The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 15 Issue 04

Friday 10 September 1993


o EuroDigital
Brian Randell
o Brussels Branch Of BNP Hit By Computer Fraud
o Screen savers hide what's running below them
Alan Munn
o Where should we look for risks?
Steve Talbott
o Re: Security holes and risks of software ...
Geoffrey H. Cooper
John Carr
o Re: "Offshore Data Havens"
Fred Baube
Gary Preckshot
o Re: The risks of Naive Users
Mark Brader
o Re: More Gripen Griping
Mark Stalzer
o Info on RISKS (comp.risks)


Thu, 9 Sep 1993 18:10:41 +0100
The attached article about a new digital phone service, about to be launched
in the UK, is from the Monday, Sept 6, 1993, issue of The Independent. Also in
this issue was a two page advertisement for the new service - the text of this
is also attached.  My understanding is that the new equipment produces
emissions that have characteristics that were not considered when the
regulations and guidelines (under which existing devices such as hearing aids
were designed) were laid down. If this is right, then the statement by the
providers of the new service that the problems are the responsibility of the
manufacturers of such devices would seem to be highly questionable. I await
with interest RISKs readers' reactions to the article (and the advertisement).

Brian Randell, Dept. of Computing Science, University of Newcastle, Newcastle
upon Tyne, NE1 7RU, UK PHONE = +44 91 222 7923


Mary Fagan

More than two million people who are deaf or hard of hearing face distress and
discomfort with the launch this autumn of new digital mobile telephone
equipment that interferes with hearing aids, according to the Royal National
Institute for the Deaf.  The telephones could also cause interference if used
close to computer screens, and there is speculation that they could cause
problems with other electronic equipment.

Last week, Vodafone launched a digital mobile telephone service and Mercury's
One-2-One digital service will be onstream within weeks. Cellnet hopes to
start a commercial service next year.

The new telephones send pulses of radio signal rather than the continuous
signal sent by existing analogue cellular telephones. According to the RNID,
when these pulsed signals are transmitted close to audio and video equipment
they are picked up in wiring, causing interference.

Mike Martin, the RNID's chief scientist, said hearing aid users standing up
to six feet from a handheld mobile phone could be affected. More powerful
car phones could affect pedestrians.

The telephones can cause people wearing hearing aids to hear a noise like a
bee buzzing. It can drown out other sound and cause pain and considerable
distress, a spokesman for the RNID said.

Cellnet and Vodafone admit there can be problems with hearing aids and
computer screens. But the companies say the problem is with the telephones
- which they do not manufacture - and with the equipment affected by them.

A spokesman for Vodafone said that the real problem was the standard of
hearing aids. In Germany, where there has been most experience with digital
telephony, no problems have been experienced.

A spokeswoman for Mercury One-2-One said that as the telephones used on
One-2-One were very low-power, only equipment very close by could be

The Freedom to make a call in total security

We have given you freedom. We have created a secure tomorrow for businessmen
and travellers both here and in Europe. New frontiers beckon.  Vodafone
proudly announces EuroDigital. The most advanced and most secure mobile phone
network. So sophisticated that it can even be used to make and receive calls
in Europe in total security. EuroDigital represents a revolution in mobile
phone technology. A superior digital system that provides a top quality
service. A quality that doesn't falter, that doesn't break up. Line rental is
21.50 per month. UK call charges 25p per minute peak, 10p off peak. Only
Vodafone can offer this. Liberate yourself. Enjoy freedom of speech and
security. Rise above the rest.  Call free, 0500 123 123 and ask for more
information. All prices are recommended and are exclusive of V.A.T.


Brussels Branch Of BNP Hit By Computer Fraud

Thu, 9 Sep 93 14:41:22 -0400
Brussels, Belgium, September 8, 1993 (NB) -- The Belgian office of Banque
Nationale du Paris (BNP) has admitted it was the victim of a major computer
fraud in June of this year, according to Belgian press sources.  The AFP news
agency reports that a total of BFr 245 million was taken in the computer
fraud, although bank officials have now recovered the money and Police are
holding two suspects.  The two fraudsters used their direct computer access
facilities to request debits from BNP accounts and switch the proceeds into
their own bank accounts with other banks.  According to BNP sources, auditors
picked up the fraud when they carried out a routine series of checks on
inter-bank transactions in June.

As soon as the fraud was discovered, the third party banks were contacted and
the money recovered.  As a result of the fraud, BNP is carrying out an
internal inquiry into how the frauds occurred and whether its security systems
can be beefed up to prevent a recurrence.

Screen savers hide what's running below them

Alan Munn <>
Fri, 10 Sep 93 15:18:40 CDT
I discovered (the hard way) that screen savers can be dangerous if you
don't know what's running underneath them. Normally when you pop a
disk into a Mac with a screen saver running, it stops the screen saver
and presents you with whatever is running at the time.  It so happened
that when I stuck my disk into our Computer support person's machine,
she had been running Apple's Disk Copy program, which once you get it
started blindly accepts disks and makes a copy of the resident disk
image.  This is handy if you have lots of disks to make, but was fatal
in my case, since my disk was completely erased.  I did have copies on
my hard disk, but...

