The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 16 Issue 54

Monday 7 November 1994

Contents

o [NOTE: "September 31" typo
30
o Fall time change and the usual computer system havoc
L. Scott Emmons
o Ottawa Library fines people using unreliable automatic calling system
Michael Slavitch
o Tele-Phoney
John Vilkaitis
o Risks of assumption
Tom Swiss
o Re: CMU blocks access to nasty newsgroups
Bob Frankston
Arthur Hicks
Jim Huggins
Harry Rockefeller
o Info on RISKS (comp.risks)

Fall time change and the usual computer system havoc

L. Scott Emmons <scotte@center.uscs.com>
02 Nov 1994 20:51:57 GMT
With the recent change back from daylight savings time, we can always expect
the usual havoc caused by lousy operating systems that aren't smart enough
to know how to switch time automatically. Of course, this issue has been
discussed here before, so what happens at this location here may or may not
be of particularly exciting news.

Anyway, there is a card-key system that locks up a certain development
facility between 5pm amd 8am. The system is run by one of the aforementioned
lousy operating systems that is not smart enough to change the time
automatically. So, for a few days each fall the facility is unlocked and
locked early, and for a few days each spring the opposite occurs; until
somebody bothers to report it to the right person who has control over the
system. I'm not sure which is worse -- the security risk of having an
unlocked facility, or the annoyance factor in being unable to get into the
building without the right key-card.

Fortunately, most of the systems I have to deal with are Unix boxes, which do
set the time correctly. I wonder why other operating systems are so far behind?

L. Scott Emmons, U.S. Computer Services/CableData R&D Center  (916) 939-6088
scotte@center.uscs.com


Ottawa Library fines people using unreliable automatic calling system

"Michael Slavitch, Consultant, (613) 781-9824" <slavitch@on.bell.ca>
Mon, 7 Nov 94 15:45:50 -0500
About two months ago I reserved a book at my local library. The library has
gone electronic in its reservation system.  You reserve a book, and when
your turn to receive it comes due a computer dials your home phone number.
If an answer occurs, it assumes you heard the message; if you do not pick up
the book in three days, you are fined $2.00.

Basically, this is what happened to me. Their computer called my number and
the phone went off hook, starting the meter running. For some reason my
answering machine did not pick up the message (I have an answering machine
and a fax modem hanging off the same line, but the fax modem is outgoing
only).

The RISK here is obvious, and I consider it nontrivial.  The librarian
insisted that the "system" is "reliable" and "almost always" works. Well, my
knowledge of datacomm says that if it does not always work it is not
reliable, and that they are fining people based on an assumption that the
message was received.

What's scary was the attitude of the librarian. Because she was told by
someone that the system works, she insisted that I had received the call. I
asked her for proof of that and she said that "the system said you got the
call, it must be true".  My attempt to describe the essence of data
communications and reliable communication fell on deaf ears, and she refused
to give me the name of her superior because "the system works and nobody
should complain about it."

Well, I am. I know that it is only two bucks, but the implications that
arise from misuse or overly trusting such a system are worrysome. What if
the government started issuing parking tickets or summonses in this manner,
or banks warning you of surcharges on financial transactions?  What if my
wife answered the phone and the book was "how to handle infidelity in you
marriage" :) (it wasn't).

So how do you handle two things:

 [One] An unreliable delivery system being assumed to be reliable.
 [Two] People placing trust in such a system.

Michael Slavitch, Software Design & Analysis Consultant, assigned to:
Bell SYGMA, Suite 250, 150 Elgin St., Ottawa, Ontario K2P 2C4, (613) 781-9824


Tele-Phoney

Javilk <javilk@netcom.com>
Mon, 7 Nov 1994 01:48:00 -0800 (PST)
                   Troubles with Tele-Phoney Systems

