fax: +44 306 885529

Medicare checks for $0.01

Bear Giles <>
Mon, 23 Aug 93 17:06:10 GMT
The 23 August issue of the _Rocky Mountain News_ (Denver) reports that
numerous people (>100) have received Medicare reimbursement checks for $0.01.

No, it was not a design error where no lower limit on checks was defined.

It seems that Blue Cross and Blue Shield, Medicare provider for Colorado,
recently changed software packages and the previous version had used a sum of
"$0.01" to indicate that claims should be sent to review.  The new software
doesn't use "in-band" signaling and simply cut checks for the apparent amount.

At least they used a *small* amount to use as signals.  Imagine the
consequences of choosing a large amount.  Say, $9,999,999.99.

Bear Giles

E-mail privacy

"Mich Kabay / JINBU Corp." <>
07 Aug 93 09:04:09 EDT
From UPI (United Press International) newswire (08/06 1259 Virginia News

   City employee booted for snooping
   NEWPORT NEWS, Va. (UPI) — A computer programmer employed by Newport
   News was fired for snooping on electronic mail between colleagues.

The brief note says that the fired computer programmer admits having
printed electronic mail between her colleagues, including "backbiting
comments about coworkers ... [and]... sexually explicit love notes."

She was fired for invasion of privacy and gross misconduct.

Moral: (user version) email is no more private than snail mail. Act

Moral: (administrator version) email is as private as snail mail. Act

Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn

Re: Child-Prodigy — clarification

Ed Ravin <>
Mon, 23 Aug 1993 16:54:03 -0400
In RISKS-14.85, writes:

>  As a supposed joke, a 14-year-old Seattle-area girl sent a Prodigy message
>  to her boyfriend in New Jersey containing a phony death threat ...
>  Known for its monitoring of messages, Prodigy alerted the police ...

It should be pointed out that the "monitored message" that contained the phony
death threat was NOT a person-to-person email message on Prodigy, but a public
bulletin board post.  Although Prodigy has a well-deserved reputation for
controlling content on their bulletin boards, they do not monitor or interfere
with private email.  Federal law (ECPA 1986) also prohibits monitoring of
email, and all responsible online services providers (including Prodigy :-)
abide by the law.

The occasional inability of police departments to distinguish between a joke
and an actual threat is well-known — one famous example is the Secret
Services' assertion that Steve Jackson's GURPS Cyberpunk fantasy roleplaying
game was really a "handbook for computer crime".  One wonders what will happen
if the police ever start reading bulletin boards like the average unmoderated
Usenet newsgroup — "Um, yes Officer, I know I posted on alt.flame.computers
that all MS-DOS users deserved to die, but, er, I was only kidding around..."

Disclaimer: I work for Prodigy as a telecommunications programmer, and
these are my opinions only, not those of my employer.

Ed Ravin, Prodigy Services Company, 445 Hamilton Avenue, White Plains NY 10601        +1 914 993 4737

Re: Child-Prodigy or Prodigy-Child? 14-year-old triggers alarms

Jeffrey I. Schiller <jis@MIT.EDU>
Sun, 22 Aug 93 16:26:18 -800
This note raises many very interesting issues. How did Prodigy know about the
threat? Did the recipient (the boyfriend) report the message to them, or am I
to read this message to indicate that Prodigy is monitoring personal mail
between individuals? Let's assume so...

It's a scary world we are entering if our personal communications are being
monitored and judged by the "authorities".

It's even worse when these "authorities" can misunderstand our words and make
us pay for their trouble! Talk about chilling free speech!

At MIT I supervise the campus computer network, the MIT portion of the
Internet.  We have an internal policy that we do *not* monitor messages
between individuals. We, however, state that our staff *may* inadvertently
encounter personal mail due to our maintenance activities (more then likely
because the mail system barfs and the message is delivered to the dead letter
bin for manual routing).

Consistent with the ECPA of 1986, if we come across a message that indicates
that something illegal is going on, we will notify law enforcement. However
whatever action we or law enforcement takes is at our mutual risk if there is
in fact no crime.

I can easily envision a situation where we uncover a message that in part

"Tomorrow we will assassinate the leader of [insert your favorite country

We will no doubt notify the appropriate authorities. However, it may turn out
that the message had to do with a role playing game where the actors were
playing agents of various countries (such games do exist). In this context the
above message would be quite innocent. However some significant resources may
be expended (read: money spent) before this is determined.

