The RISKS Digest
Volume 17 Issue 34

Tuesday, 12th September 1995

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Open letter to Geoff Greiveldinger, DoJ [key escrowed, export]
Carl Ellison
Santa Cruz High gives me all-time low school spirit
Zane Bock via Michael D. Crawford
Abandoned oil tank phone harasses MA woman for 6 months
Stephen McCallister
Man Upset with Computer, Falls Through Window
Matthew Hunt
Another Phony ATM
David Kennedy
Initiative for better Usenet discussions
Bertrand Meyer
"Building Internet Firewalls" by Chapman/Zwicky
Rob Slade
Re: Voting by Phone in the Netherlands
Robert I. Eachus
'Tis too a virus!
Rob Slade A. Padgett Peterson Kenneth Albanowski
Re: $95000 withdrawn from bank
W. F. Linke
Re: Self-disabling software
Bruce Limber
Re: Password cracking 'improves' security
Bob Blakley III Douglas W. Jones Bear Giles
Info on RISKS (comp.risks), contributions, subscriptions, FTP,etc.

Open letter to Geoff Greiveldinger, DoJ [key escrowed, export]

Carl Ellison <>
Fri, 8 Sep 1995 22:11:13 -0700

NIST (the National Institute of Standards and Technology) held a two-day public meeting on 6-7 September, 1995 to discuss Software Key Escrow as a possible means of achieving export of cryptography.

In the morning of 7 Sept, Goeff Greiveldinger of the Department of Justice gave a description of the kinds of crimes which DoJ wants to use wiretapping to solve. He closed this litany of lawbreaking with the assertion that software manufacturers don't want to provide products which allow such lawbreakers to keep their criminal evidence hidden from law enforcement.

I'm sorry to disillusion you, Geoff, but I *do* want to make such systems.

Would you have Ryder stop renting trucks because some terrorist decided to fill one with explosives and kill many innocent children? Would you have Americans stop making automobiles because bank robbers have been known to use cars for getaways? Would you have all new buildings constructed with FBI microphones in every wall because some criminals meet in private rooms in order to plan crimes?

When an American company sweeps its conference room for bugs, finds some and destroys them, it doesn't matter whether those bugs were planted by industrial spies or the FBI. The company has a right to eliminate them. When that company ties two such conference rooms together by video-conference equipment and encrypts the line between them using strong link encryption, it is performing the same defensive operation in cyberspace. It is protecting itself from spies and it doesn't matter that the wiretaps it frustrates might be illegal ones by industrial spies or legal ones by the FBI. The right to attempt to achieve privacy is a long-standing one in this country and not one to allow to be lost.

When I design and build systems for privacy for my customers, I am providing products for law-abiding, honest people. I am aware of criminals, of course. Criminals are the threats against whom I protect my customers. These criminals are usually not in the government but that doesn't mean that I believe I should offer my honest customers up for a strip-search in cyberspace. The law enforcement agencies of this free country have no right to expect blanket access to the ciphertext of citizens. It will take legislation to get that right and I will do everything in my power to keep such legislation from passing. Barring such legislation, I will make sure that honest American citizens have cryptography with which to attempt to maintain their privacy, even from the government. We have the right to attempt to keep a secret from government agencies and continuous demonstration of that right is an important part of this free country.

On the other hand, I am sympathetic to law-enforcement officers. I have several friends in that business. I have asked my friends and acquaintances who do surveillance (2 IRS agents investigating organized crime for tax evasion; 2 undercover cops in Boston's highest drug neighborhood; 1 DEA agent in the midwest) if they ever encounter encrypted communications or files. They don't. Neither does anyone in their offices. Of course, even if they did it would remain so important to preserve our right to attempt to keep secrets from the government that their frustration would just have to be accepted. The fact that this isn't a real problem makes my decision that much easier. I am left with no moral qualms at all.

In summary, criminals are so few that I will not design for them. I will not treat my vast majority of honest users as if they were criminals just because some criminal might someday use my product and frustrate you.

