Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 15: Issue 28
Weds 17 November 1993
Contents
Power problems stops Milano Stock Exchange for 4 hours- Lorenzo Strigini
- Lawyer discovers the RISK of computer efficiency
- Martin Minow
- Living Will Database
- Brian Hawthorne
- Review of "Second Contact" by Resnick
- Rob Slade
- UK government to scrap safety laws
- Jonathan Bowen
- Tablespoons, or, handwriting recognition may be hazardous to your poem
- Mark Brader
- Visa introduces transaction UIDs
- Bob Frankston
- Re: CERT Reports and system breakins
- Steve Bellovin
- Re: MASS state police confusion
- Eric N. Florack
- Re: Ada Usage
- Harry Erwin
James H. Haynes - Re: Groundhog Day, D-Day, Remembrance Day, and all that
- mathew
- A Myth is as good as a Smile
- PGN
- Call-for-Papers for 17th Nat`l Computer Security Conference
- Louise Reiner
- Info on RISKS (comp.risks)
Power problems stops Milano Stock Exchange for 4 hours
Lorenzo Strigini <strigini@iei.pi.cnr.it>
Wed, 17 Nov 93 09:13:26 MET
Yesterday, 16th of November, trading at the Milano Stock exchange started late at 14:30 because the "telematic" system was down due to a power failure "dating from the previous day" (I am quoting "Il Sole 24 ore", "political economical-financial daily"). The day was bad for the market, with the "Mib" stock index going down 2%. This is attributed to political uncertainties coinciding with a normally bearish period of the year. A morning radio newscast, interviewed an "expert". Excerpts (from memory): the system is undergoing major changes as it will soon handle 100% of the trading vs 70% now (it was not clear whether by number of transactions, of stocks or by value); there is no reason for worry "as this was a hardware, not a software fault"; such problems are unavoidable, as "even satellites and space shuttles, with computers that are not duplicated but _triplicated_, have had their launches aborted due to such problems" (the interviewer sensibly asked "leave satellites alone and tell us about stock exchanges", and the interviewee said that comparable failures have occurred at the London, Paris, New York exchanges. I have no information about the stated availability requirements, the architecture of the system, and the provisions for recovery (if others have such information, I'd appreciate it if they mailed it to me). Lorenzo Strigini IEI-CNR Via Santa Maria 46 I-56126 Pisa - Italy tel. +39 50 593495; fax +39 50 554342 E-mail: strigini@iei.pi.cnr.it
Lawyer discovers the RISK of computer efficiency
Martin Minow <minow@apple.com>
Tue, 16 Nov 93 17:09:40 -0800
>From the New York Times, Friday November 12, 1993 (page B20): At the Bar. David Margolick. "Court asks a lawyer, if a computer is doing most of the work, why the big fee?" [Abstracted and excerpted] Craig Collins, a lawyer in San Mateo California, used the West CD-ROM library, a system that contains every court opinion published in California in the last 33 years on three compact disks, to research a parental rights case. Under penalty of perjury, he swore that he had devoted 22 hours, ten of them over the Fourth of July weekend, to writing several memorandums concerning the rights of step-parents in custody cases. "At his normal rate of $225 an hour, that worked out to $4,950, part of his total tab of $9,591.50. The money was to come from the stepfather, who lost the case, provided it was approved by Judge Roderic Duncan of the Alameda County Superior Court." "That was not quite what happened. Indeed, after deconstructing the mechanics of modern computer research, Judge Duncan not only balked, but handed Mr. Collins to the disciplinary enforcement section of the State Bar of California." As it turned out, large portions of Mr. Collins memorandums were copied directly from the court opinions, without attribution. Collins explained that he had quoted the courts at length because "their language ``was better written than I would have composed it myself.''" The court, however, found that 22 hours was rather extreme for cutting and pasting since Mr. Collins was an experienced lawyer. At the hearing, William P. Eppes II, a representative of the West Publishing Company testified that Mr. Collins had used the system for a total of of 9 hours and 33 minutes since he had purchased it. The witness, who was also a lawyer, testified that it seemed entirely plausible that Mr. Collins had put in the time he claimed. The judge was impressed by the witness' reasoning and withdrew his claim that Mr. Collins had not worked as long as he did. "All those hours at the computer, the judge seemed to say, reflected inefficiency rather than dishonesty." Although disciplinary proceedings were dropped, Mr. Collins is still displeased with a judge who, in an interview, he described as "a ``cavalier'' judicial ``maveric'' whose ill-considered opinions had periodically been criticized by the California courts of appeal. How did he know? He consulted his trusty CD-ROM, and plugged in the words ``Duncan'' and ``reversal.''" ["Quotes" are directly from the article. ``Quotes'' are quoted material in the original article. On the same page of the Times, you will also find an interesting article on modern computerized fingerprint systems. The FBI has a database of 30 million unique cards and performs more than 32,000 searches per day. The modern systems can compare a print at rates faster than 1,000 per second. Martin Minow minow@apple.com]
