The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 17 Issue 52

Thursday 7 December 1995

Contents

o Bidirectional text processing
Amos Shapir
o Java warnings (i.e., everything under the sun...)
John Oram
o Dartmouth Time Sharing System: Beware the Ides of March
Warren Montgomery
o Loopholes in pharmacy database?
Brian D. Oberquell
o Excel Version 7 scary risks
Andrew Goodman-Jones
o Test it as it will be used
Flint Pellett
o Re: Getting your clearance on the net
David M Kennedy
o Data Erasure
Lindsay F. Marshall
o New Book: Civilizing Cyberspace
Gary Chapman
o Microsoft grammar checker
Daniel P. B. Smith
o Re: Ambiguous abbreviations
David Eddy
o Re: Costs of 1999->2000 date fix: FIX
Mark Jackson
o Re: What do we call the 2000s?
Aaron L Dickey via Mark Brader
o Re: Luggage lockers
Edward Rice
o Watergate and erasure
Lawrence Kestenbaum
o Program Announcement - ISOC 1996 Symp. Netw. & Distr. Sys. Security
David M. Balenson
o ABRIDGED info on RISKS (comp.risks)

Bidirectional text processing

Amos Shapir <amos@nsof.co.il>
Mon, 4 Dec 1995 15:01:16 GMT

A full page ad for a computerized cash register is published today in a few papers here. The ad is in Hebrew, except for one technical term, which is displayed in latin font as "ENIL NO" a few times throughout...

The problem of mixed-direction text processing is notoriously tricky, but the real RISK in this case (or is it a KSIR? :-)) is that the ad's text seems to have been processed automatically, and has not been viewed by a human being -- at least a person who knows what it's about -- before the final version was printed.

Amos Shapir, nSOF Parallel Software, Ltd., Givat-Hashlosha 48800, Israel
Net: amos@nsof.co.il Tel: +972 3 9388551 Fax: +972 3 9388552
[ENIL NO SEE, ENIL NO HEAR, ENIL NO DO. The text processor must be ENIL RETENTIVE. PGN]

Java warnings (i.e., everything under the sun...)

John Oram <oram@unixg.ubc.ca>
Mon, 4 Dec 1995 23:49:52 -0800

This warning is included in some Java applets from Sun. Looks as if they have been reading RISKS...

THIS SOFTWARE IS NOT DESIGNED OR INTENDED FOR USE OR RESALE AS ON-LINE CONTROL EQUIPMENT IN HAZARDOUS ENVIRONMENTS REQUIRING FAIL-SAFE PERFORMANCE, SUCH AS IN THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL, DIRECT LIFE SUPPORT MACHINES, OR WEAPONS SYSTEMS, IN WHICH THE FAILURE OF THE SOFTWARE COULD LEAD DIRECTLY TO DEATH, PERSONAL INJURY, OR SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGE ("HIGH RISK ACTIVITIES"). SUN SPECIFICALLY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY OF FITNESS FOR HIGH RISK ACTIVITIES.


Dartmouth Time Sharing System: Beware the Ides of March

nd9430600-Montgomery <warren@ih4ehz.att.com>
Mon, 4 Dec 95 13:29:59 CST

[This item was prompted by the Bernie Greenberg story in RISKS-17.18.]

The Dartmouth Time Sharing System was an operating system and suite of application software developed and maintained primarily by students in the early 1970's. One year the maintainer of the BASIC compiler introduced a special "feature": In celebration of the Ides of March, on March 15th it would print the numbers appearing in messages as Roman Numerals. The college got a good laugh out of it at the time. The year after this person graduated and moved on, Dartmouth sold the system commercially to a handful of sites. In January of that year, in a routine test, the new owner of Basic discovered that while the Roman Numeral code had been removed from the distributed version, the special check for March 15th that activated it had not been, with the result that on March 15th, BASIC would surely fail when it attempted to print a number. The fix was quickly determined and bulletins distributed to the other installations with special instructions that it was vital to install it before March 15th. In spite of several warnings, however, some or all of the installations outside of the college experienced a BASIC compiler failure on March 15th because they had not installed the fix. Morals to be drawn include:

I can hardly wait for 1/1/00!
Warren Montgomery ih4sh!warren or w.a.montgomery@att.com


Loopholes in pharmacy database?