ObRisk: We run the risk of losing our fundamental right to attempt to keep a secret from the government — a practice we need to preserve in order to protect ourselves from criminals in cyberspace. There are powerful forces in the US government attempting to cajole us into giving up that right.

[see for more on this subject]

Santa Cruz High gives me all-time low school spirit

Michael D. Crawford <>
Sun, 10 Sep 1995 19:56:03 -0700

The following article by a Santa Cruz High student reports how the high school was unable to operate on the first day of school because of a breakdown in the computer system, so that schedules were unavailable.

Mike Crawford

[Excerpted starkly and spelcorekted. Sorry, Zane (who ended his note with ``In every bad speller lies a genius.!'' PGN]
> Date: 10 Sep 1995 04:01:17 GMT
> From: <a href=""></a> (Zane Bock)<br /> > Subject: Santa Cruz High gives me all-time low school spirit
> Newsgroups:,alt.parents-teens,scruz.general,
> ... there's a bunch of people on the lawn, and they all look
> shocked, or scared or just out of place. It seems that there has been a
> major breakdown with the new computer system and schedules for the
> students are currently nonexistent. So we are all turned away and given
> another day of summer. I guess that's not so bad, but the complete lack
> of a first day of school is enough to put even the passive students like
> me on the minutely shakey side.

Abandoned oil tank phone harasses MA woman for 6 months

Stephen McCallister <>
Mon, 11 Sep 1995 19:53:28 -0700

Certainly not the first such item seen in RISKS (Coke machines...), but you've got to admit that taking 6 months to identify the source of calls arriving every 90 minutes has to be some kind of record!

From CNN Web's "Fringe News - USA" page :
The Fringe

September 10, 1995

Persistent oil tank hassles woman

BILLERICA, Massachusetts - For six months, a woman thought she was in tele-marketing hell. Every 90 minutes, her phone would ring, but the caller would never say a word.

The phone company eventually traced the calls to an abandoned oil tank in Maryland. It was rigged to call the oil company when the oil level was low, but the phone number was scrambled and it called her instead.

Stephen McCallister Bothell, WA

Man Upset with Computer, Falls Through Window

Matthew Hunt <>
Tue, 12 Sep 1995 10:51:29 -0400 (EDT)

In the Penn State _Daily_Collegian_, Sept. 12, 1995, p. 6:

Computer trouble results in fatal fall

NEWARK, Del. (AP) — A University of Delaware student fell 13 floors to his death out of his dormitory window, apparently after he lost his balance when he put his fist through the glass in anger over computer trouble.

Robert Keepers, 19, of Spotswood, N.J., went through the 5-foot double-pane window early Saturday.

Keepers "got up and ran around the room in a pique of anger" and struck the window with his fist, said Tim Brooks, dean of students, citing the account of two students who were in Keeper's room during the accident.

Well, I had never considered this risk of incorrectly operating equipment before; however, I have no need to fear. My dormitory window is a scant four feet above ground.

Matthew Hunt <>

Another Phony ATM

David Kennedy <>
07 Sep 95 00:48:22 EDT

Courtesy of Executive News Service on CompuServe, 5 Sept 1995

> By Melvyn Howe, PA News
> A gang of fraudsters chalked up a criminal first when they installed a
> bogus High Street cash point machine, a court heard today.
> The highly convincing piece of equipment, set in front of a fake
> mortgage broking business, "enticed" scores of card holders to vainly
> try to withdraw money in an enterprise that eventually netted the
> crooks at least 120,000 pounds.

> The court heard an enormous amount of detailed planning went into the
> fraud. (The prosecutor) claimed a "front" company was used to buy
> parts for the bogus cashpoint machine.

A shop was then rented and a sign put up outside stating: "Hambro UK. Mortgages, design mortgages, pensions. Halifax appointed representative". Office furniture was installed and flowers and pot plants used to provide a further convincing touch.

> A genuine Halifax Building Society branch nearby received many
> complaints that it's other cashpoint machine was not working, and
> in some cases even keeping the cards. Staff investigated, immediately
> realised what was going on and called in the police ...

