The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 16 Issue 01

Monday 2 May 1994

Contents

o Vandalism disrupts service at UK University
Peter Ladkin
o Subjectively, it's eerie
Phil Agre
o Miniature cameras on Sacramento-area alarm systems
Dan Zerkle
o DIA delays due to programmers, mayor implies
Bear Giles [2]
o Re: DMV Computer upgrade goes awry...
Shel Kaphan
o Re: Unusual Newspaper Error
Stewart Rowe
David Wittenberg
Daniel B. Dobkin
o Re: MIT student arrested for BBS ...
Fredrick B. Cohen
o "The Streetwise Guide to PCs" by Jerome/Taylor
Rob Slade
o Computer-Aided Verification 94 Conference Announcement
David Dill
o Info on RISKS (comp.risks)

Vandalism disrupts service at UK University

Peter Ladkin <Peter.Ladkin@loria.fr>
Sat, 30 Apr 1994 11:35:23 +0200
Early on Monday 18th April, a vandal exploiting a not-unknown security hole
started disrupting services and corrupting files at Stirling University in the
UK. Stirling University is a SuperJanet site, with a microwave link to
Edinburgh. The entire site was affected. I was working intensively with a
colleague in Stirling at the time. My experience was that the site was
unreachable by Internet services for over 24 hours, and that telnet and ftp
services were seriously degraded for 3-5 days. Email service was unavailable
for 2-3 days. It would be conservative to estimate that at least 6
person-weeks of expert time were required to discover and repair the damage. I
cannot assess the amount of disruption, not only in terms of work time lost
but in terms of reorganising one's planned work time, to users of the systems.
It must be considerable, if my experience is any guide.

Someone believed to be the vandal, and a member of the University, was
identified I believe on Tuesday 19th. I understand he is no longer on
University premises, and the University authorities are considering what
further action is required. Because of possible legal proceedings, I'll
identify my sources of information and exactly what they said in an Appendix.

In a separate submission, I'll offer a few comments of my own on this
incident.  I had been a member of the Stirling Department of Computer Science
and Mathematics for 18 months up until April 94. Knowing that it was an
`inside job', I queried a colleague as to whether more than one member of the
department knew the suspect. The answer was yes.  >From this information
alone, I was able to identify my own suspect X, and ask whether X was any
longer around, or whether anyone expected to see him back. The answer confirms
to me with high probability that X is the suspect. (I note that nothing has
been proved concerning X.)

If X did it, the process by which he came to it would be interesting, both for
psychologists and for those who wish to secure their systems against
corruption. [I'll drop the conditional and use the indicative, for stylistic
not semantic reasons. Readers should reinsert it, since nothing has been
proven against X.]  And it provides a cautionary tale that shows how
vulnerable we all are.  After the fact, I can guess who X is with a bare
minimum of hints.  However, before the act, only X's therapist, if he had one,
is likely to suspect that anything may happen. And of course, in any case if
he had been able to communicate his feelings to anyone sympathetic or
understanding - but otherwise uninvolved - the chances are that the incident
would not have happened. It's a very self-destructive act.  Playing with
computers is an important part of X's life, and indications are that he was
good at it and liked it.  Now, no one but no one is likely to offer him a job
doing it. A major part of his life is in ruins. Despite all else, I can feel
some sympathy for what must be his current plight. It isn't even zero-sum.
Everyone has lost in a big way. [And it must be far, far worse for him if he's
not the culprit!]

Peter Ladkin

Appendix: Sources of Information.

I talked to the Senior Computer Officer of the Department of Computing Science
and Mathematics by phone on Tuesday 19th. He confirmed that the Stirling site
was off the Internet on Monday, that disruption started early Monday morning,
luckily just after Computer Science had made backups of their subnetwork of
systems. He confirmed an estimate of at least 3 person-weeks of the DCSM
staff, and suggested at least an equal number for Computing Services staff, to
identify damage and effect some repair. He said that the disruption was caused
by someone exploiting a not-unknown system weakness, and that a suspect who
was a member of the University had been identified and removed from the site.
He identified the gender of the suspect by his choice of pronoun. He gave no
further information, citing administrative and legal responsibility.

I talked to one member of the Department of Computing Science and Mathematics,
who confirmed that a suspect was known to more than one member of the
Department, and that he (male) was identified through a piece of `luck'.

