The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 16 Issue 55

Weds 9 November 1994

Contents

o EMI and construction cranes
Steve Summit
o Postscript FAX Security Hole
Mike Crawford
o Hardware-borne Trojan Horse programs
Chris Tate
o Risks of posting warnings with the wrong time or date
George Swan
o Existential risks of computer systems
Ian Horswill
o E-Signatures
Benjamin Wright
o Re: Suitable for whom?
Jon Green
o PBX at Large? [Re: Tele-Phoney]
Stephen Bogner
o Re: Parental Responsibility
Mich Kabay
o Re: Ottawa Library fines people ...
Erik Jacobsen
Daniel P. B. Smith
o Info on RISKS (comp.risks)

EMI and construction cranes

Steve Summit <scs@eskimo.com>
Tue, 8 Nov 1994 12:31:17 -0800
An article in Friday's *Seattle Times* (Nov. 5, 1994) reports that
"Microwave interference has stalled crane operations on the $74 million
Seattle Center Coliseum renovation project."  Broadcast towers on nearby
Queen Anne hill and consumer microwave ovens on the same hill are suspected,
but "`I don't know if we'll ever be able to pin that down,' said Jack
Donovan, construction manager for PCL Construction Services Inc."
Continuing from the article:

  ...when the crane operator tried the [crane's] electronic controls, they
  didn't respond correctly and haven't worked since, Donovan said.  He
  didn't think the problem would delay the project...  "Obviously, it's an
  inconvenience, but to this point we've been able to use alternate means to
  work around it," he said.
    The crane operators are testing filters or shields around the controls
  to ward off microwaves.  Electronic specialists were called in to work on
  the problem yesterday.

Steve Summit scs@eskimo.com


Postscript FAX Security Hole

Mike Crawford <crawford@scipp.ucsc.edu>
Tue, 8 Nov 1994 21:55:12 -0800
I recently bought an Apple LaserWriter Select 360.  While I wanted a laser
printer anyway, I chose that particular model because it can accept a
Postscript FAX card.  I want to make a FAX/Email gateway that can send high
quality faxes - one can mail a postscript file to the gateway, and a high
quality fax will be transmitted.  If one has the good fortune to be
addressing another PS fax, the postscript is transmitted instead of the fax
codes, for extra high quality.

But there's a big problem: PS is a programming language.  This would allow
people to program my laser printer via e-mail!  People could do such things
as change the printer password remotely.  If one used a printer with an
attached hard disk, one could mail in a command to erase the disk.  Oops.

Would anyone know whether this has been considered under the postscript FAX
standard?  It seems to me it would be a problem for just regular PS faxes -
one would just hack it over the phone line from another PS fax machine.

Can you imagine someone putting letter bombs in public domain clip art?  Eek!

One could disable certain commands, and do save/restores, of course, but it
is possible for postscript to be quite obtuse, and every printer has a number
of undocumented postscript operators that would be hard to guard against in
any general way.

Mike Crawford  crawford@scipp.ucsc.edu  crawford@maxwell.ucsc.edu


Hardware-borne Trojan Horse programs

Chris Tate <FIXER@FAXCSL.DCRT.NIH.GOV>
Tue, 8 Nov 1994 12:34:36 -0500 (EST)
I had an unpleasant experience this past weekend, and I imagine some other
readers of RISKS will find it interesting.

I recently purchased an Apple Macintosh computer at a "computer superstore,"
as separate components - the Apple CPU, and Apple monitor, and a third-party
keyboard billed as coming from a company called Sicon.

This past weekend, while trying to get some text-editing work done, I had to
leave the computer alone for a while.  Upon returning, I found to my horror
that the text "welcome datacomp" had been *inserted into the text I was
editing*.  I was certain that I hadn't typed it, and my wife verified that
she hadn't, either.  A quick survey showed that the "clipboard" (the
repository for information being manipulated via cut/paste operations)
wasn't the source of the offending text.

As usual, the initial reaction was to suspect a virus.  Disinfectant, a
leading anti-viral application for Macintoshes, gave the system a clean bill
of health; furthermore, its descriptions of the known viruses (as of
Disinfectant version 3.5, the latest release) did not mention any symptoms
similar to my experiences.

I restarted the system in a fully minimal configuration, launched an editor,
and waited.  Sure enough, after a (rather long) wait, the text "welcome
datacomp" once again appeared, all at once, on its own.