Dave Kennedy [CISSP] Vol SysOp Nat'l Comp Security Assoc Forum on CompuServe

Initiative for better Usenet discussions

Bertrand Meyer <>
11 Sep 1995 19:39:18 GMT

This initiative has been out for a while but it only now occurred to me that it is in the subject matter for comp.risks. Endless newsgroup discussions and flame wars are certainly a computer risk; yet the potential of News (as forums such as this one have demonstrated) is great and it is a pity to see it wasted.

To see if I can help improve the situation I have started a modest program called SELF-DISCIPLINE. In keeping with the spirit of the program, which is to maximize signal and minimize noise, I will not describe SELF-DISCIPLINE here, but just give the pointer to the Web page that presents it:

Please refer to that document (also available in Postscript at if you want to know more. If you have any comment you may send it to the mailing list <> (a first iteration towards a potential newsgroup mentioned in the document), although once again the idea is not to generate more meta-noise. Also, I would appreciate if the moderator could in this case leave the message's signature as it is actually part of the message. Thanks.

Bertrand Meyer, ISE Inc., Santa Barbara (California)
<> - Web home page:

"Building Internet Firewalls" by Chapman/Zwicky

"Rob Slade" <>
Sat, 9 Sep 1995 21:56:37 -0700

[I received a draft copy of this, so some details either aren't available or might have changed. Last word I had from the publisher, this is due for release on Tuesday - rms]


"Building Internet Firewalls", Chapman/Zwicky, 1995, 1-56592-124-0
%A Brent Chapman
%A Elizabeth Zwicky
%C 103 Morris Street, Suite A, Sebastopol, CA 95472
%D 1995
%G 1-56592-124-0
%I O'Reilly & Associates, Inc.
%O 800-998-9938 707-829-0515 fax: 707-829-0104
%O 519-283-6332 800-528-9994
%T "Building Internet Firewalls"

Cheswick and Bellovin's "Firewalls and Internet Security" (cf. BKFRINSC.RVW) will continue to be seen as the classic reference with the seriously technical crowd. Chapman and Zwicky, however, have here created the first reference for the more normal run of system administrators: those whose lives do not revolve around hacking the UNIX kernel.

Part one could almost stand as a separate book, itself. It is an introduction to firewalls. More, it is a very down-to-earth and practical guide to evaluating security needs and planning for security systems and practices. The writing is completely clear, and the explanations first-rate. Chapter four, on firewall architectures, is a perfect introduction for the manager who, while not having a technical background, must lead or administer a security project.

Part two gets into more technical details of firewall construction and the communications needs for Internet services. The writing, though, is still clear and easily accessible to any intelligent reader. Part three covers maintenance and administrative work. Appendices list information and software resources as well as a brief introduction to TCP/IP basics.

This is the first book that truly explains, to the non-specialist, the various factors and functions involved in firewall choice and construction. For those building their own and for those evaluating vendor proposals, this book is a must.

copyright %copy; Robert M. Slade, 1995 BKBUINFI.RVW 950712
Vancouver Institute for Research into User Security Canada V7K 2G6

Re: Voting by Phone in the Netherlands (PAT, RISKS-17.32)

"Robert I. Eachus" <>
Mon, 11 Sep 1995 19:37:49 -0400

The TELECOM Digest's Editor wrote:

> They'll hear none of it ... which is odd, [...] PAT

Not odd at all. The editor answered his own question. There are many people in office today who know they got there due to fraudulent voting practices. (No reason to name names, but there are still two seats in the US House of Representatives being contested due to fraud, and one state governership from last year's elections.) There have been many such "elected officials" in the past, and there will be more in the future.

So there are two types of voting systems, those that work privately and without risk of fraud, and those where fraud is impossible to prove in hindsight, and often impossible to stop on the spot. There are very, very few of the former in use anywhere in the world, mostly in uncontested elections to corporate boards of directors. :-(

If we really want trustworthy voting systems, someone other than the politicians will have to impose them.