Peter Ladkin, CRIN-CNRS & INRIA Lorraine   BP 239 54506 VANDOEUVRE-LES-NANCY
FRANCE  (+33) 83 59 20 14 (Msgs 20 00)   Peter.Ladkin@loria.fr


Subjectively, it's eerie

Phil Agre <pagre@weber.ucsd.edu>
Sun, 1 May 1994 13:05:12 -0700
,In the 5/1/94 Sunday New York Times, the Business section includes one of
those nice experiential articles about new technology, in this case a Ford
with DSP circuitry in it that makes the inside of the car sound like a
cathedral (concert hall, night club, opera house, stadium, etc).  The full
reference is:

  Hans Fantel, A recital hall on wheels, New York Times, 1 May 1994,
  Business section page 7.

Here is a brief quotation:

  "Subjectively it's eerie.  Sitting inside this hologram, I felt bathed
   in music, virtually forgetting where I was.  Engine and traffic noises
   faded from awareness.  The car somehow seemed like a space capsule.
   I was gliding along, swathed in Puccini, while outside the harried
   scenes of Manhattan rolled by like a silent movie."

On the same page is another article about plans by the US government and
Rockwell International for "intelligent vehicle highway systems".

Phil Agre, UCSD


Miniature cameras on Sacramento-area alarm systems

Dan Zerkle <zerkle@cs.ucdavis.edu>
Sun, 1 May 94 00:35:54 PDT
The April 24 edition of the Sacramento Bee (page B5, staff writer) publishes a
story about a miniature camera that will "revolutionize" the Sacramento area
security alarm industry.

Some important points of the article:

A miniature "camera on a chip," about the size of a postage stamp, is attached
to an alarm system.  When the alarm is tripped, the camera sends four pictures
back to the the alarm monitoring service.  Presumably, the pictures are
digitally encoded and sent through some sort of modem.

The first picture arrives twenty seconds after the alarm is tripped.

Police are particularly excited about this because it will let them use the
pictures to detect false alarms.

The system is intended to be used in a wide variety of businesses, and also
residencies.

The photographs will be usable as evidence in court against robbers
and burglars.

The camera is so small that it can be easily hidden anywhere.  It is also
inexpensive -- one third to one half the cost of a closed-circuit video
camera.

"The pictures come out pretty clear," according to a police
communications supervisor.

The device was developed by Automated Security Holdings in England,
licensed to TVX Inc. of Broomfield, Colorado, and test-marketed by
Roseville Telephone (near Sacramento).

.....

The risks?  Many.  Here are a few:

It only takes four pictures, which are presumably freeze-frames.  A burglar
may trip the alarm yet not be photographed (perhaps going by the camera
between pictures).  The alarm agency or police may see that the pictures don't
show anything, and thus believe that it is a false alarm.  They may then
decline to respond or may respond inappropriately.

This is a perfect spy device, and will be easily available at a price less
than a simple video camera.  The potential abuses of such a device are many,
but employee monitoring is one.  Your boss could point one at your work area
to watch you, and you'd never know.  A hidden security camera is really a spy
camera, equivalent to an audio bug.  In fact, the article mentions that it
could be used against internal thefts.

If someone says the pictures are "pretty" clear, that means that they aren't
entirely clear.  If police trust pictures too much, the potential is there for
police to misidentify a suspect (based on a picture), but firmly believe that
they are right.  This is especially likely if the pictures are monochrome.  As
the first picture arrives in twenty seconds, they are certainly low resolution
(consider connection time for the modems).

A camera in my residence?  What if it starts sending pictures back to the
alarm company at random?  What if some voyeur at the alarm company figures out
how to get pictures whenever he wants?  Most people who have these alarm
systems will not know how they work, so they won't be aware of these risks.

A remote digital camera would be useful in some situations.  For instance, it
could send pictures of a bank robber holding a gun, so that the police could
more easily identify a suspect.  The main risk here is (again) too much trust
in the technology.  Also, there's not a great need to hide a security camera.
You generally want potential crooks to know they're being monitored.

Dan Zerkle  zerkle@cs.ucdavis.edu


DIA delays due to programmers, mayor implies

Bear Giles <bear@tigger.cs.Colorado.EDU>
Sat, 30 Apr 1994 11:21:16 -0600
The Saturday, 30 April 1994 issue of the _Rocky Mountain News_ (and probably
every other paper within 500 miles) had a massive front page story on the
utter failure of the luggage system during tests at Pena International.  (IMHO
these design failures have reached the point where the current Secretary of
Transportation needs to answer some questions.)

Apparently, Mayor Webb is considering an *indefinite* delay, at the request of
the hub airlines United and Continental.

Of interest to comp.risks readers are the following paragraphs from the
article:

  Webb, who has regretted setting -- and missing -- other airport deadlines
  during his three years in office, said other one isn't a good idea.

