The RISKS Digest
Volume 16 Issue 90

Tuesday, 14th March 1995

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


E-Mail Apology from Prodigy
Kiosk prototype fails to deliver in trial run
Bob Frankston
Automatic return fire
Michael J Zehr
Internet providers raided
Kevin Yeung
Internet-Finland Privacy
Lars Arnkil via Bruce Baker
Re: Consumer Electronics Problems
Willie Smith
Mitnick Stole "SATAN" Security Software
Re: PGP Moose
Jerry Leichter
Re: Microsoft and Lotus spreadsheet errors
Steve Bellovin
Ken Tindell
The source of semantic content: followup
Erann Gat
Re: Can Pakistan Eavesdrop in America?
Laurence R. Brothers
John R. Moore
Marc Horowitz
Info on RISKS (comp.risks)

E-Mail Apology from Prodigy (Edupage 12 Mar 1995)

Edupage <>
Sun, 12 Mar 1995 18:24:47 -0500
A software glitch caused Prodigy's mail system to send 473 E-mail messages
last Friday to wrong members and to lose 4,901 messages on the Internet.
The mail system was shut down for five hours, and Prodigy apologized to its
members for the malfunction.  (Atlanta Journal-Constitution, 11 Mar 1995, B3)

Kiosk prototype fails to deliver in trial run

Sat, 11 Mar 1995 16:49 -0500
This is a short piece from *The Boston Globe*, 11 Mar 1995, by Michael
Putzel.  Apparently the Post Office is planning to deploy Iway kiosks. The
prototype appears to be a quick hack, a Silicon Graphics Indy (do I hear,
overkill?)  with a touch scree and, apparently, a web browser for getting
around. The article itself didn't tell which technology was being deployed.
This is a basic simple approach which I approve of. One of the problems was
a standard touch screen problem of having to position one's finger
correctly. More interesting was the attempt to get information from the
Social Security computer. "It seems that the agency had changed the name of
its computer without telling the Postal Service".

This fits my assumption that it is a web browser. The risk is a standard one
of deploying a new technology while it is evolving. Many of the initial web
pages are going to fade from the lack of interest in supporting them. This
will disappoint those who expect a reliable mature service.

Beyond disappointing, however, it doesn't seem much of a risk and can be
handled by setting appropriate expectations. It will be more of an issue if
(a standard problem with the regulations limiting the Post Office) the
technology is widely deployed.

Automatic return fire

Tue, 31 Jan 95 18:06:20 -0500
>From CIO (February 1995):

Lawrence Livermore Laboratory is working on a system called Lifeguard to
help police (and who knows who else) identify from what direction they are
being fired upon.  The system was apparently developed in response to school
shootings where it isn't always easy to spot the shooter visually.  As
described in 'Government Technology' the system uses a special sensor that
emits "ammunition-identifying" signals and attaches to a rifle like a scope.
A computer tracks incoming bullets and locates the source.  "Anybody who
shoots at you from any direction would be immediately located and subject to
return fire," says Thomas Karr, head of the Lab team.

I'll leave to everyone's imaginations the risks of hooking a computer to
the trigger of a loaded weapon and using it near civilians.

-michael j zehr

   [This Lifeguard is completely different from the noneponymous
   McIntosh program noted in RISKS-16.72.  PGN]

Internet providers raided <Mr.Kevin.Yeung@HK.Super.NET>
Sun, 12 Mar 1995 13:57:57 +0800
Seven Internet providers in Hong Kong were raided by the Hong Kong Royal
Police, alleged to be operating without required licence and "hacking" other
computer systems.  All computer equipment was seized, and it was reported
that police was able to look at any file on the systems - all people's
private email and even commercial documents were at risk.  Police may close
down and check any Internet provider out again at anytime, and companies'
information is at risk if someone in police sells the information secretly.

Internet-Finland Privacy

13 Mar 1995 08:21:19 U
  [Edited and submitted to RISKS by "Bruce Baker" <>,
  with Lars' permission.  PGN]

Funny creature this Internet, and the people associated with it, especially
"journalist-researchers", as they call themselves.  Adding to the unusual
mixture recently here in Scandanavia have been the Scientologists and the
Police.  It would be funny to follow the intrigues if they were fiction, but
these are all too real:

Case  #1

  A Swedish journalist-researcher "reveals" that an Anonymous Finnish
Internet server has been spreading pedophiliac pictures.  It sounds like a
big Issue, but it is not true.
  The addresses within the pedophiliac-picture files were in fact forged,
and they didn't come via the anonymous Finnish server (owned by Johan
Helsingius).  This part of the news wasn't much publicized.
  It seems that the real pedophiliac-picture distributing server was a
British one.