And now to relate this to comp.risks. It is getting to be much harder to cheat. Exit polls and computer based vote projections can show where the votes were diddled and by how much. There have been many incidents around the world where the incumbents resorted to force when massive fraud was revealed by exit polling, international observers, etc. In some cases, like the Philippines, where Cory Aquino was declared the winner in the exit polls and the streets, and the official vote tallies ignored, the net effect has been beneficial. But in many other cases the result has been years of bloodshed. Some leaders have even started wars to avoid (or win) elections they couldn't win otherwise. (No, not Maggie, the Argentinian Generals. Margaret Thatcher just called an immediate election once the war was over because she was well ahead in the polls.)

If we don't insist that the quality of the actual voting procedures be at least as trustworthy as the widely available means for predicting the results, all we will be encouraging is further bloodshed. (And we also need to insist on a diversity of sources of predictions.) Right now the polls you see and hear in the news before elections have an expected error of 3 to 6 per cent. The results of exit polls are much more accurate, usually in the 1/2 to 1 per cent range. This has resulted in a strange marriage of convenience with a single organization doing almost all the exit polls and vote tabulations in the US, with the TV networks and the politicians as customers. (The different networks base their own projections on the same data. There have been lawsuits by smaller parties because their results have not been included in the published data.)

Robert I. Eachus

'Tis too a virus! (PGN comment, RISKS-17.33)

"Rob Slade" <>
Fri, 08 Sep 1995 19:35:56 EST

Hey, you're impuning my reputation, puny though it may be! We've been thrashing this out in some of the private virus discussion groups, and it is too a virus! Read and infected Word doc, and it infects your Word macro space. It writes itself (OK, selves, seeing as how it has various parts) to the NORMAL.DOT file, and gets stored between sessions. Once the macro space ahs been infected, any files saved with the FileSaveAs function are infected themselves. Send somebody an E-mail message over the MSN, and in one mouse click, they download, invoke Word, open the message and infect themselves, without ever having their fingers leave the rodent.

[Thanks for the correction. At least I was not imPUNing it! PGN]

'Tis too a virus! (PGN comment, RISKS-17.33)

A. Padgett Peterson <>
Fri, 8 Sep 95 21:08:54 -0400

Must disagree. Within its target environment (default WORD 6.0 or better), it satisfies the difference between a "trojan horse" and a "virus" in that it is able to propagate. Such an AutoOpen macros could be a trojan, but in this easy-to-block case (and both of MS's fixes, WD1215 and the later one whose number I forget seem to target this virus specifically - have looked at 1215 but not the other so caveat y'all).

I would be surprised if this is anything more than a "15 minutes of fame" but does point out the value of turning the default "do anything you want without notice" off. ("Prompt to save Normal" & "DisableAutoMacros" are good starting points - of course if you disable these, the MS "fix" won't work...

BTW, essentially this is traceable to ANSI bombs and programmable PF keys on the VT-100 (had to put the sequence in a companion .com (DCL) but have seen it done) so capability dates back at least to the late 1970's. Same thing would work on a uVax as well as a 780 so guess that made it "cross-platform". And then there was the VT-103...


'Tis too a virus! (PGN comment, RISKS-17.33)

Kenneth Albanowski <>
Fri, 8 Sep 1995 23:35:24 -0400 (EDT)

... Quoting a bit from Gene Spafford's mention of the "virus" on VIRUS-L:

> The virus adds several new macros to the global macro pool: "AAAZA0",
> "AAAZFS", "Payload" and one entitled "FileSaveAs". The virus is
> activated in an infected file when you choose the "Save As" feature in
> the "File" menu and the virus macro is run. The altered macros are
> then saved with the file, and may be saved in the global template file
> as well.

If it stores itself in the global template file, then it can be loaded every time Word starts. Hence, it has "infected" Word, and can cause any documents saved ("FileSaveAs") to carry the "virus", which will then execute the viral loader if these documents are loaded in another copy of Word.