The moral of the story is don't stick your disk into a machine if
you don't know what it's doing.

Alan Munn                     <>
Dept. of English University of Missouri, Columbia MO 65211

P.S.  On a lighter note, windows without screens are also a risk.  I
swatted at a bug that came flying at me last night and my glasses flew
out the window onto the grass (luckily) two stories below.  Of course
I couldn't look for them until I found them, so I had to call campus
police to help out.

Where should we look for risks?

Steve Talbott <>
Thu, 9 Sep 1993 15:52:05 EDT
I was gratified to receive some 30 responses to my post "worrying about
online education" (RISKS-14.86).  Most were sympathetic, and the majority of
those that were critical still made a point of saying that the subject is
well worth discussing in forums like RISKS.

That poses a problem for moderators, however, for I have to admit that the
tendency of such discussions is almost always to violate the (desirable)
standards enforced by the moderator.  Looking at the division among USENET
discussion groups between those that "get real work done" and those that
pursue "philosophy," one is tempted to conclude that it's in the very
nature of the net to disallow the sensitive and constructive exploration
of complex or deep issues.  The system is more suited for what we like to
call the exchange of "information."  Perhaps that is one of the risks!

Well, I don't have any particular solution to offer.  I find myself unable
to tolerate the philosophical groups, but am still driven to pursue issues
that seem slightly out of place in the more business-like groups.  One thing
this dilemma has done, however, is to push me toward the formulation of the
most concise (business-like!) statement I could manage regarding the
question, "Where should we look for technological risks?"  To offer a
parallel:  anyone speaking about the effects of television upon society
would probably no longer be content merely to point at a set of good (or
bad) TV programs.  There are deeper questions that require us to penetrate
the medium itself, as well as our own natures.

Perhaps the following 4 paragraphs--representing my attempt to answer the
question voiced above--will interest some members of this group.
Obviously, such a statement can only be a preface to particular studies,
but it seems to me worth keeping in mind.  As always, I welcome critical

Steve Talbott

In assessing the complex "symbiosis" between man and machine, it will
hardly do to look for external cause and effect.  Every contrivance, from
the plow to the hydrogen bomb, expresses something within *us*.  If we
extend ourselves in our mechanical tools, we also meet ourselves in them.

At the same time, just as the corporation seems to gain a life and
tendency of its own, independent of its employees, so too the machine can
become almost willful in its reaction upon its creators.  "To someone who
possesses only a hammer, everything begins to look like a nail."  It is
important, nevertheless, to recognize ourselves in this willfulness, even
if doing so requires a bit of painful psychological excavation.

The machine's double existence as an expression of the human being and as
an independent force is most fully realized in the computer.  Just
consider those several disciplines--psychology, linguistics, philosophy,
artificial intelligence--whose natural confluence has given us the
remarkable developments in cognitive science.  Here the pressing question
is not so much, "How are computers expressions of ourselves?" as it is the
much balder, "Are computers selves?"  We who produce such devices cannot
escape our own most intimate responsibility for the planet's rapidly
crystallizing, electromechanical nimbus, nor can we escape the prospect of
its increasing--and potentially threatening--independence and self-will.

All this is to say, in a nutshell, that if we cannot point to any simple
determination of society by machines, neither can we claim straightforward
human control of the effects of those machines.  We and our mechanical
offspring are bound together in an increasingly tight weave.  This has one
clear implication:  to substantially modify the larger pattern--rather
than simply be carried along by it--requires profound analysis of things
not immediately evident, and a difficult effort to change things not
easily changed.  If it is only by a certain self-awareness and an inner
adjustment that I can restrict the hammer in my hands to its proper role,
I must multiply the effort a millionfold when dealing with a vastly more
complex technology--one endowed in a much more powerful sense with its own
willful tendencies.

Steve Talbott
Copyright 1993 Stephen L. Talbott.  You may freely redistribute these
remarks on a not-for-profit basis so long as this notice and the remarks
themselves are left fully intact and unedited.

Re: Security holes and risks of software ... (Ranum, RISKS-15.03)

Geoffrey H. Cooper <>
Fri, 10 Sep 93 14:31:07 PDT
> ...It seems to me that in designing a complex program that requires
> privileges, the complex part and the privileged part should be separated...

I agree with this statement, but find another conclusion/RISK.  This is the
risk of having security mechanisms that are too cumbersome to be used easily.

Following the example given, classical UNIX provides only the setuid mechanism
for increasing the access of a program, and setuid always applies to an entire
program.  Thus, if a program must run partially as root, the only way to avoid
having it ALL run as root is to divide it up into communicating processes.
Depending on the application, this is not always easy to do.

If you want security, you have to make it easy to be secure.  For example, if
a setuid program had to explicitly enable and disable the setuid access
(running otherwise as the user who invoked it), the body of code that needed
to be carefully checked to verify security would be significantly diminished;
a loophole in another part of the program could not compromise the entire
system's security.