Who Pays?

Does it really make sense to have the innocent message originator pay? That is
what it sounds like Prodigy et al. believe!

Big Brother is watching us... through our computers!


P.S. The scariest thing about services like Prodigy monitoring the mail is
that People seem to tolerate it!!!

AT&T Security Authenticators

Mon, 23 Aug 1993 09:11:28 -0400 (EDT)
I agree that AT&T is very willing to use alternate authenticators, but their
security overall for Universal Card (MasterCard & Calling Card in one) is poor
at best.  To defend this assertion, I present the case of my new Universal
Card, which, after delivery to a neighbor of mine who was required to
eliminate dumping process water on my law, didn't arrive at all.  No charges
mind you, but AT&T did discuss the account with my neighbor, who phoned up and
chatted about my credit line, cash machine PIN number, my age (he claimed I
wasn't out of high school...), and best of all, the fact that my car had been
repossessed last week (funny, I thought I paid cash for it).  Anyway, AT&T's
response was to pull three credit bureaus in one day, send me a new card, and
not inform me of these little chats. I only found out when I wanted to get a
new card air-expressed after I dry-cleaned mine.

Re: Remotely accessible answering machines (Shimomura, RISKS-14.85)

Mark A Biggar <>
Mon, 23 Aug 93 14:56:18 PDT
This type of answering machine can become a physical security problem as
well.  My sister lives in a so called "high security" apartment building.
To gain entry to visit someone, you enter their apartment number on a panel
at the front door, the system then places a phone call to that apartment
and provides a mic and speaker so you can talk to the person you want to
visit.  If they want to let you into the building, all they have to do is
punch a code on their phone (#9 if I remember right).  Now, my sister also
has one of these smart answering machines, which of course is what answers
if no-one is home.  My sister was very startled when I showed her that if I
knew the access code to her answering machine, I could program it to playback
the signal to let me in the front door.  Even a simpler machine with just
remote playback can be spoofed this way.  All you need is a pocket tape
machine with a recording of the #9 tones, call the machine once to
recorde the tones and call it a second time to play the tones back.

Mark Biggar

worrying about online education

Steve Talbott <>
Thu, 12 Aug 1993 17:31:09 GMT
I am cross-posting the following essay (1670 words) from the Consortium for
School Networking discussion list.  In this way I hope to find out whether the
readership of comp.risks is at all interested in the more "hidden" issues
posed by computers and network technology.  By this I mean not so much
questions of privacy, physical health, computer error, and so on, as those
relating to the more subtle and intimate interrelationships between ourselves
and the patterns of intelligence we have been embodying in our machines.

I'm also curious whether there's any possibility for a discussion of these
issues that does not degenerate into the worthless shouting matches so common
in the "philosophy" groups.  The sobriety of comp.risks gives one hope.

I'll welcome all critical response.  (Feel free to say "not interested" as
well.)  Many thanks for your attention.

(I am not an educator, although I home-taught two of my children for a few
years.  I have worked in the software and technical writing field for some
12 years, and am currently an editor at O'Reilly and Associates.  We
publish books related to computers--including the immensely popular Whole
Internet User's Guide and Catalog.  This essay is one of a collection of
short, Internet-related pieces I am currently working on.)

Steve Talbott

Copyright 1993 Stephen L. Talbott.  You may freely redistribute these
remarks on a not-for-profit basis so long as this notice and the remarks
themselves are left fully intact and unedited.

                    Net-based Learning Communities

Entering a classroom, the sixth-grade girl sits down at her terminal and
composes an email message to her "net pal" in India.  The two of them are
comparing notes about efforts to save endangered species in their separate
localities, as part of a class project.  (During the afternoon, a reply comes
back.)  In later years, these children may even chance to meet, and their
email exchanges will have prepared them to accept each other on equal terms,
rather than to be put off by cultural barriers.

An attractive picture?  Very much so.  This sort of thing is one of the bright
promises of the net.  Personally, however, I doubt we will see its broad
realization any time soon.  Why?  Because the promise is being overwhelmed by
sentimentality, uncritical futurism, and the worship of technology.  We're
seeing an unhealthy romanticization of the net.