Brian D. Oberquell <bdosfx@wimsey.com>
Tue, 5 Dec 95 07:11 PST

British Columbia has implemented a province-wide database called PharmaNet; the main objective is to reduce the number of fraudulent or duplicate prescriptions by having all pharmacies networked together. Another objective is to reduce the incidence of drug interactions, and this is where the system *may* fall down.

I recently purchased a bottle of cough syrup with codeine; in B.C. this is not a prescription item, but is rather an over-the-counter (OTC) item that you must request from the pharmacist. I noticed that, while prescriptions were entered into the database, the cough syrup was not. The pharmacist confirmed for me that they were not required to enter items like this into the database.

I'm no pharmacist, but I would imagine that there are prescription drugs that can interact adversely with codeine or other OTC drugs that pharmacies dispense.

I plan on writing the Ministry of Health about this, but this loophole shows that it's in the patient's best interest to ask questions to make sure anything they take is safe, and won't interact adversely with something else.


Excel Version 7 scary risks

Andrew Goodman-Jones <goodie@sydney.DIALix.oz.au>
Thu, 7 Dec 1995 01:37:05 +1100 (EST)

Excel 7 has a new feature where if you are entering data in columns and what you have typed so far matches an entry earlier in the column, then that full entry is placed in the cell you are entering until you press a key that is different from the previous entry.

For example, Say I have a stock list with

BOLT 25mmx.6mm $4.00
BOLT 25mmx.8mm $4.50
BOLT $2.50

When I come to entering BOLT the second time, Excel prompts with the measurement information and if it is the same, I can just hit enter to accept it or I can type over it to replace it. If I'm not looking at the screen as I type it it doesn't matter as my typing replaces the selection. HOWEVER when I come to entering the third item here, which in this case has no further information following it, Excel enters the measurement information anyway and as I hit enter it is accepted. If I am working from a paper list somewhere and entering lots of information very quickly - not looking at the screen very often, then I can enter totally incorrect data. My example is not a fantastic one, but I have NOTICED that I have been stuffed up several times already by this cute little feature. How many times have I not noticed that the information is incorrect? I think that this little feature will cause a lot of heartache around the world as some data becomes entered incorrectly.

Andrew Goodman-Jones goodie@sydney.dialix.oz.au

Test it as it will be used

Flint Pellett <flint@kai.com>
Wed, 6 Dec 1995 18:27:07 CST

The article about the Intel CD-ROM reminded me of a similar case I encountered only a few weeks ago. My son purchased a CD-ROM with software for a game on it. The minimalist instructions said merely to "Insert the CD in your computer, cd to the drive your CD is on, and type 'install'." (I note that you are expected to realize that the lower-case "cd" means change-directory, while the upper-case "CD" means compact-disc. I wonder how many neophytes get confused by these.)

It didn't work. It appears that the packaging strategy that was employed was to copy three things to the CD: a compressed archive about 15MB big, a program that could uncompress archives of that type, and a 3-4 line install script that would invoke the uncompress program to uncompress it out to whatever directory on your hard disk you specified.

Other than the obvious stupidity inherent in having a 15 MB compressed archive as the only file on a CD-ROM capable of holding 600 MB, rather than just putting 30 MB of uncompressed files on the CD, the problem was that the uncompression program they used worked by creating a temporary file in the same directory as the archive file: it is therefore incapable of uncompressing a file on a Read-Only file system like a CD where it isn't allowed to create files.

In order to install the software, I had to figure out that that the above situation was in fact the problem (not easy based on the error message I was given, which read merely "archive file corrupt", when in fact it was fine), copy the archive file to my hard disk, then uncompress it there. This also meant that I needed a lot more disk space free than they claimed in the "requirements" on the box.

The RISK Lesson? Don't assume that the installation program you tested when you ran it in your development environment (from a Read-Write Hard Disk) is going to work when used in the actual installation environment unless you test it in exactly that environment.