     Getting a wrong-number call in the middle of the night from another
human can be irritating.  We may hope that future telephone numbers
incorporate a check digit to reduce these errors, but I doubt they will.
     But let us first look at our "Telephone Neighborhood".  Do you have
any idea who or what exists in the 62 or so valid telephone numbers only
a slip of the digit away from yours?  (Area codes brings it up to about
80, but they are less often dialed.  Another problem.)  Apparently I
have several interesting entities in my telephone neighborhood. And with
most calls being dialed by embedded microprocessors and computers these
days...
     What prompts this observation?  Funny you should ask that...
     On Friday, after the close of business for the weekend, (as in, when
else?!) I began receiving a strange series of persistent wrong number calls
from one gentleman in my area code.  As I answered, I would hear the
"musique de telephon" of another ten-digit number being dialed.  Although
apologetic, the caller insisted he was trying to reach several very
different numbers in two adjacent area codes.  Soon others joined him in
reaching out and touching me with a number of different touchy toney loony
tunes, complaining that I was not the party of their choice; then retrying
the process with more diligence, and sometimes more stridence.  But no
matter the area code or number they dialed, they all rang my phone.
     Some investigation on my part revealed they all originated from the
same place, an apartment complex in a nearby city with a new PBX (Private
Branch Exchange,) telephone system. To save the dwellers money, (or to
line their coffers some more,) management had contracted with a private
(discount) telephone and cable company called "Western Telephone and
Television" (WTT) for a PBX with a feature called "least cost call
routing."  The physical PBX is a 6 x 4 x 2.5-foot box containing twin
680x0 processors for redundancy, each with its own hard drive, and each
running a proprietary operating system called CORTELCO.  The box can
handle up to 500 telephone lines, although only approximately 300 lines
were hooked up at that particular site.
     Under normal circumstances, this PBX is programmed to quietly intercept
the dialed number, dial a five-digit access code (a 10-xxx number) on one of
several outgoing lines, and when the access number goes off hook (answers),
echo the number that the customer dialed; whereupon the long distance
service provider takes over.  However at this particular location, a
five-digit access code was not available, and so a full seven-digit access
code had to be used.  In other words, the system simply forwarded all calls
to another ordinary-looking phone number.  Unfortunately, the technician
inadvertently entered _my_ phone number while correcting a previously(!)
erroneous number.
     Hence, all long distance calls placed from that apartment complex
rang through to my number starting at 6pm Friday evening.
     This prompts some interesting observations:
     1. No caller ID is transmitted with the call,
     2. There is no handshaking between PBX and the service provider.
     3. Audio is immediately enabled upon completion of number dialed.
Speculations:
     1. All accounting probably resides in the PBX
     2. Most billing info and programming is done via modem.
     3. Anyone with the seven digit access code...
            ...has unlimited free telephone service.
Kind of makes you wonder what the fraud rate is in this industry, and how
much is added to the average telephone bill to offset it. (No, I did not ask
what number the computers were trying to call or I'd be their prime suspect!)
     Of course, once awakened, Murphy did not stop there.  WTT's emergency
pager number had been _Disconnected_. Nor could Pacific Bell Information
find any local phone number for WTT.  When I finally got the correct number
from the apartment manager and called WTT, their automated attendant / voice
mail system kept telling me to dial 0 for their operator (receptionist),
then complained this and other automatically suggested extension numbers,
were not valid.  Whereupon the default error message, of course, again
instructed me to dial 0 for the operator.  (This kind of looping appears
rather common in corporate automated attendant systems.)  Eventually some
error count was exceeded and at least _this_ computer had the sense to hang up.
     The RISK of not checking your telephony systems for message loops, old
numbers, etc. is looking like a corporation of idiots.  Not to mention a
telephone company not having a publicly listed telephone number!  [I think
we now might understand WHY!  PGN]
     (My favorite ploy in the case of such loops and lockouts, is to look
for a Smith or Jones in their audio telephone directory, and inform him that
his company is losing thousands of dollars in sales because the telephone
system will not let callers speak to a human being; then ask he pass my
number on to an appropriate party.  Few ever bother.  They must think it's
not their job to help their company be profitable.)
     Finally, The local Bell Systems affiliate repair service (good old
611) told me that the RISK of harassing innocent telephone subscribers, as
they agreed WTT's automated equipment was clearly doing, was having
telephone service to their equipment, and thus the entire apartment
complex, disconnected.  (Probably by Monday...)
     But of course, Murphy being who he is, Repair could do nothing right
now. And in retrospect, they really could not do much.  Repair directed me
to several different Pacific Bell departments, each with its own 800 number,
but all of which had an identical automated voice issuing identical
instructions.  The RISK of using identical messages (computer voice
screens?) is having customers think they are reaching the SAME number.  For
all I know, I may have been!  Eventually, the chain of "if you have... then
call 1-800-..." messages, which are heard after one finds one's situation is
not on the menu, reached a recorded message informing me to call the local
police to handle the situation.
     Is the RISK of having electronic equipment becoming deranged, with no
obvious "OFF" switch, having it SHOT by law enforcement officials?
Something equipment designers really ought to think about!
     After numerous complaint calls to the apartment manager, WTT, and
Pacific Bell by apartment residents, Pacific Bell, the apartment manager,
and myself, a WTT technician entered another set of access codes into the
system.  The calls ceased shortly before noon, Saturday.  I received a long
and very apologetic call from the technician.  We ended up discussing the
operational details of the PBX.  The technician also checked the voice-mail
looping problem and reports they will have to completely reconfigure their
company office's automated attendant system to avoid the "dial operator"
loop problem.