Living Will Database
Brian Hawthorne - SunSelect <Brian.Hawthorne@east.sun.com>
Mon, 15 Nov 1993 10:20:26 +0500
A recent item on the New York Times newswire described a patent granted to Victor Alan Perry (date: 11-14-93 1811EST/category: Financial/ subject: BC PATENTS/title: PATENTS: FAT SUBSTITUTE COULD BURN UP; LIVING WILL DATABASE/author: TERESA RIORDAN). Apparently, Mr. Perry, et alia, have been granted US patent 5,241,466 for a "system for administering a central depository for living wills". He envisions an '800' number that doctors and hospitals can call. The system will then fax back a copy of the appropriate document (living will, durable power of attorney, etc.) for the patient. He would also like to extend the system to be modem-accessible. The purpose of the system is to save some of $10,000,000,000 which is claimed to be spent "for artificial life support of people who did not wish to be kept alive". [That would make an interesting target for computer break-ins! PGN]
"Second Contact" by Resnick
"Rob Slade, Ed. DECrypt & ComNet, VARUG rep" <roberts@decus.arc.ab.ca>
13 Nov 93 19:46 -0600
BK2NDCNT.RVW 931014
Tor Books
49 West 24th Street
New York, NY 10010
"Second Contact", Resnick, 1990, U$3.95/C$4.95
The jacket blurb states that this book is a treat for anyone who likes
"computers, science fiction, or just a plain good read." The "good read" part
is going to depend on personal preference: the science fiction part seems to
be almost a side issue. The computer enthusiasts will be presented alternately
with ideas and giggles.
The book is set seventy-five years into the future. Neither politics nor
technology appears to have advanced very far and, with a publication date just
before the "Seven Days That Shook the World" (as CNN would have it), the major
national security concern of the US is still "Russian spies". (Interestingly,
the book lists the US, Russia, China and Brazil as spacefaring nations, while
the cover shows a clear shot of a "NASA/ESA" logo on a rocket-like device.)
Computers equipped with voice recognition still cannot deal with more than one
speaker. At one point a computer retailer tells one character that if the
modem (what happened to ISDN?) she is trying isn't fast enough, they have one
that will transmit at "38,400 baud." (If the author isn't just confusing baud
and "bits per second" this indicates some improvement over "voice grade" lines,
but hardly enough for the seemingly ubiquitous "vidphones" unless trellis
coding has gotten *really* sophisticated.)
None of the data security or communication issues raised are terribly
sophisticated. The author has apparently never heard of telnet capabilities or
the like. As usual in fictional accounts, the "hacker" is not only skilled
with computers, but is a phone phreak as well.
Two of the security topics are of some interest. One is the account of files
being secured by "moving". The concept of "security by obscurity" is
justifiably condemned, but it is true that leaving "standard" accounts open or
having "standard" directory and file structures is, to a certain extent, a
potential security loophole. The next logical step, beyond putting files in a
non-standard location, is to keep moving the files. Unfortunately, there must
be a way to retrieve the files, so somewhere there must be a pointer to them.
The other point regards database security. At one stage of the plot, the
heroes are trying to track the identity of an individual who is "classified to
the max." By using the database inference problem, they are able to pinpoint
his location. The example is somewhat simplistic, but involves generating a
number of queries and discarding the ones the computer does *not* reject as
classified.
The topic of alien contact, suggested by the title, is really of relatively
minor importance. A computer security whimsy in sf clothing.
copyright Robert M. Slade, 1993 BK2NDCNT.RVW 931014
Permission granted to distribute with unedited copies of the Digest
======================604-984-4067==============================
DECUS Canada Communications, Desktop, Education and Security group newsletters
Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733
DECUS Symposium '94, Vancouver, BC, Mar 1-3, 1994, contact: rulag@decus.ca
UK government to scrap safety laws
<Jonathan.Bowen@prg.ox.ac.uk>
Mon, 15 Nov 93 09:36:30 GMT
The following is extracted from the lead article on the front page of the 14
November 1993 issue of The Independent on Sunday:
"A RAFT of safety legislation will be scrapped in a Bill that the
Government is to announce this week in the name of minimising costs to
commerce and industry. It will be the biggest shake-up of health and
safety law in 20 years. ...