Re: Getting your clearance on the net

David M Kennedy <David_M_Kennedy@smtp.ord.usace.army.mil>
Wed, 22 Nov 1995 13:22:21 -0500

[>From: privacy@vortex.com (PRIVACY Forum) PRIVACY Forum Digest Monday, 5 December 1995 Volume 04 : Issue 25 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A.]

Name withheld on request (RISKS-17.41) discusses a relatively new system used by the Defense Investigative Service for submission of Personnel Security Questionnaires (PSQ) called, not surprisingly, the EPSQ. The current version is 1.2.

>You obviously don't sign the form (no digital signature capability); at
> some point in the future they said I'll be asked to sign a hardcopy.

I have applicants sign the form prior to transmission. We terminate any applicant who lies on their forms.

>The risks of sending any sort of confidential information over the net
> have been described to death, so there's nothing new. It just amazes
> me that the U.S. government office responsible for handing out
> clearances could be so unaware of the risks as to allow it.
....yadda, yadda, yadda.

The data is encrypted by the EPSQ program as it creates the disk file. The program uses FUNCky a product of dLESKO, Inc of Jersey City, NJ. Before the encrypted file is transmitted, it's zipped using PKWARE and the program requires the user to use PKZIP's encryption feature. FUNCky has not been evaluated to meet FIPS 140-1 requirements for cryptographic modules and the DIS recognizes it is not equal to DES. Most security-aware professionals know of the plethora of PKZip crackers available. So Name Withheld's data was double encrypted before being sent over the net, and it's stored in a file that can't easily be read. This begs the question of how much security is necessary to protect Name Withheld's data? After all, we're not talking launch codes here. DIS recognizes the need to use FIPS 140-1 compliant encryption and is moving in that direction. In the mean time they've put something in the hands of security managers in the field that provides adequate safeguards considering the value of the data and the risks associated with it's compromise. Version 2.0 of the EPSQ will have more robust encryption. Among the products under consideration are RSA's BE SAFE and AT&T's SURITY. Both Name Withheld and DavidG3276@aol.com demonstrate the RISKS of posting without checking the facts beforehand.

For PRIVACY Forum Digest readers: DavidG whined about the risks of the US Army's use of computers to assist in field artillery fire control, something we've done since Vietnam.

Dave Kennedy [US Army MP] [CISSP] (husband of a former Artillery Officer)
76703.2557@compuserve.com volunteer SysOp National Computer Security Assn

Data Erasure

"Lindsay F. Marshall" <Lindsay.Marshall@newcastle.ac.uk>
Wed, 6 Dec 1995 09:28:36 +0000 (GMT)

I have been asked to pass on to the list a request from someone from the BBC who would like to find information about "the largest amount of data ever lost in a computer related catastrophe". I couldn't think of any particularly large losses off-hand - perhaps the government records of Kuwait?

If you can help please send e-mail to edit@feat.newsci.ipc.co.uk and mark the message for the attention of David Concar who will pass it on to his wife, Caroline North who is the originator of the request.... I suspect a copy to RISKS of any information would be appreciated as well.

http://catless.ncl.ac.uk/Lindsay

New Book: Civilizing Cyberspace

Gary Chapman <gary.chapman@mail.utexas.edu>
Tue, 5 Dec 1995 12:27:47 -0500

Steven E. Miller, a member of the national board of directors of Computer Professionals for Social Responsibility, has published a new book, *Civilizing Cyberspace: Policy, Power and the Information Superhighway* (Addison Wesley, 1995, 413 pages).

This is the best book I have seen on the public policy debates surrounding the information superhighway. It covers all aspects of this debate, including democracy, citizenship, community networks, privacy, intellectual property, competing models of the NII, universal service, equity, freedom of expression, protecting the public interest, encryption, and so on.

Highly recommended for anyone interested in this subject, or for use as a text in classes.