               The RISKS of Busy Telephone Neighborhoods

     The people at the Misdialing Gardens Apartments were more polite than
those involved when Coca Cola published my number as their in-warranty
emergency repair number three years back.  Now I say that I can fix almost
anything (and often do), but those people insisted I fix their Coca Cola
machines _Right_NOW_For_FREE since soda was usually spewing forth onto the
carpet, etc.  Complaints to Coca Cola Corp.'s headquarters met with
Persistent Insistence that my number was Indeed _The_Correct_Number_ for
their in-warranty repair service.  They kept looking it up in their
corporate directory and their computers, and telling me it "The computer
says that _IS_ The Correct Number, so stop bothering us!"  (I couldn't seem
to get a VP's secretary to understand the true nature of the problem.  And
of course, she would NOT pass me on up the line because _I_ was
_Obviously_Wrong_.)  After a few go-arounds like that with Coca Cola's
Headquarters, I just gave up and chanced my number to an unlisted number
without a forwarding reference.  It only cost me several hundred dollars to
change stationary and notify all my clients...
     ... Some of whom had recently changed their fax numbers...  And
since I usually set up a computer to send these overnight...  Well, I
guess I just had all those "favors" returned this past week end!

                      The ADVANTAGE of Call Return

     I still get calls at all hours, but not as often; the present phoney
phone callers all hang up when they hear a human answer, making one think of
burglars trying to see who is home, or the odd former acquaintance,
ex-spouse, or ex-employee who might have traded a few marbles for some lead
pellets.  When I ordered call return to investigate this problem, the
Pacific Bell representative told me to call these phoney callers back and
say "I am working with" (not for) "the telephone company to determine why
people call this number."  The responses revealed that my current number in
the slipped digit neighborhood of a touch-tone-based Automatic Bank
Information system.  If I politely return those phoney phone calls, I can
keep the number of calls down to two or three a month as opposed to the
original three or four a week.  (Not to mention retain my peace of mind!) I
guess people do learn.
     Don't call me, I won't call you!  Please!

     Several individuals have commented that someone less ethical might have
set up one of those $95.99 voice mail cards to ask for the caller's account
and PIN numbers, then apologize for the rest of the computers being
unavailable.  In effect, a telephonic analog of a terminal with a phony
login screen.  Which reminds me of...

              The RISK of Borrowing Time Sharing Programs

     Back in college, some twenty two years back (seems like yesterday!), I
had been assigned the task of catching a student who was using a phony log
in-screen to steal account numbers on CPS, the time-sharing system which ran
on UConn Research Computer Center's IBM 360.  CPS (Conversational
Programming System) was an interactive PL/1-like variant of BASIC. In one
evening, I was able to cobble together parts of a utility program I was
writing to create a 1,400-line PL/1 program which performed a brute force
search over the CPS saved program hierarchy for the word "login".  (Not so
easy since CPS used its own file format, saving programs and data in
tokenized form; but my utility already scanned comments for expiration
dates.)
     It turned out that the offending programs were saving themselves with
the captured login data stored in arrays.  As in interactive BASIC, the
miscreant could query these arrays without executing the programs
themselves.  I "de-initialized" the arrays and subtly damaged the programs.
An "On Error" statement was used to activate a few new lines near the end of
the program to message the main operations console whenever the programs
were either run OR the now invalid array elements were queried.
     Several nights later, I arrived just in time to join two other staff
members as they ran across campus to catch an unexpected second miscreant.
She later managed to convince the powers that be that she was not The Real
Miscreant; but had "merely borrowed a program to see how it worked." I
always wondered about that.  Did you really do it, Ellen?  Or was it really
the other fellow?
     The RISK of stealing time-sharing programs is stealing Booby Traps.