One element will be the abandonment of the longstanding assumption
that safety legislation can only be repealed if it is replaced by
regulations just as tough. ...
Michael Heseltine, President of the Board of Trade, also wants to
revoke European regulations safeguarding millions of people who work
with computer screens. He plans to play down the risk of repetitive
strain injury and abolish the requirement on employers to provide eye
tests and glasses if they are needed."
As is typical in the UK, details were leaked to the press ahead of the planned
Deregulation Bill to be announced in the forthcoming Queen's Speech to
Parliament.
Jonathan Bowen, Oxford University
[Might that imply the demise of DEFSTAN 00-55 and 00-56? PGN]
Tablespoons, or, handwriting recognition may be hazardous to your poem
<msb@sq.com>
Wed, 17 Nov 1993 13:35:18 -0500
[This poem was generated by entering Lewis Carroll's poem "Jabberwocky",
from "Through The Looking Glass" into an Apple Newton. Nonsense words in
the original were each written three times to get the most consistent match.]
TABLESPOONS
Teas Willis, and the sticky tours
Did gym and Gibbs in the wake.
All mimes were the borrowers,
And the moderate Belgrade.
"Beware the tablespoon my son,
The teeth that bite, the Claus that catch.
Beware the Subjects bird, and shred
The serious Bandwidth!"
He took his Verbal sword in hand:
Long time the monitors fog he sought,
So rested he by the Tumbled tree,
And stood a while in thought.
And as in selfish thought he stood,
The tablespoon, with eyes of Flame,
Came stifling through the trigger wood,
And troubled as it came!
One, two! One, two! And through and though,
The Verbal blade went thicker shade.
He left it dead, and with its head,
He went gambling back.
"And host Thai slash the tablespoon?
Come to my arms my bearish boy.
Oh various day! Cartoon! Cathay!"
He charted in his joy.
Teas Willis, and the sticky tours
Did gym and Gibbs in the wake.
All mimes were the borrowers,
And the moderate Belgrade.
Lewis Carrol's JABBERWOCKY as "recognized" by the Apple Newton,
(c) 1993 Robert McNally. Permission is granted to reproduce this
if the copyright remains intact.
["It seems very pretty," she said when she had finished it, "but it's
rather hard to understand!" (You see she didn't like to confess even to
herself, that she couldn't make it out at all.) --Lewis Carroll]
Forwarded to rec.humor.funny and comp.risks by Mark Brader
Visa introduces transaction UIDs
<Bob_Frankston@frankston.com>
Sun, 14 Nov 1993 16:07 -0400
There is an article in The New York Times of 14 Nov 1993, Page F9, about how Visa is (finally!!!) introducing transaction-unique IDs into its system as a way of tracking transactions and, of course, reducing fraud. They also use the term "digital signature", but, I presume, they are simply corrupting a technical term by misappropriating it for another function. They seem to mean "unique ID", but perhaps they are also worried about spoofed transactions. Can someone provide more information on this?
Re: CERT Reports and system breakins (Karn, RISKS-15.22)
<smb@research.att.com>
Mon, 15 Nov 93 11:41:38 EST
We need strong security mechanisms based on good cryptography
and well thought out protocols. They're underway, but they will
take time to develop.
In RISKS-15.22, Phil Karn suggests that the major network security issue is
the lack of good protocols. While that's certainly a problem, I don't think
cryptographic authentication will do that much to solve the network security
problem.
Cryptography does two things: it provides secrecy if you want it, it it
provides authentication, either explicitly or implicitly, since a packet
encrypted with the wrong key will decipher to garbage. Both will help
somewhat; properly-targeted encryption will eliminate password-sniffing, and
cryptographic authentication will allow more hosts to extend trust to users or
other hosts on a more rational basis.
However, cryptography does nothing to solve the *host* security problem. My
incoming mail traffic could be protected by triple DES composed with quadruple
IDEA -- and it will do me no good if the mailer has bugs in its implementation
of good old RFC821 and RFC822. Nor will Kerberos and my one-time password
help against an opponent who has sabotaged my shell, so that he or she will
get back-door access to my account and my cryptographic credentials. After
all, the privileges that let intruders monitor Ethernets and install
boobytrapped login and telnet commands will let them change anything else on
my system. Fixing network protocols will do nothing to guard against buggy
specifications or buggy implementations.
The real issue is one of software engineering. At the last USENIX UNIX
Security Conference, Robert H. Morris gave the keynote address. Its title was
on the order of ``If your software is full of bugs, what does that say about
its security?'' That's the real issue -- learning how to get *host* security
right.