Case #2

  Finnish Police receive a request from U.S. law enforcement authorities to
confiscate (real) user information from the Finnish Anonymous Server.  About
the same time, Scientologists claimed that someone had broken into their
system and was revealing "highly confidential" information via the Finnish
anonymous server.  Well, of course, the Finnish Police carried out a house
search and seizure to obtain real user information from the anonymous
server.  Then they promptly gave the information to the Scientologists!!!

Lessons, if any:

o Negative stories receive more press coverage than positive ones.

o Corrections are rarely seen by the reader, especially readers in other

o People, even Police officers, will act as if "The Party Which Brings Up
Some Claim/Issue" has been harmed and must be right.  They cannot see, that
some issues might be brought up under "legitimate cover" to serve other
purposes. This "legitimate" cover should be verified etc...and during this
process the Police shouldn't give information to the complainant.

Other thoughts:

Can this affect us?  Most definitely.  What if the Scientologists had made
the same charges against our banking system and had asked the Police to
reveal user information in our files?  And what if we had asked the police
to determine who has tried to break into our systems from this or that
address?  Should we have a right to obtain this information directly from
the Police (similar to your Procter and Gamble case several years ago)?

Lars Arnkil

Re: Consumer Electronics Problems (Hatton, RISKS-16.89)

Willie Smith <>
Sun, 12 Mar 1995 12:09:03 -0500 (EST)
>Has anybody heard of consumer electronic stuff being recalled because
>of software problems yet?

Typically they tend not to be acknowledged or recalled, as it would be
prohibitively expensive for the manufacturers, and they are used to walking
all over the consumers.  A couple of examples:

An older Sony 5-disk CD player had a shuffle play with a poor random number
generator and no memory of what songs it had played, it merely chose a disk
at 'random' and then a track at 'random' from that disk.  It would, for
instance, play disk 3 track 5, disk 2 track 8, disk 3 track 5, "rinse,
lather, repeat".  The "solution" was to ignore that function and (5 years
later) check carefully that Sony had fixed that bug before buying a new

Volkswagen had a bug in their Digifant-II electronic engine management
computer for a couple of _years_ that caused cold-start problems on hot
days.  It appeared that the computer was reading the engine temperature
sensor as "hot", so it didn't "put on the choke".  I actually had the
service manager at a VW dealer tell me that I had to keep my foot on the gas
of a fuel injected, computer controlled car for a minute or two after
starting to keep it from stalling[!].  The first-level fix was, after a year
and a half of so called 'service', replacing the computer.  The second-level
fix was switching car brands.  8*|

In both cases, the manufacturer was highly motivated to ignore the problem.
I would guess that a fair amount of the development of the CD player was
writing the software, and producing new CPUs, recalling the players, and
repairing them would have cost Sony more than developing a new player from
scratch and giving new ones to folks who complained about the old ones.
Volkswagen would have spent a small fortune recalling cars and putting new
computers in each, if only in the currency of opportunity cost (what they
spent in customer good will isn't really a subject for Risks).

When a software company produces a new product, they test it and run it thru
beta testing and such to ensure that it works properly.  When a hardware
company puts software into their product, they may not understand the
software, and take the developers word for it's quality.

Willie Smith

Mitnick Stole "SATAN" Security Software (Edupage, 12 Mar 1995)

Edupage <>
Sun, 12 Mar 1995 18:24:47 -0500
SATAN software (an acronym standing for Security Administrator Tool for
Analyzing Networks), which was developed by Dan Farmer of Silicon Graphics
to scan thousands of host computers on the Internet for security
vulnerabilities, was stolen by Kevin Mitnick, the computer cracker who was
arrested last month by the FBI and is now under indictment for 23 counts of
fraud involving computer use.  Mitnick broke into Farmer's account on the
WELL, a California Internet service provider.  Farmer says he has no way of
knowing whether Mitnick shared copies of SATAN over the Internet.  (The New
York Times, 12 Mar 1995, [City edition?] Sec.3, p.11; 11 Mar 1995, p.30)

Re: PGP Moose

Jerry Leichter <>
Fri, 10 Mar 95 15:19:57 EDT
Given the prevalence of Unix (aka broken) mail forwarders out there that
believe any occurrence of "From" at the beginning of a line can be "wedged" as
>From (did that arrive at your location as >From?  It left here unwedged.),
we are likely to soon have a new risk on the net: The risk of automatic
cancellation of all messages that happen to have the wrong four characters
at the beginning of some line.  People forwarding messages complete with
headers — beware!  Any "From:" lines you include are likely Moosebait!

Oh, yes, there are also some mail forwarders out there that will change any
line consisting only of a single "." to one containing "..".  There are no
doubt some that will make the reverse substitution.  There also appear to be
gateways around that will replace empty lines with lines containing a single
space, as well as gateways that do strange and wondrous things with spaces
at the end of lines.  Finally, there appear to be an increasing number of
programs that, under certain unclear conditions, use MIME's BASE64 encoding
in the midst of otherwise simple ASCII text - you'll see things like =20 at
the end of a line.