As a next step, I contacted John Norstad, the author of Disinfectant, and
one of the international response team for dealing with new Macintosh virus
sightings.  Very promptly I received a response, which I shall quote here in
its entirity (it's brief):

> Yes, we have heard of this. It's a practical joke in the ROM code in some
> third-party keyboards. The only solution is to get your bad keyboard
> replaced.

I was furious.  Apparently there are hardware products on the market which
have embedded "Trojan Horses," programs which affect the operation of the
system without the user's consent (or knowledge!).

I have returned the keyboard to the store where I purchased it, and I plan
to contact Sicon about the problem.  The potential for abuses in computer
systems here is apparent, especially when the system involves "intelligent"
peripherals - such as many popular types of disk drive, Apple Desktop Bus
devices (such as the offending keyboard), and so forth.

John Norstad informs me that he has little knowledge of the extent of this
particular problem, other than the fact that he has received quite a bit of
mail from people who have been bitten.  What is almost as disturbing as
having fallen prey to this particular joke is the lack of information about
it - I can't find any mention of such a problem in any of the USENET Mac
newsgroups' "Frequently Asked Questions" compilations, although those FAQs
*do* mention viruses and how to deal with them.  It definitely seems to me
that people ought to be made more aware that this sort of thing is
happening.

Christopher Tate   fixer@faxcsl.dcrt.nih.gov   eWorld:  cTate


Risks of posting warnings with the wrong time or date

George Swan <gswan@io.org>
Tue, 8 Nov 1994 19:22:50 -0500
In the fall of 1990 a bomb threat was phoned in to the Waterloo (Ontario,
Canada) Regional Police.  The threat said that a number of bombs had been
placed in various buildings on the University of Waterloo campus.

There was a recent discussion of this threat in alt.folklore.college.  I
posted a followup to this discussion.  I thought I would post a shorter
version for risks readers.

The entire campus was evacuated.  It took several hours, as the University
had no central public address system.  The threat turned out to be a hoax.
The news was circulated around the campus via a "phone-tree" and word of
mouth.

I knew a few more details about this incident because the day before the
bomb scare I had a long discussion with a young hot-head, who had said
something stupid, and I had reported him to the campus police.

The young hot-head had been a devoted reader of the newsgroup
"alt.sex.bondage".  He was furious with the Dean of Computing because he had
banned this newsgroup from all the campus computers.  During the course of
our discussion he said, "If I had a copy of 'The Anarchist Cookbook' I'd use
it to bomb Johnny Wong's office!"  (Dr. Wong was the Dean of Computing.
'The Anarchist Cookbook' is a how-to book on sabotage techniques, including
how to build bombs.)

I reported his threat to the campus police.  During my discussions with the
campus police I learned that the their big lead concerned the rash of news
articles that had been posted to the newsgroup "uw.general" the afternoon of
the bomb scare.

The campus police had arranged for someone to print out the news articles
that concerned the bomb scare.  One of the posts seemed to have been posted
prior to the reception of the phone call that initiated the scare.

The risk?

I am sure that none of the people posting messages warning others of the
scare gave a moment's thought as to whether their system's clock bore the
correct time.  I am sure they would be quite surprised to learn that they
had become suspects.  (Fortunately wiser heads within the University's
Department of Computing Services were consulted first.)

There are some other risks I would like to comment on.  When the bombs
didn't go off as scheduled, the campus police were asked to check the
campus.  By the time I had my interview with them, the campus police had had
a number of resignations.  It seems to me that to do a proper job of
checking the campus would require a regiment of combat engineers.

In my opinion, a phone-tree is not sufficient to meet this threat.  The
threat gave about four hours notice, and it took close to three hours to
clear the campus.  What if it had been a real bomb with only two hours
notice?  What if it had been a spill of toxic waste?

A recent risks digest said that CMU had recently announced bans of various
newsgroups.  Let's hope that none of CMU's administrators receive any
threats.


Existential risks of computer systems

Ian Horswill <ian@ai.mit.edu>
Tue, 8 Nov 1994 18:12:42 -0500
The hotel I was in last weekend had a nifty video-based message system.
They had the standard spectra-vision pay-per-view interactive video hardware
in the rooms so they set it up so you could review your bill, check out, and
collect your messages using your TV and remote control as a terminal.
Pretty nifty.