  Although deadlines motivate some people, they don't work well
  for computer programmers who must fix what is wrong at DIA, he said.

Strictly speaking, this is probably true.  The incredible design flaws (e.g.,
designing the airport to use an untested luggage transportation system with
*no* fallback capability) and construction snafus (e.g., the "messy" power
system despite contractual agreements to provide a "clean" power feed, leading
to significant delays while BAE scrambled to find power filtering equipment)
leave software as the only practical way of getting out of this mess.

And very few experienced programmers would tolerate the same people who have
screwed up things to this extent trying to impose an unrealistic deadline on
them now...

... but Joan Q Public will undoubtably read this as yet another example of
computer software screwing up the system.  It's the 90's -- your dog didn't
eat your homework; the software garbled it!

It's almost enough for me to move 30 miles so I can vote against Webb in the
next election. :-)

Bear Giles  bear@cs.colorado.edu/fsl.noaa.gov


More on DIA fiasco

Bear Giles <bear@tigger.cs.Colorado.EDU>
Sat, 30 Apr 1994 15:33:11 -0600
Reading later articles (there were several pages of DIA coverage today, not
just Mayor Webb's flamebait), it appears the scapegoat du jour for the DIA
delay is the "buggy software" that reads the bar codes in the luggage and
determines where to send the cart.

A fascinating (for the wrong reasons) newspaper article included
such interesting factoids as:

  Software -- essentially the brains of a computer system -- is
  so complex that a misplaced comma or an omitted semicolon can
  crash entire computer systems.

  Even the smallest error can cause a ripple effect that turns
  into a tidal wave of the kind that swamped AT&T's main switching
  system several years ago and shut down nearly 90% of the phone
  company's domestic long-distance operations for hours.

Strange how us computer types have never figured out how to check
for syntax errors like this.  (Compilers can't catch all such
errors, but that's why we set up human checks like coding standards
and code walkthroughs.)

  The BAE system employs laser scanners that read bar-coded labels
  placed on baggage.  Experts say that means the BAE computer system
  probably employs real-time, numerical-control software.

Hmm... doesn't "numerical control" refer to machining equipment?

   At Louisville-based Storage Technology Corp., such software is
   a key feature of the company's robotic tape library storage
   systems.

   "What they are probably seeing, and I saw it many times, is that
   you fix one problem and you're just peeling back a layer of the
   onion," said Mark Hopkins, an engineering manager for StorageTek.

Which explains why Iceberg has been such a successful product.

Strangely absent from the article is the reason Denver (or BAE)
decided to build a system which reads tags on luggage (which can
be oriented in an arbitrary direction) instead of reading permanent
tags on the cart itself.  The latter case would require keeping track
of what luggage is in which cart, but eliminates all of the headaches
of reading the tags on the luggage itself.  (Hmm, the wording of
a newspaper graphic implies that a copy of the luggage tag may
be placed on the cart as well, but its alignment may not be perfect.)

Even stranger was an item in another article which identified "gaps"
in the tracks as a biggest problem right now (the software being
a bigger long-term problem).  It seems the wheels on the cart are
falling into gaps between sections of track, causing jams or
derailments.  (Failing luggage is a serious construction worker
hazard.)

This is truly bizarre since the luggage system is in a protected environment,
located in underground tunnels.  For the tracks to be damaged by "vibration"
caused by a couple limited tests implies that this infrastructure was
*seriously* underdesigned.

Bear Giles  bear@cs.colorado.edu/fsl.noaa.gov

    [Various articles also noted by greg@imsl.com (Greg Holling), who
    also contributed similar analyses.  Greg, thanks.  PGN]


Re: DMV Computer upgrade goes awry...

Shel Kaphan <sjk@netcom.com>
Fri, 29 Apr 1994 21:11:15 -0700
  SACRAMENTO - The California Department of Motor Vehicles has informed a
  flabbergasted legislative committee that it has spent $44.3 million on a
  computer modernization program that will never work.
    ...

Note that this amount of money is approximately equal to the $50M per year in
highway funding that the federal government has been withholding from
California because we have not yet instituted the rule that anyone caught in
possession of any amount of any illegal drugs or prescription drugs without a
prescription will have their driver's license suspended for six months.
That's whether you're driving at the time or not.  According to the SJ Mercury
News a week or two ago, the CA state legislature is most unlikely to put off
adoption of this rule any longer, presumably at least in part because of the
effect of recent disasters on highway construction budget requirements.

Even without the DMV debacle the state might have decided to do this, but
perhaps one can hold them partially responsible for the declining quality of
legislation these days.

