The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 15 Issue 28

Weds 17 November 1993

Contents

o Power problems stops Milano Stock Exchange for 4 hours
Lorenzo Strigini
o Lawyer discovers the RISK of computer efficiency
Martin Minow
o Living Will Database
Brian Hawthorne
o Review of "Second Contact" by Resnick
Rob Slade
o UK government to scrap safety laws
Jonathan Bowen
o Tablespoons, or, handwriting recognition may be hazardous to your poem
Mark Brader
o Visa introduces transaction UIDs
Bob Frankston
o Re: CERT Reports and system breakins
Steve Bellovin
o Re: MASS state police confusion
Eric N. Florack
o Re: Ada Usage
Harry Erwin
James H. Haynes
o Re: Groundhog Day, D-Day, Remembrance Day, and all that
mathew
o A Myth is as good as a Smile
PGN
o Call-for-Papers for 17th Nat`l Computer Security Conference
Louise Reiner
o Info on RISKS (comp.risks)

Power problems stops Milano Stock Exchange for 4 hours

Lorenzo Strigini <strigini@iei.pi.cnr.it>
Wed, 17 Nov 93 09:13:26 MET
Yesterday, 16th of November, trading at the Milano Stock exchange started late
at 14:30 because the "telematic" system was down due to a power failure
"dating from the previous day" (I am quoting "Il Sole 24 ore", "political
economical-financial daily"). The day was bad for the market, with the "Mib"
stock index going down 2%. This is attributed to political uncertainties
coinciding with a normally bearish period of the year. A morning radio
newscast, interviewed an "expert". Excerpts (from memory): the system is
undergoing major changes as it will soon handle 100% of the trading vs 70% now
(it was not clear whether by number of transactions, of stocks or by value);
there is no reason for worry "as this was a hardware, not a software fault";
such problems are unavoidable, as "even satellites and space shuttles, with
computers that are not duplicated but _triplicated_, have had their launches
aborted due to such problems" (the interviewer sensibly asked "leave
satellites alone and tell us about stock exchanges", and the interviewee said
that comparable failures have occurred at the London, Paris, New York
exchanges. I have no information about the stated availability requirements,
the architecture of the system, and the provisions for recovery (if others
have such information, I'd appreciate it if they mailed it to me).

Lorenzo Strigini  IEI-CNR  Via Santa Maria 46  I-56126 Pisa - Italy
tel. +39 50 593495; fax +39 50 554342  E-mail: strigini@iei.pi.cnr.it


Lawyer discovers the RISK of computer efficiency

Martin Minow <minow@apple.com>
Tue, 16 Nov 93 17:09:40 -0800
>From the New York Times, Friday November 12, 1993 (page B20):

At the Bar. David Margolick. "Court asks a lawyer, if a computer is doing
most of the work, why the big fee?"

[Abstracted and excerpted] Craig Collins, a lawyer in San Mateo California,
used the West CD-ROM library, a system that contains every court opinion
published in California in the last 33 years on three compact disks, to
research a parental rights case. Under penalty of perjury, he swore that he
had devoted 22 hours, ten of them over the Fourth of July weekend, to writing
several memorandums concerning the rights of step-parents in custody cases.
"At his normal rate of $225 an hour, that worked out to $4,950, part of his
total tab of $9,591.50. The money was to come from the stepfather, who lost
the case, provided it was approved by Judge Roderic Duncan of the Alameda
County Superior Court."

"That was not quite what happened. Indeed, after deconstructing the
mechanics of modern computer research, Judge Duncan not only balked,
but handed Mr. Collins to the disciplinary enforcement section of
the State Bar of California."

As it turned out, large portions of Mr. Collins memorandums were copied
directly from the court opinions, without attribution. Collins explained
that he had quoted the courts at length because "their language ``was
better written than I would have composed it myself.''" The court, however,
found that 22 hours was rather extreme for cutting and pasting since Mr.
Collins was an experienced lawyer. At the hearing, William P. Eppes II, a
representative of the West Publishing Company testified that Mr. Collins
had used the system for a total of of 9 hours and 33 minutes since he
had purchased it. The witness, who was also a lawyer, testified that it
seemed entirely plausible that Mr. Collins had put in the time he claimed.