Allow me a brief flanking movement here.  It's now routine for social critics
to bemoan the artificial, fantasy-laden, overstimulating (yet passive)
environments in which our children grow up.  I'm not sure the bemoaning helps
any, but I believe the concerns are largely justified.  The problem is that
they too rarely strike through to the heart of the matter.  For if the child
must fill up his existence with "virtual" realities and artificial
stimulation, is it not because we have systematically deprived him--not to
mention ourselves--of the real world?

Link together in your mind a few simple facts, many of them common-

Schools have become ghettos for the young.  Perhaps for the first time in
history, our century has seen children strictly cut off from meaningful
connection to the world of adult work.  That work is hidden away behind the
walls of the industrial park.  Likewise, all the once-local functions of
government have become distant, invisible abstractions, wholly disconnected
from what the child observes going on around him.  As to the evening news, it
concerns events that he must find hard to distinguish from last night's movie.
(And when he grows up and hears the screaming on the city street, will he know
to do anything but *watch*?) The ubiquitous television serves in addition to
cut him off from meaningful interaction with his own family.  Even the eternal
necessities have become invisible; sickness and death are but the rumors of a
sanitized mystery enacted behind closed doors in the hospital--grandmother
will not utter her last groans and die untidily on the couch in the living
room.  And perhaps most importantly (but this we do not pay attention to), the
science he encounters at school is increasingly a science of abstractions --
forces and vectors, atoms and equations.  And so he is deprived also of his
living connection to trees, rain, and stars.  The world recedes behind a
screen, a veil of unreality.

I do not pine for the particular forms of a lost past.  The question, rather,
is how to replace what needs replacing, and with what.  As things stand, the
picture cited above leads to to a crushing conclusion, first elaborated so far
as I know by the Dutch psychologist, Jan Hendrik van den Berg, at mid-century.
Can we rightly complain, van den Berg asked, when the child grows up and
somehow fails to "adjust"?  Adjust to what?  Nothing is there--everything is
abstract, distant, invisible!  And so the modern conclusion of the matter
seems inevitable: we force the child to live within an inner fantasyland, cut
off from the nurturing, reassuring matrix of visible, tangible, accessible
structures and authorities that once constituted "community."  No wonder the
surreal world of the video game is his natural habitat.  Nor will it do any
good to trash the video games, if we find no way to replace them with
real-world involvement.

To turn such a child over to the net for learning purposes is not a simple and
automatic good.  Can we structure the bewildering, abstract, game-like maze of
possibilities into healthy learning experiences, appropriate to the child's
age?  Or will he be much more inclined to find here simply a yet more glorious
video game landscape?

The "interface" between the young girl and her net pal is undeniably thin,
one-dimensional, remote.  As valuable as it may nevertheless be, it is not the
missing key for redeeming the learning community.  Even as a tool for
promoting global understanding, it scarcely counts beside the much more
fundamental--and deeply threatened--sources of social understanding.  The
girl, of course, will learn whatever she does of friendship from peers who
sweat, bleed, taunt, curse, tantalize, steal, console, and so on.  If I need
to find out whether she will become a good world citizen, don't show me a file
of her email correspondence.  Just let me observe her behavior on the
playground for a few minutes.  (This assumes, of course, that she spends her
class breaks on the playground, not at her terminal playing video games.)
Unfortunately, the assessment is not likely to turn out positive so long as
the schoolyard is hermetically isolated from any surrounding,
multi-dimensioned community.  And to see the net as an easy remedy for *this*
kind of isolation is, at best, simplistic.

The danger of the net, then, is the very opposite of the romantic picture: it
invites further de-emphasis of the single, most important learning
community--the one consisting of people who are fully present--in favor of a
continuing retreat into communal abstractions — in particular, retreat into a
community of others whose odor, unpleasant habits, physical and spiritual
needs, and even whose challenging ideas, a student doesn't have to reckon with
in quite the same way his neighbor demands.

The most bothersome thing here is our tendency to leap rather too easily from
raw technology, or from simple images of its use, to far-reaching conclusions
about extraordinary complex sociological issues.  There is, after all, one
absolutely unavoidable fact: technologies for "bringing people together" do
not necessarily *bring people together*.