-- Gary

Gary Chapman, Coordinator, The 21st Century Project
LBJ School of Public Affairs, Drawer Y
University Station, University of Texas
Austin, TX 78713
(512) 471-8326 (512) 471-1835 (fax) gary.chapman@mail.utexas.edu


Microsoft grammar checker

"Daniel P. B. Smith" <dpbsmith@world.std.com>
Tue, 5 Dec 1995 17:01:39 +0001 (EST)

Recent posts about spelling checker oddities spur me to mention the grammar checker included in Microsoft Word for several years now. The RISKS-related issues are software bloat, creeping featuritis, and software problems that escape notice for a long time because apparently nobody ever really uses the software. I've had several conversations with colleagues about this. I assert that "obviously nobody at all uses the grammar checker because nobody seems to be aware that it doesn't work." I usually get a bored response. But whenever I succeed in actually getting someone to run the thing on one of their own compositions, I get a stream of amazed comments along the lines of "Huh?" "Gosh!" "This is _unbelievable_!" "Why on earth did it say _that_?" "Why is it complaining about the passive voice? This sentence
isn't in the passive voice." "What in the world _is_ it doing?"

For example, presented with the sentence

"Part of health service culture is that young doctors often make mistakes, and experienced nurses can often fix their mistakes informally."

the grammar checker in Microsoft Word for the Mac version 5.1 responds:

Consider "those" instead of "that." OR Consider "doctor" instead of "doctors."

When presented with:

"The other possible explanation is that nurses are reluctant to question the authority of doctors, even if (to a lay observer) the doctor has clearly made a mistake."

it responds:

"This appears to be a run-on sentence."

The problems with the grammar checker are not subtle. I beg and plead with anyone tempted to reply in its defense that they try it out, on a piece of real text, before replying. I truly believe that this is a piece of software that cannot possibly be of use to anyone: not to students, not to people who are not native English speakers. It exists only because it makes a good demo and looks good on a bullet-list chart.

Daniel P. B. Smith dpbsmith@world.std.com

Ambiguous abbreviations (Thornburg, RISKS-17.51)

David Eddy <deddy@tiac.net>
Tue, 5 Dec 1995 08:51:14 -0500

> ... what does "NCSA" mean?

I suggest you check out the Gale's "AIAD" (Acronyms, Initialisms, Abbreviations Dictionary) 3 volume dictionary in your library.

Here are the counts for some very common 'standard' abbreviations:

IRS - 49 meanings
MIS - 60 meanings
MIT - 31 meanings

MIT = Massachusetts Institute of Technology or male impotence test?

AMT = amount or alternate mating technique?

I think there were at least a half dozen meanings for THE (normally discarded as a noise word in automated indexing schemes).

It's all in the context. Humans are pretty good at detecting contextual clues (explicit & implicit). So far machines are pretty much clueless.

David Eddy Phone: 617-455-0949 GILES@globsoft.com
Global Software, Inc., P.O. Box 2813, Duxbury, MA 02331-2813

Re: Costs of 1999->2000 date fix: FIX (Huggins, RISKS-17.51)

<MJackson.wbst147@xerox.com>
Tue, 5 Dec 1995 05:12:22 PST

> The article gives a few other estimates, claiming that the average
> Fortune 500 company will spend $100M to convert their own systems.
> Worldwide, the cost is estimated at $300-600M.

This is either an unrevealed combination of different estimates or a typo, or there are only 3 to 6 Fortune "500" companies. Has the economy gotten *that* bad?

Mark Jackson - http://www.alumni.caltech.edu/~mjackson
[Also commented on by Sten Drescher <dreschs@mpd.tandem.com>. PGN]

[Oops -- I should have written the total cost as $300-600 billion, not million. My mistake. Jim Huggins (huggins@umich.edu).]


Re: What do we call the 2000s?

<msb@sq.com>
Tue, 5 Dec 95 12:36:52 EST

Date: Mon, 04 Dec 1995 01:32:20 -0500
>From: kieran@interport.net (Aaron L Dickey)
Newsgroups: alt.fan.cecil-adams
Subject: Re: What do we call the 2000s?

In article <49m437$20t@news.iastate.edu>, meayre@iastate.edu (Matthew D
Eayre) wrote:

> Isn't there a bunch of business software written is some language (COBOL
> maybe) that is going to fall apart come the year 2000?