The judge was impressed by the witness' reasoning and withdrew his claim
that Mr. Collins had not worked as long as he did. "All those hours at
the computer, the judge seemed to say, reflected inefficiency rather than
dishonesty."

Although disciplinary proceedings were dropped, Mr. Collins is still
displeased with a judge who, in an interview, he described as "a ``cavalier''
judicial ``maveric'' whose ill-considered opinions had periodically been
criticized by the California courts of appeal. How did he know? He consulted
his trusty CD-ROM, and plugged in the words ``Duncan'' and ``reversal.''"

  ["Quotes" are directly from the article. ``Quotes'' are quoted material
  in the original article.

  On the same page of the Times, you will also find an interesting article on
  modern computerized fingerprint systems. The FBI has a database of 30 million
  unique cards and performs more than 32,000 searches per day.  The modern
  systems can compare a print at rates faster than 1,000 per second.

  Martin Minow  minow@apple.com]


Living Will Database

Brian Hawthorne - SunSelect <Brian.Hawthorne@east.sun.com>
Mon, 15 Nov 1993 10:20:26 +0500
A recent item on the New York Times newswire described a patent granted to
Victor Alan Perry (date: 11-14-93 1811EST/category: Financial/ subject: BC
PATENTS/title: PATENTS: FAT SUBSTITUTE COULD BURN UP; LIVING WILL
DATABASE/author: TERESA RIORDAN).

Apparently, Mr. Perry, et alia, have been granted US patent 5,241,466 for a
"system for administering a central depository for living wills".  He
envisions an '800' number that doctors and hospitals can call.  The system
will then fax back a copy of the appropriate document (living will, durable
power of attorney, etc.) for the patient.  He would also like to extend the
system to be modem-accessible.

The purpose of the system is to save some of $10,000,000,000 which is claimed
to be spent "for artificial life support of people who did not wish to be kept
alive".

   [That would make an interesting target for computer break-ins!  PGN]


"Second Contact" by Resnick

"Rob Slade, Ed. DECrypt & ComNet, VARUG rep" <roberts@decus.arc.ab.ca>
13 Nov 93 19:46 -0600
BK2NDCNT.RVW  931014

Tor Books
49 West 24th Street
New York, NY   10010
"Second Contact", Resnick, 1990, U$3.95/C$4.95

The jacket blurb states that this book is a treat for anyone who likes
"computers, science fiction, or just a plain good read."  The "good read" part
is going to depend on personal preference:  the science fiction part seems to
be almost a side issue.  The computer enthusiasts will be presented alternately
with ideas and giggles.

The book is set seventy-five years into the future.  Neither politics nor
technology appears to have advanced very far and, with a publication date just
before the "Seven Days That Shook the World" (as CNN would have it), the major
national security concern of the US is still "Russian spies".  (Interestingly,
the book lists the US, Russia, China and Brazil as spacefaring nations, while
the cover shows a clear shot of a "NASA/ESA" logo on a rocket-like device.)
Computers equipped with voice recognition still cannot deal with more than one
speaker.  At one point a computer retailer tells one character that if the
modem (what happened to ISDN?) she is trying isn't fast enough, they have one
that will transmit at "38,400 baud."  (If the author isn't just confusing baud
and "bits per second" this indicates some improvement over "voice grade" lines,
but hardly enough for the seemingly ubiquitous "vidphones" unless trellis
coding has gotten *really* sophisticated.)

None of the data security or communication issues raised are terribly
sophisticated.  The author has apparently never heard of telnet capabilities or
the like.  As usual in fictional accounts, the "hacker" is not only skilled
with computers, but is a phone phreak as well.