Shel Kaphan  sjk@netcom.com


Re: Unusual Newspaper Error

"Stewart Rowe" <usr2210a@tso.uc.edu>
Thu, 28 Apr 1994 13:47:28 -0400
In Risks 15.79 I asked:
>Perhaps one of your readers can explain how the Midwest edition of *The New
>York Times* today had a photo on the front page with the caption.  "Joseph P.
>Kennedy Jr. being arrested at the White House yesterday", with no further
>explanation or story anywhere in the paper?

Several respondents have reported that, in the Metro edition, the explanation
was found in three paragraphs at the end of the adjacent story about Haitian
refugees. Apparently these paragraphs were cut by the person who made up the
continuation page in the Midwest edition, leaving Joe Jr. hanging there
on page 1. (Yes, I checked back and they are not there in my copy).
        Stewart Rowe usr2210a@tso.uc.edu


Re: Kennedy arrest

David Wittenberg <dkw@cs.brandeis.edu>
Wed, 27 Apr 1994 10:31:19 -0500 (EDT)
According to the "Boston Globe", Congressman Kennedy and several other
colleagues (7 or 8?) were arrested for demonstrating in protest of the US
government's policy on Haiti.  The arrests were made by the Park Service
police.  My guess is that the congressmen had every intention of getting
arrested as a way of increasing publicity.

The error was in a correct, but misleading caption.  We usually assume that
when a politician is arrested it is unintentional.

--David Wittenberg          dkw@cs.brandeis.edu


Re: Unusual Paper Error (Rowe, RISKS 15.79)

"Daniel B. Dobkin" <dbd@ans.net>
Thu, 28 Apr 94 16:51:23 EDT
For what it's worth, my wife asked the same question, and she was looking
at the New York Metro/Suburban edition.  While I can't speak with any real
authority about the Midwest (national) edition, I will say that in my
experience the first page doesn't change much; the big difference is in the
metro section: the national editions don't carry the local stories.

The picture with the caption ("Joseph P. Kennedy Jr. being arrested at the
White House yesterday") accompanied the story about the Administration's
policy on Haiti.  While there was no mention of Rep. Kennedy anywhere in
the story, it did state that (quoting from memory) "four members of the
House of Representatives were arrested during a protest at the White
House."  To my eye, this is sloppy copy editing, not a bona fide technology
blunder....  The technology does seem to encourage such sloppiness, though,
a fact to which our moderator (and the RISKS archives) will bear witness.

\dbd


Re: MIT student arrested for BBS ... (Cohen, RISKS-15.76)

Fredrick B. Cohen <fc@Jupiter.SAIC.Com>
Tue, 26 Apr 94 16:16:01 PDT
Sorry - I was mistaken when I claimed that LaMacchia was arrested.  The
correction noted by Tim Shepard and Douglas Rand in RISKS-15.79 was
accurate.

As to the issue of his intent to pirate software, that was not the charge
against him.  It was wire fraud! I have read the copy of the indictment and
commentary and I find this awfully strange.  Furthermore, I find little if any
substantive evidence of intent to pirate software in my reading of the quotes
from the indictment.  If you assume he is innocent and ask yourself if these
comments could have been innocently made by a person of that age in that
environment, you may find that the assertion of guilt is not warranted.

FC


<"Rob Slade, Ed. DECrypt & ComNet, VARUG rep, 604-984-4067">
Mon, 02 May 1994 12:50:25 -0600 (MDT)
Subject: "The Streetwise Guide to PCs" by Jerome/Taylor

BKSTRTPC.RVW  940118

Addison-Wesley Publishing Company
Heather Rignanesi, Marketing, x340, 73171.657@Compuserve.com
P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario, M3C 2T8 CANADA
telephone 416-447-5101, fax: 416-443-0948
or
Tiffany Moore, Publicity  tiffanym@aw.com
Bob Donegon  bobd@aw.com
John Wait, Editor, Corporate and Professional Publishing johnw@aw.com
Tom Stone, Editor, Higher Education Division  tomsto@aw.com
Philip Sutherland, Schulman Series 74640.2405@compuserve.com
1 Jacob Way, Reading, MA   01867-9984
800-822-6339 or 617-944-3700, Fax: (617) 944-7273
5851 Guion Road, Indianapolis, IN   46254, 800-447-2226
"The Streetwise Guide to PCs", Jerome/Taylor, 1993, 0-201-60839-1, U$14.95

Those of us who have been around the computer world for any length of time have
seen a great many "How to Buy a PC" seminars, articles and user group meeting
talks.  They generally offer a lot of helpful advice and useful information for
the novice.  I have, however, often noted personal bias being delivered with
the same force and weight as known and tested fact.  The neophyte generally
comes away with a much better knowledge of the computer market--but also with a
number of unsubstantiated prejudices.