--Steve Bellovin
Re: MASS state police confusion (Garfinkel, RISKS-15.26)
<Eric_N._Florack.cru-mc@xerox.com>
Mon, 15 Nov 1993 07:08:40 PST
<>"It wasn't actually a tape of vehicle owners. They got stickers confused with people who were supposed to get food stamps. So the people [who were supposed to get] the food stamp books got the gun permits, and the people who were supposed to get gun permits got food stamps. But it wasn't the Registry this time."<< Gee, I know /I/ feel better, now.... NOT!!!!! I mean, we`re not supposed to be concerned that gun permits were issued to food-stamp recipients.... a group that has been traditionally prone to living in high-crime areas? As much as I`m against gun control, issuing permits to untested people would seem to present a very clear RISK. His screams of `It`s not our fault /this time/` suggests that there is a bit of history, here, for this kind of error. Gee, I feel REAL secure, knowing our all powerful, and deeply caring government is so able and willing to help us. And there`s a big government type in the Kremli..(ahem) WHite House? (Sh-sh-sh-shudder) Be afraid., Be very, very afraid. Eric_Florack.CRU-MC@Xerox.COM
Re: Ada Usage
Harry Erwin <erwin@trwacs.fp.trw.com>
15 Nov 1993 16:04:38 GMT
There are real problems for which Ada is not the best language. 1. Simulation--due to the lack of support for coroutines, Simula-style semaphores, condition queues, call by name, and event lists, 2. Test generation--for similar reasons, 3. Multi-threaded applications with external inputs, where the usual tasking libraries run into problems. What happens is that the OS and the run-time environment sometimes need to enter messages or events into the same queues. Unless the library has been carefully integrated with the operating system, race conditions can occur, losing entries. 4. Object-oriented programming in the full sense, 5. Completion routines for inter-device protocols, and 6. Anything that needs to run close to the bare metal. Cheers, Harry Erwin erwin@trwacs.fp.trw.com herwin@cs.gmu.edu Working on Freeman nets.
Re: No change in Ada policy (anonymous, RISKS-15.26)
James H. Haynes <haynes@cats.ucsc.edu>
15 Nov 1993 21:46:41 GMT
>If the government really believes in capitalism, and if the government >believes that private industry is in business to make money, then the >government should be willing to allow industry to transition to Ada as that >makes economic good sense. And not sooner. But the defense business is a very peculiar flavor of capitalism. The defense companies may see it as being in their own best interests to program in company-proprietary languages forever. I believe this was part of the justification for Ada. haynes@cats.ucsc.edu haynes@cats.bitnet
David Brin ==> Vernor Vinge (minor correction) (Hicks, RISKS-15.27)
the person your mother warned you about <phydeaux@med.cornell.edu>
Tue, 16 Nov 1993 13:04:43 -0500
In RISKS-15.27, mc!Brad_Hicks@mhs.attmail.com wrote: >altogether. Not for nothing did David Brin in his novel _Earth_ refer to a >UseNet-like system as "the Net of a million lies." All manner of lies have Only one thing, of course, is that the "Net of a Million Lies" comes from Vernor Vinge's "A Fire Upon the Deep," rather than Brin's Earth. Doesn't really change the validity of the argument however. How is this correction relevant, you ask? Because any piece of wrong information, no matter how slight, is at risk of being spread throughout the world! 73 de Dave Weingart KB2CWF phydeaux@cumc.cornell.edu (212) 746-3638
Re: Groundhog Day, D-Day, Remembrance Day, and all that (RISKS-15.25)
mathew <mathew@mantis.co.uk>
11 Nov 1993 12:13:34 -0000
msb@sq.com writes: >And one day early this month, *I* learned that it's also a good idea >to test a program both during and after the first 9 days of the month. >Gotta watch those 1- and 2-digit numbers! On a related note, a good date to try is the first 2-digit Wednesday in September, if your program produces English language output. mathew [Yes, I noted that very day in RISKS, the first time the masthead line went over 80 characters on that day, truncating the issue number! PGN]
A Myth is as good as a Smile
"Peter G. Neumann" <neumann@csl.sri.com>
Tue, 16 Nov 93 17:40:13 PST
I received a lot of out-of-band comments about L.Detweiler's piece in RISKS-15.25, and still more asking why I devoted a whole issue (RISKS-15.27) to the responses. (I tend to do dedicated issues when I get an enormous flurry of follow-ups, so that if you do not appreciate the subject matter, you can disregard it in its entirety.) There were many suggestions that this topic should end immediately, which it will, I hope, with this message. But remember, folks, the lack of E-mail authenticity, message integrity, and personal accountability is a real potential problem throughout the Internet, not only on April Fools' Day. Almost no one commented on the original title, Snakes of Medusa. Someone suggested that the Hydra might have been more appropriate, the serpent that started with nine heads and regenerated two to replace any one that was severed. There is a REAL multiple-identity problem. (Medusa was the snaky-haired Gorgon whose glance would turn you into stone. A cheesy biography of stoned individuals might been written by Gorgon Zola.) At any rate, further follow-up messages from Eric Hughes and L.Detweiler can be found in the RISKS archive on CRVAX.SRI.COM in directory RISKS: under the file name RISKS-15.28X. That is the end of it in RISKS. For further discussion, try L.Detweiler or the Cypherpunks newsgroup.