Two of the security topics are of some interest.  One is the account of files
being secured by "moving".  The concept of "security by obscurity" is
justifiably condemned, but it is true that leaving "standard" accounts open or
having "standard" directory and file structures is, to a certain extent, a
potential security loophole.  The next logical step, beyond putting files in a
non-standard location, is to keep moving the files.  Unfortunately, there must
be a way to retrieve the files, so somewhere there must be a pointer to them.

The other point regards database security.  At one stage of the plot, the
heroes are trying to track the identity of an individual who is "classified to
the max."  By using the database inference problem, they are able to pinpoint
his location.  The example is somewhat simplistic, but involves generating a
number of queries and discarding the ones the computer does *not* reject as
classified.

The topic of alien contact, suggested by the title, is really of relatively
minor importance.  A computer security whimsy in sf clothing.

copyright Robert M. Slade, 1993   BK2NDCNT.RVW  931014
Permission granted to distribute with unedited copies of the Digest
      ======================604-984-4067==============================
DECUS Canada Communications, Desktop, Education and Security group newsletters
Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733
DECUS Symposium '94, Vancouver, BC, Mar 1-3, 1994, contact: rulag@decus.ca


UK government to scrap safety laws

<Jonathan.Bowen@prg.ox.ac.uk>
Mon, 15 Nov 93 09:36:30 GMT
The following is extracted from the lead article on the front page of the 14
November 1993 issue of The Independent on Sunday:

   "A RAFT of safety legislation will be scrapped in a Bill that the
  Government is to announce this week in the name of minimising costs to
  commerce and industry. It will be the biggest shake-up of health and
  safety law in 20 years. ...
    One element will be the abandonment of the longstanding assumption
  that safety legislation can only be repealed if it is replaced by
  regulations just as tough. ...
    Michael Heseltine, President of the Board of Trade, also wants to
  revoke European regulations safeguarding millions of people who work
  with computer screens. He plans to play down the risk of repetitive
  strain injury and abolish the requirement on employers to provide eye
  tests and glasses if they are needed."

As is typical in the UK, details were leaked to the press ahead of the planned
Deregulation Bill to be announced in the forthcoming Queen's Speech to
Parliament.

Jonathan Bowen, Oxford University

   [Might that imply the demise of DEFSTAN 00-55 and 00-56?  PGN]


Tablespoons, or, handwriting recognition may be hazardous to your poem

<msb@sq.com>
Wed, 17 Nov 1993 13:35:18 -0500
[This poem was generated by entering Lewis Carroll's poem "Jabberwocky",
from "Through The Looking Glass" into an Apple Newton.  Nonsense words in
the original were each written three times to get the most consistent match.]

                TABLESPOONS

        Teas Willis, and the sticky tours
        Did gym and Gibbs in the wake.
        All mimes were the borrowers,
        And the moderate Belgrade.
        "Beware the tablespoon my son,
        The teeth that bite, the Claus that catch.
        Beware the Subjects bird, and shred
        The serious Bandwidth!"
        He took his Verbal sword in hand:
        Long time the monitors fog he sought,
        So rested he by the Tumbled tree,
        And stood a while in thought.
        And as in selfish thought he stood,
        The tablespoon, with eyes of Flame,
        Came stifling through the trigger wood,
        And troubled as it came!
        One, two! One, two! And through and though,
        The Verbal blade went thicker shade.
        He left it dead, and with its head,
        He went gambling back.
        "And host Thai slash the tablespoon?
        Come to my arms my bearish boy.
        Oh various day! Cartoon! Cathay!"
        He charted in his joy.
        Teas Willis, and the sticky tours
        Did gym and Gibbs in the wake.
        All mimes were the borrowers,
        And the moderate Belgrade.

Lewis Carrol's JABBERWOCKY as "recognized" by the Apple Newton,
(c) 1993 Robert McNally. Permission is granted to reproduce this
if the copyright remains intact.