Oh, it's a lot more than just COBOL. There's a whole mailing list devoted to sorting this mess out, and a FAQ file at <http://www.year2000.com/>.


Aaron Dickey The Associated Press - New York
kieran@interport.net HotWired Net Soup Contributor


Re: Luggage lockers (Kilbane, RISKS-17.48)

Edward Rice <edward.rice@his.com>
Thu, 07 Dec 1995 12:53:00

Steve_Kilbane described a situation in which a security locker might remain (or become) unsecure, due to race conditions in the use of a shared control console.

It's not too hard to foresee a race condition where someone pays to lock your luggage in, and then walks off with the unlocking code.

Of course, a cost-conscious thief will do it the other way: open and close a locker door, then let you walk up and pay for her locker and then stroll over to take your belongings. Let's see... saving five shillings per theft, ten strikes a day, times time and a half for overtime...


Watergate and erasure (Wicklund, RISKS-17.51)

Lawrence Kestenbaum <22914LCK@msu.edu>
Tue, 05 Dec 95 10:47:41 EST

Tom Wicklund wrote in RISKS-17.51 that the contents of the infamous 18.5-minute gap on a Nixon Watergate tape "could have been recovered even if they were simply erased -- enough signal would remain if you really wanted to get the information back."

This ability did exist at the time, and the tape was examined by experts in the field. It turned out that the tape segment in question had been erased *repeatedly*, perhaps a dozen times, enough to wipe out any pre-existing information. This evidence established beyond doubt that the erasure was not accidental.

I understand there are erasure security standards for magnetic media which specify that the disk or tape be overwritten a certain number of times (six?) to ensure that the former contents be unrecoverable.

No question, though, that it's preferable to distribute information on disks which never held any sensitive data.

Lawrence Kestenbaum, 22914LCK@msu.edu Political Science Department
Michigan State University

Program Announcement - ISOC 1996 Symp. Netw. & Distr. Sys. Security

"David M. Balenson" <balenson@tis.com>
Thu, 07 Dec 1995 11:52:31 -0500

THE INTERNET SOCIETY 1996 SYMPOSIUM ON NETWORK AND DISTRIBUTED SYSTEM SECURITY (NDSS '96)

22-23 FEBRUARY 1996

SAN DIEGO PRINCESS RESORT, SAN DIEGO, CALIFORNIA

The symposium will bring together people who are building software and/or hardware to provide network and distributed system security services. The symposium is intended for those interested in the more practical aspects of network and distributed system security, focusing on actual system design and implementation, rather than in theory. We hope to foster the exchange of technical information that will encourage and enable the Internet community to apply, deploy and advance the state of the available security technology.

P R E L I M I N A R Y P R O G R A M

WEDNESDAY, FEBRUARY 21

6:00 P.M. - 8:00 P.M. RECEPTION

THURSDAY, FEBRUARY 22

8:30 A.M. OPENING REMARKS

9:00 A.M. SESSION 1: ELECTRONIC MAIL SECURITY
Chair: Stephen T. Kent (BBN Corporation, USA)

Mixing E-mail with BABEL, Gene Tsudik and Ceki Gulcu (IBM Research Division, Zurich Research Laboratory, SWITZERLAND)

An Integration of PGP and MIME, Kazuhiko Yamamoto (Nara Institute of Science and Technology, JAPAN)

10:30 A.M. SESSION 2: DISTRIBUTED OBJECT SYSTEMS
Chair: Dan Nessett (Sun Microsystems, USA)

A Security Framework Supporting Domain Based Access Control in Distributed Systems, Nicholas Yialelis and Morris Sloman (Imperial College, London, UNITED KINGDOM)

PANEL: Scalability of Security in Distributed Object Systems
Chair: Dan Nessett (Sun Microsystems, USA)
Panelists: Dan Nessett (Sun Microsystems, USA), Nicholas Yialelis (Imperial College, London, UNITED KINGDOM), and Bret Hartman (Odyssey Research Associates, USA)

1:30 P.M. SESSION 3: DISTRIBUTED SYSTEM SECURITY
Chair: Michael Roe (University of Cambridge, UNITED KINGDOM)