Before the news media went gaga about the information superhighway, there were
asphalt superhighways.  Didn't these bring us all closer together?  In many
ways they certainly did.  The whole transportation revolution was no puny
thing, even beside the computer revolution.  It re-made society.  We now brush
up against each other in ways unimaginable in earlier eras.  Few of us would
want to give up all the new possibilities.  But, still, the uncomfortable
question remains: is that the spirit of "community" I feel as I peer over the
edge of the superhighway at the dilapidated tenements below?  And when I turn
to the net for my commuting, will I lose even the view from the asphalt?

Actually, the rhetorical question is unnecessary.  For the answer, in my case,
is already given: I telecommute from my suburban basement, and rarely have
occasion to venture very far out.  I blame no one else--nor any
technology--for this; the choices are my own.  But one still needs to ask: how
will technology play into the kinds of choices society (that is, we) are
already tending to make?  *Here* is the sort of question we should be asking
when we gaze into the future.  Some technologies naturally tend to support our
virtues, while others give play most easily to our vices.  I am dumbfounded
that so many fail to see how the spreading computer technologies--in education
as in many other arenas--not only offer distinct hopes but also tempt us with
seductive overtures at a most vulnerable moment.  It would be much easier to
welcome the truly exciting things computers promise us, if one didn't see so
many eyes firmly closed to already existing tendencies.

Perhaps my single greatest fear about the growing interest in networked
learning communities is the fear that we will further undermine the human
teacher.  The most critical element in the classroom is the immediate presence
and vision of the teacher, his ability to inspire, his devotion to truth and
reverence for beauty, his moral dignity--all of which the child observes and
absorbs in a way impossible through electronic correspondence.  Combine this
with the excitement of a discovery shared among peers in the presence of the
actual phenomena occasioning the discovery (a worm transforming itself into a
butterfly, a lightning bolt in a jar), and you have the priceless matrix of
human growth and learning.

The email exchange between the young girl and her Indian counterpart,
added to *such* an environment, could be a fine thing.  (Actually, it is
happening already, here and there.)  But let's keep our balance.
Surely the problems in modern education stem much more from the rarity
of the aforementioned classroom milieu than from lack of student
access to such net "resources" as overseas pen pals.

Many people in our society are extremely upset--justifiably so, in my
opinion--with the current educational system.  That gives some hope.
But a dramatic and ill-advised movement toward online education may
well be the one smoke screen fully capable of preventing an aroused
public's focus upon the issues that really count.

Yes, the student will have to acquire net skills, just as he had to learn
about word processors and the organization of reference materials in the
library.  But this is not a new model of learning.  The most evident new
model--not a very desirable one--lies still half-understood in the net's
undoubted potential for dispersing energies, distracting attention, reducing
education to entertainment, and--above all else--leading the
television-adapted student ever further from human community toward a world of
fantasies and abstractions, a world too artificially plastic and manipulable,
a world desperately removed from those concrete contexts where he might have
forged a sturdy, enduring character.

Let's give our teachers a realistic sense for the possibilities and the
challenges of the net, so they can soberly assess how it might further this or
that teaching goal.  Let's *not* subject them to a tidal wave of blind,
coercive enthusiasm that adds up to the message: "connect as soon as possible,
or be left behind."
                                               Stephen L. Talbott

NCSC 16 Announcement for RISKS

Thu, 19 Aug 93 12:32 EDT
Dates:  20-23 September 1993
Location:  Baltimore Convention Center Baltimore, Maryland
Registration fee:  $275

The National Computer Security Center and the National Institute of Standards
and Technology will present the 16th National Computer Security Conference
from 20-23 September at the Baltimore Convention Center.

This year's three and one-half day program features tracks in : Research &
Development; System Implementation; Management & Administration; Criteria &
Evaluation; Tutorials & Other Presentations.

aA summary of the technical program follows.  To obtain more information about
the technical program send a message to

          NCS_Conference at DOCKMASTER.NCSC.MIL   or
          call the NCSC on 410-859-4371.