-JVV-


Risks of assumption (Carasso, RISKS-16.52)

Tom Swiss <tms@tis.com>
Tue, 1 Nov 94 15:18:19 EST
     First, I'd like to disagree with Mr. Carasso's belief that user
confusion due to a lack of standards in control layout is "stupidity". It's
very easy for users to develop an automatic patterns for some frequently
performed operation, and then repeat that pattern in a circumstance where it
is not appropriate. For instance, I've developed a habit of hitting
Control-X Control-C y to exit emacs and confirm it's "Save file foo? (y or
n)" prompt. Then I went to use an editor that, upon exit, prompted something
like "File foo not saved - really quit? (y/n)" My fingers were running the
emacs pattern and hit "y", thinking that that meant to perform the save,
when in fact it meant to exit without saving. I can very easily imagine a
long time PC user whose fingers get ahead of his brain, confuse the floppy
eject with the power switch, and shut the machine off.

     I'd also like to question his assumption that if you made such a
mistake, you "obviously just got your Mac, there's little of value on it,
and it's unlikely that anything damaging will *really* happen." It seems to
me that to properly assess the risks of such a situation, one should always
assume a worst-case scenario.

     So what kind of "what-ifs" can we add to this situation?

     In the worst case, safety critical equipment might be controlled by
that Mac. (Yes, we know that there should be a protective cover over that
switch in such a case, but I'll bet you a nickel there's a system out there
right now that could hurt someone if such down at the wrong time and is
without such a cover.) That's a obvious risk.

     Less obvious is the possibility of losing very important data. To take
an example from my own experience, I was forced to do my first extensive
Macintosh work (aside from some light word processing at an old job) for a
robotics class Programs were compiled on the Mac and downloaded to the
controller board. We saved our work on floppies so we could move the work
between any one of several Macs.

     Much of the work (at least for my team) turned out to be trial-and-
error setting of various constants. It might take a dozen compile-download-
test cycles to find a good value for one such constant. I can just imagine
the horror, the wailing, and the gnashing of teeth had one of us gone to
swap floppies to save some bit of work and, operating on auto-pilot (as is
known to happen when you're working at some ungodly hour to meet a
deadline) hit the power switch and sent that work to the bit bucket.

-Tom Swiss / tms@tis.com


Re: CMU blocks access to nasty newsgroups

<Bob_Frankston@frankston.com>
Mon, 7 Nov 1994 10:23 -0400
A few months ago I responded to a similar issue on another mailing list. As
a parent, I can appreciate the problems with adding to the burden of
parental responsibility in presenting one more threat we must shield our
children against.

The real question is how to prepare children for a world in which censorship
is not viable -- how to make them better participants in a world rich in
information and sleaze. Which is which is often a matter of personal
opinion.  Ultimately they will have to make the judgment of how to handle
it.

I realize that there are lots of issues here and that the mere presence of
objectionable materials does open organizations up to harassment suits. But,
ultimately, this country has made a bet that open access to information is
the better option. Other countries have more or less censorship on various
issues and are no longer across a wide ocean.

This does mean that one (as a parent, educator, whatever) needs to try to
teach that not all information available is valid or representative of the
real world.

But some information can be real and disturbing. At one point while I was in
elementary school, I had a great fear of news -- especially international
news. Considering that it was in the 50s and duck and cover was a part of
the curriculum and one standard topic was how big an H-bomb it would take to
reach our school if it landed (precisely?) at Columbus Circle in New York,
this was not totally irrational.

But is it better to grow up in a world unprepared, without an immune system?