A Flexible Distributed Authorization Protocol, Jonathan Trostle (CyberSAFE, USA) and B. Clifford Neuman (Information Sciences Institute, University of Southern California, USA)

Preserving Integrity in Remote File Location and Retrieval, Trent Jaeger (University of Michigan, USA) and Aviel D. Rubin (Bellcore, USA)

C-HTTP - The Development of a Secure, Closed HTTP-Based Network on the Internet, Takahiro Kiuchi (University of Tokyo, JAPAN) and Shigekoto Kaihara (University of Tokyo Hospital, JAPAN)

3:30 P.M. SESSION 4: PANEL: INTELLECTUAL PROPERTY PROTECTION
Chair: Peter G. Neumann (SRI International, USA)
Panelists: David Bernstein (Electronic Publishing Resources, USA), Russ Housley (Spyrus, USA), and Dan Boneh (Princeton University, USA)

7:00 P.M. DINNER BANQUET

FRIDAY, FEBRUARY 23

8:30 A.M.
SESSION 5: NETWORK SECURITY
Chair: Matt Bishop (University of California at Davis, USA)

Designing an Academic Firewall: Policy, Practice and Experience with SURF, Michael B. Greenwald, Sandeep K. Singhal, Jonathan R. Stone, and David R. Cheriton (Stanford University, USA)

Digital Signature Protection of the OSPF Routing Protocol, Sandra Murphy and Madelyn Badger (Trusted Information Systems, USA)

A Case Study of Secure ATM Switch Booting, Shaw-Cheng Chuang and Michael Roe (University of Cambridge, UNITED KINGDOM)

10:30 A.M.
SESSION 6: KEY MANAGEMENT
Chair: Burt Kaliski (RSA Laboratories, USA)

SKEME: A Versatile Secure Key Exchange Mechanism for Internet, Hugo Krawczyk (IBM T.J. Watson Research Center, USA)

IDUP and SPKM: Developing Public-Key-Based APIs and Mechanisms for Communication Security Services, Carlisle Adams (Bell-Northern Research, CANADA)

1:00 P.M.
SESSION 7: ENCRYPTION
Chair: Paul Lambert (Oracle, USA)

An Empirical Study of Secure MPEG Video Transmissions, Iskender Agi and Li Gong (SRI International, USA)

Parallelized Network Security Protocols, Erich Nahum and David J. Yates (University of Massachusetts, USA), Sean O'Malley, Hilarie Orman and Richard Schroeppel (University of Arizona, USA)

A "Bump in the Stack" Encryptor for MS-DOS Systems, David A. Wagner (University of California at Berkeley, USA) and Steven M. Bellovin (AT&T Bell Laboratories, USA)

3:00 P.M.
SESSION 8: PANEL: PUBLIC-KEY INFRASTRUCTURE
Chair: Warwick Ford (Bell Northern Research, CANADA)
Panelists: John Wankmueller (MasterCard International, USA), Taher ElGamal (Netscape Communications, USA), and Michael Baum (VeriSign, USA).

GENERAL CHAIR:
Jim Ellis, CERT Coordination Center

PROGRAM CHAIRS:
David Balenson, Trusted Information Systems
B. Clifford Neuman, USC Information Sciences Institute

FOR MORE INFORMATION on registration, contact Donna Leggett by phone at 703-648-9888 or via e-mail to Ndss96reg@isoc.org, or FAX to (703) 648-9887, or regular mail to NDSS96, 12020 Sunrise Valley Drive, Suite 210, Reston, VA, 22091, USA, or WEB PAGE http://www.isoc.org/conferences/ndss96 Contact the San Diego Princess Resort at 1-800-344-2626 (+1-619-274-4630 if outside the United States) for lodging. To receive the special group rates, reservations must be made no later than January 20, 1996.

David M. Balenson balenson@tis.com; tel 301.854.5358; fax 301.854.5363
Trusted Information Systems, 3060 Washington Rd., Glenwood, MD 21738 USA

Please report problems with the web pages to the maintainer

Top