This seems to make a good case for being a virus: infection of a host and the ability to reproduce toward the goal of infecting other hosts.

Kenneth Albanowski (, CIS: 70705,126)

Re: $95000 withdrawn from bank (Alan Wexelblat, RISKS-17.32)

W. F. Linke>
Sun, 10 Sep 95 23:58:56 EDT

I was quite distressed to read the article in the RISKS-17.32 by Alan Wexelblat about a man (Combs) who deposited a fake check for $95000 and withdrew the money. Clearly, the system failures in the case are worth discussing. But I wonder how many readers were taken aback as I was by the amoral slant to the article? On the face of it, Combs appears no more than a common thief, and the only "service" I can imagine the bank owes to him is to have him arrested for passing bad checks.

Regardless of any legal quirks, or how the bank treated him, the test is simple: did he knowingly take money not belonging to him, and keep it? If so, morally he is a thief, regardless of what a lawyer might make of it.

Bill Linke

Re: Self-disabling software

Sat, 09 Sep 95 21:10:00 -0500

Concerning the ban on self-disabling software, two questions occur to me:

Re: Password cracking 'improves' security (Booth, RISKS-17.33)

Mon, 11 Sep 95 13:51:09 EDT

While I don't know anything about this particular program, I did hear recently about a program with similar functions. The following may be apocryphal, as I have not been able to verify details and did not hear the story from anyone who claimed to have experienced it firsthand.

The marketers of the alleged program found an interesting problem: it worked so fast that it destroyed users' confidence in the security of their passwords, with the result that they just turned them off and didn't buy any more copies of the password recovery program.

The reported marketing response was ingenious: the program's developer inserted a no-op loop into the password-recovery process so that instead of taking about a second, it took several minutes. This made it look like the program was doing something hard; the users liked the modified program much better and didn't lose confidence in the built-in "security" of their applications.

As Laurie Anderson might say, "Hmmmmm".

[Based on the net address and RISKS-15.41, I must presume that the unidentified author Blakley is G.R. (Bob) Blakley III, not Bob Blakley, Jr. or Bob Blakley, and not Jim Blakley, who is also a RISKS reader. But what would Loni Anderson say? And no jokes about Reynolds numbers, please. PGN]

Re: Password cracking 'improves' security (Booth, RISKS-17.33)

Douglas W. Jones <>
11 Sep 1995 02:56:48 GMT

Duncan Booth <> posted a note about a product called WDPass that claims to crack passwords for a number of products. I suspect that, by reducing the risk of lost passwords, this would indeed increase the likelyhood that careless users would use password protection, and the increased use of passwords would improve security in the face of casual browsing and similar common but low-level threats. At the same time, the product clearly exposes the well known (at least in technical circles) triviality of the password protection schemes used on many common products.

> The program claims to work for a variety of Wordperfect, Microsoft, Lotus
> and Borland file formats.

If the product works against the password protection scheme used by Lotus Ami Pro, I want to hear about it. That scheme is one I invented, and the last I heard, it was still pretty strong. Has someone found a better than brute force attack for it?

Doug Jones

Re: Password cracking 'improves' security (Booth, RISKS-17.33)

Bear Giles <>
Fri, 8 Sep 1995 20:40:59 -0600

You're assuming that everyone will realize this product exists. A knowledgeable attacker would not be deterred by the encryption features of existing software, but it might be enough to deter a casual attacker. But at the same time management might downplay the encryption features from fear of a subordinate trying to "hide" crucial information.

>the risk is that out there are some senior executives gullible enough to
>think that this allows them to rely entirely on password protection of
>documents instead of more traditional locks and keys.

Alas, many environments don't even have those "traditional locks and keys." Oh, the offices will be locked at night and care will be applied when deciding which employees get keys... but then they'll have minimum wage temp employees come in to remove the trash.

In this case the _only_ effective protection in place might be the encryption provided by those packages. A knowledgeable attacker will be prepared, but it might be enough to stump a compromised custodial staff member.

Bear Giles

Please report problems with the web pages to the maintainer