Here, then, is a book on the same topic.  Containing far more material than any
one-hour talk or magazine article, it nevertheless has some of the same tone.
Those wise in the ways of computer purchasing will many times breathe an
"Amen!" to much of what is here.  There are also, however, personal biases and
blind spots that the newcomer will have difficulty recognising.

Chapter one is a general diatribe against the industry as a whole.  As
vitriolic as it may sound to the newcomer, the authors may, in fact, be
*under*stating the case.  Chapter two states that software is central to the
whole process, and gives tips for evaluating the major applications.  The
remaining eight chapters are devoted to hardware.

There are some easily identifiable oddities.  The statement that Windows'
management of resources makes things easier obviously comes from someone who
has never had to check the five completely different print menus under Windows
to find out why nothing is coming off the printer.  Some items seem to be
subject to time lag, as with the insistence that 386 and 486 CPUs are maker-
independent.  (This might have been true earlier, but the 486 market is now an
utter shambles.)  The authors still cling to their claim that all surge
protectors are created equal.  I found the section on virus protection to be
fairly reasonable--except that they still get the Stoned message wrong, think
all scanners are equally effective, and don't know about shareware scanners.
In fact, shareware doesn't get much of a shake in spite of the railing against
overpricing and software bloat.

In addition, some of the recommendations for protection may give a false sense
of security.  The authors frequently repeat the refrain that one should never
by anything with cash or cheque: put it on a credit card so that you will have
some fallback.  The use of a credit card, however, does *not* necessarily
protect you.  Once you sign the charge slip, you are committed to honour that
debt.  The credit card company *may* choose to reverse the charge and not pay
the merchant, but that is at *their* discretion, and they are not automatically
on your side.  (The credit card company may take several months even to decide
whether or not to reverse the charge: the representatives I talked to, at the
credit card service office, the local bank, the head office complaint
department and the head office PR office refused to give any upper bound or
time limit for a decision.  The PR department initially stated that paying by
card was the same as paying by cash, but refused to answer when asked to
comment specifically about the case of defective equipment.)

You really are alone out there: I recently checked up on the Better Business
Bureau, and found that while the technology the BBB is using for phone access
to reports is impressive, the reports themselves are less so.  A company which
has had several disputes in the past, and has a current dispute outstanding, is
listed as being in "satisfactory" standing, and the BBB had "received no
complaints" during its existence.  The BBB also had a chance to respond to this
and indicated that it was because of their "standard reporting language"
imposed from head office.  (BBB is a franchise.)  Complaints are not entered
into the automated system until proven, beyond doubt, to be "valid": the
consumer is not allowed an opportunity to respond to the final offer from the
merchant.  Decisions on validity are made by the BBB.  The BBB is paid by the
vendor.  The conclusion is left as an exercise to the reader.  (The General
Manager of the local BBB stated that more detailed information is available
from the counselors, although this is not made at all clear from the automated
system.  I checked this out later, and it turns out not to be the case.  She
also stated that most people deal with the counsellors rather than the
automated system, which doesn't surprise me in the least.)

In the absence of any better, though, this book is to be recommended for
beginners *before* they buy a computer.  One of the particularly nice features
is a sample advertisement introducing every chapter and dissected for "lies".
Get some street smarts before you go buy a PC.  And never buy anything on the
spot.

copyright Robert M. Slade, 1994   BKSTRTPC.RVW  940118

DECUS Canada Communications, Desktop, Education and Security group newsletters
Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733
DECUS Symposium '95, Toronto, ON, February 13-17, 1995, contact: rulag@decus.ca


Computer-Aided Verification 94 Conference Announcement

David Dill <dill@hohum.stanford.edu>
Mon, 2 May 94 11:42:09 PDT
                   CONFERENCE ANNOUNCEMENT
        Conference on Computer-Aided Verification
                CAV 1994

Stanford University, June 21-23, 1994

The Sixth Conference on Computer-Aided Verification will be held June 21-23 at
Stanford University.  The conference will be followed on June 24th by a
one-day workshop on practical aspects of computer-aided formal verification.

CAV 94 is sponsored by a group of companies with a strong interest in
the topic area: AT&T, IBM, Intel, Motorola, Redwood Design Automation
and Sun Microsystems.  [...]

FURTHER INFORMATION: You can send electronic mail to "cav@hohum.stanford.edu"
if you want registration information, a copy of the program, or further
information about the conference.

Please report problems with the web pages to the maintainer