- Geof

Re: Security holes and risks of software (Ranum, RISKS-15.03)

John Carr <jfc@Athena.MIT.EDU>
Fri, 10 Sep 1993 19:52:05 EDT
>Ideally, the worst the complex code can do to you is give you a core dump

Back in 1988 I was writing a program which connected to a finger server.
I knew enough about UNIX at the time to go to the real documentation: the
source code for fingerd.  I noticed a fixed size buffer, and verified that
sending a long string would make fingerd crash.  Just a core dump, right?
And fingerd is restarted by inetd for each new request, so there is no
denial of service.  I thought so, and didn't follow up.

A few months later everyone learned that there were worse side effects.

Think of a core dump as the best thing that can happen when your program goes
wrong, not the worst.  If you want a program to dump core under certain
conditions, call abort().  Don't depend on memory corruption to do the job
       --John Carr (

        [On the other hand, getting a system to dump core can be
        gold mine of information for a malicious attacker...   P.]

Re: "Offshore Data Havens" (Bruni, RISKS-15.03)

F.Baube[tm] <>
Fri, 10 Sep 93 10:03:37 EET
Perhaps someone else has provided the reference, but there is a very
well-written science fiction novel which explores vividly and in some detail
the concept of "offshore data haven".  This is "Islands in the Net", by Bruce
Sterling, a well-known author in the "cyberpunk" genre.

The point of the book is that an international "black market" in information
about individuals is inevitable and unstoppable.

I highly recommend the book.  Don't let the foolish cover illustration put you

Fred Baube (tm) GU/MSFS/88

Re- Off-shore data havens (Bruni, RISKS-15.03)

"Gary Preckshot" <>
10 Sep 1993 13:23:48 U
The interesting to me about this report is the nuance of ownership of the data.
 Presumably the "legitimate owners" of the data are wroth since only they are
allowed to sell, or otherwise profit from, our privacy.  We're already
embroiled in a continuing dispute over a restricted form of data termed
"intellectual property" and we've been unable to resolve even relatively
simple issues in that regard.  So it's interesting to contemplate how one
"owner" of data would proceed against some other "owner" of data for
"stealing" the former's data.  Whose name is on the data?  Owner #1, owner #2,
or your name, or my name?  What risks are we running here?  Possibly

  1) Financial loss to owner #1
  2) Financial loss to owner #2
  3) Loss of privacy to third party
  4) Onerous litigation that burdens everybody
  5) Foolish laws passed by Congress

Given the noted ability of our courts to resolve current intellectual property
imbroglios (microcode and program copyrights), a paraphrase of Mark Twain's
comment is probably appropriate: no one's life or property is safe while court
is in session.  There are so many potential victims and litigants that
circumscribing risks may defy our meager abilities.  Maybe the best thing to
do is just to ignore off-shore data havens, since the cures and the would-be
doctors are all worse than the disease.  And you can get the data for a price
right now, anyway.

Re: The risks of Naive Users (Shapir, RISKS-15.03)

Mark Brader <>
Fri, 10 Sep 1993 16:56:00 -0400
> I apologize for my son, he's 20 month old, yet he needed less than
> 20 second on the floor to break the UPS down...

Anyone else reminded of this entry in the Jargon File?

:molly-guard: /mol'ee-gard/ [University of Illinois] n. A shield
   to prevent tripping of some {Big Red Switch} by clumsy or
   ignorant hands.  Originally used of the plexiglass covers
   improvised for the BRS on an IBM 4341 after a programmer's toddler
   daughter (named Molly) frobbed it twice in one day.  Later
   generalized to covers over stop/reset switches on disk drives and
   networking equipment.

Mark Brader         ...the scariest words of the afternoon:
SoftQuad Inc., Toronto       "Hey, don't worry, I've read all about
utzoo!sq!msb,      doing this sort of thing!"   -- Vernor Vinge

Re: More Gripen Griping

Thu, 9 Sep 93 14:32:58 PDT
Mary Shafer writes on Thu, 26 Aug 93 15:40:49 PDT (RISKS-14.89):
>As far as I can tell, the real problem was control-surface rate limiting.
>Cf. the YF-22 crash and the Space Shuttle ALT-5 multi-axis PIO.
>I've flown a rate-limited configuration in a variable-stability Learjet
>and it looked a lot the same, just before the safety trips gave the plane
>back to the safety pilot.

My flight experience is minimal, but in a small plane the maximum rate at
which control surfaces can be moved is limited only by the pilot's strength
and desire not to damage the plane.  More importantly, there is a direct
connection between the position of the control surface and the stick. I
believe this form of feedback exists even on large planes that have
hydraulically assisted control surfaces. Apparently, in fly-by-wire aircraft,
there may not be much of a correlation between the position of the stick and
the control surfaces. What used to be a closed-loop control system is now more
open-loop.  The aviation community must have done some studies on how this
lack of feedback can effect pilots, especially during critical situations
(when a pilot reverts back to his or her most fundamental training). Or was it
just assumed that pilots would adapt to the new ``user interface''? -- Mark

Mark Stalzer, Hughes Research Labs RL65, 3011 Malibu Canyon Rd, Malibu CA 90265
E-Mail:  Voice: 310-317-5581  FAX: 310-317-5483

Please report problems with the web pages to the maintainer