["It seems very pretty," she said when she had finished it, "but it's
rather hard to understand!" (You see she didn't like to confess even to
herself, that she couldn't make it out at all.) --Lewis Carroll]

Forwarded to rec.humor.funny and comp.risks by Mark Brader


Visa introduces transaction UIDs

<Bob_Frankston@frankston.com>
Sun, 14 Nov 1993 16:07 -0400
There is an article in The New York Times of 14 Nov 1993, Page F9, about how
Visa is (finally!!!) introducing transaction-unique IDs into its system as a
way of tracking transactions and, of course, reducing fraud. They also use the
term "digital signature", but, I presume, they are simply corrupting a
technical term by misappropriating it for another function.  They seem to mean
"unique ID", but perhaps they are also worried about spoofed transactions.
Can someone provide more information on this?


Re: CERT Reports and system breakins (Karn, RISKS-15.22)

<smb@research.att.com>
Mon, 15 Nov 93 11:41:38 EST
    We need strong security mechanisms based on good cryptography
    and well thought out protocols. They're underway, but they will
    take time to develop.

In RISKS-15.22, Phil Karn suggests that the major network security issue is
the lack of good protocols.  While that's certainly a problem, I don't think
cryptographic authentication will do that much to solve the network security
problem.

Cryptography does two things: it provides secrecy if you want it, it it
provides authentication, either explicitly or implicitly, since a packet
encrypted with the wrong key will decipher to garbage.  Both will help
somewhat; properly-targeted encryption will eliminate password-sniffing, and
cryptographic authentication will allow more hosts to extend trust to users or
other hosts on a more rational basis.

However, cryptography does nothing to solve the *host* security problem.  My
incoming mail traffic could be protected by triple DES composed with quadruple
IDEA -- and it will do me no good if the mailer has bugs in its implementation
of good old RFC821 and RFC822.  Nor will Kerberos and my one-time password
help against an opponent who has sabotaged my shell, so that he or she will
get back-door access to my account and my cryptographic credentials.  After
all, the privileges that let intruders monitor Ethernets and install
boobytrapped login and telnet commands will let them change anything else on
my system.  Fixing network protocols will do nothing to guard against buggy
specifications or buggy implementations.

The real issue is one of software engineering.  At the last USENIX UNIX
Security Conference, Robert H. Morris gave the keynote address.  Its title was
on the order of ``If your software is full of bugs, what does that say about
its security?''  That's the real issue -- learning how to get *host* security
right.
           --Steve Bellovin


Re: MASS state police confusion (Garfinkel, RISKS-15.26)

<Eric_N._Florack.cru-mc@xerox.com>
Mon, 15 Nov 1993 07:08:40 PST
  <>"It wasn't actually a tape of vehicle owners.  They got stickers confused
  with people who were supposed to get food stamps.  So the people [who were
  supposed to get] the food stamp books got the gun permits, and the people
  who were supposed to get gun permits got food stamps.  But it wasn't the
  Registry this time."<<

Gee, I know /I/ feel better, now.... NOT!!!!!

I mean, we`re not supposed to be concerned that gun permits were issued to
food-stamp recipients.... a group that has been traditionally prone to living
in high-crime areas? As much as I`m against gun control, issuing permits to
untested people would seem to present a very clear RISK.

His screams of `It`s not our fault /this time/` suggests that there is a bit
of history, here, for this kind of error. Gee, I feel REAL secure, knowing our
all powerful, and deeply caring government is so able and willing to help us.

And there`s a big government type in the Kremli..(ahem) WHite House?
(Sh-sh-sh-shudder)

Be afraid.,
Be very, very afraid.

Eric_Florack.CRU-MC@Xerox.COM


Re: Ada Usage

Harry Erwin <erwin@trwacs.fp.trw.com>
15 Nov 1993 16:04:38 GMT
There are real problems for which Ada is not the best language.