To obtain a registration form, call the Conference Registrar at
301-975-2775 or send a message to NCS_Conference at DOCKMASTER.NCSC.MIL



       PANELS - Strategies for Integrating Evaluated Products
                    Chair: J. Williams, MITRE
              - Multilevel Information System Security Initiative
                    Chair: G. Secrest, NSA
              - Trusted Applications
                    Chair: J. Cugini, NIST
              - Best of the New Security Paradigms Workshop II
                    Chair: H. Hosmer, Data Security Inc.
              - Enterprise Security Solutions
                    Chair: P. Lambert, Motorola

       PAPER SESSIONS - Honesty Mechanisms
                              Chair: E. Boebert, SCTC
                      - Database Research
                              Chair: M. Schaefer, CTA
                      - Access Control
                              Chair: P. Neumann, SRI


        Panels: - Perspectives on MLS System Solution Acquisition
                    Chair: J. Sachs, ARCA
                - Network Management — The Harder Problem
                    Chair: R. Henning, Harris Corp.
                -  Application of INFOSEC Products on WANs
                    Chair: J. Capell, Lockheed
                - Security for the Securities Industry
                    Chair: S. Meglathery, NYSE

       Paper Sessions:  - Access Control Topics
                              Chair: D. Balenson, TIS
                        - Network Risks & Responses
                              Chair: B. Burnham, NSA
                        - Software Engineering
                              Chair: V. Gibson, Grumman
                        - System Engineering with OTS Products
                              Chair: M. Tinto, NSA
                        - Network Implementation
                              Chair: F. Mayer, Aerospace Corp


       PANELS - Virus Attacks & Counterattacks: Real World Experiences
                    Chair: J. Litchko, TIS
              - Terror at the World Trade Center
                    Chair: S. Meglathery, NYSE
              - Contingency Planning in the 90s
                    Chair: I. Gilbert-Perry, NIST
              - On a Better Understanding of Risk Management Techniques
                    Chair: S. Katzke, NIST
              - Security Awareness, Training & Professionalization
                    Chair: D. Gilbert, NIST
              - Accreditor's Perspective - How Much is Enough?
                    Chair: J. Litchko, TIS
              - Security & Auditability of Electronic Voting Systems
                    Chair: R. Mercuri, U. of Penn.
              - Protection of Intellectual Property
                    Chair: G. Lang, Harrison Ave. Corp.
              - The Privacy Impact pof technology in the 90s
                    Chair: W. Madsen, CSC
              - Electronic Crime Prevention & Investigation
                    Chair: R. Lau, NSA

       PAPER SESSION - Managing & Promoting INFOSEC Programs
                              Chair: D. Parker, SRI


       Tutorials: - Threats & Security Overview
                              A. Liddle, IRMC
                  - Trusted Systems Concepts
                              C. Abzug, IRMC
                  - Trusted Networks
                              R. Bauer, E. Schultz,  ARCA
                  - Trusted Databases
                              G. Smith, W. Wilson,  ARCA
                  - Trusted Integration & System Certification
                              J. Sachs, ARCA

      Panel Presentations: - CLIPPER Chip
                                        Chair: L. McNulty, NIST
                           - Getting Your Work Published
                                        Chair: J. Holleran, NSA
                           - INFOSEC Standards: The DISA Process
                                        Chair: W. Smith, DISA
                           - Security Requirements for Cryptographic
                               Modules; Chair: L. Carnahan, NIST


      Presentations: - Introduction to the Federal Criteria
                              G. Troy, NIST; D. Campbell, NSA
                     - Federal Criteria: Protection Profile Development
                              J. Cugini, NIST; M. DelVilbiss, NSA
                     - Federal Criteria: Registration of Protection Profiles
                              D. Ferraiool, NIST; L. Ambuel, NSA

      Panels - Federal Criteria: Protection Profiles for the 90s
                    Chair: R. Dobry, NSA
             - Federal Criteria: Vetting & Registration of Protection Profiles
                    Chair: L Ambuel, NSA
             - Evaluation Paradigms: Update on TPEP and TTAP
                    Chair: S Nardone, NSA
             - European National Evaluation Schemes
                    Chair: E. Flahavin, NIST
             - The European Evaluation Process
                    Chair: P. Toth, NIST
             - International Harmonization I
                    Chair: Y. Klein, SCSSI, France
             - Goals & Progress Toward the Common Criteria
                    Chair: G. Troy, NIST
             - Federal Criteria User Forum
                    Chair: C. Wichers NSA

   Plenary: "Information System Security Strategies for the Future"
                    Chair: Stephen Walker
                    Panel: James P. Anderson
                           Dr. Willis Ware
                           Dr. Roger Schell

Please report problems with the web pages to the maintainer