RE: CMU blocks access to nasty newsgroups

Arthur Hicks <ahicksii@netcom.com>
Mon, 7 Nov 1994 09:13:11 -0800 (PST)
"Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com> wrote of attempts to
resolve the problem of access by children to possibly unsuitable sexual
material in certain USENET newsgroups.  I would like to respond, as a
seemingly responsible parent, with some examples of real parental controls,
and real parental concerns about this issue.  In our case the family MODEM
is hardwired to a separate local-only phone line, somewhat reducing the
scope of possible teenage computer activities, but Internet is another
matter.  I have applied suitable access limitations to my son's AOL
sub-account, and my kids are never allowed any visual access to my
passwords.  My kids have also freely discussed these issues with me, and can
be expected to understand them to the degree that they are willing to
understand them.  To that extent I don't worry about my kids and their
activities.  I am concerned however, with the very real problem of adult
human "predators" who seek out congregating kids, whether it be outside the
neighborhood convenience store or on the Net.  It is a mistake to think that
"good", intelligent kids can necessarily resist or even be aware of the
attempts of an experienced adult "predator" to do them harm.  This is why I
remain concerned about the issue of suitable Net access for kids.  The
article by Mich Kabay appears to trivialize the real concerns of parents who
are trying to be responsible about giving their kids access to contemporary
tools, but also wish to avoid unreasonable risks to the well-being of their
children.  Art Hicks


CMU and Newsgroups (Kabay, RISKS-16.53)

Jim Huggins <huggins@eecs.umich.edu>
Mon, 7 Nov 1994 15:21:20 -0500
Mitch Kabay comments at length about CMU's decision to block access to
alt.sex.* et. al. on its computer systems.  Mitch's comments focus
mostly upon access, calling for finer grains of access to the Internet
rather than total vs. no access.

While Mitch raises good points, they really don't address CMU's
dilemma.  The following is an excerpt from the official on-campus
announcement of the change:

    Pennsylvania laws prohibits us from carrying bulletin boards
    that are known to be used for the distribution of sexually
    explicit or obscene material.  It is against the law for
    anybody to knowingly distribute sexually explicit materials to
    people under the age of 18, or obscene materials to people of
    any age.  [...]

    [T]he only criterion that will be used when considering the
    withdrawal of a bulletin board is that either the intended
    purpose for which it was established or its primary use
    (majority of the posts) makes it illegal for Computing
    Services to provide access to the bulletin board.

(N.B. Usenet groups at CMU are usually called bulletin boards.)

This isn't really an issue of whether minors can get access -- the
vast majority of students at CMU are over 18, anyways.  The problem is
that obscene material cannot be distributed in PA, regardless of the
age of the recipient.  And so CMU needs to find a way to obey the law.

In some ways, this is already the finer-grain access that Kabay
suggests.  CMU isn't going to monitor every newsgroup for obscene
materials; it simply will eliminate those newsgroups where such
material is the most prominent.

Of course, whether or not local definitions of obscenity make sense
anymore in a global infobahn is another question entirely, and one
in which I'm still undecided.

Jim Huggins (huggins@umich.edu)


Re: CMU blocks access to nasty newsgroups (Kabay, RISKS-16.53)

Harry Rockefeller <harryr@ssd.fsi.com>
Mon, 7 Nov 94 13:41:33 -0600
Mich seems to discuss only one of three problems here.  He notes that
there is material suitable for adults but not for children.  He
correctly notes that it is the parent's responsibility to build a
suitable barrier.

The other two issues of "censorship" he did not discuss are: 1) Highly
offensive material not suitable for anyone, and 2) Any material
offensive to a payer.

In category 1) may be child pornography, or bestiality pornography.
The material (at a state or more local level IMO) may be simply ruled
illegal.

In category 2) Realizing that CMU receives tax funds we should ask if
any of these tax funds pay for Internet?  If yes, then a case may be
made to eliminate several newsgroups because they are offensive to
some segment of the taxpaying public.

Harry Rockefeller  FlightSafety International, Simulation Systems Division
Broken Arrow, OK 74012   harryr@ssd.fsi.com   (918) 251-0500

Please report problems with the web pages to the maintainer