1. Simulation--due to the lack of support for coroutines, Simula-style
   semaphores, condition queues, call by name, and event lists,
2. Test generation--for similar reasons,
3. Multi-threaded applications with external inputs, where the usual
   tasking libraries run into problems. What happens is that the OS
   and the run-time environment sometimes need to enter messages or events
   into the same queues. Unless the library has been carefully integrated
   with the operating system, race conditions can occur, losing entries.
4. Object-oriented programming in the full sense,
5. Completion routines for inter-device protocols, and
6. Anything that needs to run close to the bare metal.

Cheers,

Harry Erwin erwin@trwacs.fp.trw.com herwin@cs.gmu.edu Working on Freeman nets.


Re: No change in Ada policy (anonymous, RISKS-15.26)

James H. Haynes <haynes@cats.ucsc.edu>
15 Nov 1993 21:46:41 GMT
>If the government really believes in capitalism, and if the government
>believes that private industry is in business to make money, then the
>government should be willing to allow industry to transition to Ada as that
>makes economic good sense.  And not sooner.

But the defense business is a very peculiar flavor of capitalism.  The
defense companies may see it as being in their own best interests to
program in company-proprietary languages forever.  I believe this was
part of the justification for Ada.

haynes@cats.ucsc.edu  haynes@cats.bitnet


David Brin ==> Vernor Vinge (minor correction) (Hicks, RISKS-15.27)

the person your mother warned you about <phydeaux@med.cornell.edu>
Tue, 16 Nov 1993 13:04:43 -0500
In RISKS-15.27, mc!Brad_Hicks@mhs.attmail.com wrote:
>altogether.  Not for nothing did David Brin in his novel _Earth_ refer to a
>UseNet-like system as "the Net of a million lies."  All manner of lies have

Only one thing, of course, is that the "Net of a Million Lies" comes from
Vernor Vinge's "A Fire Upon the Deep," rather than Brin's Earth.

Doesn't really change the validity of the argument however.

How is this correction relevant, you ask?  Because any piece of wrong
information, no matter how slight, is at risk of being spread throughout the
world!

73 de Dave Weingart   KB2CWF  phydeaux@cumc.cornell.edu   (212) 746-3638


Re: Groundhog Day, D-Day, Remembrance Day, and all that (RISKS-15.25)

mathew <mathew@mantis.co.uk>
11 Nov 1993 12:13:34 -0000
msb@sq.com writes:
>And one day early this month, *I* learned that it's also a good idea
>to test a program both during and after the first 9 days of the month.
>Gotta watch those 1- and 2-digit numbers!

On a related note, a good date to try is the first 2-digit Wednesday
in September, if your program produces English language output.

mathew

   [Yes, I noted that very day in RISKS, the first time the masthead line
   went over 80 characters on that day, truncating the issue number!  PGN]


A Myth is as good as a Smile

"Peter G. Neumann" <neumann@csl.sri.com>
Tue, 16 Nov 93 17:40:13 PST
I received a lot of out-of-band comments about L.Detweiler's piece in
RISKS-15.25, and still more asking why I devoted a whole issue (RISKS-15.27)
to the responses.  (I tend to do dedicated issues when I get an enormous
flurry of follow-ups, so that if you do not appreciate the subject matter, you
can disregard it in its entirety.)  There were many suggestions that this
topic should end immediately, which it will, I hope, with this message.  But
remember, folks, the lack of E-mail authenticity, message integrity, and
personal accountability is a real potential problem throughout the Internet,
not only on April Fools' Day.

Almost no one commented on the original title, Snakes of Medusa.  Someone
suggested that the Hydra might have been more appropriate, the serpent that
started with nine heads and regenerated two to replace any one that was
severed.  There is a REAL multiple-identity problem.  (Medusa was the
snaky-haired Gorgon whose glance would turn you into stone.  A cheesy biography
of stoned individuals might been written by Gorgon Zola.)

At any rate, further follow-up messages from Eric Hughes and L.Detweiler can
be found in the RISKS archive on CRVAX.SRI.COM in directory RISKS: under the
file name RISKS-15.28X.  That is the end of it in RISKS.  For further
discussion, try L.Detweiler or the Cypherpunks newsgroup.