So one night, I get back to my room and press the "check messages" button.
After a longish pause, my TV greets me with the message:

  "We're sorry, but the hotel records indicate that this room does not
   exist.  Please contact the front desk if this is not the case."

At first, this caused a sort of Sartrian crisis within me, but then I
relaxed.  According to the hotel phone directory, the front desk didn't
exist either, so I was obviously in good company.

P.S.  It would seem that someone inadvertently checked me out.

   [Or else the database was inaccessible; your hypothesis suggests
   that someone checked out the front desk as well.  PGN]


E-Signatures

Benjamin Wright -- Attorney ^ Counselor - Dallas <bwrigh01@reach.com>
Sat, 5 Nov 94 23:28:24 EST
  [This is an elaboration of an earlier RISKS item, which also appeared
  in a revised form in the October 1994 Communications of the ACM.
  PLEASE contact Ben if you want the entire article.   PGN]

          ALTERNATIVES FOR SIGNING ELECTRONIC DOCUMENTS
                       By Benjamin Wright

Hospitals, banks, insurance companies and other organizations are looking to
replace paper with electronic documents, but they need a way to "sign" those
documents for legal and control purposes.  This article considers the
practical features of two alternative signing methods: smart-card based
public-key cryptography and PenOp, a pen computer technology that captures
handwritten autographs.  The article argues that PenOp holds certain
advantages in that it does not require the signer to

*  retain a token or smart card;
*  remember a password;
*  register with a bureaucratic certification authority; or
*  depart from the custom of signing with an autograph.

PenOp also does not require the receiver of a signature to use
technology that is compatible with that used by other people.


Suitable for whom? (Rockefeller, RISKS-16.54)

Jon Green <jonsg@hyphen.com>
Tue, 8 Nov 1994 06:04:01 -0500 (EST)
> The other two issues of "censorship" he did not discuss are: 1) Highly
> offensive material not suitable for anyone, and 2) Any material
> offensive to a payer.  [...]

The concept of (1) frightens me.  There is _no_ material unsuitable for
_anyone_, however repulsive a majority might consider it.  By definition,
_someone_ wants it, otherwise it wouldn't exist.  Who decides what's
unsuitable?  How often do open-minded individuals make the choice?
It's usually made by a self-elected "moral majority" type, or a
committee afraid of possible legal action initiated by the same.

The Internet is, and always has been, self-policing.  If someone posts
material considered by the vast majority to be utterly offensive, mass
action ensures that the poster is effectively put out of business.  That,
not a "policy decision" made by someone _we_ didn't choose to represent us,
is the best way of dealing with socially unacceptable net use.

Once we permit certain limits upon our expression, we tacitly accept that
further limits can be placed.  I'd rather be free to express my opinions.  I
don't defend child abuse (or indeed animal abuse), but these are emotional
arguments used to manipulate us into accepting the first of many serial
limitations on our freedom to contribute to, and to enjoy, the Net.

Jon S Green


PBX at Large? (Re: Tele-Phoney, Vilkaitis, RISKS-16.54)

Stephen Bogner <sbogner@dres.dnd.ca>
Tue, 8 Nov 1994 14:46:35 GMT
A couple of years ago I checked into a hotel in Mississauga (near Toronto)
that had just had its PBX stolen.  As I struggled through a week in a
strange city without a telephone, I could not for the life of me understand
why someone would steal a PBX, but I guess now I know....

Stephen Bogner  (DRES/DTD/MES/Vehicle Concepts Group)     sbogner@dres.dnd.ca
(403) 544-4786  DRE Suffield; Box 4000; Medicine Hat, Alberta; Canada T1A 8K6


Parental Responsibility

"Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com>
08 Nov 94 21:53:18 EST
Dan Weinreb <dlw@odi.com> wrote:

    Exactly what does "parental responsibility" mean to you?
    That the parent should keep the child off CompuServe
    entirely?  That the parent should sit behind the child
    during every moment that the child uses CompuServe, to
    supervise what he or she does?  That any good parent
    would have a child so obedient that if the child is
    told "Do not look at this newsgroup and that newsgroup",
    the parent can be confident that the child will simply obey?
    Please enlighten us.