I suppose the underlying idea here is fine, but unfortunately an attempt to
build such a thing on top of the very chaotic and unpredictable world of
today's mail systems is to impose many non-obvious risks on users.

-- Jerry

Re: Microsoft and Lotus spreadsheet errors (Lauck, RISKS-16.89)

Sat, 11 Mar 95 19:09:03 EST
     Errors in financial calculations are not new.  When I worked
     at Autex, Inc.  in the early 70's I wrote a program to
     calculate bond tables.  I was told that my calculations,
     right or wrong, had to agree with a certain book that all the
     traders used.

Such problems are even older.  Fred Brooks tells a similar story from the
mid-1950's.  He was assigned to write a program to do billing for petroleum
delivered through a pipeline.  Now — the actual volume occupied by a given
mass of petroleum varies with the temperature, and there was a standard book
listing the correction factor for each grade and temperature.  To comply
with various contractual and legal provisions, the program had to produce
the same answers.  Today, we might use an array; back then, there wasn't
enough memory to hold such a large table.

No problem, right — the expansion had to be a matter of simple
physical laws, so they could just calculate it.  It turned out to be a
simple equation.  But whoever had drawn up the table in the first place
hadn't rounded consistently — and the program *had* to match.

They ended up doing the calculation, and storing a compressed table giving
the difference between the calculated values and the legal ones.  Never mind
reality — custom ruled.

Re: Microsoft and Lotus spreadsheet errors (Margolin, Risks 16.88)

Ken Tindell <ken@Rabat.DoCS.UU.SE>
Mon, 13 Mar 95 11:39:34 +0100
<>Barry Ward, ... `I've been in the computer business for 19 years and
<>have never come across this problem before.  ...
>I find it difficult to imagine someone who's been in the computer business
>for two decades and has never heard of floating point round-off errors.
>This should be part of any computer science curriculum.

It's not difficult to imagine at all: just take a look at Ross Anderson's
contribution in RISKS-15.54 ("Card Fraud and Computer Evidence"), where the
bank claimed that it's software was 100% correct because it used assembler
and the "ABEND" statement! (see also CACM November 1994) Not for nothing is
``Banker'' cockney rhyming slang...

Ken Tindell, Dept. Computer Systems, Uppsala University, PO Box 325 S-751 05,
Uppsala, Sweden  +46-18-183172

The source of semantic content: followup

Erann Gat <>
Thu, 9 Mar 95 11:57:59 PST
Some of the replies to my article on the source of semantic content indicate
that I have not made myself clear.  I did not mean to suggest that we should
sit back and do nothing, secure in the knowledge that there are
technological tricks that can be played to circumvent the law.  I am well
aware that once the witch hunt for net.pornographers begins in earnest that
logic will provide precious little protection, and the "I only sent random
bits" defense probably won't hold up in court.  That should scare the pants
off you; if it doesn't then you haven't understood what I am trying to say.

At the end of my original article I wrote:

"...transmitting random bit streams may soon become a crime."

I meant this to be taken quite literally.  Once there is precedent for
convicting someone for transmitting porn using the xor trick, then anyone
who sends out a random bit stream for *any* reason can (and probably will)
be convicted for transmitting porn.  Here's one possible scenario:

Let's say that A sends B a random bit stream F1 for some legitimate reason.
(For example, he might be a cryptography researcher sending sample output
from his latest cryptanalytically secure random number generator for
analysis, or he may be a college student who just wants to thumb his nose at
the establishment.)  If B wants to transmit a pornographic image P and blame
it on A, he uses F1 to encode P into F2, and puts F2 onto his public ftp
server.  To be extra sure, he changes the last-modified date to a week or so
ago.  B then calls the authorities (or maybe B *is* the authorities) and
says, "I have just discovered that A has used my publicly available random
file F2 to encode a pornographic image."

Here's another scenario.  Let's say that A uses the xor trick to transmit a
legitimate file to B in the form of two files F1 and F2.  B encodes P with
F1 and replaces the content of the legitimate F2 with the result. He then
calls the authorities and says, "A sent me these two files, and when I put
them together the result was P."

More complex scenarios are possible by observing that the xor trick is not
limited to two files.  An image can be one-time-padded an arbitrary number
of times, resulting in an arbitrarily large number of files that must be
combined to generate the image.  Any combination of these files can be used
as a key to encode some other image.  If freedom-loving people start to use
the xor trick a lot, then there could be a tremendous profusion of random
files out there that can be combined in an enormous number of ways to
produce an enormous number of images.  You might even have pornography on
your disk and not even be aware of it.  In fact, *any* file is just a
one-time-pad encoding away from being a pornographic image.  Your copy of
Microsoft Word has obscenities in it if you just know how to decode them.