Call-for-Papers for 17th Nat`l Computer Security Conference

<Reiner@DOCKMASTER.NCSC.MIL>
Mon, 15 Nov 93 10:15 EST
CALL FOR PAPERS & PANELS - 17TH NATIONAL COMPUTER SECURITY CONFERENCE
           October 11-14, 1994 --- Baltimore, Maryland
    Co-Sponsors: National Institute of Standards & Technology
                 National Computer Security Center

The National Computer Security Conference attendees represent a broad
range of information security interests spanning government, industry,
commercial, and academic communities.  Papers and panel discussions
typically cover:

   - research & development for secure products and systems;
   - implementation and accreditation of secure systems;
   - administration & operation of secure systems;
   - evaluation of products and systems against trust criteria;
   - international harmonization of security criteria & evaluations;
   - promotion of computer security: education, awareness and training;
   - social and legal issues related to computer security.

We invite the submission of papers and proposals for panels in any of
the above areas and on other topics related to the confidentiality,
integrity, and availability of data and resources in information
systems.  Papers will be selected through an anonymous review process
and will be published in the conference proceedings.  Panels will be
selected by the Program Committee, and panel members will be expected to
provide written statements for inclusion in the proceedings.

BY 1 MARCH 1994:  eight (8) copies of your paper or panel proposal
                 should ARRIVE at the following address:

    National Computer Security Conference
    ATTN: NCS Conference Secretary, APS XI
    National Computer Security Center
    Fort George G. Meade,  MD.  20755-6000

By 1 June, 1994:  Authors and panel chairs selected to participate in
the conference will be notified and advised when final papers and panel
statements are due.

PREPARATION OF CONFERENCE SUBMISSIONS:

    Cover sheet:  Type of submission (paper, panel, tutorial)
                  Title or Topic
                  Abstract  (not to exceed 250 words)
                  Author(s)
                  Organizational Affiliation(s)
                  Phone numbers  (voice and fax if available)
                  Internet address if available
                  Point of contact if more than one author

    SUBMISSIONS RELATED TO WORK UNDER U.S. GOVERNMENT SPONSORSHIP
    MUST ALSO INCLUDE THE FOLLOWING:

                  Program Sponsor or Procuring Element
                  Contract Number (if applicable)
                  Government Publication Release Authority

    Paper preparation:  10-page maximum incl. figures & references;
                        title, abstract, & keywords on first page;
                        no more than 12 char./inch & 6 lines/inch;
                        one-inch margins all around.

BECAUSE THE REVIEW PROCESS WILL BE ANONYMOUS, NAMES AND
   AFFILIATIONS OF AUTHORS SHOULD APPEAR ONLY ON THE SEPARATE
   COVER SHEET

CLASSIFIED MATERIAL OR TOPICS SHOULD NOT BE SUBMITTED

RELEASE FOR PUBLICATION & COPYRIGHT:

     It is the responsibility of the authors to obtain government or corporate
releases for publication.  Written releases will be required for all papers to
be published.  Papers developed as part of official U.S.  government duties
may not be subject to copyright.  Papers that are subject to copyright must be
accompanied by written assignment to the NCS Conference Committee or written
authorization for publication and release at the Committee's discretion.

PANEL PROPOSALS:
    Panels should be geared to a maximum of ninety minutes long,
         including time for prepared remarks and audience interaction.
    2 page maximum.
    Include chair and proposed panelists or organizations to be
         represented on first page.
    Include summary of topic, issues, and/or questions to be
         addressed by the panel and viewpoints that proposed
         panelists would bring to the discussion.

FOR MORE INFORMATION ON SUBMISSIONS, PLEASE CALL 410-850-0272 OR SEND
INTERNET MESSAGES TO:  NCS_Conference at DOCKMASTER.NCSC.MIL.

For other information about the conference, call 301-975-2775.

Please report problems with the web pages to the maintainer

Top