What an odd list of possibilities to propose for "Parental Responsibility."
What about

    "That parents should spend time with their children discussing
    their (both parents'; and children's) interests and activities
    and exchanging views in a mutually respectful atmosphere?"
or
    "That parents have a right and an obligation to express their
    love for their children in many ways, one of which is the clear
    discussion of their values?"

Certainly the words "Parental Responsibility" do not by definition imply
support for authoritarian personality traits nor do they suggest the
exercise of simple-minded credulity as useful parenting skills.

As part of the National Computer Ethics Responsibility Campaign, Dr Peter
Tippett has prepared the following document which addresses these questions.
None of the suggestions, in my opinion, suggests that families become training
grounds for a police state <g>.

    ============================ %<>== ===============================

Computer Ethics Campaign Information and Article

TEN QUESTIONS PARENTS SHOULD ASK THEIR CHILDREN

Peter S. Tippett, Ph.D., M.D.
Symantec's Peter Norton Group
Board Member, Computer Ethics Institute

1. Do you legitimately own all of the software, games, and programs
 you have or use?

Software Piracy, Clarifying Questions:
 Are any of your programs or software bootlegged or pirated copies?
 Where are the manuals, boxes, license agreements for the programs
 you have or use?
 Where did you get that game? (program?, floppy?, software?)
 When programs first start running on your computer, whose name
 comes on the screen as the "owner" or "licensed-to."

2. Where did the contents of your report / project / homework come
 from -- does any of it belong to someone else?
 Did you write/create/author what you're passing off as your own work?
 Where did you get the text and images you're using?
 If you copied text and images from another source, did you have permission?
 If you didn't need permission from the "owners" of the information
 you're using, did you credit them for the material?

3. Do you ever use other people's computer, disk-space or
 processing capability, or look at or copy their files or
 information, without their knowledge or permission?

4. Do you have any prank programs, computer viruses, worms, trojan
 horse programs, bombs, or other malicious software?
 Malicious Software:  Clarifying Questions:
 Do you use bulletin boards or systems that contain these things, or
 have friends or acquaintances who do?
 Do you write or create any software like this or deal with people who do?

 Malicious Software: Explanation of the Problem

5. Do you have any computer graphics files, clips, movies,
 animations or drawings that you would be embarrassed about?
 Do you have them legitimately (Piracy)
 Are they things you would be comfortable showing me?  Showing your
 grandmother?
 Do you have any pictures, video clips, sound clips, articles, text,
 or other software or files which contain pornography, violence,
 dangerous instructions other distasteful material?
 Do you access or view any of these kinds of things when using the net?

6. Do you have any newsletters, plans, guidelines, or "how-to"
 documents or files that you would not be comfortable showing to your mother?
 Making Bombs, breaking into systems, stealing telephone access,
 stealing computer access, stealing passwords, pornographic or
 violent text, guides, descriptions, ......
 Do you create, contribute to or receive anything like this?

7. Do you ever connect your computer to a telephone, use a modem,
 or otherwise use a network?

Clarifying Questions:
 Do you use E-Mail (electronic mail)?
 Do you use Bulletin Boards (BBS) (electronic bulletin board systems)?
 Is your computer ever connected to other computers?
 Do you use a Modem?

Explanation:
 There is nothing either unethical or illegal about using networks
 or connecting computers to telephones.  But, you should be aware
 that when computers are somehow part of a computer network, then
 they are not just used for "computing," but also for
 "communication" in a very broad sense of the word.  Since
 "communication," by definition, always includes someone else, and
 since ethics, or lack of it, relates mainly to our interactions
 with others, the networking of computers, by any means, leads to
 many, many more potential ethical dilemmas for a computer user,
 than non-network computing.
 The Questions above this one are all possible with both networked
 or non-networked computers.  Whereas the questions below this
 mostly make sense for people who use networked computers.  But,
 even for those issues related to the questions above, being
 connected to a network makes it easier to stray into trouble.