Call-for-Papers for 17th Nat`l Computer Security Conference
<Reiner@DOCKMASTER.NCSC.MIL>
Mon, 15 Nov 93 10:15 EST
CALL FOR PAPERS & PANELS - 17TH NATIONAL COMPUTER SECURITY CONFERENCE
October 11-14, 1994 --- Baltimore, Maryland
Co-Sponsors: National Institute of Standards & Technology
National Computer Security Center
The National Computer Security Conference attendees represent a broad
range of information security interests spanning government, industry,
commercial, and academic communities. Papers and panel discussions
typically cover:
- research & development for secure products and systems;
- implementation and accreditation of secure systems;
- administration & operation of secure systems;
- evaluation of products and systems against trust criteria;
- international harmonization of security criteria & evaluations;
- promotion of computer security: education, awareness and training;
- social and legal issues related to computer security.
We invite the submission of papers and proposals for panels in any of
the above areas and on other topics related to the confidentiality,
integrity, and availability of data and resources in information
systems. Papers will be selected through an anonymous review process
and will be published in the conference proceedings. Panels will be
selected by the Program Committee, and panel members will be expected to
provide written statements for inclusion in the proceedings.
BY 1 MARCH 1994: eight (8) copies of your paper or panel proposal
should ARRIVE at the following address:
National Computer Security Conference
ATTN: NCS Conference Secretary, APS XI
National Computer Security Center
Fort George G. Meade, MD. 20755-6000
By 1 June, 1994: Authors and panel chairs selected to participate in
the conference will be notified and advised when final papers and panel
statements are due.
PREPARATION OF CONFERENCE SUBMISSIONS:
Cover sheet: Type of submission (paper, panel, tutorial)
Title or Topic
Abstract (not to exceed 250 words)
Author(s)
Organizational Affiliation(s)
Phone numbers (voice and fax if available)
Internet address if available
Point of contact if more than one author
SUBMISSIONS RELATED TO WORK UNDER U.S. GOVERNMENT SPONSORSHIP
MUST ALSO INCLUDE THE FOLLOWING:
Program Sponsor or Procuring Element
Contract Number (if applicable)
Government Publication Release Authority
Paper preparation: 10-page maximum incl. figures & references;
title, abstract, & keywords on first page;
no more than 12 char./inch & 6 lines/inch;
one-inch margins all around.
BECAUSE THE REVIEW PROCESS WILL BE ANONYMOUS, NAMES AND
AFFILIATIONS OF AUTHORS SHOULD APPEAR ONLY ON THE SEPARATE
COVER SHEET
CLASSIFIED MATERIAL OR TOPICS SHOULD NOT BE SUBMITTED
RELEASE FOR PUBLICATION & COPYRIGHT:
It is the responsibility of the authors to obtain government or corporate
releases for publication. Written releases will be required for all papers to
be published. Papers developed as part of official U.S. government duties
may not be subject to copyright. Papers that are subject to copyright must be
accompanied by written assignment to the NCS Conference Committee or written
authorization for publication and release at the Committee's discretion.
PANEL PROPOSALS:
Panels should be geared to a maximum of ninety minutes long,
including time for prepared remarks and audience interaction.
2 page maximum.
Include chair and proposed panelists or organizations to be
represented on first page.
Include summary of topic, issues, and/or questions to be
addressed by the panel and viewpoints that proposed
panelists would bring to the discussion.
FOR MORE INFORMATION ON SUBMISSIONS, PLEASE CALL 410-850-0272 OR SEND
INTERNET MESSAGES TO: NCS_Conference at DOCKMASTER.NCSC.MIL.
For other information about the conference, call 301-975-2775.
Report problems with the web pages to the maintainer