This is not at all the same as an undeveloped image on film.  In the case of
film it is clear that the information content is in the film and not in the
developing process.  In the case of an encoded file there is literally no
way to tell which is film and which is developer, which is encoded image and
which is key.  As with many things in the cyberworld, fundamental
assumptions about the Way Things Work break down here.

Erann Gat

Re: Can Pakistan Eavesdrop in America? (Wayner, RISKS-16.89)

Sat, 11 Mar 95 13:52:56 EST

Anyone with the least knowledge of EE (or a subscription to 2600 or Phrack)
ought to be able to eavesdrop on cellular telephone conversations without
resorting to industrial espionage. It's not like these conversations
are encrypted as a matter of course. I suppose it's possible that
the Pakistani cellular network uses some form of encryption that requires
Motorola technology to solve, but I doubt it. In any event, *our*
cellular phone network sends conversations in the clear unless CPE
does something special about it.

Anyone who thinks radio transmissions of any sort are secure (at least those
which don't employ reasonable crypto protocols) deserves whatever happens to

I assume that US diplomatic and intelligence personnel abroad do use some
form of encryption in their transmissions, but I also assume (hope) that
they don't rely on it for really sensitive information.

As far as terrorist action goes, unless and until government turns into a
1984-ish police state, terrorists and assassins will always be able to carry
out attacks. The freedom of information and action in a democratic society
more or less guarantees it.

Laurence R. Brothers ~

Re: Can Pakistan Eavesdrop in America

John R. Moore <ozone@PrimeNet.Com>
Sun, 12 Mar 1995 09:55:45 LOCAL
Regarding Pakistan's requirement that Motorola provide cellular
eavesdropping technology:

>1) Can this eavesdropping hardware work in the United States?

Probably not. Most likely the system is the new global spread spectrum
standard, which the US doesn't use and probably won't. That's the good news.

The bad news is that it isn't needed. Anyone can buy a scanner and modify
it, or buy a downconverter for it, and then listen in on any analog cellular
system today! This is illegal in the US but unenforceable. Recently it has
become illegal to manufacture or import a scanner that is "easily
modifiable" for cellular reception. However, there are millions of scanners
all ready in circulation that can receive cellular or be easily modified for
this purpose.  Furthermore, many scanners pick up cellular as an image
frequency, which means they can be used for cellular monitoring simply by
entering a frequency typically 21.4 MHz below the frequency to be monitored.

Newer US systems will be digital (spread spectrum or TDMA) and encryptable,
and thus should be relatively secure against foreign monitoring. However, it
is possible that the US Government will force suppliers to make monitoring
equipment and encryption keys available to them, but the US Government also
wants those crypto keys unavailable to anyone else.

John Moore

Re: Can Pakistan Eavesdrop in America?

Marc Horowitz <marc@MIT.EDU>
Sun, 12 Mar 1995 22:48:31 EST
<> 1) Can this eavesdropping hardware work in the United States?

The cellular phone system in the US uses FM modulation very similar to that
in your radio.  Scanners which could scan cellular frequencies (along with
amateur bands, police, fire, etc) were once available at such underground
shops as Radio Shack.  Scanning cellular was made illegal, so these devices
dried up, to be replaced with scanners which could scan all the frequences
above except cellular.  These scanners could, with the clip of a wire or the
press of a "secret" button combination, begin to scan cellular frequencies,
even though this activity is illegal.  Early in 1994, equipment which could
be "illegally modified" to scan cellular was made illegal (that is, the FCC
would no longer license it).  Older radios (of which I own two) were

There are two RISKS here.  One, the US government is deluded enough to
believe that these laws prevent cellular scanning.  Two, the public is not
educated enough to know that this sort of scanning is so easy,

Oh, and if all of the above isn't enough, every cellphone I've played with
has a diagnostic/repair mode which scans cellular frequences.  There is a
story of a demo for congress, where someone (who had to be granted immunity
for this demo!) took a brand new cellphone out of a box, plugged it in,
pushed a few buttons, and 30 seconds after breaking the shrink wrap, scanned
through some calls to show how easy it was.

The third risk: Our government is as scared as Pakistan's about widespread
encryption.  This issue has been covered in RISKS and Privacy Digest before.


Drop eavesdropping (Wayner, RISKS-16.89)

Tue, 14 Mar 1995 20:35:12 +0100
In RISKS-16.89 (Can Pakistan Eavesdrop in America?) Peter Wayner complains
about Pakistan trying to obtain eavesdropping technology.

Why do you expect Pakistan to act different from the USA? Think of Clipper
and USA export restrictions on encryption technology...
Maybe the USA does a better job in covering up and might (or is expected to)
be more decent in handling the information.

The risk is to use communication technology that can be eavesdropped. Even
if we think it's save now to trust the current government.

Paul van Mossel.

Please report problems with the web pages to the maintainer