8. Who do you associate with when you use the Net?
 BBS, Internet, CompuServe, Delphi, Fidonet, America On-line...
 E-Mail, Discussion Groups, Gangs, Influence
 Just as you would like to steer your children (and friends) away
 from bad influences in their daily lives, so should you attempt to
 discern the character of their cyber-friends

9. Do you ever use an assumed name, a handle, or an alias  instead
 of your real name?
 Do supply a false information about yourself when using a bulletin
 board, a news group, a message group, or forum, any part of the
 net, or when using e-mail or when otherwise communicating?
 Do you use your real age & sex when communicating with your
 computer?
 Do you use any false information like addresses, or phone numbers
 or use someone else's credit card number when using your computer?
 Do  you ever send messages or e-mail in such a way that the
 recipient cannot tell that you sent it?
 Have you ever modified data, text, messages, or other computer
 information so that it looks like someone other than you created it
 or made the changes?
 What are you trying to hide by not using your real name?
 Are you trying to pretend you are something or someone you are not?

10. Do use telephone, video, cable-TV, computer network, bulletin
 board, or other network services without paying for them?

    ============================ %<>== ===============================

The National Computer Security Association (NCSA) and the Computer Ethics
Institute are co-sponsors of the National Computer Ethics and
Responsibilities Campaign (NCERC).  Information about the NCERC can be
obtained in a dedicated display area, GO CETHICS, on the CompuServe
Information Service.

In addition to the display area, NCSA has established a section within the
NCSA InfoSecurity Forum (GO NCSAFORUM) for discussion of issues and concerns
relating to ethics and privacy.  Your involvement is encouraged!

The NCERC Guide to Computer Ethics has been developed to support the
campaign.  All files within the guide are available as individual files
within Library 2 of the NCSA InfoSecurity Forum.  In addition, the guide
(including 16 informative articles) is available as a paper document.  If
you are interested in receiving more information about purchasing this
document, and providing support for the campaign, send your request via
EMail to:

   74774.1326@compuserve.com

M.E.Kabay,Ph.D./DirEd/Natl Computer Security Assn (Carlisle, PA)


Re: Ottawa Library fines people using unreliable ... calling system

Erik Jacobsen <ej@dec5102.aarhues.dk>
Tue, 8 Nov 94 13:29:49 WET
Michael Slavitch (RISKS-16.54)

>About two months ago I reserved a book at my local library. The library has
>gone electronic in its reservation system.  You reserve a book, and when
>your turn to receive it comes due a computer dials your home phone number.
>If an answer occurs, it assumes you heard the message; if you do not
>pick up the book in three days, you are fined $2.00.

There is also the possibility that a child picks up the phone, and before
daddy or mommy gets to the phone, the information about the reserved book
has been told to the child.

If the librarian does not accept a technical explanation (answer
machine/faxmodem), this scenario should convince them that there is a
problem.

Erik Jacobsen, ej@aarhues.dk


Risks of misjudging reliability of delivery systems (Slavitch, .16-54)

"Daniel P. B. Smith" <dpbsmith@world.std.com>
Wed, 9 Nov 1994 19:55:26 +0001 (EST)
Michael Slavitch asks:
>So how do you handle two things:
> [One] An unreliable delivery system being assumed to be reliable.
> [Two] People placing trust in such a system.

I don't know.  I have certainly been aware of small problems, ranging from
nuisances to misunderstandings to hurt feelings, arising from the
following assumptions many people make about the telephone system:

a) Each "ring signal" you hear is synchronized with the actual sounding of
the bell (or electronic warbler) at the dialed instrument.  Corollary: if
you have heard four "rings," the party you are calling has heard four rings.
Second corollary: if you have heard twenty rings, it cannot possibly be the
case that the telephone you're calling did not ring at all; either nobody
was there or they heard the bell and decided not to answer.

b) A cyclic buzz is a "busy signal" and means the instrument you dialed
is off-hook, i.e. there's a strong presumption that somebody is there.

Telephone books once described these signals and their meanings.  The
ones I use today do not.  I am sure this because the signals, which
once were reliable and informative "error messages," no longer are.

When there is no connection, the telephone system does not reliably signal
the reason for the failure.  Overloaded system may deliver rings ("no
answer") rather than busy signals for off-hook phones.  They may deliver
busy signals for phones that are actually on-hook (and, no, it is NOT always
a distinguishable "fast busy.")  I'm not aware of serious problems resulting
from this, but one could construct scenarios in which the risks were
significant.

Daniel P. B. Smith  dpbsmith@world.std.com

   [Actually the synchronization is not precise.  You may have noticed
   calling someone and having them answer without your hearing a ring.
   A slight delay is common on LONG-distance calls.  PGN]

Please report problems with the web pages to the maintainer